Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to conditionally run Github workflow action only for tags made on specific branch?

Tags:

github-actions

I am using a couple different Github workflows including one that should only run on official releases. Inside the .github/workflows/release.yml is this on condition:

on:
  push:
    tags:
      - 'v*'

However, this can still run if someone on our team accidentally (or purposely) pushes a tag from the develop branch. Ideally, we would want to lock this down so that the tag MUST be on the main branch (since that is protected), and maybe even further, it would be nice if we could ensure that the tags are only referencing the specific merge commit relating to the corresponding release. For example, if I run

git branch --contains tags/v1.2.3

this would normally output the main branch where I made the tag. Can I add a condition to the github workflow to check the output of that?

Looking at the Github action documentation it is not clear if multiple conditions are evaluated using a logical AND or a logical OR.

like image 457
Everett Avatar asked Dec 30 '22 16:12

Everett

1 Answers

The events types specified in on have a logical OR between them. So for example

on:
  push:
    tags: ['v[0-9].[0-9]+.[0-9]+']
    branches: [master]

would unfortunately trigger the workflow for any matching tag on any branch but also any push on master with or without tags. I also updated the tag pattern following the example from the doc.

You will have to decide if you want to run the workflow only for tags and then filter out anything else than master:

on:
  push:
    tags: ['v[0-9].[0-9]+.[0-9]+']

jobs:
  myjob:
    runs-on: ubuntu-latest
    if: github.ref == 'refs/heads/master'
    steps: [...]

or the other way around:

on:
  push:
    branches: [master]

jobs:
  myjob:
    runs-on: ubuntu-latest
    if: startsWith(github.ref, 'refs/tags/v')
    steps: [...]

You might pick the second solution if, for example, your workflow contains other jobs that might run on pushes to master. As you will also notice, the filter of the tag is less accurate on the second one and it might become an issue. It is also important to note that you can skip whole workflows using the conditions in on, whole jobs with jobs.<job_id>.if but also just steps with jobs.<job_id>.steps[*].if

like image 157
ITChap Avatar answered Mar 05 '23 17:03

ITChap
Sign in to Comment

Related questions

Apply EF migrations in GitHub workflow
Github actions - pass secret variables to render ECS task definition action
How to execute shell scripts?
How to run GitHub workflow on every commit of a push
Can't find my python module after installing on Github Actions
Get run id after triggering a github workflow dispatch event
GitHub Actions Disable Auto Cancel When Job Fails
Use local Dockerfile in a GitHub action?
How to download artifact/release-asset in another workflow
How to define a variable with a list of files in a YAML file for Azure DevOps or GitHub
Github action error while running unit test pipeline
Github Actions: is there a way to make it mandatory for pull request to merge
How to install private pods with GitHub Actions?
How to pass environment variable received from GitHub actions
Saving cache on job failure in GitHub Actions

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!