feat(ci): Add a "verify release" action + workflow to the pipeline (#8929)

Co-authored-by: matt korwel <matt.korwel@gmail.com>
2026-03-11 06:31:01 -07:00 · 2025-09-22 16:30:42 -03:00
parent 710e00e02d
commit 93e022cee5
6 changed files with 180 additions and 25 deletions
--- a/.github/workflows/release-change-tags.yml
+++ b/.github/workflows/release-change-tags.yml
@@ -46,24 +46,11 @@ jobs:
          registry-url: 'https://wombat-dressing-room.appspot.com'
          scope: '@google'

-      - name: 'Change tag for @google/gemini-cli-core'
-        if: |-
-          ${{ github.event.inputs.dry-run == 'false' }}
-        env:
-          NODE_AUTH_TOKEN: '${{ secrets.WOMBAT_TOKEN_CORE }}'
-        run: |
-          npm dist-tag add @google/gemini-cli-core@${{ github.event.inputs.version }} ${{ github.event.inputs.channel }}
-
-      - name: 'Change tag for @google/gemini-cli'
-        if: |-
-          ${{ github.event.inputs.dry-run == 'false' }}
-        env:
-          NODE_AUTH_TOKEN: '${{ secrets.WOMBAT_TOKEN_CLI }}'
-        run: |
-          npm dist-tag add @google/gemini-cli@${{ github.event.inputs.version }} ${{ github.event.inputs.channel }}
-
-      - name: 'Log dry run'
-        if: |-
-          ${{ github.event.inputs.dry-run == 'true' }}
-        run: |
-          echo "Dry run: Would have added tag '${{ github.event.inputs.channel }}' to version '${{ github.event.inputs.version }}' for @google/gemini-cli and @google/gemini-cli-core."
+      - name: 'Change tag'
+        uses: './.github/actions/tag-npm-release'
+        with:
+          channel: '${{ github.event.inputs.channel }}'
+          version: '${{ github.event.inputs.version }}'
+          dry-run: '${{ github.event.inputs.dry-run }}'
+          wombat-token-core: '${{ secrets.WOMBAT_TOKEN_CORE }}'
+          wombat-token-cli: '${{ secrets.WOMBAT_TOKEN_CLI }}'
--- a/.github/workflows/release-manual.yml
+++ b/.github/workflows/release-manual.yml
@@ -39,7 +39,7 @@ on:

 jobs:
  release:
-    runs-on: 'ubuntu-latest'
+    runs-on: 'self-hosted'
    permissions:
      contents: 'write'
      packages: 'write'
@@ -77,6 +77,7 @@ jobs:
      - name: 'Publish Release'
        uses: './.github/actions/publish-release'
        with:
+          force-skip-tests: '${{ github.event.inputs.force_skip_tests }}'
          release-version: '${{ steps.release_info.outputs.RELEASE_VERSION }}'
          release-tag: '${{ github.event.inputs.version }}'
          npm-tag: '${{ github.event.inputs.npm_channel }}'
--- a/.github/workflows/verify-release.yml
+++ b/.github/workflows/verify-release.yml
@@ -0,0 +1,31 @@
+name: 'Verify NPM release tag'
+
+on:
+  workflow_dispatch:
+    inputs:
+      version:
+        description: 'The expected Gemini binary version that should be released (e.g., 0.5.0-preview-2).'
+        required: true
+        type: 'string'
+      npm-package:
+        description: 'NPM package to verify'
+        required: true
+        type: 'string'
+        default: '@google/gemini-cli@latest'
+      ref:
+        description: 'The branch, tag, or SHA to release from.'
+        required: false
+        type: 'string'
+        default: 'main'
+
+jobs:
+  build:
+    runs-on: 'ubuntu-latest'
+    steps:
+      - uses: 'actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8'
+      - name: 'Verify release'
+        uses: './.github/actions/verify-release'
+        with:
+          npm-package: '${github.event.inputs.npm-package}'
+          expected-version: '${github.event.inputs.version}'
+          ref: '${github.event.inputs.ref}'