From 55a970cc1f01f1a150bb22abb279eeecbfdc3e07 Mon Sep 17 00:00:00 2001
From: Jordan Garrison <jordangarrison@users.noreply.github.com>
Date: Thu, 9 Oct 2025 16:32:53 -0500
Subject: [PATCH 1/2] fix: update release tags with corrected flake hash

Previously, when a release was published, the update-flake-hash workflow
would calculate the correct hash and update the main branch, but the
release tag would still point to a commit with the old/incorrect hash.

This caused hash mismatch errors when users tried to run:
  nix run github:TibixDev/winboat/v0.8.7

The workflow now force-updates the release tag to point to the commit
with the corrected hash, ensuring consistency between tags and the
actual release artifacts.

Fixes #164
---
 .github/workflows/update-flake-hash.yml | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/update-flake-hash.yml b/.github/workflows/update-flake-hash.yml
index 9e77ced..4cc073e 100644
--- a/.github/workflows/update-flake-hash.yml
+++ b/.github/workflows/update-flake-hash.yml
@@ -66,4 +66,12 @@ jobs:
 
             git add flake.nix || true
             git commit -m "chore: update flake.nix for version ${VERSION}" || echo "No changes to commit"
-            git push origin HEAD:main || echo "Push failed"
\ No newline at end of file
+            git push origin HEAD:main || echo "Push failed"
+            
+            # Also update the tag with the corrected flake hash
+            if [ "${{ github.event_name }}" = "release" ]; then
+              TAG="${{ github.event.release.tag_name }}"
+              echo "Updating tag ${TAG} with corrected flake hash"
+              git tag -f "${TAG}" HEAD
+              git push -f origin "${TAG}" || echo "Failed to update tag"
+            fi

From c91017dde67f9b71885d5bfa6b3a4c1cd99d3450 Mon Sep 17 00:00:00 2001
From: Jordan Garrison <jordangarrison@users.noreply.github.com>
Date: Thu, 9 Oct 2025 17:04:47 -0500
Subject: [PATCH 2/2] fix: use workflow_run to trigger flake hash update after
 release

The workflow was not triggering on release events because releases
created by GITHUB_TOKEN don't trigger other workflows. This is a known
GitHub Actions limitation to prevent infinite loops.

Changes:
- Replace 'release: published' trigger with 'workflow_run' that triggers
  after the 'Build WinBoat' workflow completes
- Only run on successful workflows triggered by tags
- Extract version from workflow_run.head_branch instead of release event
- Add retry loop with curl to verify release asset availability before
  attempting to fetch (replaces sleep with proper polling)
- Keep workflow_dispatch for manual triggering

This ensures the workflow runs automatically after each release and
can update both the flake.nix on main and force-update the release tag.

Fixes #164
Fixes #177
---
 .github/workflows/update-flake-hash.yml | 35 +++++++++++++++++++++----
 1 file changed, 30 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/update-flake-hash.yml b/.github/workflows/update-flake-hash.yml
index 4cc073e..2f8aa4c 100644
--- a/.github/workflows/update-flake-hash.yml
+++ b/.github/workflows/update-flake-hash.yml
@@ -1,8 +1,12 @@
 name: Update Flake Hash on Release
 
 on:
-  release:
-    types: [published]
+  workflow_run:
+    workflows: ["Build WinBoat"]
+    types:
+      - completed
+    branches:
+      - main
   workflow_dispatch:
     inputs:
       version:
@@ -12,6 +16,10 @@ on:
 jobs:
   update-hash:
     runs-on: ubuntu-latest
+    # Only run if the workflow succeeded and was triggered by a tag
+    if: |
+      github.event.workflow_run.conclusion == 'success' &&
+      startsWith(github.event.workflow_run.head_branch, 'refs/tags/')
     permissions:
       contents: write
       
@@ -35,16 +43,33 @@ jobs:
           script: |
             set -euo pipefail
 
-            if [ "${{ github.event_name }}" = "release" ]; then
-              VERSION="${{ github.event.release.tag_name }}"
+            if [ "${{ github.event_name }}" = "workflow_run" ]; then
+              # Extract version from the tag ref (refs/tags/v0.8.7 -> v0.8.7)
+              VERSION="${{ github.event.workflow_run.head_branch }}"
+              VERSION="${VERSION#refs/tags/}"
             else
-              VERSION="${{ github.event.inputs.version }}"
+              # Manual workflow_dispatch trigger
+              VERSION="${{ inputs.version }}"
             fi
 
             VERSION="${VERSION#v}"
 
             URL="https://github.com/TibixDev/winboat/releases/download/v${VERSION}/winboat-${VERSION}-x64.tar.gz"
 
+            echo "Checking if release asset is available..."
+            for i in {1..30}; do
+              if curl --head --fail "$URL" &>/dev/null; then
+                echo "✓ Release asset is available"
+                break
+              fi
+              if [ $i -eq 30 ]; then
+                echo "✗ Release asset not available after 5 minutes"
+                exit 1
+              fi
+              echo "Waiting for asset... (attempt $i/30)"
+              sleep 10
+            done
+            
             echo "Prefetching from: $URL"
             HASH=$(nix-prefetch-url "$URL")