Skip to content

Verify openemr-tag exists before flipping DRAFT to FINAL #132

Description

@kojiromike

Summary

The release-docs.yml workflow promotes documentation from DRAFT to FINAL based on the openemr-tag input, but it never verifies that the supplied tag actually exists in openemr/openemr. If an operator (or upstream automation) supplies a non-existent or mistyped version, the workflow will happily stamp FINAL release docs pointing at a version that was never published.

Why this matters

Documentation is now part of the release path. A FINAL stamp on a non-existent tag:

  • Misleads users into looking for downloads that do not exist.
  • Pollutes the website with permanently-linked pages that cannot be undone without manual recovery.
  • Is silent: there is no test for this branch, and the failure mode only surfaces after publication.

This is an architectural defect rather than a logic bug: there is no current way to test the "tag does not exist" branch because the workflow assumes the input is valid. Treating it as a Bug because the workflow's contract is violated and the breakage is silent.

Reproduction

  1. Trigger release-docs.yml (workflow_dispatch) with:
    • openemr-tag: a value that is not a real tag in openemr/openemr (e.g. v999.0.0, or a typo like v8.1.O).
    • state: FINAL.
  2. Observe: the workflow completes successfully and the docs are promoted to FINAL even though git ls-remote https://github.com/openemr/openemr refs/tags/<tag> returns nothing.

Expected: the workflow should fail fast with a clear error before any DRAFT->FINAL flip, and require the tag to resolve in openemr/openemr first.

Proposed fix

Add a pre-flip step that resolves the tag against openemr/openemr (e.g. git ls-remote --exit-code --tags https://github.com/openemr/openemr refs/tags/${openemr-tag} or the GitHub API equivalent) and aborts the run if it does not exist. Run this guard before any state mutation.

Context

This worst case was tripped during a recent docs-first handoff; recovery required re-running the prior FINAL job to restore the correct state. The guard would have prevented the bad flip outright.

Metadata

Metadata

Assignees

No one assigned

    Labels

    github_actionsPull requests that update GitHub Actions code

    Type

    No fields configured for Bug.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions