From 6ef02ada1ff81f3ab7497db925cea57e0179e795 Mon Sep 17 00:00:00 2001 From: Jorge Martinez Date: Wed, 14 Jan 2026 10:37:39 +0100 Subject: [PATCH 1/8] feat: check version match --- _release-pypi/action.yml | 45 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 45 insertions(+) diff --git a/_release-pypi/action.yml b/_release-pypi/action.yml index 1289ee99b..2308542e2 100644 --- a/_release-pypi/action.yml +++ b/_release-pypi/action.yml @@ -148,6 +148,51 @@ runs: name: ${{ inputs.library-name }}-artifacts path: ${{ inputs.library-name }}-artifacts + - name: "Verify tag and artifacts version agree" + shell: bash + run: | + ARTIFACT_DIR="${{ inputs.library-name }}-artifacts" + + if [[ ! -d "${ARTIFACT_DIR}" ]]; then + echo "Artifact directory not found: ${ARTIFACT_DIR}" + exit 1 + fi + + # Extract version from git tag (strip refs/tags/ and optional leading 'v') + TAG_VERSION="${GITHUB_REF_NAME#v}" + echo "Git tag version: ${TAG_VERSION}" + + # Find first wheel or sdist + ARTIFACT_FILE="$(ls "${ARTIFACT_DIR}"/*.whl "${ARTIFACT_DIR}"/*.tar.gz 2>/dev/null | head -n 1)" + + if [[ -z "${ARTIFACT_FILE}" ]]; then + echo "No wheel or sdist found in ${ARTIFACT_DIR}" + exit 1 + fi + echo "Found artifact: ${ARTIFACT_FILE}" + + # Extract version from filename + # Examples: + # ansys-project-1.2.3-py3-none-any.whl + # ansys-project-1.2.3.tar.gz + ARTIFACT_VERSION="$(basename "${ARTIFACT_FILE}" \ + | sed -E 's/^[^-]+-([0-9][0-9A-Za-z\.\-_]*).*/\1/')" + + if [[ -z "${ARTIFACT_VERSION}" ]]; then + echo "Failed to extract version from artifact filename" + exit 1 + fi + echo "Artifact version: ${ARTIFACT_VERSION}" + + if [[ "${TAG_VERSION}" != "${ARTIFACT_VERSION}" ]]; then + echo "Version mismatch!" + echo " Git tag version: ${TAG_VERSION}" + echo " Artifact version: ${ARTIFACT_VERSION}" + exit 1 + fi + + echo "Version check passed: tag and artifact versions match." + - name: "Display the structure of downloaded files" shell: bash run: ls -R From d9bddd2586e1076af490cedd80cf11eb40ed33b5 Mon Sep 17 00:00:00 2001 From: pyansys-ci-bot <92810346+pyansys-ci-bot@users.noreply.github.com> Date: Wed, 14 Jan 2026 09:39:38 +0000 Subject: [PATCH 2/8] chore: adding changelog file 1111.added.md [dependabot-skip] --- doc/source/changelog/1111.added.md | 1 + 1 file changed, 1 insertion(+) create mode 100644 doc/source/changelog/1111.added.md diff --git a/doc/source/changelog/1111.added.md b/doc/source/changelog/1111.added.md new file mode 100644 index 000000000..18fe79f8d --- /dev/null +++ b/doc/source/changelog/1111.added.md @@ -0,0 +1 @@ +Check version match From 128ed1d06634bfa9c52b12f94e8fe81aec492c11 Mon Sep 17 00:00:00 2001 From: Jorge Martinez Date: Wed, 14 Jan 2026 12:19:31 +0100 Subject: [PATCH 3/8] fix: security --- _release-pypi/action.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/_release-pypi/action.yml b/_release-pypi/action.yml index 2308542e2..5cb961324 100644 --- a/_release-pypi/action.yml +++ b/_release-pypi/action.yml @@ -150,8 +150,9 @@ runs: - name: "Verify tag and artifacts version agree" shell: bash + env: + ARTIFACT_DIR: ${{ inputs.library-name }}-artifacts run: | - ARTIFACT_DIR="${{ inputs.library-name }}-artifacts" if [[ ! -d "${ARTIFACT_DIR}" ]]; then echo "Artifact directory not found: ${ARTIFACT_DIR}" From c709e28776e7a866d468caed9fc9b8fafae2239e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jorge=20Mart=C3=ADnez?= <28702884+jorgepiloto@users.noreply.github.com> Date: Mon, 23 Feb 2026 11:04:36 +0100 Subject: [PATCH 4/8] fix: description Co-authored-by: Maxime Rey <87315832+MaxJPRey@users.noreply.github.com> --- _release-pypi/action.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_release-pypi/action.yml b/_release-pypi/action.yml index 5cb961324..83ec33b0a 100644 --- a/_release-pypi/action.yml +++ b/_release-pypi/action.yml @@ -148,7 +148,7 @@ runs: name: ${{ inputs.library-name }}-artifacts path: ${{ inputs.library-name }}-artifacts - - name: "Verify tag and artifacts version agree" + - name: "Verify tag and artifacts version match" shell: bash env: ARTIFACT_DIR: ${{ inputs.library-name }}-artifacts From 1102bcbb775797dc50a9dd8d69af0495922190da Mon Sep 17 00:00:00 2001 From: Jorge Martinez Date: Mon, 23 Feb 2026 10:00:41 +0100 Subject: [PATCH 5/8] feat: add version check to release-github action Add version verification step to ensure the git tag version matches the artifact version before creating a GitHub release. This prevents releases with mismatched versions between the tag and the package metadata. Fixes #671 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- release-github/action.yml | 56 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 56 insertions(+) diff --git a/release-github/action.yml b/release-github/action.yml index 5421a1ea4..74daa138d 100644 --- a/release-github/action.yml +++ b/release-github/action.yml @@ -312,6 +312,62 @@ runs: # ------------------------------------------------------------------------ + - uses: ansys/actions/_logging@main + if: inputs.only-code == 'false' + with: + level: "INFO" + message: > + Verify that the tag version and the artifact version agree. + + - name: "Verify tag and artifacts version agree" + if: inputs.only-code == 'false' + shell: bash + env: + ARTIFACT_DIR: dist/${{ inputs.library-name }}-artifacts + run: | + + if [[ ! -d "${ARTIFACT_DIR}" ]]; then + echo "Artifact directory not found: ${ARTIFACT_DIR}" + exit 1 + fi + + # Extract version from git tag (strip refs/tags/ and optional leading 'v') + TAG_VERSION="${GITHUB_REF_NAME#v}" + echo "Git tag version: ${TAG_VERSION}" + + # Find first wheel or sdist + ARTIFACT_FILE="$(ls "${ARTIFACT_DIR}"/*.whl "${ARTIFACT_DIR}"/*.tar.gz 2>/dev/null | head -n 1)" + + if [[ -z "${ARTIFACT_FILE}" ]]; then + echo "No wheel or sdist found in ${ARTIFACT_DIR}" + exit 1 + fi + echo "Found artifact: ${ARTIFACT_FILE}" + + # Extract version from filename + # Examples: + # ansys-project-1.2.3-py3-none-any.whl + # ansys-project-1.2.3.tar.gz + ARTIFACT_VERSION="$(basename "${ARTIFACT_FILE}" \ + | sed -E 's/^[^-]+-([0-9][0-9A-Za-z\.\-_]*).*/\1/')" + + if [[ -z "${ARTIFACT_VERSION}" ]]; then + echo "Failed to extract version from artifact filename" + exit 1 + fi + echo "Artifact version: ${ARTIFACT_VERSION}" + + if [[ "${TAG_VERSION}" != "${ARTIFACT_VERSION}" ]]; then + echo "Version mismatch!" + echo " Git tag version: ${TAG_VERSION}" + echo " Artifact version: ${ARTIFACT_VERSION}" + exit 1 + fi + + echo "Version check passed: tag and artifact versions match." + + # ------------------------------------------------------------------------ + - uses: ansys/actions/_logging@main if: inputs.additional-artifacts != '' with: From 65dc63e427a4371fffa90e7327fffb92b135b899 Mon Sep 17 00:00:00 2001 From: Jorge Martinez Date: Mon, 2 Mar 2026 16:39:45 +0100 Subject: [PATCH 6/8] fix: regex --- release-github/action.yml | 21 +++++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) diff --git a/release-github/action.yml b/release-github/action.yml index 74daa138d..4fe6f2e9a 100644 --- a/release-github/action.yml +++ b/release-github/action.yml @@ -344,12 +344,21 @@ runs: fi echo "Found artifact: ${ARTIFACT_FILE}" - # Extract version from filename - # Examples: - # ansys-project-1.2.3-py3-none-any.whl - # ansys-project-1.2.3.tar.gz - ARTIFACT_VERSION="$(basename "${ARTIFACT_FILE}" \ - | sed -E 's/^[^-]+-([0-9][0-9A-Za-z\.\-_]*).*/\1/')" + # Extract version from filename. + # Wheel format (name uses underscores): ansys_project-1.2.3-py3-none-any.whl + # Sdist format (name may use hyphens): ansys-project-1.2.3.tar.gz + ARTIFACT_FILENAME="$(basename "${ARTIFACT_FILE}")" + if [[ "${ARTIFACT_FILENAME}" == *.whl ]]; then + # Version is the second '-'-delimited field (name uses underscores, not hyphens) + _tmp="${ARTIFACT_FILENAME#*-}" + ARTIFACT_VERSION="${_tmp%%-*}" + elif [[ "${ARTIFACT_FILENAME}" == *.tar.gz ]]; then + # Version is the last '-'-delimited field after stripping the extension + _tmp="${ARTIFACT_FILENAME%.tar.gz}" + ARTIFACT_VERSION="${_tmp##*-}" + else + ARTIFACT_VERSION="" + fi if [[ -z "${ARTIFACT_VERSION}" ]]; then echo "Failed to extract version from artifact filename" From 98b17eae97e5d4c92084cf445ec3b51bc3e6588a Mon Sep 17 00:00:00 2001 From: Muhammed Adedigba Date: Mon, 16 Mar 2026 17:19:38 +0100 Subject: [PATCH 7/8] fix: regex in _release-pypi --- _release-pypi/action.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_release-pypi/action.yml b/_release-pypi/action.yml index 59744cd04..ec10de778 100644 --- a/_release-pypi/action.yml +++ b/_release-pypi/action.yml @@ -177,7 +177,7 @@ runs: # ansys-project-1.2.3-py3-none-any.whl # ansys-project-1.2.3.tar.gz ARTIFACT_VERSION="$(basename "${ARTIFACT_FILE}" \ - | sed -E 's/^[^-]+-([0-9][0-9A-Za-z\.\-_]*).*/\1/')" + | sed -E 's/^[^0-9]+//; s/-.*$//; s/\.(tar\.gz|whl)$//')" if [[ -z "${ARTIFACT_VERSION}" ]]; then echo "Failed to extract version from artifact filename" From db99ac7a65be71ded6146eac0df9966335d83ab4 Mon Sep 17 00:00:00 2001 From: Muhammed Adedigba Date: Wed, 18 Mar 2026 16:24:45 +0100 Subject: [PATCH 8/8] feat: update logic to correspond to changes in PR #1112 --- _release-pypi/action.yml | 4 ++-- release-github/action.yml | 21 ++++++--------------- 2 files changed, 8 insertions(+), 17 deletions(-) diff --git a/_release-pypi/action.yml b/_release-pypi/action.yml index ec10de778..44b9eaef6 100644 --- a/_release-pypi/action.yml +++ b/_release-pypi/action.yml @@ -174,8 +174,8 @@ runs: # Extract version from filename # Examples: - # ansys-project-1.2.3-py3-none-any.whl - # ansys-project-1.2.3.tar.gz + # ansys_project-1.2.3-py3-none-any.whl + # ansys_project-1.2.3.tar.gz ARTIFACT_VERSION="$(basename "${ARTIFACT_FILE}" \ | sed -E 's/^[^0-9]+//; s/-.*$//; s/\.(tar\.gz|whl)$//')" diff --git a/release-github/action.yml b/release-github/action.yml index d622c2048..491cb99e5 100644 --- a/release-github/action.yml +++ b/release-github/action.yml @@ -344,21 +344,12 @@ runs: fi echo "Found artifact: ${ARTIFACT_FILE}" - # Extract version from filename. - # Wheel format (name uses underscores): ansys_project-1.2.3-py3-none-any.whl - # Sdist format (name may use hyphens): ansys-project-1.2.3.tar.gz - ARTIFACT_FILENAME="$(basename "${ARTIFACT_FILE}")" - if [[ "${ARTIFACT_FILENAME}" == *.whl ]]; then - # Version is the second '-'-delimited field (name uses underscores, not hyphens) - _tmp="${ARTIFACT_FILENAME#*-}" - ARTIFACT_VERSION="${_tmp%%-*}" - elif [[ "${ARTIFACT_FILENAME}" == *.tar.gz ]]; then - # Version is the last '-'-delimited field after stripping the extension - _tmp="${ARTIFACT_FILENAME%.tar.gz}" - ARTIFACT_VERSION="${_tmp##*-}" - else - ARTIFACT_VERSION="" - fi + # Extract version from filename + # Examples: + # ansys_project-1.2.3-py3-none-any.whl + # ansys_project-1.2.3.tar.gz + ARTIFACT_VERSION="$(basename "${ARTIFACT_FILE}" \ + | sed -E 's/^[^0-9]+//; s/-.*$//; s/\.(tar\.gz|whl)$//')" if [[ -z "${ARTIFACT_VERSION}" ]]; then echo "Failed to extract version from artifact filename"