Skip to content
Publish Merged Artifact (From Core)

Publish Merged Artifact (From Core) #61

Sign in to view logs

Publish Merged Artifact (From Core)

Publish Merged Artifact (From Core) #61

Workflow file for this run

.github/workflows/publish-from-core.yml at 40a87f5
name: Publish Merged Artifact (From Core)
on:
repository_dispatch:
types: [publish_from_core]
workflow_dispatch:
inputs:
core_repo:
description: Core repository (owner/name)
required: false
default: majiayu000/claude-skill-registry-core
core_sha:
description: Core commit SHA
required: false
default: ""
data_repo:
description: Data repository (owner/name)
required: false
default: ""
data_sha:
description: Data commit SHA
required: false
default: ""
permissions:
contents: write
concurrency:
group: publish-main-artifact
cancel-in-progress: false
jobs:
publish:
runs-on: ubuntu-latest
steps:
- name: Resolve publish refs
id: refs
env:
PAYLOAD_CORE_REPO: ${{ github.event.client_payload.core_repo }}
PAYLOAD_CORE_SHA: ${{ github.event.client_payload.core_sha }}
PAYLOAD_DATA_REPO: ${{ github.event.client_payload.data_repo }}
PAYLOAD_DATA_SHA: ${{ github.event.client_payload.data_sha }}
INPUT_CORE_REPO: ${{ github.event.inputs.core_repo }}
INPUT_CORE_SHA: ${{ github.event.inputs.core_sha }}
INPUT_DATA_REPO: ${{ github.event.inputs.data_repo }}
INPUT_DATA_SHA: ${{ github.event.inputs.data_sha }}
DEFAULT_DATA_REPO: ${{ vars.REGISTRY_DATA_REPO }}
CORE_TOKEN: ${{ secrets.MAIN_REPO_TOKEN != '' && secrets.MAIN_REPO_TOKEN || github.token }}
DATA_TOKEN: ${{ secrets.DATA_REPO_TOKEN != '' && secrets.DATA_REPO_TOKEN || github.token }}
run: |
resolve_head_sha() {
local repo="$1"
local token="$2"
local tmp
local code
tmp="$(mktemp)"
code=$(curl -sS -o "$tmp" -w "%{http_code}" \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer $token" \
"https://api.github.com/repos/$repo/commits/main")
if [ "$code" != "200" ]; then
echo "::error::Failed to resolve main HEAD for $repo (HTTP $code)."
cat "$tmp"
rm -f "$tmp"
return 1
fi
python3 -c 'import json,sys; payload=json.load(open(sys.argv[1], encoding="utf-8")); sha=payload.get("sha",""); sys.exit(1) if not sha else print(sha)' "$tmp"
rm -f "$tmp"
}
validate_sha_exists() {
local repo="$1"
local sha="$2"
local token="$3"
local label="$4"
local tmp
local code
tmp="$(mktemp)"
code=$(curl -sS -o "$tmp" -w "%{http_code}" \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer $token" \
"https://api.github.com/repos/$repo/commits/$sha")
if [ "$code" != "200" ]; then
echo "::error::$label ref validation failed: $repo@$sha not found (HTTP $code)."
cat "$tmp"
rm -f "$tmp"
return 1
fi
rm -f "$tmp"
}
core_repo="${PAYLOAD_CORE_REPO:-$INPUT_CORE_REPO}"
core_sha="${PAYLOAD_CORE_SHA:-$INPUT_CORE_SHA}"
data_repo="${PAYLOAD_DATA_REPO:-$INPUT_DATA_REPO}"
data_sha="${PAYLOAD_DATA_SHA:-$INPUT_DATA_SHA}"
if [ -z "$data_repo" ]; then
data_repo="$DEFAULT_DATA_REPO"
fi
if [ -z "$core_repo" ] || [ -z "$data_repo" ]; then
echo "Missing required publish refs."
echo "core_repo=$core_repo"
echo "core_sha=$core_sha"
echo "data_repo=$data_repo"
echo "data_sha=$data_sha"
exit 1
fi
if [ -z "$core_sha" ]; then
core_sha="$(resolve_head_sha "$core_repo" "$CORE_TOKEN")"
echo "Resolved core_sha from $core_repo@main: $core_sha"
fi
if [ -z "$data_sha" ]; then
data_sha="$(resolve_head_sha "$data_repo" "$DATA_TOKEN")"
echo "Resolved data_sha from $data_repo@main: $data_sha"
fi
validate_sha_exists "$core_repo" "$core_sha" "$CORE_TOKEN" "core"
validate_sha_exists "$data_repo" "$data_sha" "$DATA_TOKEN" "data"
echo "core_repo=$core_repo" >> "$GITHUB_OUTPUT"
echo "core_sha=$core_sha" >> "$GITHUB_OUTPUT"
echo "data_repo=$data_repo" >> "$GITHUB_OUTPUT"
echo "data_sha=$data_sha" >> "$GITHUB_OUTPUT"
- name: Checkout main
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Checkout pinned core
uses: actions/checkout@v4
with:
repository: ${{ steps.refs.outputs.core_repo }}
ref: ${{ steps.refs.outputs.core_sha }}
token: ${{ secrets.MAIN_REPO_TOKEN != '' && secrets.MAIN_REPO_TOKEN || github.token }}
path: _sources/core
fetch-depth: 1
- name: Checkout pinned data
uses: actions/checkout@v4
with:
repository: ${{ steps.refs.outputs.data_repo }}
ref: ${{ steps.refs.outputs.data_sha }}
token: ${{ secrets.DATA_REPO_TOKEN != '' && secrets.DATA_REPO_TOKEN || github.token }}
path: _sources/data
fetch-depth: 1
- name: Move source repos to temp dirs
id: srcpaths
run: |
CORE_DIR="$RUNNER_TEMP/publish-core"
DATA_DIR="$RUNNER_TEMP/publish-data"
rm -rf "$CORE_DIR" "$DATA_DIR"
mv _sources/core "$CORE_DIR"
mv _sources/data "$DATA_DIR"
rm -rf _sources
echo "core_dir=$CORE_DIR" >> "$GITHUB_OUTPUT"
echo "data_dir=$DATA_DIR" >> "$GITHUB_OUTPUT"
- name: Rebuild main from pinned refs
run: |
bash "${{ steps.srcpaths.outputs.core_dir }}/scripts/sync_main_repo.sh" \
--core "${{ steps.srcpaths.outputs.core_dir }}" \
--data "${{ steps.srcpaths.outputs.data_dir }}" \
--main "$GITHUB_WORKSPACE"
- name: Write provenance manifest
run: |
mkdir -p provenance
cat > provenance/merge-source.json <<EOF
{
"generated_at": "$(date -u +%Y-%m-%dT%H:%M:%SZ)",
"core_repo": "${{ steps.refs.outputs.core_repo }}",
"core_sha": "${{ steps.refs.outputs.core_sha }}",
"data_repo": "${{ steps.refs.outputs.data_repo }}",
"data_sha": "${{ steps.refs.outputs.data_sha }}"
}
EOF
- name: Commit and push publish result
env:
CORE_SHA: ${{ steps.refs.outputs.core_sha }}
DATA_SHA: ${{ steps.refs.outputs.data_sha }}
run: |
git config --local user.email "github-actions[bot]@users.noreply.github.com"
git config --local user.name "github-actions[bot]"
git add -A
if git diff --staged --quiet; then
echo "No main artifact changes"
exit 0
fi
git commit -m "chore: publish merged artifact core@${CORE_SHA:0:12} data@${DATA_SHA:0:12}"
for attempt in 1 2 3; do
if git push; then
echo "Push succeeded on attempt $attempt"
exit 0
fi
if [ "$attempt" -lt 3 ]; then
wait_time=$((attempt * 20))
echo "Push failed (attempt $attempt). Retrying in ${wait_time}s..."
sleep "$wait_time"
fi
done
echo "Push failed after 3 attempts."
exit 1