Fix Upload to PyPI action never triggering for non-v-prefixed release tags#227
Conversation
Co-authored-by: alexlib <747110+alexlib@users.noreply.github.com>
There was a problem hiding this comment.
Pull request overview
This PR fixes the cibuildwheel.yml GitHub Actions workflow so that the Upload to PyPI step is triggered for both v*-style tags (e.g., v1.0.0) and numeric/legacy-style tags (e.g., 0.3.0), not just v* tags as before.
Changes:
- Added
'[0-9]*'to theon.push.tagstrigger pattern, alongside the existing'v*' - Broadened the
ifcondition forbuild_sdistandupload_pypifromstartsWith(github.ref, 'refs/tags/v')tostartsWith(github.ref, 'refs/tags/')
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| name: Build source distribution | ||
| runs-on: ubuntu-latest | ||
| if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v') | ||
| if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/') |
There was a problem hiding this comment.
The updated if condition startsWith(github.ref, 'refs/tags/') is overly broad: it will trigger build_sdist and upload_pypi for any tag pushed to the repository, not just version tags. For example, pushing a tag like test-release, debug, or hotfix-wip would cause an upload to PyPI.
The intent of the PR is to support both v* and [0-9]* style version tags. The if condition should be tightened to match only those two patterns. GitHub Actions expressions support startsWith checks with ||, so the condition should be something like:
github.event_name == 'push' && (startsWith(github.ref, 'refs/tags/v') || github.ref =~ 'refs/tags/[0-9]')
Alternatively, using a reusable condition or a dedicated helper step to set an output would work. At minimum, the condition should guard against non-version tags triggering a PyPI publish, since uploading an incorrect or untested artifact to PyPI could cause significant issues for downstream users.
| if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/') | |
| if: github.event_name == 'push' && (startsWith(github.ref, 'refs/tags/v') || github.ref =~ 'refs/tags/[0-9]') |
| needs: [build_wheels, build_sdist] | ||
| runs-on: ubuntu-latest | ||
| if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v') | ||
| if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/') |
There was a problem hiding this comment.
Same issue as in build_sdist: the condition startsWith(github.ref, 'refs/tags/') will trigger a PyPI upload for any pushed tag, not just version-style tags (v* or [0-9]*). This should be narrowed to match only the version tag patterns that the workflow is designed to handle, to avoid accidentally publishing to PyPI from non-release tags.
The
upload_pypijob was silently skipped for most releases because the repo uses two tag conventions (v0.3.0and0.3.2), but the workflow only matchedv*tags — meaning the entire workflow never started for tags like0.3.2.Changes
on.push.tags): added[0-9]*pattern alongsidev*to catch bare version tagsbuild_sdistandupload_pypiconditions: relaxed fromstartsWith(github.ref, 'refs/tags/v')tostartsWith(github.ref, 'refs/tags/')— safe because the tag filter inon.push.tagsalready gates which tags start the workflow💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.