From 0b7478ec755e1e86d7be9a1d9f70d169e74acf2c Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 7 Oct 2025 12:55:21 +0000 Subject: [PATCH 1/2] Initial plan From 4376cd1311683562e117f740e561ce22f4ffb909 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 7 Oct 2025 13:00:42 +0000 Subject: [PATCH 2/2] Fix release workflow to verify tag is on main branch - Add verification step to check tag is on main before publishing - Update release documentation to use PR-based workflow - Modify release task to guide users through PR process - Ensures releases only happen after PR merge to protected main branch Co-authored-by: gonzalocasas <933277+gonzalocasas@users.noreply.github.com> --- .github/workflows/release.yml | 16 ++++++++++++++++ README.rst | 14 ++++++++++++-- tasks.py | 13 ++++++++----- 3 files changed, 36 insertions(+), 7 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index dc06875..b37cb27 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -11,6 +11,22 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v5 + with: + fetch-depth: 0 + - name: Verify tag is on main branch + run: | + # Get the commit SHA that the tag points to + TAG_COMMIT=$(git rev-list -n 1 ${{ github.ref }}) + echo "Tag commit: $TAG_COMMIT" + + # Check if this commit is on the main branch + if ! git branch -r --contains $TAG_COMMIT | grep -q 'origin/main'; then + echo "Error: Tag ${{ github.ref_name }} is not on the main branch" + echo "Releases can only be created from the main branch" + exit 1 + fi + + echo "Tag is on main branch, proceeding with release" - name: Set up Python 3.12 uses: actions/setup-python@v5 with: diff --git a/README.rst b/README.rst index 017656f..edb3122 100644 --- a/README.rst +++ b/README.rst @@ -131,13 +131,23 @@ Ready to release a new version **roslibpy**? Here's how to do it: * ``major``: backwards-incompatible changes. * Update the ``CHANGELOG.rst`` with all novelty! -* Ready? Release everything in one command: +* Create a release branch and prepare the release: :: + git checkout -b release-x.y.z invoke release [patch|minor|major] -* Profit! +* This will run tests, bump the version, create a git tag, and commit changes. +* Push the release branch and tag, then create a Pull Request to ``main``: + +:: + + git push origin release-x.y.z + git push origin --tags + +* Once the PR is reviewed and merged into ``main``, the release workflow will automatically publish to PyPI. +* The workflow verifies the tag is on the ``main`` branch before publishing, preventing accidental releases from feature branches. Credits diff --git a/tasks.py b/tasks.py index a3823ce..4a321b7 100644 --- a/tasks.py +++ b/tasks.py @@ -179,11 +179,14 @@ def release(ctx, release_type): # Clean up local artifacts clean(ctx) - # Upload to pypi - if confirm('Everything is ready. You are about to push to git which will trigger a release to pypi.org. Are you sure? [y/N]'): - ctx.run('git push --tags && git push') - else: - raise Exit('You need to manually revert the tag/commits created.') + log.write('Release preparation complete!') + log.write('Next steps:') + log.write(' 1. Push your release branch: git push origin ') + log.write(' 2. Push the tag: git push origin --tags') + log.write(' 3. Create a Pull Request to main') + log.write(' 4. Once merged, the release will be automatically published to PyPI') + log.write('') + log.write('The release workflow will verify the tag is on main before publishing.') @contextlib.contextmanager