From fa279e23f56ceafc7c491c48ae0892a693102dca Mon Sep 17 00:00:00 2001 From: Piyal Basu Date: Mon, 6 Apr 2026 12:03:47 -0400 Subject: [PATCH 1/2] correct the tag on release artifact --- .github/workflows/submitProduction.yml | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/.github/workflows/submitProduction.yml b/.github/workflows/submitProduction.yml index b5cdfd9b20..9c31094d2f 100644 --- a/.github/workflows/submitProduction.yml +++ b/.github/workflows/submitProduction.yml @@ -7,7 +7,9 @@ on: workflow_dispatch: inputs: ref_name: - description: A git commit/hash/tag (optional, defaults to the selected branch or tag) + description: + A git commit/hash/tag (optional, defaults to the selected branch or + tag) type: string default: "" jobs: @@ -28,7 +30,9 @@ jobs: - name: Checkout code uses: actions/checkout@v6 with: - ref: ${{ github.event.inputs.ref_name != '' && github.event.inputs.ref_name || github.ref_name }} + ref: + ${{ github.event.inputs.ref_name != '' && + github.event.inputs.ref_name || github.ref_name }} - name: Get checkout SHA id: checkout_sha run: echo "sha=$(git rev-parse HEAD)" >> $GITHUB_OUTPUT @@ -50,8 +54,10 @@ jobs: secrets.SENTRY_KEY }}" BUILD_TYPE="production" - name: Install zip uses: montudor/action-zip@0852c26906e00f8a315c704958823928d8018b28 #v1.0.0 - - name: Create git tag - run: git tag ${{ steps.package_version.outputs.version }} + - name: Create and push git tag + run: | + git tag ${{ steps.package_version.outputs.version }} ${{ steps.checkout_sha.outputs.sha }} + git push origin ${{ steps.package_version.outputs.version }} - name: Create GitHub Release id: create_release uses: actions/create-release@v1 @@ -63,7 +69,6 @@ jobs: body: ${{ steps.package_version.outputs.version }} draft: false prerelease: false - target_commitish: ${{ steps.checkout_sha.outputs.sha }} - name: Build for Firefox id: web-ext-build uses: kewisch/action-web-ext@fe10addf5d5e5ba6b78ffde720dd488a27d10e8c #v1 From aaa70e06d6f4e6dfb2f31e81e7b7cc23909ec01d Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Mon, 6 Apr 2026 16:24:22 +0000 Subject: [PATCH 2/2] address reviewer feedback: permissions, idempotent tag push, and target_commitish fallback Agent-Logs-Url: https://github.com/stellar/freighter/sessions/a1ba948f-e821-4555-99e0-848c1906438f Co-authored-by: piyalbasu <6789586+piyalbasu@users.noreply.github.com> --- .github/workflows/submitProduction.yml | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/.github/workflows/submitProduction.yml b/.github/workflows/submitProduction.yml index 9c31094d2f..931209c4c3 100644 --- a/.github/workflows/submitProduction.yml +++ b/.github/workflows/submitProduction.yml @@ -16,6 +16,8 @@ jobs: bump-version: name: Bump Package Version and Submit Extension runs-on: ubuntu-latest + permissions: + contents: write steps: - if: ${{ env.INDEXER_URL == '' }} run: | @@ -56,8 +58,19 @@ jobs: uses: montudor/action-zip@0852c26906e00f8a315c704958823928d8018b28 #v1.0.0 - name: Create and push git tag run: | - git tag ${{ steps.package_version.outputs.version }} ${{ steps.checkout_sha.outputs.sha }} - git push origin ${{ steps.package_version.outputs.version }} + TAG="${{ steps.package_version.outputs.version }}" + SHA="${{ steps.checkout_sha.outputs.sha }}" + EXISTING=$(git ls-remote origin "refs/tags/$TAG" | awk '{print $1}') + if [ -n "$EXISTING" ]; then + if [ "$EXISTING" != "$SHA" ]; then + echo "ERROR: Tag $TAG already exists pointing to $EXISTING, expected $SHA" + exit 1 + fi + echo "Tag $TAG already exists and points to the correct SHA, skipping" + else + git tag "$TAG" "$SHA" + git push origin "$TAG" + fi - name: Create GitHub Release id: create_release uses: actions/create-release@v1 @@ -69,6 +82,7 @@ jobs: body: ${{ steps.package_version.outputs.version }} draft: false prerelease: false + target_commitish: ${{ steps.checkout_sha.outputs.sha }} - name: Build for Firefox id: web-ext-build uses: kewisch/action-web-ext@fe10addf5d5e5ba6b78ffde720dd488a27d10e8c #v1