Giters

phly / keep-a-changelog

Tools for manipulating CHANGELOG.md files in Keep A Changelog format, including tagging and releasing.

Home Page:https://phly.github.io/keep-a-changelog/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Release command ends up silently creating wrong tag when tag was pushed to a wrong remote

Xerkus opened this issue · comments

commented

Release command can push tag to a wrong remote and then proceed to create a release.
Since in that case tag will not be present in the release repository, github will silently create annotated tag.

Since release target is specified in <org>/<repo> format, it was a surprise that it used default origin remote.
Github tags page shows Verified signature status of the commit pointed by the tag with proper key id so it is very hard to notice something went wrong.

Suggested solution:

  • Convenience check if remote url matches default github/gitlab pattern for git or https urls. If it is, verify it matches specified org and repository. Fail early.
  • Proper: Use api to verify tag ref is present in release repository before api call to create a release is made. Bonus points for checks whether object obtained from tag ref is of type tag (as opposed to annotated tag, which will have object of type commit i believe)

Usage that led to the issue occurence:
I am using hub, a cli wrapper around git for interacting with github.
In the github/hub flow origin points to a fork and upstream to original repository:

[zend-tag (master)]$ git remote -v
origin	git@github.com:Xerkus/zend-tag.git (fetch)
origin	git@github.com:Xerkus/zend-tag.git (push)
upstream	git@github.com:zendframework/zend-tag.git (fetch)
upstream	git@github.com:zendframework/zend-tag.git (push)

Terminal history leading to the problem:

[zend-tag (master +)]$ git commit -m "2.7.1 readiness"
[master a9f92a0] 2.7.1 readiness
 1 file changed, 1 insertion(+), 1 deletion(-)
[zend-tag (master)]$ keep-a-changelog tag -a release-2.7.1 2.7.1
Created tag "2.7.1" for package "zend-tag" using the following notes:
Added
-----

- [#22](https://github.com/zendframework/zend-tag/pull/22) adds support for PHP 7.3.

Changed
-------

- Nothing.

Deprecated
----------

- Nothing.

Removed
-------

- Nothing.

Fixed
-----

- Nothing.
[zend-tag (master)]$ keep-a-changelog release zendframework/zend-tag 2.7.1 -a release-2.7.1
Preparing changelog for release
Pushing tag 2.7.1 to origin
Enumerating objects: 14, done.
Counting objects: 100% (14/14), done.
Delta compression using up to 8 threads
Compressing objects: 100% (11/11), done.
Writing objects: 100% (11/11), 3.29 KiB | 3.29 MiB/s, done.
Total 11 (delta 6), reused 0 (delta 0)
remote: Resolving deltas: 100% (6/6), completed with 3 local objects.
To github.com:Xerkus/zend-tag.git
 * [new tag]         release-2.7.1 -> release-2.7.1
Creating release "zend-tag 2.7.1"        <<<<-------- github silently creates annotated tag
Created https://github.com/zendframework/zend-tag/releases/tag/release-2.7.1