Skip to content

feat(workflow): auto-fetch GitHub release description when manual trigger without description #179

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
mkdir700 merged 1 commit into from
Sep 16, 2025
Merged

feat(workflow): auto-fetch GitHub release description when manual trigger without description #179

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
44 changes: 36 additions & 8 deletions .github/workflows/sync-release-to-gitcode.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ name: Sync Release to GitCode

on:
release:
types: [published, edited]
types: [published, prereleased, edited]
workflow_dispatch:
Comment on lines 3 to 6
Copy link
Contributor

@coderabbitai coderabbitai bot Sep 16, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Verification agent

🧩 Analysis chain

Set minimal token permissions for safety.

Explicitly declare permissions so the workflow has only what it needs to read release data.

Apply this snippet at workflow top-level:

 on:
   release:
     types: [published, prereleased, edited]
   workflow_dispatch:
     inputs:
       ...
+permissions:
+  contents: read

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "== list workflows =="
ls -la .github/workflows || true

echo
echo "== show .github/workflows/sync-release-to-gitcode.yml =="
if [ -f .github/workflows/sync-release-to-gitcode.yml ]; then
  sed -n '1,240p' .github/workflows/sync-release-to-gitcode.yml
else
  echo "File not found: .github/workflows/sync-release-to-gitcode.yml"
fi

echo
echo "== search for any 'permissions:' entries in workflows =="
rg -n "^\s*permissions:" .github/workflows || true

echo
echo "== show first 80 lines of any workflow that mentions 'release' trigger =="
rg -n --hidden --no-ignore -S "on:\s*(release|workflow_dispatch)" .github/workflows -g '!.git' -C0 || true

Length of output: 10889

Add minimal workflow token permissions — set permissions: contents: read.

This workflow uses the GITHUB_TOKEN to read releases and download release assets; restrict the token to read-only repository contents. (docs.github.com)

 on:
   release:
     types: [published, prereleased, edited]
   workflow_dispatch:
     inputs:
       ...
+permissions:
+  contents: read
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
on:
release:
types: [published, edited]
types: [published, prereleased, edited]
workflow_dispatch:
on:
release:
types: [published, prereleased, edited]
workflow_dispatch:
permissions:
contents: read
🧰 Tools
🪛 YAMLlint (1.37.1)

[warning] 3-3: truthy value should be one of [false, true]

(truthy)

🤖 Prompt for AI Agents 
.github/workflows/sync-release-to-gitcode.yml around lines 3 to 6: the workflow
currently lacks explicit token permissions; add a top-level permissions block
setting contents: read to restrict GITHUB_TOKEN to read-only access. Insert a
permissions: section directly under the workflow triggers (on:) with
permissions: contents: read so the workflow can read releases/assets but cannot
perform write actions.

inputs:
tag_name:
Expand Down Expand Up @@ -61,9 +61,37 @@ jobs:
echo "🔧 Manual trigger detected, using workflow inputs"
echo "tag_name=${{ github.event.inputs.tag_name }}" >> $GITHUB_OUTPUT
echo "release_name=${{ github.event.inputs.release_name || github.event.inputs.tag_name }}" >> $GITHUB_OUTPUT
echo "release_body<<EOF" >> $GITHUB_OUTPUT
echo "${{ github.event.inputs.release_body || 'Test release created via manual trigger' }}" >> $GITHUB_OUTPUT
echo "EOF" >> $GITHUB_OUTPUT

# Handle release body - fetch from GitHub if not provided
if [ -z "${{ github.event.inputs.release_body }}" ]; then
echo "📄 No release description provided, fetching from GitHub API..."

release_response=$(curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \
"https://api.github.com/repos/${{ github.repository }}/releases/tags/${{ github.event.inputs.tag_name }}")

if [ "$(echo "$release_response" | jq -r '.message // empty')" = "Not Found" ]; then
echo "⚠️ Release not found for tag: ${{ github.event.inputs.tag_name }}, using default description"
github_release_body="Release created via manual trigger for tag ${{ github.event.inputs.tag_name }}"
else
github_release_body=$(echo "$release_response" | jq -r '.body // empty')
if [ -z "$github_release_body" ] || [ "$github_release_body" = "null" ]; then
echo "⚠️ No description found in GitHub release, using default description"
github_release_body="Release created via manual trigger for tag ${{ github.event.inputs.tag_name }}"
else
echo "✅ Successfully fetched release description from GitHub"
fi
fi
Comment on lines +66 to +83
Copy link
Contributor

@coderabbitai coderabbitai bot Sep 16, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧹 Nitpick (assertive)

⚠️ Potential issue

Fetch logic should check HTTP status and handle API errors/rate limits.

Relying on .message == "Not Found" is brittle; the API can return other errors (403, 500) and rate limiting. Parse the HTTP code and branch accordingly.

Apply this diff to harden the fetch:

-              release_response=$(curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \
-                "https://api.github.com/repos/${{ github.repository }}/releases/tags/${{ github.event.inputs.tag_name }}")
-              
-              if [ "$(echo "$release_response" | jq -r '.message // empty')" = "Not Found" ]; then
+              response=$(curl -sS -w "%{http_code}" \
+                -H "Accept: application/vnd.github+json" \
+                -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
+                "https://api.github.com/repos/${{ github.repository }}/releases/tags/${{ github.event.inputs.tag_name }}")
+              http_code="${response: -3}"
+              body="${response%???}"
+
+              if [ "$http_code" = "404" ]; then
                 echo "⚠️ Release not found for tag: ${{ github.event.inputs.tag_name }}, using default description"
                 github_release_body="Release created via manual trigger for tag ${{ github.event.inputs.tag_name }}"
-              else
-                github_release_body=$(echo "$release_response" | jq -r '.body // empty')
-                if [ -z "$github_release_body" ] || [ "$github_release_body" = "null" ]; then
+              elif [ "$http_code" = "200" ]; then
+                github_release_body=$(printf '%s' "$body" | jq -r '.body // empty')
+                if [ -z "$github_release_body" ]; then
                   echo "⚠️ No description found in GitHub release, using default description"
                   github_release_body="Release created via manual trigger for tag ${{ github.event.inputs.tag_name }}"
                 else
                   echo "✅ Successfully fetched release description from GitHub"
                 fi
+              else
+                echo "⚠️ GitHub API error (HTTP $http_code). Falling back to default description."
+                github_release_body="Release created via manual trigger for tag ${{ github.event.inputs.tag_name }}"
               fi

Optional but recommended at the top of this run block: set -Eeuo pipefail to fail fast on errors.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
if [ -z "${{ github.event.inputs.release_body }}" ]; then
echo "📄 No release description provided, fetching from GitHub API..."
release_response=$(curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \
"https://api.github.com/repos/${{ github.repository }}/releases/tags/${{ github.event.inputs.tag_name }}")
if [ "$(echo "$release_response" | jq -r '.message // empty')" = "Not Found" ]; then
echo "⚠️ Release not found for tag: ${{ github.event.inputs.tag_name }}, using default description"
github_release_body="Release created via manual trigger for tag ${{ github.event.inputs.tag_name }}"
else
github_release_body=$(echo "$release_response" | jq -r '.body // empty')
if [ -z "$github_release_body" ] || [ "$github_release_body" = "null" ]; then
echo "⚠️ No description found in GitHub release, using default description"
github_release_body="Release created via manual trigger for tag ${{ github.event.inputs.tag_name }}"
else
echo "✅ Successfully fetched release description from GitHub"
fi
fi
if [ -z "${{ github.event.inputs.release_body }}" ]; then
echo "📄 No release description provided, fetching from GitHub API..."
response=$(curl -sS -w "%{http_code}" \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
"https://api.github.com/repos/${{ github.repository }}/releases/tags/${{ github.event.inputs.tag_name }}")
http_code="${response: -3}"
body="${response%???}"
if [ "$http_code" = "404" ]; then
echo "⚠️ Release not found for tag: ${{ github.event.inputs.tag_name }}, using default description"
github_release_body="Release created via manual trigger for tag ${{ github.event.inputs.tag_name }}"
elif [ "$http_code" = "200" ]; then
github_release_body=$(printf '%s' "$body" | jq -r '.body // empty')
if [ -z "$github_release_body" ]; then
echo "⚠️ No description found in GitHub release, using default description"
github_release_body="Release created via manual trigger for tag ${{ github.event.inputs.tag_name }}"
else
echo "✅ Successfully fetched release description from GitHub"
fi
else
echo "⚠️ GitHub API error (HTTP $http_code). Falling back to default description."
github_release_body="Release created via manual trigger for tag ${{ github.event.inputs.tag_name }}"
fi


echo "release_body<<EOF" >> $GITHUB_OUTPUT
echo "$github_release_body" >> $GITHUB_OUTPUT
echo "EOF" >> $GITHUB_OUTPUT
else
echo "📝 Using provided release description"
echo "release_body<<EOF" >> $GITHUB_OUTPUT
echo "${{ github.event.inputs.release_body }}" >> $GITHUB_OUTPUT
echo "EOF" >> $GITHUB_OUTPUT
fi

echo "prerelease=${{ github.event.inputs.prerelease }}" >> $GITHUB_OUTPUT
echo "draft=${{ github.event.inputs.draft }}" >> $GITHUB_OUTPUT
echo "test_mode=${{ github.event.inputs.test_mode }}" >> $GITHUB_OUTPUT
Expand Down Expand Up @@ -368,13 +396,13 @@ jobs:
echo "✅ Test mode: Would upload all assets successfully to GitCode"
else
echo "📦 Uploading assets to GitCode release using JavaScript uploader..."

# Make upload script executable
chmod +x ./scripts/upload-assets.js

# Convert comma-separated asset files to array for JavaScript uploader
IFS=',' read -ra ASSET_FILES <<< "${{ steps.download-assets.outputs.asset_files }}"

# Upload assets using the JavaScript uploader
node ./scripts/upload-assets.js \
--token "${{ secrets.GITCODE_ACCESS_TOKEN }}" \
Expand All @@ -384,7 +412,7 @@ jobs:
--concurrency 3 \
--retry 3 \
"${ASSET_FILES[@]}"

upload_exit_code=$?
if [ $upload_exit_code -eq 0 ]; then
echo "✅ All assets uploaded successfully to GitCode"
Expand Down
Loading