fix: skip duplicate release gracefully when tag already exists

* fix: skip duplicate release gracefully when tag already exists Replace inline exit-1 tag check with a dedicated check-tag job that uses the GitHub API. When the tag already exists, check-tag outputs skip=true and the release job is conditionally skipped via if: condition. Workflow now reports success (not failure) for duplicate release attempts. Fixes #30 (partial) — resolves the tag-already-exists failure mode. Co-Authored-By: Hugh Hackman <hugh@privilegedescalation.io> * fix: use curl instead of gh CLI in check-tag job for portability gh CLI may not be pre-installed on ARC runners. curl is always available in container images. Avoids potential startup failure if gh binary is absent. Co-Authored-By: Paperclip <noreply@paperclip.ing> * fix: drop -f flag from curl in check-tag to avoid exit on 404 With -f, curl exits non-zero when the tag does not exist (404). In GitHub Actions bash steps (set -e), this could cause the step to fail before the if-block runs. Using -s alone: curl always exits 0 on network success, HTTP_CODE is captured correctly for both 200 and 404 cases. Co-Authored-By: Paperclip <noreply@paperclip.ing> --------- Co-authored-by: Hugh Hackman <hugh@privilegedescalation.io> Co-authored-by: Paperclip <noreply@paperclip.ing>
2026-03-20 22:33:28 +00:00
parent 453e320f35
commit 507e8633eb
1 changed files with 20 additions and 8 deletions
@@ -39,8 +39,27 @@ jobs:
    with:
      node-version: ${{ inputs.node-version }}

+  check-tag:
+    runs-on: runners-privilegedescalation
+    outputs:
+      skip: ${{ steps.check.outputs.skip }}
+    steps:
+      - name: Check if tag already exists
+        id: check
+        run: |
+          HTTP_CODE=$(curl -s -o /dev/null -w "%{http_code}" \
+            -H "Authorization: Bearer ${{ github.token }}" \
+            "https://api.github.com/repos/${{ github.repository }}/git/refs/tags/v${{ inputs.version }}")
+          if [ "$HTTP_CODE" = "200" ]; then
+            echo "::notice::Tag v${{ inputs.version }} already exists. Release skipped (not an error)."
+            echo "skip=true" >> $GITHUB_OUTPUT
+          else
+            echo "skip=false" >> $GITHUB_OUTPUT
+          fi
+
  release:
-    needs: ci
+    needs: [ci, check-tag]
+    if: needs.check-tag.outputs.skip != 'true'
    runs-on: runners-privilegedescalation
    timeout-minutes: 10

@@ -63,13 +82,6 @@ jobs:
          node-version: ${{ inputs.node-version }}
          cache: 'npm'

-      - name: Check tag does not already exist
-        run: |
-          if git tag -l "v${{ inputs.version }}" | grep -q "v${{ inputs.version }}"; then
-            echo "::error::Tag v${{ inputs.version }} already exists. Skipping duplicate release."
-            exit 1
-          fi
-
      - name: Configure Git
        run: |
          git config --global user.name "github-actions[bot]"