apunkt/webclaw
1
0
Fork 0
mirror of https://github.com/0xMassi/webclaw.git synced 2026-06-29 03:39:37 +02:00
Code Issues Projects Releases Packages Wiki Activity

ci(release): don't let prerelease tags clobber :latest / Homebrew / stable

Browse source 
A v*-rc* tag triggered the same release pipeline as a stable tag, which
would publish a normal release, overwrite ghcr.io/0xmassi/webclaw:latest,
and repoint the Homebrew formula at the rc — shipping a prerelease to every
stable Docker/brew user. Guard all three on the SemVer prerelease hyphen:

- release: add --prerelease for hyphenated tags
- docker: still push :${tag} (testable rc image) but only move :latest for stable
- homebrew: skip entirely for prereleases

Lets us cut rc tags (e.g. to validate the new musl build job) without
touching stable users.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
Valerio 2026-06-27 14:45:49 +02:00
parent 1d49b4404e
commit d5d58ab612
1 changed files with 14 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

16
.github/workflows/release.yml vendored
View file

@ -176,11 +176,16 @@ jobs:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: | run: |
tag="${GITHUB_REF#refs/tags/}" tag="${GITHUB_REF#refs/tags/}"
# SemVer prerelease tags (e.g. v1.2.3-rc1) contain a hyphen — mark
# them as prereleases so they never surface as the stable release.
prerelease=""
case "$tag" in *-*) prerelease="--prerelease" ;; esac
gh release create "$tag" \ gh release create "$tag" \
artifacts/*.tar.gz \ artifacts/*.tar.gz \
artifacts/*.zip \ artifacts/*.zip \
artifacts/SHA256SUMS \ artifacts/SHA256SUMS \
--repo "$GITHUB_REPOSITORY" \ --repo "$GITHUB_REPOSITORY" \
$prerelease \
--generate-notes --generate-notes
docker: docker:
@ -239,18 +244,25 @@ jobs:
- name: Build and push - name: Build and push
run: | run: |
tag="${{ steps.tag.outputs.tag }}" tag="${{ steps.tag.outputs.tag }}"
# Only move :latest for stable tags. Prereleases (hyphenated, e.g.
# v1.2.3-rc1) still publish :${tag} for testing but must not clobber
# :latest.
latest=""
case "$tag" in *-*) ;; *) latest="-t ghcr.io/0xmassi/webclaw:latest" ;; esac
docker buildx build -f Dockerfile.ci \ docker buildx build -f Dockerfile.ci \
--platform linux/amd64,linux/arm64 \ --platform linux/amd64,linux/arm64 \
--provenance=false --sbom=false \ --provenance=false --sbom=false \
-t "ghcr.io/0xmassi/webclaw:${tag}" \ -t "ghcr.io/0xmassi/webclaw:${tag}" \
-t ghcr.io/0xmassi/webclaw:latest \ $latest \
--push . --push .
homebrew: homebrew:
name: Update Homebrew name: Update Homebrew
needs: [release, docker] needs: [release, docker]
# Runs once Docker succeeds, on both tag push and manual re-publish. # Runs once Docker succeeds, on both tag push and manual re-publish.
if: ${{ always() && needs.docker.result == 'success' }} # Skipped for prereleases (hyphenated tags like v1.2.3-rc1) so the formula
# keeps pointing at the latest stable, never an rc.
if: ${{ always() && needs.docker.result == 'success' && !contains(github.event.inputs.tag || github.ref_name, '-') }}
runs-on: ubuntu-latest runs-on: ubuntu-latest
permissions: permissions:
contents: read contents: read