From 2f8b7382c0a4acdc40e1a7e0710b7a4fbcff7db5 Mon Sep 17 00:00:00 2001 From: Julian Goldstein Date: Fri, 19 Jun 2026 13:43:01 -0500 Subject: [PATCH] ci: don't publish on branch creation or an empty commit range Creating a release/* branch at an existing release commit triggered vendor with an empty commit range (vX.Y.Z..HEAD = nothing), which fell through the bump's default and cut a spurious version (a release/v0.6 creation published v0.7.0). Two guards: * skip the pipeline on branch-creation pushes (github.event.created) * if there are no new commits since this line's latest release, skip cleanly (ver.skip output gates the checksum/tag/publish steps) instead of bumping Real pushes and manual dispatch are unaffected. Co-Authored-By: Claude Opus 4.8 --- .github/workflows/vendor.yml | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) diff --git a/.github/workflows/vendor.yml b/.github/workflows/vendor.yml index 4500d56..a79596d 100644 --- a/.github/workflows/vendor.yml +++ b/.github/workflows/vendor.yml @@ -49,6 +49,10 @@ concurrency: jobs: detect: + # Don't publish on branch creation: pushing a new release/* branch at an + # existing release commit has no new commits to release (it would otherwise + # cut a spurious version). Manual dispatch and normal pushes still run. + if: ${{ github.event_name != 'push' || !github.event.created }} runs-on: ubuntu-latest outputs: clang: ${{ steps.scan.outputs.clang }} @@ -293,6 +297,7 @@ jobs: done - name: Compute next toolchain version + id: ver env: FLAVOR: ${{ github.event.inputs.flavor }} run: | @@ -336,22 +341,32 @@ jobs: elif [ -z "$latest" ]; then next="0.1.0" else + # No new commits since this line's latest release => nothing to + # publish. Skip cleanly (the later steps are gated on ver.skip) so a + # no-op trigger can't fall through to a bump. + commits="$(git rev-list "v${latest}..HEAD")" + if [ -z "$commits" ]; then + echo "no new commits since v${latest} — nothing to release" + echo "skip=true" >> "$GITHUB_OUTPUT" + exit 0 + fi maj=$(echo "$latest" | awk -F. '{print $1+0}') min=$(echo "$latest" | awk -F. '{print $2+0}') pat=$(echo "$latest" | awk -F. '{print $3+0}') # missing patch -> 0 rank=0 # highest level seen: 1=patch 2=minor 3=major while IFS= read -r sha; do + [ -n "$sha" ] || continue msg="$(git log -1 --format=%s "$sha")" # subject line only if printf '%s' "$msg" | grep -qi '\[bump:major\]'; then lvl=3 elif printf '%s' "$msg" | grep -qi '\[bump:minor\]'; then lvl=2 elif printf '%s' "$msg" | grep -qi '\[bump:patch\]'; then lvl=1 else lvl=$default_lvl; fi [ "$lvl" -gt "$rank" ] && rank=$lvl - done < <(git rev-list "v${latest}..HEAD") + done <<< "$commits" case "$rank" in 3) next="$((maj + 1)).0.0" ;; + 2) next="${maj}.$((min + 1)).0" ;; 1) next="${maj}.${min}.$((pat + 1))" ;; - *) next="${maj}.$((min + 1)).0" ;; # rank 2, or 0 (empty range) esac fi echo "TC=$next" >> "$GITHUB_ENV" @@ -359,6 +374,7 @@ jobs: echo "next toolchain version: v${next}" - name: Record checksums in versions.env + if: steps.ver.outputs.skip != 'true' run: | set -euo pipefail # Record the checksum of every binary we publish, so a consumer @@ -380,6 +396,7 @@ jobs: grep -E '_SHA256_|^LIBBPF_HEADERS_SHA256=' build/versions.env - name: Tag immutable v${{ env.TC }} snapshot + if: steps.ver.outputs.skip != 'true' run: | set -euo pipefail tag="v${TC}" @@ -401,6 +418,7 @@ jobs: fi - name: Publish v${{ env.TC }} release + if: steps.ver.outputs.skip != 'true' env: GH_TOKEN: ${{ github.token }} run: |