Skip to content

fix: pass --repo to gh release upload in publish workflow#31

Merged
Navi Bot (project-navi-bot) merged 1 commit into
mainfrom
fix/release-assets-no-git
Apr 5, 2026
Merged

fix: pass --repo to gh release upload in publish workflow#31
Navi Bot (project-navi-bot) merged 1 commit into
mainfrom
fix/release-assets-no-git

Conversation

@Fieldnote-Echo
Copy link
Copy Markdown
Member

@Fieldnote-Echo Nelson Spence (Fieldnote-Echo) commented Apr 5, 2026

The release-assets job doesn't checkout the repo, so gh has no git context. Pass --repo via env var. Uses env var pattern per Actions security best practices.

Copilot AI review requested due to automatic review settings April 5, 2026 04:26
@codecov
Copy link
Copy Markdown

codecov Bot commented Apr 5, 2026

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

github-actions[bot]
github-actions Bot approved these changes Apr 5, 2026
View reviewed changes
Copy link
Copy Markdown

@github-actions github-actions Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Grippy approves — PASS (100/100)

@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 5, 2026

✅ Grippy Review — PASS

Score: 100/100 | Findings: 0

Commit: 357162e

@project-navi-bot Navi Bot (project-navi-bot) merged commit fb80e63 into main Apr 5, 2026
22 checks passed
Copilot AI reviewed Apr 5, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates the publish workflow so the release-assets job can upload artifacts with gh even without a checked-out git repository by explicitly providing the repository context.

Changes:

  • Add GH_REPO env var (github.repository) to the release upload step.
  • Pass --repo "$GH_REPO" to gh release upload to avoid relying on local git context.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread .github/workflows/publish.yml
TAG_NAME: ${{ github.ref_name }}
run: gh release upload "$TAG_NAME" dist/* sbom/* --clobber
GH_REPO: ${{ github.repository }}
run: gh release upload "$TAG_NAME" dist/* sbom/* --clobber --repo "$GH_REPO"
Copy link

Copilot AI Apr 5, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The run: command is escaping the double quotes (e.g., \"$TAG_NAME\"). In a YAML run: scalar this is unnecessary and makes the command harder to read/maintain; use normal shell quoting ("$TAG_NAME", "$GH_REPO") without the backslashes so the workflow file matches typical GitHub Actions conventions.

Copilot uses AI. Check for mistakes.
@project-navi-bot Navi Bot (project-navi-bot) deleted the fix/release-assets-no-git branch April 5, 2026 04:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@github-actions github-actions[bot] github-actions[bot] approved these changes

@project-navi-bot Navi Bot (project-navi-bot) project-navi-bot approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Fieldnote-Echo @project-navi-bot