Release command ends up silently creating wrong tag when tag was pushed to a wrong remote
Xerkus opened this issue · 0 comments
Xerkus commented
Release command can push tag to a wrong remote and then proceed to create a release.
Since in that case tag will not be present in the release repository, github will silently create annotated tag.
Since release target is specified in <org>/<repo>
format, it was a surprise that it used default origin
remote.
Github tags page shows Verified
signature status of the commit pointed by the tag with proper key id so it is very hard to notice something went wrong.
Suggested solution:
- Convenience check if remote url matches default github/gitlab pattern for git or https urls. If it is, verify it matches specified org and repository. Fail early.
- Proper: Use api to verify tag ref is present in release repository before api call to create a release is made. Bonus points for checks whether
object
obtained from tag ref is of typetag
(as opposed to annotated tag, which will have object of typecommit
i believe)
Usage that led to the issue occurence:
I am using hub
, a cli wrapper around git for interacting with github.
In the github/hub flow origin
points to a fork and upstream
to original repository:
[zend-tag (master)]$ git remote -v
origin git@github.com:Xerkus/zend-tag.git (fetch)
origin git@github.com:Xerkus/zend-tag.git (push)
upstream git@github.com:zendframework/zend-tag.git (fetch)
upstream git@github.com:zendframework/zend-tag.git (push)
Terminal history leading to the problem:
[zend-tag (master +)]$ git commit -m "2.7.1 readiness"
[master a9f92a0] 2.7.1 readiness
1 file changed, 1 insertion(+), 1 deletion(-)
[zend-tag (master)]$ keep-a-changelog tag -a release-2.7.1 2.7.1
Created tag "2.7.1" for package "zend-tag" using the following notes:
Added
-----
- [#22](https://github.com/zendframework/zend-tag/pull/22) adds support for PHP 7.3.
Changed
-------
- Nothing.
Deprecated
----------
- Nothing.
Removed
-------
- Nothing.
Fixed
-----
- Nothing.
[zend-tag (master)]$ keep-a-changelog release zendframework/zend-tag 2.7.1 -a release-2.7.1
Preparing changelog for release
Pushing tag 2.7.1 to origin
Enumerating objects: 14, done.
Counting objects: 100% (14/14), done.
Delta compression using up to 8 threads
Compressing objects: 100% (11/11), done.
Writing objects: 100% (11/11), 3.29 KiB | 3.29 MiB/s, done.
Total 11 (delta 6), reused 0 (delta 0)
remote: Resolving deltas: 100% (6/6), completed with 3 local objects.
To github.com:Xerkus/zend-tag.git
* [new tag] release-2.7.1 -> release-2.7.1
Creating release "zend-tag 2.7.1" <<<<-------- github silently creates annotated tag
Created https://github.com/zendframework/zend-tag/releases/tag/release-2.7.1