From 9d1d925179d84efb404ff51364f9084f90b9b44c Mon Sep 17 00:00:00 2001 From: Dominik Roth Date: Sun, 29 Oct 2023 17:21:13 +0100 Subject: [PATCH] Require tagged commits to be on master for package to be published --- .github/workflows/publish-to-pypi.yml | 14 ++++++++++++++ .github/workflows/publish-to-test-pypi.yml | 14 ++++++++++++++ 2 files changed, 28 insertions(+) diff --git a/.github/workflows/publish-to-pypi.yml b/.github/workflows/publish-to-pypi.yml index f9ac5bfe..7d15b3da 100644 --- a/.github/workflows/publish-to-pypi.yml +++ b/.github/workflows/publish-to-pypi.yml @@ -14,6 +14,20 @@ jobs: steps: - name: Check out code uses: actions/checkout@v4 + with: + fetch-depth: 0 # This fetches all history for all branches and tags + + - name: Verify tag is on master branch + run: | + TAG_SHA=$(git rev-parse ${{ github.ref }}) + MASTER_SHA=$(git rev-parse refs/heads/master) + + if [ "$TAG_SHA" == "$MASTER_SHA" ]; then + echo "Tag is on the master branch. Proceeding with the workflow." + else + echo "Tag is not on the master branch. Cancelling the workflow." + exit 1 + fi - name: Set up Python uses: actions/setup-python@v4 diff --git a/.github/workflows/publish-to-test-pypi.yml b/.github/workflows/publish-to-test-pypi.yml index df88021a..54d8dfa9 100644 --- a/.github/workflows/publish-to-test-pypi.yml +++ b/.github/workflows/publish-to-test-pypi.yml @@ -14,6 +14,20 @@ jobs: steps: - name: Check out code uses: actions/checkout@v4 + with: + fetch-depth: 0 # This fetches all history for all branches and tags + + - name: Verify tag is on master branch + run: | + TAG_SHA=$(git rev-parse ${{ github.ref }}) + MASTER_SHA=$(git rev-parse refs/heads/master) + + if [ "$TAG_SHA" == "$MASTER_SHA" ]; then + echo "Tag is on the master branch. Proceeding with the workflow." + else + echo "Tag is not on the master branch. Cancelling the workflow." + exit 1 + fi - name: Set up Python uses: actions/setup-python@v4