From 6bcaebe6d3f8ccf2d10b64f60235f4fb796dff15 Mon Sep 17 00:00:00 2001 From: xscriptor Date: Sun, 26 Apr 2026 10:33:35 +0200 Subject: [PATCH] ci: retry release publish with GITHUB_TOKEN after app-token failure --- .github/workflows/release.yml | 32 +++++++++++++++++++------------- 1 file changed, 19 insertions(+), 13 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 21722b1..c19391f 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -225,20 +225,26 @@ jobs: GH_APP_TOKEN: ${{ steps.app_token.outputs.token }} GH_WORKFLOW_TOKEN: ${{ github.token }} run: | - SELECTED_TOKEN="${GH_APP_TOKEN}" - TOKEN_SOURCE="GitHub App" - if [ -z "${SELECTED_TOKEN}" ]; then - SELECTED_TOKEN="${GH_WORKFLOW_TOKEN}" - TOKEN_SOURCE="Workflow GITHUB_TOKEN" + publish_with_token() { + local token="$1" + GH_TOKEN="${token}" gh release view "${RELEASE_TAG}" --repo "${GH_REPO}" >/dev/null 2>&1 || \ + GH_TOKEN="${token}" gh release create "${RELEASE_TAG}" --repo "${GH_REPO}" --title "${RELEASE_TAG}" --generate-notes + GH_TOKEN="${token}" gh release upload "${RELEASE_TAG}" dist/* --repo "${GH_REPO}" --clobber + } + + # Prefer GitHub App token, but always fallback to workflow GITHUB_TOKEN if publish fails. + if [ -n "${GH_APP_TOKEN}" ]; then + echo "Publishing release using: GitHub App" + if publish_with_token "${GH_APP_TOKEN}"; then + exit 0 + fi + echo "GitHub App token failed to publish release. Retrying with workflow GITHUB_TOKEN..." fi - # If App token exists but has insufficient permissions (403), fallback to GITHUB_TOKEN. - if ! GH_TOKEN="${SELECTED_TOKEN}" gh api "repos/${GH_REPO}/releases?per_page=1" >/dev/null 2>&1; then - SELECTED_TOKEN="${GH_WORKFLOW_TOKEN}" - TOKEN_SOURCE="Workflow GITHUB_TOKEN (fallback)" + if [ -z "${GH_WORKFLOW_TOKEN}" ]; then + echo "Workflow GITHUB_TOKEN is empty. Cannot publish release." + exit 1 fi - echo "Publishing release using: ${TOKEN_SOURCE}" - GH_TOKEN="${SELECTED_TOKEN}" gh release view "${RELEASE_TAG}" --repo "${GH_REPO}" >/dev/null 2>&1 || \ - GH_TOKEN="${SELECTED_TOKEN}" gh release create "${RELEASE_TAG}" --repo "${GH_REPO}" --title "${RELEASE_TAG}" --generate-notes - GH_TOKEN="${SELECTED_TOKEN}" gh release upload "${RELEASE_TAG}" dist/* --repo "${GH_REPO}" --clobber + echo "Publishing release using: Workflow GITHUB_TOKEN" + publish_with_token "${GH_WORKFLOW_TOKEN}"