github · pelikhan · Mar 11, 2026 · Mar 11, 2026 · Mar 11, 2026 · Mar 11, 2026
diff --git a/.github/workflows/sync-actions.yml b/.github/workflows/sync-actions.yml
@@ -329,10 +329,19 @@
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Create tag
-        if: steps.resolve-ref.outputs.should_create_tag == 'true' && steps.create-pr.outputs.changed == 'true'
+        if: steps.resolve-ref.outputs.should_create_tag == 'true'
         run: |
           echo "::group::Creating Tag"
           cd gh-aw-actions
+
+          # When a PR was created and merged, we need to pull the merge commit from main
+          # because the working directory is still on the sync branch.
+          if [[ "${{ steps.create-pr.outputs.changed }}" == "true" ]]; then
+            echo "PR was merged — fetching main to tag the merge commit..."
+            git fetch origin main
+            git checkout -B main origin/main
-          # When a PR was created and merged, we need to pull the merge commit from main
-          # because the working directory is still on the sync branch.
-          if [[ "${{ steps.create-pr.outputs.changed }}" == "true" ]]; then
-            echo "PR was merged — fetching main to tag the merge commit..."
-            git fetch origin main
-            git checkout -B main origin/main
+          # When a PR was created and merged, we need to tag the merge commit for that PR
+          # rather than whatever commit happens to be at the tip of main when this step runs.
+          if [[ "${{ steps.create-pr.outputs.changed }}" == "true" ]]; then
+            echo "PR was merged — resolving merge commit SHA to tag..."
+
+            PR_NUMBER="${{ steps.create-pr.outputs.pr_number }}"
+            if [[ -z "$PR_NUMBER" ]]; then
+              echo "Error: PR number not available; cannot determine merge commit to tag." >&2
+              exit 1
+            fi
+
+            # Ensure gh is authenticated. Prefer an existing GH_TOKEN/GITHUB_TOKEN if set.
+            if [[ -z "${GH_TOKEN:-}" && -n "${GITHUB_TOKEN:-}" ]]; then
+              export GH_TOKEN="$GITHUB_TOKEN"
+            fi
+
+            MERGE_COMMIT_SHA="$(gh pr view "$PR_NUMBER" --json mergeCommit --jq '.mergeCommit.oid')"
+            if [[ -z "$MERGE_COMMIT_SHA" || "$MERGE_COMMIT_SHA" == "null" ]]; then
+              echo "Error: Could not determine merge commit SHA for PR #$PR_NUMBER." >&2
+              exit 1
+            fi
+
+            echo "Fetching and checking out merge commit $MERGE_COMMIT_SHA for PR #$PR_NUMBER..."
+            git fetch origin
+            git checkout "$MERGE_COMMIT_SHA"
-          # When a PR was created and merged, we need to pull the merge commit from main
-          # because the working directory is still on the sync branch.
-          if [[ "${{ steps.create-pr.outputs.changed }}" == "true" ]]; then
-            echo "PR was merged — fetching main to tag the merge commit..."
-            git fetch origin main
-            git checkout -B main origin/main
+          # When a PR was created and merged, we need to tag the merge commit for that PR
+          # rather than whatever commit happens to be at the tip of main when this step runs.
+          if [[ "${{ steps.create-pr.outputs.changed }}" == "true" ]]; then
+            echo "PR was merged — resolving merge commit SHA to tag..."
+
+            PR_NUMBER="${{ steps.create-pr.outputs.pr_number }}"
+            if [[ -z "$PR_NUMBER" ]]; then
+              echo "Error: PR number not available; cannot determine merge commit to tag." >&2
+              exit 1
+            fi
+
+            # Ensure gh is authenticated. Prefer an existing GH_TOKEN/GITHUB_TOKEN if set.
+            if [[ -z "${GH_TOKEN:-}" && -n "${GITHUB_TOKEN:-}" ]]; then
+              export GH_TOKEN="$GITHUB_TOKEN"
+            fi
+
+            MERGE_COMMIT_SHA="$(gh pr view "$PR_NUMBER" --json mergeCommit --jq '.mergeCommit.oid')"
+            if [[ -z "$MERGE_COMMIT_SHA" || "$MERGE_COMMIT_SHA" == "null" ]]; then
+              echo "Error: Could not determine merge commit SHA for PR #$PR_NUMBER." >&2
+              exit 1
+            fi
+
+            echo "Fetching and checking out merge commit $MERGE_COMMIT_SHA for PR #$PR_NUMBER..."
+            git fetch origin
+            git checkout "$MERGE_COMMIT_SHA"
+          fi
+
           TAG="${{ steps.resolve-ref.outputs.raw_ref }}"
           echo "Creating tag: $TAG"