workflow and verify assets updated by copilot

SFARPak · SFARPak · commit f9304c800690 · 2025-11-04T00:39:17.000+05:00
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -1,5 +1,3 @@
-# .github/workflows/release.yml
-
 # Need to write to repo contents to upload the app to GitHub Release
 # See: https://www.electronforge.io/config/publishers/github#authentication
 permissions:
@@ -30,9 +28,6 @@ jobs:
             { name: "macos", image: "macos-latest" },
           ]
     runs-on: ${{ matrix.os.image }}
-    # env:
-    # CSC_LINK: ${{ secrets.CSC_LINK }}
-    # CSC_KEY_PASSWORD: ${{ secrets.CSC_KEY_PASSWORD }}
     steps:
       - name: Github checkout
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
@@ -55,35 +50,6 @@ jobs:
         if: contains(matrix.os.name, 'macos')
       - run: npm rebuild @rollup/rollup-win32-x64-msvc || true
         if: contains(matrix.os.name, 'windows')
-      # - name: add macos cert
-      #   if: contains(matrix.os.name, 'macos') && secrets.MACOS_CERT_P12
-      #   env:
-      #     MACOS_CERT_P12: ${{ secrets.MACOS_CERT_P12 }}
-      #     MACOS_CERT_PASSWORD: ${{ secrets.MACOS_CERT_PASSWORD }}
-      #   run: chmod +x tools/add-macos-cert.sh && . ./tools/add-macos-cert.sh
-      # Windows only
-      # - name: Set up certificate
-      #   if: contains(matrix.os.name, 'windows')
-      #   run: |
-      #     echo "${{ secrets.SM_CLIENT_CERT_FILE_B64 }}" | base64 --decode > /d/Certificate_pkcs12.p12
-      #   shell: bash
-      # - name: Set variables
-      #   if: contains(matrix.os.name, 'windows')
-      #   id: variables
-      #   run: |
-      #     echo "SM_HOST=${{ secrets.SM_HOST }}" >> "$GITHUB_ENV"
-      #     echo "SM_API_KEY=${{ secrets.SM_API_KEY }}" >> "$GITHUB_ENV"
-      #     echo "SM_CLIENT_CERT_FILE=D:\\Certificate_pkcs12.p12" >> "$GITHUB_ENV"
-      #     echo "SM_CLIENT_CERT_PASSWORD=${{ secrets.SM_CLIENT_CERT_PASSWORD }}" >> "$GITHUB_ENV"
-      #   shell: bash
-      # - name: Code signing with Software Trust Manager
-      #   if: contains(matrix.os.name, 'windows')
-      #   uses: digicert/ssm-code-signing@v1.1.0
-      # - name: Sync certificate (Windows)
-      #   if: contains(matrix.os.name, 'windows')
-      #   run: |
-      #     smctl windows certsync --keypair-alias=${{ secrets.DIGICERT_KEYPAIR_ALIAS }}
-      #   shell: bash
       # Publish (all platforms)
       - name: Publish app
         env:
@@ -93,9 +59,51 @@ jobs:
           APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
           APPLE_ID: ${{ secrets.APPLE_ID }}
           APPLE_PASSWORD: ${{ secrets.APPLE_PASSWORD }}
-          # CSC_LINK: ${{ secrets.CSC_LINK }}
-          # CSC_KEY_PASSWORD: ${{ secrets.CSC_KEY_PASSWORD }}
-        run: npm run publish
+        run: |
+          set -e
+          echo "=== Running publish (npm run publish) ==="
+          npm run publish 2>&1 | sed -n '1,500p'
+        shell: bash
+
+      - name: Wait for GitHub to register release uploads
+        # Some publishers upload files asynchronously; wait and then list assets
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          set -e
+          VERSION=$(node -e "console.log(require('./package.json').version)")
+          TAG="v${VERSION}"
+          echo "Waiting for GitHub to register release ${TAG} assets..."
+          # Poll releases/tags endpoint for up to 90s (9 attempts)
+          attempts=0
+          max=9
+          sleep_interval=10
+          while [ $attempts -lt $max ]; do
+            echo "Attempt $((attempts+1))/${max}..."
+            # Use the tag endpoint to retrieve the release by tag
+            resp=$(curl -s -H "Authorization: token ${GITHUB_TOKEN}" -H "Accept: application/vnd.github.v3+json" "https://api.github.com/repos/${{ github.repository }}/releases/tags/${TAG}" || true)
+            if echo "$resp" | grep -q "\"message\": \"Not Found\""; then
+              echo "Release ${TAG} not found yet."
+            else
+              echo "Release found; printing release summary:"
+              echo "$resp" | jq -r '. | {name: .name, tag_name: .tag_name, draft: .draft, published_at: .published_at, html_url: .html_url, assets_count: .assets | length}'
+              echo "Assets list (name | size | url):"
+              echo "$resp" | jq -r '.assets[] | "\(.name) | \(.size) | \(.browser_download_url)"' || true
+              assets_count=$(echo "$resp" | jq '.assets | length')
+              if [ "$assets_count" -gt 0 ]; then
+                echo "Assets are present (count=$assets_count)"
+                break
+              else
+                echo "No assets yet; will retry."
+              fi
+            fi
+            attempts=$((attempts+1))
+            sleep $sleep_interval
+          done
+          if [ $attempts -eq $max ]; then
+            echo "Warning: Assets did not appear within the expected time. The verify job may fail."
+          fi
+        shell: bash
 
   verify-assets:
     name: Verify Release Assets
@@ -116,4 +124,7 @@ jobs:
       - name: Verify all release assets are uploaded
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: node scripts/verify-release-assets.js
+        run: |
+          echo "Running release asset verification..."
+          node scripts/verify-release-assets.js
+        shell: bash
diff --git a/scripts/verify-release-assets.js b/scripts/verify-release-assets.js
@@ -2,6 +2,7 @@
 
 const fs = require("fs");
 const path = require("path");
+const fetch = require("node-fetch");
 
 /**
  * Verifies that all expected binary assets are present in the GitHub release
@@ -11,6 +12,10 @@ async function verifyReleaseAssets() {
   try {
     // Read version from package.json
     const packagePath = path.join(__dirname, "..", "package.json");
+    if (!fs.existsSync(packagePath)) {
+      console.error("❌ package.json not found at", packagePath);
+      process.exit(1);
+    }
     const packageJson = JSON.parse(fs.readFileSync(packagePath, "utf8"));
     const version = packageJson.version;
 
@@ -28,10 +33,9 @@ async function verifyReleaseAssets() {
 
     const inGitHubActions = process.env.GITHUB_ACTIONS === "true";
 
-    // ✅ Skip token validation in GitHub Actions (since built-in token is limited)
     if (!inGitHubActions) {
       console.log("🔐 Checking GITHUB_TOKEN permissions...");
-
+      // Validate token by calling /user
       const userCheck = await fetch("https://api.github.com/user", {
         headers: {
           Authorization: `token ${token}`,
@@ -52,48 +56,40 @@ async function verifyReleaseAssets() {
       console.log(`✅ Authenticated as: ${userData.login}`);
     } else {
       console.log("🏃 Running inside GitHub Actions — no user authentication check needed");
+      // quick repo check to ensure token can access repo
+      const appCheck = await fetch(`https://api.github.com/repos/${owner}/${repo}`, {
+        headers: {
+          Authorization: `token ${token}`,
+          Accept: "application/vnd.github.v3+json",
+          "User-Agent": "alifullstack-release-verifier",
+        },
+      });
 
-      // Test API access by fetching org/user info
-      try {
-        const appCheck = await fetch(`https://api.github.com/repos/${owner}/${repo}`, {
-          headers: {
-            Authorization: `token ${token}`,
-            Accept: "application/vnd.github.v3+json",
-            "User-Agent": "alifullstack-release-verifier",
-          },
-        });
-
-        if (!appCheck.ok) {
-          const body = await appCheck.text();
-          console.error("❌ Token authentication failed!");
-          console.error(`Status: ${appCheck.status} ${appCheck.statusText}`);
-          console.error(`Response body: ${body}`);
-          process.exit(1);
-        }
-
-        const repoData = await appCheck.json();
-        console.log(`✅ Token authenticated for repository: ${repoData.full_name}`);
-      } catch (error) {
-        console.error("❌ Error testing token authentication:", error.message);
+      if (!appCheck.ok) {
+        const body = await appCheck.text();
+        console.error("❌ Token authentication failed on repo check!");
+        console.error(`Status: ${appCheck.status} ${appCheck.statusText}`);
+        console.error(`Response body: ${body}`);
         process.exit(1);
       }
+
+      const repoData = await appCheck.json();
+      console.log(`✅ Token authenticated for repository: ${repoData.full_name}`);
     }
 
-    // --- Fetch releases with retry logic ---
     const tagName = `v${version}`;
-    const maxRetries = 5;
+    const maxRetries = 8;
     const baseDelay = 10000; // 10 seconds
     let release = null;
     let lastError = null;
 
+    // Try to fetch the release by tag name. This avoids scanning the entire releases list.
     for (let attempt = 1; attempt <= maxRetries; attempt++) {
       try {
-        console.log(
-          `📡 Attempt ${attempt}/${maxRetries}: Fetching releases to find: ${tagName}`,
-        );
+        console.log(`📡 Attempt ${attempt}/${maxRetries}: Fetching release by tag: ${tagName}`);
 
-        const allReleasesUrl = `https://api.github.com/repos/${owner}/${repo}/releases`;
-        const response = await fetch(allReleasesUrl, {
+        const releaseUrl = `https://api.github.com/repos/${owner}/${repo}/releases/tags/${tagName}`;
+        const response = await fetch(releaseUrl, {
           headers: {
             Authorization: `token ${token}`,
             Accept: "application/vnd.github.v3+json",
@@ -102,29 +98,36 @@ async function verifyReleaseAssets() {
         });
 
         if (!response.ok) {
-          console.error(`❌ GitHub API error: ${response.status} ${response.statusText}`);
-          const errorBody = await response.text();
-          console.error(`Response Body: ${errorBody}`);
-          throw new Error(`GitHub API returned ${response.status}`);
-        }
-
-        const allReleases = await response.json();
-
-        const releaseExists = allReleases.some((r) => r.tag_name === tagName);
-        if (!releaseExists) {
-          console.warn(`⚠️ Release ${tagName} not found. Retrying...`);
+          const body = await response.text();
+          console.warn(`⚠️ GitHub API returned ${response.status} ${response.statusText}`);
+          console.warn("Response body:", body);
+          if (response.status === 404) {
+            console.warn(`⚠️ Release ${tagName} not found (404). Will retry.`);
+          } else {
+            console.warn("⚠️ Non-404 response; will retry after delay.");
+          }
           if (attempt < maxRetries) {
             const delay = baseDelay * attempt;
             console.log(`⏳ Waiting ${delay / 1000}s before retry...`);
             await new Promise((r) => setTimeout(r, delay));
+            continue;
+          } else {
+            throw new Error(`Failed to fetch release: ${response.status}`);
           }
-          continue;
         }
 
-        release = allReleases.find((r) => r.tag_name === tagName);
-        console.log(
-          `✅ Found release: ${release.tag_name} (${release.draft ? "DRAFT" : "PUBLISHED"})`,
-        );
+        release = await response.json();
+
+        console.log(`✅ Found release: ${release.tag_name} (${release.draft ? "DRAFT" : "PUBLISHED"})`);
+        // If release exists but has zero assets, wait and retry (registrations can be delayed)
+        const assets = release.assets || [];
+        console.log(`📦 Found ${assets.length} assets in release ${tagName}`);
+        if (assets.length === 0 && attempt < maxRetries) {
+          const delay = baseDelay * attempt;
+          console.log(`⚠️ No assets present yet. Waiting ${delay / 1000}s before retry...`);
+          await new Promise((r) => setTimeout(r, delay));
+          continue;
+        }
         break;
       } catch (err) {
         lastError = err;
@@ -147,6 +150,7 @@ async function verifyReleaseAssets() {
 
     console.log(`📦 Found ${assets.length} assets in release ${tagName}`);
     console.log(`📄 Release status: ${release.draft ? "DRAFT" : "PUBLISHED"}`);
+    console.log("");
 
     // --- Define expected assets ---
     const normalizeVersionForPlatform = (version, platform) => {
@@ -179,14 +183,27 @@ async function verifyReleaseAssets() {
 
     const actualAssets = assets.map((a) => a.name);
     console.log("📋 Actual assets:");
-    actualAssets.forEach((a) => console.log(`  - ${a}`));
+    if (actualAssets.length === 0) {
+      console.log("(none)");
+    } else {
+      actualAssets.forEach((a) => console.log(`  - ${a}`));
+    }
     console.log("");
 
     // --- Compare assets ---
     const missingAssets = expectedAssets.filter((a) => !actualAssets.includes(a));
     if (missingAssets.length > 0) {
       console.error("❌ VERIFICATION FAILED! Missing assets:");
       missingAssets.forEach((a) => console.error(`  - ${a}`));
+      console.error("");
+      // For debugging, emit the full release JSON to help identify naming differences
+      console.error("🔎 Full release JSON preview (first 2000 chars):");
+      try {
+        const releaseJson = JSON.stringify(release, null, 2);
+        console.error(releaseJson.substring(0, 2000));
+      } catch (_) {
+        // ignore
+      }
       process.exit(1);
     }
 
@@ -206,10 +223,10 @@ async function verifyReleaseAssets() {
     console.log(`  Published: ${release.published_at}`);
     console.log(`  URL: ${release.html_url}`);
   } catch (error) {
-    console.error("❌ Error verifying release assets:", error.message);
+    console.error("❌ Error verifying release assets:", error && error.message ? error.message : error);
     process.exit(1);
   }
 }
 
 // Run the verification
-verifyReleaseAssets();
+verifyReleaseAssets();
