Skip to content

Commit 236d09c

Browse files
committed
feat: enhance publish workflow to securely push split branches and tags
1 parent 6c46529 commit 236d09c

File tree

1 file changed

+6
-5
lines changed

1 file changed

+6
-5
lines changed

.github/workflows/publish.yml

Lines changed: 6 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -119,17 +119,18 @@ jobs:
119119
echo "Split SHA: ${SHA}"
120120
121121
- name: Push to ${{ matrix.target }}
122+
env:
123+
SPLIT_TOKEN: ${{ secrets.SPLIT_TOKEN }}
122124
run: |
123125
TAG="${{ needs.prepare.outputs.tag }}"
124126
SHA="${{ steps.split.outputs.sha }}"
125-
TARGET="https://x-access-token:${{ secrets.SPLIT_TOKEN }}@github.com/${{ matrix.target }}.git"
127+
TARGET="https://x-access-token:${SPLIT_TOKEN}@github.com/${{ matrix.target }}.git"
126128
127-
# Create a temporary branch from the split SHA
129+
# Push split branch to main
128130
git push "${TARGET}" "${SHA}:refs/heads/main" --force
129131
130-
# Create the tag on the split repo
131-
git tag -f "${TAG}" "${SHA}"
132-
git push "${TARGET}" "refs/tags/${TAG}" --force
132+
# Push the tag (using git's low-level update-ref to avoid local tag issues)
133+
git push "${TARGET}" "${SHA}:refs/tags/${TAG}" --force
133134
134135
echo "Pushed ${{ matrix.package }} -> ${{ matrix.target }} @ ${TAG}"
135136

0 commit comments

Comments
 (0)