From 288ae1f7a01fb69faafccd2c019e0010f36229cb Mon Sep 17 00:00:00 2001 From: Ben Date: Sun, 4 Jan 2026 07:07:16 +0000 Subject: [PATCH 01/10] Use official github tool softprops/action-gh-release creates untagged releases --- .github/workflows/release.yml | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 4278b944..544bddc5 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -75,14 +75,13 @@ jobs: echo "No release found for $TAG." fi - - name: Create release + - name: Create draft release if: ${{ steps.release_info.outputs.tag }} - uses: softprops/action-gh-release@5122b4edc95f85501a71628a57dc180a03ec7588 # v2.5.0 - with: - tag_name: ${{ steps.release_info.outputs.tag }} - name: ${{ steps.release_info.outputs.tag }} - body_path: release_notes.txt - draft: true - files: LICENSE + run: | + gh release create "${{ steps.release_info.outputs.tag }}" \ + --title "${{ steps.release_info.outputs.tag }}" \ + --notes-file release_notes.txt \ + --draft \ + LICENSE env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} From d959df2df566f797c02171dab95f345ca759a3d2 Mon Sep 17 00:00:00 2001 From: Ben Date: Sun, 4 Jan 2026 07:15:51 +0000 Subject: [PATCH 02/10] Use official gh release tool for uploading artifacts as well --- .github/workflows/build.yml | 28 ++++++++++------------------ 1 file changed, 10 insertions(+), 18 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 1190d301..738f61e3 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -102,19 +102,16 @@ jobs: build/dfetch-package/*.msi build/dfetch-package/*.cdx.json - - name: Upload installer to release + - name: Upload installer to release ⬆️ if: ${{ inputs.release_id }} - uses: softprops/action-gh-release@5122b4edc95f85501a71628a57dc180a03ec7588 # v2.5.0 - with: - tag_name: ${{ inputs.release_id }} - files: | - build/dfetch-package/*.deb - build/dfetch-package/*.rpm - build/dfetch-package/*.pkg - build/dfetch-package/*.msi + run: gh release upload \ + "${{ inputs.release_id }}" \ + --clobber \ + build/dfetch-package/*.deb \ + build/dfetch-package/*.rpm \ + build/dfetch-package/*.pkg \ + build/dfetch-package/*.msi \ build/dfetch-package/*.cdx.json - draft: true - preserve_order: true env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} @@ -213,12 +210,7 @@ jobs: with: name: python-package-distributions path: dist/ - - name: Upload artifacts to release - uses: softprops/action-gh-release@5122b4edc95f85501a71628a57dc180a03ec7588 # v2.5.0 - with: - tag_name: ${{ inputs.release_id }} - files: dist/* - draft: true - preserve_order: true + - name: Upload artifacts to release ⬆️ + run: gh release upload "${{ inputs.release_id }}" dist/* --clobber env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} From 604e4126e6a5bdf39653dee8924df2ad26c0593d Mon Sep 17 00:00:00 2001 From: Ben Date: Sun, 4 Jan 2026 07:22:32 +0000 Subject: [PATCH 03/10] Make sure we have tag info when creating release Otherwise gh release create will create an untagged release --- .github/workflows/release.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 544bddc5..f8a98e4d 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -25,6 +25,9 @@ jobs: with: egress-policy: audit - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + with: + fetch-depth: 0 + fetch-tags: true - uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0 with: python-version: '3.13' From 8a9902cce9e3c1500686b9582e1ce2942ea21d7a Mon Sep 17 00:00:00 2001 From: Ben Date: Sun, 4 Jan 2026 07:25:18 +0000 Subject: [PATCH 04/10] --clobber should be last arg --- .github/workflows/build.yml | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 738f61e3..d6d04dbe 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -104,14 +104,15 @@ jobs: - name: Upload installer to release ⬆️ if: ${{ inputs.release_id }} - run: gh release upload \ - "${{ inputs.release_id }}" \ - --clobber \ - build/dfetch-package/*.deb \ - build/dfetch-package/*.rpm \ - build/dfetch-package/*.pkg \ - build/dfetch-package/*.msi \ - build/dfetch-package/*.cdx.json + shell: bash + run: gh release upload \ + "${{ inputs.release_id }}" \ + build/dfetch-package/*.deb \ + build/dfetch-package/*.rpm \ + build/dfetch-package/*.pkg \ + build/dfetch-package/*.msi \ + build/dfetch-package/*.cdx.json \ + --clobber env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} From 8425b70014813aa0692359ed99ad0fd70f5b2baa Mon Sep 17 00:00:00 2001 From: Ben Date: Sun, 4 Jan 2026 07:31:53 +0000 Subject: [PATCH 05/10] Make sure gh release operates on correct repo --- .github/workflows/release.yml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index f8a98e4d..3e3036b2 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -82,9 +82,10 @@ jobs: if: ${{ steps.release_info.outputs.tag }} run: | gh release create "${{ steps.release_info.outputs.tag }}" \ - --title "${{ steps.release_info.outputs.tag }}" \ - --notes-file release_notes.txt \ - --draft \ + --repo "$GITHUB_REPOSITORY" \ + --title "${{ steps.release_info.outputs.tag }}" \ + --notes-file release_notes.txt \ + --draft \ LICENSE env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} From 6bf5dd3ad6f253d0295e0a44ee11a89df9baeb85 Mon Sep 17 00:00:00 2001 From: Ben Date: Sun, 4 Jan 2026 07:35:52 +0000 Subject: [PATCH 06/10] Verify the tag --- .github/workflows/release.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 3e3036b2..c0de606f 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -86,6 +86,7 @@ jobs: --title "${{ steps.release_info.outputs.tag }}" \ --notes-file release_notes.txt \ --draft \ + --verify-tag \ LICENSE env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} From c21fe063a49c46a25669f62d37cd53da6e186140 Mon Sep 17 00:00:00 2001 From: Ben Date: Sun, 4 Jan 2026 07:40:28 +0000 Subject: [PATCH 07/10] Refresh just before creating release --- .github/workflows/release.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index c0de606f..f8685562 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -81,6 +81,7 @@ jobs: - name: Create draft release if: ${{ steps.release_info.outputs.tag }} run: | + git fetch --tags gh release create "${{ steps.release_info.outputs.tag }}" \ --repo "$GITHUB_REPOSITORY" \ --title "${{ steps.release_info.outputs.tag }}" \ From aedd139116961cc71f4b6f7b6834558775f8278d Mon Sep 17 00:00:00 2001 From: Ben Date: Sun, 4 Jan 2026 07:46:39 +0000 Subject: [PATCH 08/10] Overwrite the local tag --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index f8685562..0324864f 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -81,7 +81,7 @@ jobs: - name: Create draft release if: ${{ steps.release_info.outputs.tag }} run: | - git fetch --tags + git fetch --tags --force gh release create "${{ steps.release_info.outputs.tag }}" \ --repo "$GITHUB_REPOSITORY" \ --title "${{ steps.release_info.outputs.tag }}" \ From 0440ffe46655d6beb840bedf2efa00e9d6a25ad6 Mon Sep 17 00:00:00 2001 From: Ben Date: Sun, 4 Jan 2026 07:50:08 +0000 Subject: [PATCH 09/10] Setup python before checkout to not interfere with repo --- .github/workflows/release.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 0324864f..f1bbe54b 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -24,13 +24,13 @@ jobs: - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 with: egress-policy: audit + - uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0 + with: + python-version: '3.13' - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: fetch-depth: 0 fetch-tags: true - - uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0 - with: - python-version: '3.13' - name: Determine release info id: release_info From 397fa28fc8169bb8e0b2859ee1433875ddacf2fe Mon Sep 17 00:00:00 2001 From: Ben Date: Sun, 4 Jan 2026 08:02:45 +0000 Subject: [PATCH 10/10] No need to fetch tag etc, see comment --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index f1bbe54b..c76b130d 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -78,10 +78,10 @@ jobs: echo "No release found for $TAG." fi + # Note that since this is a draft the link will be untagged (see https://github.com/cli/cli/issues/11589) - name: Create draft release if: ${{ steps.release_info.outputs.tag }} run: | - git fetch --tags --force gh release create "${{ steps.release_info.outputs.tag }}" \ --repo "$GITHUB_REPOSITORY" \ --title "${{ steps.release_info.outputs.tag }}" \