fix: address PR review comments

dustinbyrne · dustinbyrne · commit 17859a6fdf97 · 2026-04-01T16:44:42.000-04:00
- Rename TMPDIR → TMPWORKDIR to avoid shadowing POSIX reserved env var - Fix notify-released condition to also accept 'skipped' upload-s3 result - Pin check-package-version to @v2 (floating major tag) - Use fetch-depth: 1 (full history not needed) - Add jq validation of versions.json before uploading to S3
diff --git a/.github/scripts/upload-posthog-js-s3.sh b/.github/scripts/upload-posthog-js-s3.sh
@@ -36,27 +36,39 @@ aws s3 cp "$DIST_DIR/" "s3://$BUCKET/$VERSION/" \
     --content-type "application/javascript"
 
 echo "==> Updating versions.json in s3://$BUCKET/"
-TMPDIR="$(mktemp -d)"
-trap 'rm -rf "$TMPDIR"' EXIT
+TMPWORKDIR="$(mktemp -d)"
+trap 'rm -rf "$TMPWORKDIR"' EXIT
 
 # Distinguish "file doesn't exist" from real errors (auth, network).
 # A blind fallback to '[]' on any error would silently drop all previous versions.
-if aws s3 cp "s3://$BUCKET/versions.json" "$TMPDIR/versions.json"; then
+if aws s3 cp "s3://$BUCKET/versions.json" "$TMPWORKDIR/versions.json"; then
     echo "Downloaded existing versions.json"
 elif aws s3api head-object --bucket "$BUCKET" --key "versions.json" 2>/dev/null; then
     echo "ERROR: versions.json exists but could not be downloaded" >&2
     exit 1
 else
     echo "No existing versions.json found, starting fresh"
-    echo '[]' > "$TMPDIR/versions.json"
+    echo '[]' > "$TMPWORKDIR/versions.json"
 fi
 
-if jq -e --arg v "$VERSION" '.[] | select(.version == $v)' "$TMPDIR/versions.json" > /dev/null 2>&1; then
+if jq -e --arg v "$VERSION" '.[] | select(.version == $v)' "$TMPWORKDIR/versions.json" > /dev/null 2>&1; then
     echo "Version $VERSION already in versions.json, skipping"
 else
     jq --arg v "$VERSION" --arg ts "$(date -u +%Y-%m-%dT%H:%M:%SZ)" \
-        '. + [{"version": $v, "timestamp": $ts}]' "$TMPDIR/versions.json" > "$TMPDIR/versions_updated.json"
-    aws s3 cp "$TMPDIR/versions_updated.json" "s3://$BUCKET/versions.json" \
+        '. + [{"version": $v, "timestamp": $ts}]' "$TMPWORKDIR/versions.json" > "$TMPWORKDIR/versions_updated.json"
+
+    # Validate the updated manifest before uploading: must be a non-empty JSON array
+    # where every entry has .version and .timestamp strings.
+    if ! jq -e 'if type != "array" then error
+        elif length == 0 then error
+        elif any(.[]; (.version | type) != "string" or (.timestamp | type) != "string") then error
+        else true end' "$TMPWORKDIR/versions_updated.json" > /dev/null 2>&1; then
+        echo "ERROR: versions_updated.json failed validation — aborting upload" >&2
+        cat "$TMPWORKDIR/versions_updated.json" >&2
+        exit 1
+    fi
+
+    aws s3 cp "$TMPWORKDIR/versions_updated.json" "s3://$BUCKET/versions.json" \
         --content-type "application/json"
     echo "Added v$VERSION to versions.json"
 fi
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -351,11 +351,11 @@ jobs:
               uses: actions/checkout@v6
               with:
                   ref: ${{ needs.version-bump.outputs.commit-hash }}
-                  fetch-depth: 0
+                  fetch-depth: 1
 
             - name: Check posthog-js version
               id: check-version
-              uses: PostHog/check-package-version@v2.1.0
+              uses: PostHog/check-package-version@v2
               with:
                   path: packages/browser
 
@@ -434,7 +434,7 @@ jobs:
         name: Notify Slack - Released
         needs: [notify-approval-needed, publish, upload-s3]
         runs-on: ubuntu-latest
-        if: always() && needs.publish.result == 'success' && needs.upload-s3.result == 'success' && needs.notify-approval-needed.outputs.slack_ts != ''
+        if: always() && needs.publish.result == 'success' && (needs.upload-s3.result == 'success' || needs.upload-s3.result == 'skipped') && needs.notify-approval-needed.outputs.slack_ts != ''
         steps:
             - name: Checkout repository
               uses: actions/checkout@v6
