Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ci(all-nodejs-packages-publish): restrict job trigger pattern to semver #2385

Open
petermetz opened this issue Apr 11, 2023 · 0 comments · May be fixed by #3786
Open

ci(all-nodejs-packages-publish): restrict job trigger pattern to semver #2385

petermetz opened this issue Apr 11, 2023 · 0 comments · May be fixed by #3786
Assignees
@adrianbatuto
Labels
bug Something isn't working dependencies Pull requests that update a dependency file Developer_Experience good-first-issue Good for newcomers good-first-issue-200-intermediate Hacktoberfest Hacktoberfest participants are welcome to take a stab at issues marked with this label. P3 Priority 3: Medium Security Related to existing or potential security vulnerabilities Weaver Tasks related to the future of Cactus & Weaver together.

Comments

@petermetz
Copy link
Contributor

Describe the bug

Right now in the .github/workflows/all-nodejs-packages-publish.yaml workflow if you were to create an invalid semver tag that at least starts with the letter v it would trigger the publishing even though the version is invalid.
Examples that would break it this way:

  1. vASDFASDFASFD
  2. v/some/directory/path/to/a/go-module

To Reproduce

DO NOT REPRODUCE - it will cause the workflow jobs to crash and you'd need to have invalid tags on main

Expected behavior

The auto-publishing workflow only gets triggered when valid semver tags are being created on main.
It does not get triggered for invalid semver tags such as the examples provided above.

Hyperledger Cactus release version or commit (git rev-parse --short HEAD):

main

Additional context

This came up during the integration of our release processes between Cactus and Weaver.
@petermetz petermetz added bug Something isn't working good-first-issue Good for newcomers dependencies Pull requests that update a dependency file Security Related to existing or potential security vulnerabilities Developer_Experience Hacktoberfest Hacktoberfest participants are welcome to take a stab at issues marked with this label. good-first-issue-200-intermediate P3 Priority 3: Medium Weaver Tasks related to the future of Cactus & Weaver together. labels Apr 11, 2023
@petermetz petermetz self-assigned this Apr 11, 2023
@petermetz petermetz mentioned this issue Jul 24, 2023
Closed
adrianbatuto added a commit to adrianbatuto/cacti that referenced this issue Feb 18, 2025
@adrianbatuto
ci(all-nodejs-packages-publish): restrict job trigger pattern to semver
3cfe930 
Primary Changes
----------------
1. Added GitHub action to validate tags. Ensure that publishing only runs on properly
   formatted version tags

Fixes hyperledger-cacti#2385

Signed-off-by: adrianbatuto <adrian.batuto@accenture.com>
adrianbatuto added a commit to adrianbatuto/cacti that referenced this issue Feb 26, 2025
@adrianbatuto
ci(all-nodejs-packages-publish): restrict job trigger pattern to semver
aa8aac7 
Primary Changes
----------------
1. Added semver validation to all-nodejs-packages-publish.yaml

Fixes hyperledger-cacti#2385

Signed-off-by: adrianbatuto <adrian.batuto@accenture.com>
@adrianbatuto adrianbatuto linked a pull request Feb 26, 2025 that will close this issue
Open
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@adrianbatuto adrianbatuto

Labels
bug Something isn't working dependencies Pull requests that update a dependency file Developer_Experience good-first-issue Good for newcomers good-first-issue-200-intermediate Hacktoberfest Hacktoberfest participants are welcome to take a stab at issues marked with this label. P3 Priority 3: Medium Security Related to existing or potential security vulnerabilities Weaver Tasks related to the future of Cactus & Weaver together.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

ci(all-nodejs-packages-publish): restrict job trigger pattern to semver adrianbatuto/cacti
2 participants
@petermetz @adrianbatuto