We Keep Coding

Releasing and Publishing via GH actions

I am trying to automate publishing the SDKs for Python, Java, GO, and Node. My main goal is to make the CI run whenever a new PR is created against main branch that will:
bump the version in all files.
publish the new release to the related public registry (for each language)
Problem:
right now the problem is that the publish step is not taking the artifacts from the release step, but rather the one before that, as if they are not synced.
For the release step, we're using semantic-release package with several plugins.
The ADMIN_TOKEN is a personal token of a user with write permissions.
The publishing step is different for each language, but I am certain this is unrelated since it worked before I complicated the workflow.
Possible issue:
Without the if statements, the release and publish steps are synced, but then the semantic-release creates another commit that creates another release (e.g. 2 releases and publishing in one run, not wanted). With the current if, the publish step takes the older release instead the newly created one (for example, if the new run creates release 1.0.40, the publish will take version 1.0.39).
Does anyone have some input on these 2 steps or the if statements? For example, this is the current variation of the Java workflow:
release:
runs-on: ubuntu-latest
if: "!startsWith(github.event.head_commit.message, 'chore')"
steps:
- name: Checkout code
uses: actions/checkout#v3
with:
fetch-depth: 0
token: ${{ secrets.ADMIN_TOKEN }}
- name: setup nodejs
uses: actions/setup-node#v3
with:
node-version: '16'
- name: release using semantic-release
env:
GITHUB_TOKEN: ${{ secrets.ADMIN_TOKEN }}
GIT_AUTHOR_NAME: ****
GIT_AUTHOR_EMAIL: ****
GIT_COMMITTER_NAME: ****
GIT_COMMITTER_EMAIL: ****
run: |
sudo apt-get update
sudo apt-get install python
pip install --user bumpversion
npm install #semantic-release/changelog
npm install #semantic-release/exec
npm install #semantic-release/git
npm install #semantic-release/github
npx semantic-release
publish:
runs-on: ubuntu-latest
needs: [release]
if: "!startsWith(github.event.head_commit.message, 'chore')"
steps:
- name: Checkout code
uses: actions/checkout#v3
with:
token: ${{ secrets.ADMIN_TOKEN }}
- name: Configure GPG Key
run: |
cat <(echo -e "${{ secrets.GPG_SIGNING_KEY }}") | gpg --batch --import
gpg --list-secret-keys --keyid-format LONG
- name: Set up Maven Central Repository
uses: actions/setup-java#v3
with:
java-version: 8
distribution: zulu
server-id: ossrh
server-username: ${{ secrets.MAVEN_USERNAME }}
server-password: ${{ secrets.MAVEN_PASSWORD }}
gpg-passphrase: ${{ secrets.GPG_PASSPHRASE }}
- name: Publish package
run: mvn clean deploy $MVN_ARGS -P central --no-transfer-progress --batch-mode -Dgpg.passphrase=${{ secrets.GPG_PASSPHRASE }}
env:
MAVEN_USERNAME: ${{ secrets.MAVEN_USERNAME }}
MAVEN_PASSWORD: ${{ secrets.MAVEN_PASSWORD }}
MVN_ARGS: "--settings build-settings.xml"
<more ENVS>
In case it is relevant, the .releaserc file is:
{
"debug": true,
"branches": [ "main" ],
"plugins": [
["#semantic-release/commit-analyzer", {
"preset": "angular",
"releaseRules": [
{"type": "release","release": "patch"}
]}],
"#semantic-release/release-notes-generator",
"#semantic-release/changelog",
[
"#semantic-release/exec",
{
"prepareCmd": "bump2version --allow-dirty --current-version ${lastRelease.version} --new-version ${nextRelease.version} patch"
}
],
[
"#semantic-release/git",
{
"message": "chore(release): ${nextRelease.version} release notes\n\n${nextRelease.notes}"
}
],
"#semantic-release/github"
]
}
I also asked in GH: https://github.com/orgs/community/discussions/40749

The quick fix I found is to split the release and publish steps into two different workflows (different files). I am certain with a bit more dive-in, one can merge those two with some proper if conditioning.
NOTE: The publish action steps are specific to Java, but can be changed to be valid for any other language. The main structure is the main answer here.
The release step:
The semantic-release creates a secondary commit to the main branch with "chore" commit message. in order to overcome this, I added the if to skip this type of commit.
name: release
on:
workflow_dispatch:
push:
branches:
- main
jobs:
release:
runs-on: ubuntu-latest
if: "github.event_name == 'push' && github.ref == 'refs/heads/main' && !startsWith(github.event.head_commit.message, 'chore')"
steps:
- name: Checkout code
uses: actions/checkout#v3
with:
fetch-depth: 0
token: ${{ secrets.ADMIN_TOKEN }}
- name: setup nodejs
uses: actions/setup-node#v3
with:
node-version: '16'
- name: release using semantic-release
env:
GITHUB_TOKEN: ${{ secrets.ADMIN_TOKEN }}
GIT_AUTHOR_NAME: secrets.automation.dev
GIT_AUTHOR_EMAIL: secrets.automation.dev#il.ibm.com
GIT_COMMITTER_NAME: secrets.automation.dev
GIT_COMMITTER_EMAIL: secrets.automation.dev#il.ibm.com
run: |
sudo apt-get update
sudo apt-get install python
pip install --user bumpversion
npm install #semantic-release/changelog
npm install #semantic-release/exec
npm install #semantic-release/git
npm install #semantic-release/github
npx semantic-release
The publish step:
The "release" event has several initiators so I added the published type to make sure the publishing happens only if a new release was published to GitHub.
name: publish artifact
on:
workflow_dispatch:
release:
types: [published]
jobs:
publish:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout#v3
with:
token: ${{ secrets.ADMIN_TOKEN }}
- name: Configure GPG Key
run: |
cat <(echo -e "${{ secrets.GPG_SIGNING_KEY }}") | gpg --batch --import
gpg --list-secret-keys --keyid-format LONG
- name: Set up Maven Central Repository
uses: actions/setup-java#v3
with:
java-version: 8
distribution: zulu
server-id: ossrh
server-username: ${{ secrets.MAVEN_USERNAME }}
server-password: ${{ secrets.MAVEN_PASSWORD }}
gpg-passphrase: ${{ secrets.GPG_PASSPHRASE }}
- name: Publish package
run: mvn clean deploy $MVN_ARGS -P central --no-transfer-progress --batch-mode -Dgpg.passphrase=${{ secrets.GPG_PASSPHRASE }}
env:
MAVEN_USERNAME: ${{ secrets.MAVEN_USERNAME }}
MAVEN_PASSWORD: ${{ secrets.MAVEN_PASSWORD }}
MVN_ARGS: "--settings build-settings.xml"
<other envs>

Unable to Manually Trigger GitHub Action

I recently started working on using some GitHub actions on my projects. I am able to setup them up to run automatically but am struggling with having them run manually. I know that you need the have the workflow_dispatch in the on section. I'm not sure if it's not working because I have it automatically run too. Is someone able to tell me what I am doing wrong?
Here is one of my workflow YAML files
name: Create-Doc-Nightly
on:
push:
branches: [ "nightly" ]
paths:
- 'src/**'
- 'pom.xml'
workflow_dispatch:
jobs:
doc:
name: Create Doc
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v3
name: Step 1 - Checkout Nightly Branch
with:
persist-credentials: false
fetch-depth: 0
- name: Step 2 - Setup JDK 17
uses: actions/setup-java#v3.4.1
with:
java-version: 17
distribution: 'temurin'
- name: Step 3 - Remove Doc
run: |
git remote set-url origin https://jnstockley:${{ secrets.TOKEN }}#github.com/jnstockley/BTTN.git
git config user.email "jack#jstockley.com"
git config --local user.name "Jack Stockley"
git rm -r docs
git commit -m "Removed Docs"
git push origin nightly
- name: Step 4 - Create Doc
run: mvn dokka:dokka -f pom.xml
- name: Step 5 - Move Docs
run: |
rm -rf docs
mkdir -p docs
mv target/dokka/* docs
- name: Step 6 - Publish docs
run: |
git remote set-url origin https://jnstockley:${{ secrets.TOKEN }}#github.com/jnstockley/BTTN.git
git config user.email "jack#jstockley.com"
git config --local user.name "Jack Stockley"
git add -f docs
git commit -m "Updated Docs"
git push origin nightly
Link to GitHub repo, nightly branch: https://github.com/jnstockley/BTTN/tree/nightly

The workflow must be on your default branch in order to use workflow_dispatch.
I believe in your case it's only on the branch nightly while it should also be on main.

To manually trigger a workflow, use the workflow_dispatch event. You can manually trigger a workflow run using the GitHub API, GitHub CLI, or GitHub browser interface. For more information, see Manually running a workflow
on: workflow_dispatch
Providing inputs
You can configure custom-defined input properties, default input values, and required inputs for the event directly in your workflow. When you trigger the event, you can provide the ref and any inputs. When the workflow runs, you can access the input values in the inputs context. For more information, see Contexts
This example defines inputs called logLevel, tags, and environment. You pass values for these inputs to the workflow when you run it. This workflow then prints the values to the log, using the inputs.logLevel, inputs.tags, and inputs.environment context properties.
yaml
on:
workflow_dispatch:
inputs:
logLevel:
description: 'Log level'
required: true
default: 'warning'
type: choice
options:
- info
- warning
- debug
tags:
description: 'Test scenario tags'
required: false
type: boolean
environment:
description: 'Environment to run tests against'
type: environment
required: true
jobs:
log-the-inputs:
runs-on: ubuntu-latest
steps:
- run: |
echo "Log level: $LEVEL"
echo "Tags: $TAGS"
echo "Environment: $ENVIRONMENT"
env:
LEVEL: ${{ inputs.logLevel }}
TAGS: ${{ inputs.tags }}
ENVIRONMENT: ${{ inputs.environment }}
If you run this workflow from a browser you must enter values for the required inputs manually before the workflow will run.
You might like the following documentation links
workflow_dispatch
github docs - events-that-trigger-workflows

How can I cancel a GitHub Actions workflow if the commit has no tag

I have npm publish github actions, I want to run this action if my commit has tag, otherwise I don't want to run my action because of that if I do not add any tag my commit then action is run and failed because it try to publish already publish npm package with same tag. For example with my last commit I have tag 1.2.3 and my npm package was publish with 1.2.3 version. When I add new commit to my branch without any tag actions try to publish my package with 1.2.3 version tag so it failed. Here my actions code below, is there any solution for it.
Thanks for advive.
name: NPM Publish
on:
push:
branches:
- master
tags:
- v*
jobs:
build:
name: Build 🏗 & Publish 🚀
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v1
- uses: actions/setup-node#v2.4.0
with:
node-version: 12
registry-url: https://registry.npmjs.org/
- run: npm install
- run: npm publish --access public
env:
NODE_AUTH_TOKEN: ${{secrets.NPM_TOKEN}}
I need something like that on yml file
if(git_commit has tag) continue job else stop job;
EDITTED VERSION
I edit my yml file base on #Enrico Campidoglio suggestion but still is does not work. I made two commit first one without tag and it canceled the action but second one has tag it still canceled action. Is there any new suggestion or solution ?
name: NPM Publish
on:
push:
branches:
- master
jobs:
build:
name: Build 🏗 & Publish 🚀
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v1
- uses: actions/setup-node#v2.4.0
with:
node-version: 12
registry-url: https://registry.npmjs.org/
- run: echo "GIT_COMMIT=`echo $(git rev-parse --short HEAD)`" >> $GITHUB_ENV
- run: echo "GIT_TAG=`echo $(git describe --tags --exact-match ${{ env.GIT_COMMIT }} || :)`" >> $GITHUB_ENV
- run: echo ${{ env.GIT_TAG }} != v*
- run: |
if [[ ${{ env.GIT_TAG }} == v* ]] ; then
echo "Tag found..."
else
echo "No git tag found, action cancelled..."
exit 1
fi
- uses: andymckay/cancel-action#0.2
if: ${{ env.GIT_TAG }} != v*
- run: npm install
- run: npm publish --access public
env:
NODE_AUTH_TOKEN: ${{secrets.NPM_TOKEN}}
there is action result I cannot figure out what is the problem,
here the lastest failed action: https://github.com/sametcelikbicak/enum2array/runs/3513521031?check_suite_focus=true

I found the solution finally after too many tried. I changed my mind and try to run shell script and it works :)
Just add that line in my yml file
- name: Check Git Tag to continue publish
run: ./scripts/publish.sh
and I created a sh file for control the commit tag. You can find the latest script and yml file definitions below
Here is my lastest yml file, npm-publish.yml
name: NPM Publish
on:
push:
branches:
- master
jobs:
build:
name: Build 🏗 & Publish 🚀
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v1
- uses: actions/setup-node#v2.4.0
with:
node-version: 12
registry-url: https://registry.npmjs.org/
- name: Check Git Tag to continue publish
run: ./scripts/publish.sh
- run: npm install
- run: npm publish --access public
env:
NODE_AUTH_TOKEN: ${{secrets.NPM_TOKEN}}
Here is my script file, publish.sh
#!/usr/bin/env bash
GIT_COMMIT=$(git rev-parse --short HEAD)
GIT_TAG=$(git describe --tags --exact-match $COMMIT || :)
if [[ ${GIT_TAG} == v* ]] ; then
echo "$GIT_TAG Tag found..."
else
echo "No git tag found, action cancelled..."
exit 1
fi

For the time being, there isn't an official action to cancel the current workflow. There is, however, an official GitHub API and a third-party action that invokes it. You could combine it with an if conditional and the github context to achieve what you want:
steps:
- uses: andymckay/cancel-action#0.2
if: startsWith(github.ref, 'refs/tags')
Be aware that cancelling a workflow through the API is an asynchronous operation, which means that later steps might still get executed until the workflow runner handles the request.
A much more solid approach would be to put a condition on your publishing step to only run when the workflow was triggered by a new tag:
steps:
- run: npm publish --access public
if: startsWith(github.ref, 'refs/tags')
env:
NODE_AUTH_TOKEN: ${{secrets.NPM_TOKEN}}

GitHub action runs twice on merge

I have a build and deploy GitHub action that runs when I update my GitHub pages repository. In addition I have one that updates the recipes using I store.
Most of the time it runs fine but occasionally I update from my phone (with Working Copy) and do a merge, then each action runs twice, all of them triggered by the same push. The recipe update action succeeds both times.
Yet when that happens one of the build and deploy actions fails with something like “! [remote rejected] master -> gh-pages (cannot lock ref 'refs/heads/gh-pages': is at 37c581108d857f9d9c8fe584103d78e4473d280b but expected ceaf2249cc2f7864f0269e64d372fc40ce0b06e0)”
It doesn’t break anything but I’m not sure why it happens and I’d like to fix it.
Build and deploy
on:
push:
branches:
- main
schedule:
- cron: '0 */2 * * *'
workflow_dispatch:
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Checkout Code
uses: actions/checkout#v2
with:
persist-credentials: false
- name: Setup Python Environment
uses: actions/setup-python#v2
with:
python-version: 3.8
- name: Install Requirements
run: pip install -r requirements.txt
- name: Execute Python script
run: |
python3 -m papexp
env:
EMAIL: ${{ secrets.EMAIL }}
PASSWORD: ${{ secrets.PASSWORD }}
- name: setup git config
run: |
git config --local user.name ${{ secrets.USERNAME_GITHUB }}
git config --local user.email ${{ secrets.EMAIL }}
git pull --ff-only origin main
git add images/recipes/*
git add .
git commit -am "Update recipes" || echo "Nothing to update"
- name: Push changes
uses: ad-m/github-push-action#master
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
branch: ${{ github.ref }}

I don't think the action is running twice because of a single push, and I don't think it's related to whether you update from your mobile or not.
Your action runs when you push to main, but it also runs every 2 hours. So sometimes you're going to get conflicts, when the action triggered by a push runs at the same time as a scheduled action.
If you need the action to run in both situations (triggered and scheduled), and if the occasional collisions aren't causing you problems, I'd just put up with it TBH. Trying to implement some kind of locking mechanism to avoid collisions is probably more effort than it's worth.

GitHub Action - Unable to add "if" condition in steps

I'm using composite GitHub actions, where I want to check the current branch name in composite action's some steps and make the decision on that condition.
e.g.
name: main
on:
push:
repository_dispatch:
types:
- manual-trigger
jobs:
build:
runs-on: windows-latest
steps:
- name: Checkout project
uses: actions/checkout#v2
- name: Fetch full project
run: git fetch --prune --unshallow
- name: Restore packages
run: nuget restore -ConfigFile "../Build/Nuget.config"
working-directory: Projects
env:
# ARTIFACTORY_PASSWORD is read by the nuget.config credentials section
ARTIFACTORY_PASSWORD: ${{ secrets.ARTIFACTORY_PASSWORD }}
- name: Composite Action - To build solution and execute SonarScanner
uses: ./Build/build-and-sonarscanner-execution
Where in Composite action - I do have a check that Sonar-Scanner should execute only for develop branch, else only project build will gets execute.
name: build-and-sonarscanner-execution
description: "Build the solution using msbuild and SonarScanner execution"
inputs:
# Set of parameters
runs:
using: "composite"
steps:
- name: Restore packages
run: nuget restore -ConfigFile "../Build/Nuget.config"
working-directory: ${{ inputs.solution-directory }}
env:
# ARTIFACTORY_PASSWORD is read by the nuget.config credentials section
ARTIFACTORY_PASSWORD: ${{ inputs.artifactory-password }}
shell: pwsh
- name: Install dotnet-sonarscanner package
if: {{ github.ref == 'ref/head/develop' }} This is the line where it is throwing syntax error as 'if' is not allowed under steps
run: dotnet tool install --global dotnet-sonarscanner --version 4.10.0
shell: pwsh
Here and here are the references I have looked for before applying this if condition here. And that works totally fine if I apply that main.yml, but in composite action yaml file that's not working.
Can someone please share that what am I missing in here?

The above syntax if: ${{ ... }} should be fine but it seems that the composite actions do not support conditions yet: https://github.com/actions/runner/blob/main/docs/adrs/0549-composite-run-steps.md
The workaround that Benjamin proposed is working for me:
run: |
if [[ "${{inputs.myVar}}" != "" ]]; then
aws ...
fi
exit 0
shell: bash

Try the below syntax:
if: ${{ github.ref == 'refs/heads/xxxx' }}