From c18277f8544448b9d4aecafe8fae59c8f045e340 Mon Sep 17 00:00:00 2001 From: Tim Hsiung Date: Sat, 9 May 2026 20:11:00 +0800 Subject: [PATCH 1/2] ci(pythonpublish): add workflow_dispatch trigger for republishing tags The publish workflow only fires on tag push. When a publish run fails and is older than 30 days, GitHub no longer allows re-running it -- the tag has to be republished some other way. Adding a `workflow_dispatch` trigger with a `ref` input lets maintainers re-publish a specific tag from the Actions UI without recreating the tag (which would also affect downstream automation). Once this lands, a maintainer can republish `v4.11.1` (#1790) by triggering the workflow with `ref = v4.11.1`. Closes #1790 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- .github/workflows/pythonpublish.yml | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/.github/workflows/pythonpublish.yml b/.github/workflows/pythonpublish.yml index b22b854da..1890232f5 100644 --- a/.github/workflows/pythonpublish.yml +++ b/.github/workflows/pythonpublish.yml @@ -5,6 +5,15 @@ on: push: tags: - "v*" + # Manual trigger for republishing a specific tag if the original push-on-tag + # run failed and is now too old to be re-run via the GitHub UI (#1790). + # ``ref`` should be a tag name like ``v4.11.1``. + workflow_dispatch: + inputs: + ref: + description: "Tag to republish (e.g., v4.11.1)" + required: true + type: string jobs: deploy: @@ -17,7 +26,7 @@ jobs: - uses: actions/checkout@v6 with: fetch-depth: 0 - ref: ${{ github.ref_name }} + ref: ${{ inputs.ref || github.ref_name }} - name: Set up Python uses: astral-sh/setup-uv@v7 - name: Build From b07aa91719c7094598a09a4e08b1e02e4b756af1 Mon Sep 17 00:00:00 2001 From: Tim Hsiung <26526132+bearomorphism@users.noreply.github.com> Date: Sat, 9 May 2026 22:26:00 +0800 Subject: [PATCH 2/2] fix(ci): use github.event.inputs context and require tag ref for dispatch * switch ${{ inputs.ref ... }} to ${{ github.event.inputs.ref ... }} so the expression evaluates safely on push events too (avoids 'Unrecognized named-value: inputs' error) * add a pre-checkout validation step on workflow_dispatch that fails fast if the supplied ref isn't an existing remote tag, so a branch name can't accidentally publish * checkout via refs/tags/ on dispatch as additional defence in depth Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- .github/workflows/pythonpublish.yml | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/.github/workflows/pythonpublish.yml b/.github/workflows/pythonpublish.yml index 1890232f5..238bc4db4 100644 --- a/.github/workflows/pythonpublish.yml +++ b/.github/workflows/pythonpublish.yml @@ -23,10 +23,19 @@ jobs: id-token: write contents: read steps: + - name: Validate dispatch ref is a tag + if: github.event_name == 'workflow_dispatch' + env: + TAG: ${{ github.event.inputs.ref }} + run: | + if ! git ls-remote --tags "https://github.com/${GITHUB_REPOSITORY}" "refs/tags/${TAG}" | grep -q .; then + echo "::error::Dispatch ref '${TAG}' is not an existing tag" + exit 1 + fi - uses: actions/checkout@v6 with: fetch-depth: 0 - ref: ${{ inputs.ref || github.ref_name }} + ref: ${{ github.event_name == 'workflow_dispatch' && format('refs/tags/{0}', github.event.inputs.ref) || github.ref }} - name: Set up Python uses: astral-sh/setup-uv@v7 - name: Build