Release Tag Validator

This repository provides a GitHub Actions Composite Action for validating release tags in a repository. It uses Deno to run a script (script.ts) that checks whether the pushed tag follows a specific rc-versioning scheme (e.g., 5.5.0-rc1) and ensures the highest rcN tag is valid.

If the validation fails, the invalid tag and its associated GitHub release are deleted.

---

Overview

1. Composite Action – specified in action.yml
2. Deno script – script.ts with a minimal code style:
   • Receives two arguments (tagName, commitSha).
   • Validates rc-versioning.
   • Calls git and gh release commands if a deletion is needed.

---

How It Works

1. Finds all tags pointing to the commit

   • Uses git tag --points-at <commitSha> to list all tags associated with the pushed commit.

2. Validates the rc-versioning rule

   • Ensures the tag follows the format <tag>-rcN (e.g., v5.5.0-rc1).

3. Compares with other rcN versions

   • Finds the highest rcN version for the same <tag> series.
   • If the pushed tag is not the highest rcN, the validation fails.

4. Deletes the invalid tag and release if necessary

   • If validation fails, the tag and its GitHub release are deleted.

---

Usage Example

Add a step in your workflow:

name: deploy-prd
on:
  push:
    branches-ignore:
      - "**"
    tags:
      - "[0-9]+.[0-9]+.[0-9]+"

env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Required for checkout & API access

jobs:
  release-tag-validation:
    runs-on: ubuntu-latest
    permissions:
      contents: write # Required for deleting tags/releases
    steps:
      - uses: loilo-inc/actions-release-tag-validator@v1
        with:
          tag-name: ${{ github.ref_name }}
          commit-sha: ${{ github.sha }}

  deploy-api:
    runs-on: ubuntu-latest
    # Ensure release-tag-validation succeeds before deploying
    needs: release-tag-validation
    steps:
      - run: echo "Deploying API"

  deploy-worker:
    runs-on: ubuntu-latest
    # Also must wait for release-tag-validation
    needs: release-tag-validation
    steps:
      - run: echo "Deploying Worker"

• tag-name: Typically ${{ github.ref_name }}.
• commit-sha: Usually ${{ github.sha }}.

Important: GITHUB_TOKEN is required
This action requires GITHUB_TOKEN for accessing the repository, checking out the code, and deleting tags/releases.
Ensure your workflow includes:

env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

This token is automatically generated by GitHub Actions and has the necessary permissions.

Important: Subsequent jobs must depend on validation
Any job that should only run if tag validation passes must specify:

needs: release-tag-validation

This ensures that your deployment or other subsequent steps won't run if the validation fails and the tag is deleted.

If validation fails (e.g., no rc tags, or not the highest rc version), the action deletes the invalid tag & release.