From a86c49b5ffa365318ce9075110ecf595beb9d837 Mon Sep 17 00:00:00 2001
From: clsferguson <48876201+clsferguson@users.noreply.github.com>
Date: Wed, 10 Sep 2025 21:05:46 -0600
Subject: [PATCH] Refactor publish and finalize conditions in workflow

Updated conditions for publishing and finalizing outcomes in the CI workflow.
---
 .github/workflows/sync-build-release.yml | 29 +++++++++++++++++++++---
 1 file changed, 26 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/sync-build-release.yml b/.github/workflows/sync-build-release.yml
index b31f95d93..a4caf7845 100644
--- a/.github/workflows/sync-build-release.yml
+++ b/.github/workflows/sync-build-release.yml
@@ -22,6 +22,7 @@ jobs:
         with:
           fetch-depth: 0
           fetch-tags: true
+
       - name: Install prerequisites (jq, curl, git)
         run: |
           set -e
@@ -29,6 +30,7 @@ jobs:
             sudo apt-get update -y
             sudo apt-get install -y jq curl git
           fi
+
       - name: Check for New Upstream Release
         id: check_version
         shell: bash
@@ -41,6 +43,7 @@ jobs:
           else
             echo "new_version=none" >> "$GITHUB_OUTPUT"
           fi
+
       - name: Cleanup workspace (always, scoped)
         if: ${{ always() }}
         run: |
@@ -58,10 +61,12 @@ jobs:
         with:
           fetch-depth: 0
           fetch-tags: true
+
       - name: Set Git Config
         run: |
           git config --global user.name "GitHub Actions"
           git config --global user.email "actions@github.com"
+
       - name: Sync with Upstream (idempotent)
         run: |
           set -euo pipefail
@@ -78,10 +83,12 @@ jobs:
           git add README.md
           git commit -m "Merge upstream/master, keep local README.md" || true
           git push origin master
+
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
         with:
           cleanup: true
+
       - name: Check CR_PAT secret
         id: crpat
         shell: bash
@@ -91,6 +98,7 @@ jobs:
           else
             echo "present=false" >> "$GITHUB_OUTPUT"
           fi
+
       - name: Login to GHCR with GITHUB_TOKEN
         if: ${{ steps.crpat.outputs.present == 'false' }}
         uses: docker/login-action@v3
@@ -98,6 +106,7 @@ jobs:
           registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
+
       - name: Login to GHCR with CR_PAT
         if: ${{ steps.crpat.outputs.present == 'true' }}
         uses: docker/login-action@v3
@@ -105,6 +114,7 @@ jobs:
           registry: ghcr.io
           username: ${{ github.repository_owner }}
           password: ${{ secrets.CR_PAT }}
+
       - name: Free disk space (best effort)
         continue-on-error: true
         run: |
@@ -112,6 +122,7 @@ jobs:
           sudo rm -rf /usr/local/lib/android || true
           sudo rm -rf /opt/ghc || true
           sudo rm -rf /opt/hostedtoolcache/CodeQL || true
+
       - name: Build and Push (GH runner)
         uses: docker/build-push-action@v6
         with:
@@ -132,10 +143,12 @@ jobs:
         with:
           fetch-depth: 0
           fetch-tags: true
+
       - name: Set Git Config
         run: |
           git config --global user.name "GitHub Actions"
           git config --global user.email "actions@github.com"
+
       - name: Sync with Upstream (idempotent)
         run: |
           set -euo pipefail
@@ -152,10 +165,12 @@ jobs:
           git add README.md
           git commit -m "Merge upstream/master, keep local README.md" || true
           git push origin master
+
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
         with:
           cleanup: true
+
       - name: Check CR_PAT secret
         id: crpat
         shell: bash
@@ -165,6 +180,7 @@ jobs:
           else
             echo "present=false" >> "$GITHUB_OUTPUT"
           fi
+
       - name: Login to GHCR with GITHUB_TOKEN
         if: ${{ steps.crpat.outputs.present == 'false' }}
         uses: docker/login-action@v3
@@ -172,6 +188,7 @@ jobs:
           registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
+
       - name: Login to GHCR with CR_PAT
         if: ${{ steps.crpat.outputs.present == 'true' }}
         uses: docker/login-action@v3
@@ -179,6 +196,7 @@ jobs:
           registry: ghcr.io
           username: ${{ github.repository_owner }}
           password: ${{ secrets.CR_PAT }}
+
       - name: Build and Push (self-hosted)
         uses: docker/build-push-action@v6
         with:
@@ -188,12 +206,14 @@ jobs:
           tags: |
             ${{ env.IMAGE_NAME }}:${{ needs.check-upstream.outputs.new_version }}
             ${{ env.IMAGE_NAME }}:latest
+
       - name: Remove BuildKit image (moby/buildkit)
         if: ${{ always() }}
         shell: bash
         run: |
           set -euxo pipefail
           docker image rm -f $(docker images 'moby/buildkit*' -q) 2>/dev/null || true
+
       - name: Cleanup (always, scoped)
         if: ${{ always() }}
         run: |
@@ -206,8 +226,11 @@ jobs:
     name: Publish Release
     needs: [check-upstream, build-gh, build-self]
     if: |
-      needs.check-upstream.outputs.new_version != 'none' &&
-      (needs.build-gh.result == 'success' || needs.build-self.result == 'success')
+      ${{
+        always() &&
+        needs.check-upstream.outputs.new_version != 'none' &&
+        (needs.build-gh.result == 'success' || needs.build-self.result == 'success')
+      }}
     runs-on: ubuntu-latest
     steps:
       - name: Create GitHub Release
@@ -225,7 +248,7 @@ jobs:
   finalize:
     name: Finalize Outcome
     needs: [check-upstream, build-gh, build-self, publish]
-    if: needs.check-upstream.outputs.new_version != 'none'
+    if: ${{ always() && needs.check-upstream.outputs.new_version != 'none' }}
     runs-on: ubuntu-latest
     steps:
       - name: Fail if no build path succeeded