diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 274188c..ea0d7f6 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -52,7 +52,7 @@ jobs: if [ -z "$(git status --porcelain)" ]; then echo "Generated artifacts are up-to-date." else - >&1 echo "Generated artifacts are not up-to-date; probably 'make generate' was not run before committing." + >&2 echo "Generated artifacts are not up-to-date; probably 'make generate' was not run before committing." exit 1 fi @@ -63,7 +63,7 @@ jobs: if [ -z "$(git status --porcelain)" ]; then echo "Manifests are up-to-date." else - >&1 echo "Manifests are not up-to-date; probably 'make manifests' was not run before committing." + >&2 echo "Manifests are not up-to-date; probably 'make manifests' was not run before committing." exit 1 fi diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml index 962a6ef..032fa3c 100644 --- a/.github/workflows/publish.yaml +++ b/.github/workflows/publish.yaml @@ -29,11 +29,11 @@ jobs: chart_version=$(yq .version $CHART_DIRECTORY/Chart.yaml) app_version=$(yq .appVersion $CHART_DIRECTORY/Chart.yaml) if [ "v$chart_version" != "${{ github.event.release.tag_name }}" ]; then - >&1 echo "Version in $CHART_DIRECTORY/Chart.yaml ($chart_version) does not match release version (${{ github.event.release.tag_name }})." + >&2 echo "Version in $CHART_DIRECTORY/Chart.yaml ($chart_version) does not match release version (${{ github.event.release.tag_name }})." exit 1 fi if [ "$app_version" != "${{ github.event.release.tag_name }}" ]; then - >&1 echo "AppVersion in $CHART_DIRECTORY/Chart.yaml ($app_version) does not match release version (${{ github.event.release.tag_name }})." + >&2 echo "AppVersion in $CHART_DIRECTORY/Chart.yaml ($app_version) does not match release version (${{ github.event.release.tag_name }})." exit 1 fi diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 0fe224a..2a3e1d9 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -37,9 +37,14 @@ jobs: permissions: contents: write - # TODO: ensure that github.ref is not refs/tags/* - # TODO: maybe even ensure that github.ref == refs/heads/main steps: + - name: Validate ref + run: | + if [ "${{ github.ref }}" != refs/heads/main ]; then + >&2 echo "Invalid ref: ${{ github.ref }} (expected: refs/heads/main)" + exit 1 + fi + - name: Checkout repository uses: actions/checkout@v3 with: @@ -76,7 +81,7 @@ jobs: # ok ;; *) - >&1 echo "Invalid input: version-bump ($version_bump)." + >&2 echo "Invalid input: version-bump ($version_bump)." exit 1 esac if [ -z "$current_version" ]; then @@ -91,15 +96,15 @@ jobs: version=${BASH_REMATCH[1]} tag=$desired_version else - >&1 echo "Invalid input: desired-version ($desired_version) should start with $TAG_PREFIX." + >&2 echo "Invalid input: desired-version ($desired_version) should start with $TAG_PREFIX." exit 1 fi if [ "$(semver validate $version)" != valid ]; then - >&1 echo "Invalid input: desired-version ($version) is not a valid semantic version." + >&2 echo "Invalid input: desired-version ($version) is not a valid semantic version." exit 1 fi if [ "$(semver compare $version $current_version)" -le 0 ]; then - >&1 echo "Invalid input: desired-version ($version) should be higher than current version ($current_version)." + >&2 echo "Invalid input: desired-version ($version) should be higher than current version ($current_version)." exit 1 fi fi