Check the version in Cargo.toml before publishing

.github/scripts/check-release.sh

@@ -0,0 +1,28 @@
+#!/bin/sh
+
+# Checking if current tag matches the package version
+current_tag=$(echo $GITHUB_REF | tr -d 'refs/tags/v')
+file1='meilisearch-auth/Cargo.toml'
+file2='meilisearch-http/Cargo.toml'
+file3='meilisearch-lib/Cargo.toml'
+file4='meilisearch-types/Cargo.toml'
+file5='Cargo.lock'
+
+file_tag1=$(grep '^version = ' $file1 | cut -d '=' -f 2 | tr -d '"' | tr -d ' ')
+file_tag2=$(grep '^version = ' $file2 | cut -d '=' -f 2 | tr -d '"' | tr -d ' ')
+file_tag3=$(grep '^version = ' $file3 | cut -d '=' -f 2 | tr -d '"' | tr -d ' ')
+file_tag4=$(grep '^version = ' $file4 | cut -d '=' -f 2 | tr -d '"' | tr -d ' ')
+file_tag5=$(grep -A 1 'name = "meilisearch-auth"' $file5 | grep version | cut -d '=' -f 2 | tr -d '"' | tr -d ' ')
+
+if [ "$current_tag" != "$file_tag1" ] || [ "$current_tag" != "$file_tag2" ] || [ "$current_tag" != "$file_tag3" ] || [ "$current_tag" != "$file_tag4" ] || [ "$current_tag" != "$file_tag5" ]; then
+  echo "Error: the current tag does not match the version in package file(s)."
+  echo "$file1: found $file_tag1 - expected $current_tag"
+  echo "$file2: found $file_tag2 - expected $current_tag"
+  echo "$file3: found $file_tag3 - expected $current_tag"
+  echo "$file4: found $file_tag4 - expected $current_tag"
+  echo "$file5: found $file_tag5 - expected $current_tag"
+  exit 1
+fi
+
+echo 'OK'
+exit 0

.github/workflows/publish-binaries.yml

@@ -5,9 +5,18 @@ on:
 name: Publish binaries to release
 
 jobs:
+  check-version:
+    name: Check the version validity
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: Check release validity
+        run: sh .github/scripts/check-release.sh
+
   publish:
     name: Publish binary for ${{ matrix.os }}
     runs-on: ${{ matrix.os }}
+    needs: check-version
     strategy:
       fail-fast: false
       matrix:
@@ -41,6 +50,7 @@ jobs:
   publish-aarch64:
     name: Publish binary for aarch64
     runs-on: ${{ matrix.os }}
+    needs: check-version
     continue-on-error: false
     strategy:
       fail-fast: false

.github/workflows/publish-deb-brew-pkg.yml

@@ -5,9 +5,18 @@ on:
     types: [released]
 
 jobs:
+  check-version:
+    name: Check the version validity
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: Check release validity
+        run: sh .github/scripts/check-release.sh
+
   debian:
     name: Publish debian packagge
     runs-on: ubuntu-18.04
+    needs: check-version
     steps:
     - uses: hecrj/setup-rust-action@master
       with:
@@ -30,6 +39,7 @@ jobs:
   homebrew:
     name: Bump Homebrew formula
     runs-on: ubuntu-18.04
+    needs: check-version
     steps:
       - name: Create PR to Homebrew
         uses: mislav/bump-homebrew-formula-action@v1

.github/workflows/publish-docker-images.yml

@@ -5,8 +5,6 @@ on:
   push:
     tags:
       - '*'
-  release:
-    types: [released]
 
 name: Publish tagged images to Docker Hub
 
@@ -14,45 +12,54 @@ jobs:
   docker:
     runs-on: docker
     steps:
+      - uses: actions/checkout@v2
+
+      # Check if the tag has the v<nmumber>.<number>.<number> format. If yes, it means we are publishing an official release.
+      # In this situation, we need to set `output.stable` to create/update the following tags (additionally to the `vX.Y.Z` Docker tag):
+      # - a `vX.Y` (without patch version) Docker tag
+      # - a `latest` Docker tag
+      - name: Check tag format
+        if: github.event_name != 'schedule'
+        id: check-tag-format
+        run: |
+          escaped_tag=$(printf "%q" ${{ github.ref_name }})
+
+          if [[ $escaped_tag =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
+            echo ::set-output name=stable::true
+          else
+            echo ::set-output name=stable::false
+          fi
+
+      # Check only the validity of the tag for official releases (not for pre-releases or other tags)
+      - name: Check release validity
+        if: github.event_name != 'schedule' && steps.check-tag-format.outputs.stable
+        run: sh .github/scripts/check-release.sh
+
       - name: Set up QEMU
         uses: docker/setup-qemu-action@v1
 
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v1
 
-      - name: Login to DockerHub
+      - name: Login to Docker Hub
         if: github.event_name != 'schedule'
         uses: docker/login-action@v1
         with:
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_PASSWORD }}
 
-      - name: Check tag format
-        id: check-tag-format
-        run: |
-          # Escape submitted tag name
-          escaped_tag=$(printf "%q" ${{ github.ref_name }})
-
-          # Check if tag has format v<nmumber>.<number>.<number> and set output.match
-          # to create a vX.Y (without patch version) Docker tag
-          if [[ $escaped_tag =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
-            echo ::set-output name=match::true
-          else
-            echo ::set-output name=match::false
-          fi
-
       - name: Docker meta
         id: meta
         uses: docker/metadata-action@v3
         with:
           images: getmeili/meilisearch
-          # The lastest tag is only pushed for the official Meilisearch release
+          # The lastest and `vX.Y` tags are only pushed for the official Meilisearch releases
           # See https://github.com/docker/metadata-action#latest-tag
           flavor: latest=false
           tags: |
             type=ref,event=tag
-            type=semver,pattern=v{{major}}.{{minor}},enable=${{ steps.check-tag-format.outputs.match }}
-            type=raw,value=latest,enable=${{ github.event_name == 'release' }}
+            type=semver,pattern=v{{major}}.{{minor}},enable=${{ steps.check-tag-format.outputs.stable }}
+            type=raw,value=latest,enable=${{ steps.check-tag-format.outputs.stable }}
 
       - name: Build and push
         id: docker_build