|
46 | 46 | REPO: ${{ github.repository }} |
47 | 47 | run: | |
48 | 48 | if [ "$EVENT_NAME" = "workflow_run" ]; then |
49 | | - VERSION="${RUN_HEAD_BRANCH#v}" |
| 49 | + # Expect RUN_HEAD_BRANCH to be a tag like "v1.2.3" |
| 50 | + if printf '%s\n' "$RUN_HEAD_BRANCH" | grep -Eq '^v[0-9]+\.[0-9]+\.[0-9]+([0-9A-Za-z.+-]*)?$'; then |
| 51 | + VERSION="${RUN_HEAD_BRANCH#v}" |
| 52 | + else |
| 53 | + echo "Error: workflow_run triggered from non-tag ref '$RUN_HEAD_BRANCH'. Expected a tag like 'v1.2.3'." >&2 |
| 54 | + exit 1 |
| 55 | + fi |
50 | 56 | else |
51 | | - VERSION="$INPUT_VERSION" |
| 57 | + # Normalize INPUT_VERSION by stripping optional leading "v" |
| 58 | + RAW_VERSION="${INPUT_VERSION#v}" |
| 59 | + if ! printf '%s\n' "$RAW_VERSION" | grep -Eq '^[0-9]+\.[0-9]+\.[0-9]+([0-9A-Za-z.+-]*)?$'; then |
| 60 | + echo "Error: Provided version '$INPUT_VERSION' is not a valid semantic version (e.g., 1.2.3)." >&2 |
| 61 | + exit 1 |
| 62 | + fi |
| 63 | + VERSION="$RAW_VERSION" |
52 | 64 | fi |
53 | 65 | echo "version=$VERSION" >> "$GITHUB_OUTPUT" |
54 | 66 |
|
@@ -81,11 +93,11 @@ jobs: |
81 | 93 | SRC_SHA=$(curl -sL "$SRC_URL" \ |
82 | 94 | | shasum -a 256 | awk '{print $1}') |
83 | 95 |
|
84 | | - # Verify all SHAs are unique (identical = failed downloads) |
85 | | - SHAS="$ARM64_SHA $AMD64_SHA $LINUX_SHA" |
86 | | - UNIQUE=$(echo "$SHAS" | tr ' ' '\n' | sort -u | wc -l) |
87 | | - if [ "$UNIQUE" -lt 3 ]; then |
88 | | - echo "::error::SHA mismatch: binary SHAs are not unique." |
| 96 | + # Verify all asset SHAs are unique (identical = failed downloads) |
| 97 | + SHAS="$ARM64_SHA $AMD64_SHA $LINUX_SHA $COMP_SHA $MAN_SHA $SRC_SHA" |
| 98 | + UNIQUE=$(echo "$SHAS" | tr ' ' '\n' | sort -u | grep -c .) |
| 99 | + if [ "$UNIQUE" -lt 6 ]; then |
| 100 | + echo "::error::SHA mismatch: asset SHAs are not unique." |
89 | 101 | echo " Assets may not have been uploaded yet." |
90 | 102 | exit 1 |
91 | 103 | fi |
|
0 commit comments