release 2.5.1

Signed-off-by: Rui Chen <rui@chenrui.dev>

.github/workflows/main.yml

@@ -8,9 +8,9 @@ jobs:
   build:
     runs-on: ubuntu-24.04
     steps:
-      - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v5
 
-      - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6
+      - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6
         with:
           node-version-file: ".tool-versions"
           cache: "npm"

CHANGELOG.md

@@ -1,3 +1,21 @@
+## 2.5.1
+
+`2.5.1` is a patch release focused on regressions introduced in `2.5.0` and on release lookup reliability.
+It fixes `#713`, addresses `#703`, and fixes `#724`. Regression testing shows that
+current `master` no longer reproduces the finalize-race behavior reported in `#704` and `#709`.
+
+## What's Changed
+
+### Bug fixes 🐛
+
+* fix: fetch correct asset URL after finalization; test; some refactoring by @pzhlkj6612 in https://github.com/softprops/action-gh-release/pull/738
+* fix: release marked as 'latest' despite make_latest: false by @Boshen in https://github.com/softprops/action-gh-release/pull/715
+* fix: use getReleaseByTag API instead of iterating all releases by @kim-em in https://github.com/softprops/action-gh-release/pull/725
+
+### Other Changes 🔄
+
+* dependency updates, including the ESM/runtime compatibility refresh in https://github.com/softprops/action-gh-release/pull/731
+
 ## 2.5.0
 
 ## What's Changed
@@ -201,7 +219,7 @@
 
 ## 2.0.0
 
-- `2.0.0`!? this release corrects a disjunction between git tag versions used in the marketplace and versions list this file. Previous versions should have really been 1.\*. Going forward this should be better aligned.
+- `2.0.0`!? this release corrects a disjunction between git tag versions used in the marketplace and the versions listed in this file. Previous versions should have really been 1.\*. Going forward this should be better aligned.
 - Upgrade action.yml declaration to node20 to address deprecations
 
 ## 0.1.15
@@ -212,7 +230,7 @@
 
 ## 0.1.14
 
-- provides an new workflow input option `generate_release_notes` which when set to true will automatically generate release notes for you based on GitHub activity [#179](https://github.com/softprops/action-gh-release/pull/179). Please see the [GitHub docs for this feature](https://docs.github.com/en/repositories/releasing-projects-on-github/automatically-generated-release-notes) for more information
+- provides a new workflow input option `generate_release_notes` which when set to true will automatically generate release notes for you based on GitHub activity [#179](https://github.com/softprops/action-gh-release/pull/179). Please see the [GitHub docs for this feature](https://docs.github.com/en/repositories/releasing-projects-on-github/automatically-generated-release-notes) for more information
 
 ## 0.1.13
 
@@ -220,7 +238,7 @@
 
 ## 0.1.12
 
-- fix bug leading to empty strings subsituted for inputs users don't provide breaking api calls [#144](https://github.com/softprops/action-gh-release/pull/144)
+- fix bug leading to empty strings substituted for inputs users don't provide breaking api calls [#144](https://github.com/softprops/action-gh-release/pull/144)
 
 ## 0.1.11
 
@@ -237,7 +255,7 @@
 ## 0.1.8
 
 - address recent warnings in assert upload api as well as introduce asset upload overrides, allowing for multiple runs for the same release with the same named asserts [#134](https://github.com/softprops/action-gh-release/pull/134)
-- fix backwards compatibility with `GITHUB_TOKEN` resolution. `GITHUB_TOKEN` is no resolved first from an env varibale and then from and input [#133](https://github.com/softprops/action-gh-release/pull/133)
+- fix backwards compatibility with `GITHUB_TOKEN` resolution. `GITHUB_TOKEN` is now resolved first from an env variable and then from an input [#133](https://github.com/softprops/action-gh-release/pull/133)
 - trim white space in provided `tag_name` [#130](https://github.com/softprops/action-gh-release/pull/130)
 
 ## 0.1.7
@@ -250,14 +268,14 @@
 
 This is a release catch up have a hiatus. Future releases will happen more frequently
 
-- Add 'fail_on_unmatched_files' input, useful for catching cases were your `files` input does not actually match what you expect [#55](https://github.com/softprops/action-gh-release/pull/55)
+- Add 'fail_on_unmatched_files' input, useful for catching cases where your `files` input does not actually match what you expect [#55](https://github.com/softprops/action-gh-release/pull/55)
 - Add `repository` input, useful for creating a release in an external repository [#61](https://github.com/softprops/action-gh-release/pull/61)
-- Add release `id` to outputs, useful for refering to release in workflow steps following the step that uses this action [#60](https://github.com/softprops/action-gh-release/pull/60)
+- Add release `id` to outputs, useful for referring to release in workflow steps following the step that uses this action [#60](https://github.com/softprops/action-gh-release/pull/60)
 - Add `upload_url` as action output, useful for managing uploads separately [#75](https://github.com/softprops/action-gh-release/pull/75)
 - Support custom `target_commitish` value, useful to customize the default [#76](https://github.com/softprops/action-gh-release/pull/76)
-- fix `body_path` input first then fall back on `body` input. this was the originally documented precedence but was implemened the the opposite order! [#85](https://github.com/softprops/action-gh-release/pull/85)
+- fix `body_path` input first then fall back on `body` input. This was the originally documented precedence but was implemented in the opposite order! [#85](https://github.com/softprops/action-gh-release/pull/85)
 - Retain original release info if the keys are not set, useful for filling in blanks for a release you've already started separately [#109](https://github.com/softprops/action-gh-release/pull/109)
-- Limit number of times github api request to create a release is retried, useful for avoiding eating up your rate limit and action minutes do to either an invalid token or other circumstance causing the api call to fail [#111](https://github.com/softprops/action-gh-release/pull/111)
+- Limit number of times github api request to create a release is retried, useful for avoiding eating up your rate limit and action minutes due to either an invalid token or other circumstance causing the api call to fail [#111](https://github.com/softprops/action-gh-release/pull/111)
 
 ## 0.1.5
 
@@ -267,7 +285,7 @@ This is a release catch up have a hiatus. Future releases will happen more frequ
 
 - Added support for updating releases body [#36](https://github.com/softprops/action-gh-release/pull/36)
 - Steps can now access the url of releases with the `url` output of this Action [#28](https://github.com/softprops/action-gh-release/pull/28)
-- Added basic GitHub API retry support to manage API turbulance [#26](https://github.com/softprops/action-gh-release/pull/26)
+- Added basic GitHub API retry support to manage API turbulence [#26](https://github.com/softprops/action-gh-release/pull/26)
 
 ## 0.1.3
 
@@ -282,7 +300,7 @@ This is now fixed.
 
 - Add support for newline-delimited asset list [#18](https://github.com/softprops/action-gh-release/pull/18)
 
-GitHub actions inputs don't inherently support lists of things and one might like to append a list of files to include in a release. Previously this was possible using a comma-delimited list of asset path patterns to upload. You can now provide these as a newline delimieted list for better readability
+GitHub actions inputs don't inherently support lists of things and one might like to append a list of files to include in a release. Previously this was possible using a comma-delimited list of asset path patterns to upload. You can now provide these as a newline delimited list for better readability
 
 ```yaml
 - name: Release

README.md

@@ -51,7 +51,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
       - name: Release
         uses: softprops/action-gh-release@v2
         if: github.ref_type == 'tag'
@@ -72,7 +72,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
       - name: Release
         uses: softprops/action-gh-release@v2
 ```
@@ -99,7 +99,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
       - name: Build
         run: echo ${{ github.sha }} > Release.txt
       - name: Test
@@ -123,7 +123,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
       - name: Build
         run: echo ${{ github.sha }} > Release.txt
       - name: Test
@@ -157,7 +157,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
       - name: Generate Changelog
         run: echo "# Good things have arrived" > ${{ github.workspace }}-CHANGELOG.txt
       - name: Release
@@ -213,7 +213,7 @@ The following outputs can be accessed via `${{ steps.<step-id>.outputs }}` from
 | `url`        | String | Github.com URL for the release                                                                                                                                                            |
 | `id`         | String | Release ID                                                                                                                                                                                |
 | `upload_url` | String | URL for uploading assets to the release                                                                                                                                                   |
-| `assets`     | String | JSON array containing information about each uploaded asset, in the format given [here](https://docs.github.com/en/rest/releases/assets#get-a-release-asset) (minus the `uploader` field) |
+| `assets`     | String | JSON array containing information about each updated (newly uploaded or overwritten) asset, in the format given [here](https://docs.github.com/en/rest/releases/assets#get-a-release-asset) (minus the `uploader` field) |
 
 As an example, you can use `${{ fromJSON(steps.<step-id>.outputs.assets)[0].browser_download_url }}` to get the download URL of the first asset.
 

__tests__/github.test.ts

@@ -1,15 +1,37 @@
 import {
   asset,
   findTagFromReleases,
+  finalizeRelease,
   mimeOrDefault,
   release,
   Release,
   Releaser,
 } from '../src/github';
 
-import { assert, describe, it } from 'vitest';
+import { assert, describe, expect, it, vi } from 'vitest';
 
 describe('github', () => {
+  const config = {
+    github_token: 'test-token',
+    github_ref: 'refs/tags/v1.0.0',
+    github_repository: 'owner/repo',
+    input_tag_name: undefined,
+    input_name: undefined,
+    input_body: undefined,
+    input_body_path: undefined,
+    input_files: [],
+    input_draft: undefined,
+    input_prerelease: undefined,
+    input_preserve_order: undefined,
+    input_overwrite_files: undefined,
+    input_fail_on_unmatched_files: false,
+    input_target_commitish: undefined,
+    input_discussion_category_name: undefined,
+    input_generate_release_notes: false,
+    input_append_body: false,
+    input_make_latest: undefined,
+  };
+
   describe('mimeOrDefault', () => {
     it('returns a specific mime for common path', async () => {
       assert.equal(mimeOrDefault('foo.tar.gz'), 'application/gzip');
@@ -46,205 +68,179 @@ describe('github', () => {
     } as const;
 
     const mockReleaser: Releaser = {
-      getReleaseByTag: () => Promise.reject('Not implemented'),
+      getReleaseByTag: () => Promise.reject({ status: 404 }),
       createRelease: () => Promise.reject('Not implemented'),
       updateRelease: () => Promise.reject('Not implemented'),
       finalizeRelease: () => Promise.reject('Not implemented'),
       allReleases: async function* () {
         yield { data: [mockRelease] };
       },
+      listReleaseAssets: () => Promise.reject('Not implemented'),
+      deleteReleaseAsset: () => Promise.reject('Not implemented'),
+      uploadReleaseAsset: () => Promise.reject('Not implemented'),
     } as const;
 
-    describe('when the tag_name is not an empty string', () => {
+    it('finds a release by tag using direct API lookup', async () => {
       const targetTag = 'v1.0.0';
+      const targetRelease = {
+        ...mockRelease,
+        tag_name: targetTag,
+      };
 
-      it('finds a matching release in first batch of results', async () => {
-        const targetRelease = {
-          ...mockRelease,
-          owner,
-          repo,
-          tag_name: targetTag,
-        };
-        const otherRelease = {
-          ...mockRelease,
-          owner,
-          repo,
-          tag_name: 'v1.0.1',
-        };
+      const releaser = {
+        ...mockReleaser,
+        getReleaseByTag: () => Promise.resolve({ data: targetRelease }),
+      };
 
-        const releaser = {
-          ...mockReleaser,
-          allReleases: async function* () {
-            yield { data: [targetRelease] };
-            yield { data: [otherRelease] };
-          },
-        };
+      const result = await findTagFromReleases(releaser, owner, repo, targetTag);
 
-        const result = await findTagFromReleases(releaser, owner, repo, targetTag);
-
-        assert.deepStrictEqual(result, targetRelease);
-      });
-
-      it('finds a matching release in second batch of results', async () => {
-        const targetRelease = {
-          ...mockRelease,
-          owner,
-          repo,
-          tag_name: targetTag,
-        };
-        const otherRelease = {
-          ...mockRelease,
-          owner,
-          repo,
-          tag_name: 'v1.0.1',
-        };
-
-        const releaser = {
-          ...mockReleaser,
-          allReleases: async function* () {
-            yield { data: [otherRelease] };
-            yield { data: [targetRelease] };
-          },
-        };
-
-        const result = await findTagFromReleases(releaser, owner, repo, targetTag);
-        assert.deepStrictEqual(result, targetRelease);
-      });
-
-      it('returns undefined when a release is not found in any batch', async () => {
-        const otherRelease = {
-          ...mockRelease,
-          owner,
-          repo,
-          tag_name: 'v1.0.1',
-        };
-        const releaser = {
-          ...mockReleaser,
-          allReleases: async function* () {
-            yield { data: [otherRelease] };
-            yield { data: [otherRelease] };
-          },
-        };
-
-        const result = await findTagFromReleases(releaser, owner, repo, targetTag);
-
-        assert.strictEqual(result, undefined);
-      });
-
-      it('returns undefined when no releases are returned', async () => {
-        const releaser = {
-          ...mockReleaser,
-          allReleases: async function* () {
-            yield { data: [] };
-          },
-        };
-
-        const result = await findTagFromReleases(releaser, owner, repo, targetTag);
-
-        assert.strictEqual(result, undefined);
-      });
+      assert.deepStrictEqual(result, targetRelease);
     });
 
-    describe('when the tag_name is an empty string', () => {
+    it('returns undefined when release is not found (404)', async () => {
+      const releaser = {
+        ...mockReleaser,
+        getReleaseByTag: () => Promise.reject({ status: 404 }),
+      };
+
+      const result = await findTagFromReleases(releaser, owner, repo, 'nonexistent');
+
+      assert.strictEqual(result, undefined);
+    });
+
+    it('re-throws non-404 errors', async () => {
+      const releaser = {
+        ...mockReleaser,
+        getReleaseByTag: () => Promise.reject({ status: 500, message: 'Server error' }),
+      };
+
+      try {
+        await findTagFromReleases(releaser, owner, repo, 'v1.0.0');
+        assert.fail('Expected an error to be thrown');
+      } catch (error) {
+        assert.strictEqual(error.status, 500);
+      }
+    });
+
+    it('finds a release with empty tag name', async () => {
       const emptyTag = '';
+      const targetRelease = {
+        ...mockRelease,
+        tag_name: emptyTag,
+      };
 
-      it('finds a matching release in first batch of results', async () => {
-        const targetRelease = {
-          ...mockRelease,
-          owner,
-          repo,
-          tag_name: emptyTag,
-        };
-        const otherRelease = {
-          ...mockRelease,
-          owner,
-          repo,
-          tag_name: 'v1.0.1',
-        };
+      const releaser = {
+        ...mockReleaser,
+        getReleaseByTag: () => Promise.resolve({ data: targetRelease }),
+      };
 
-        const releaser = {
-          ...mockReleaser,
-          allReleases: async function* () {
-            yield { data: [targetRelease] };
-            yield { data: [otherRelease] };
-          },
-        };
+      const result = await findTagFromReleases(releaser, owner, repo, emptyTag);
 
-        const result = await findTagFromReleases(releaser, owner, repo, emptyTag);
+      assert.deepStrictEqual(result, targetRelease);
+    });
+  });
 
-        assert.deepStrictEqual(result, targetRelease);
-      });
+  describe('finalizeRelease input_draft behavior', () => {
+    const draftRelease: Release = {
+      id: 1,
+      upload_url: 'test',
+      html_url: 'test',
+      tag_name: 'v1.0.0',
+      name: 'test',
+      body: 'test',
+      target_commitish: 'main',
+      draft: true,
+      prerelease: false,
+      assets: [],
+    };
 
-      it('finds a matching release in second batch of results', async () => {
-        const targetRelease = {
-          ...mockRelease,
-          owner,
-          repo,
-          tag_name: emptyTag,
-        };
-        const otherRelease = {
-          ...mockRelease,
-          owner,
-          repo,
-          tag_name: 'v1.0.1',
-        };
+    const finalizedRelease: Release = {
+      ...draftRelease,
+      draft: false,
+    };
 
-        const releaser = {
-          ...mockReleaser,
-          allReleases: async function* () {
-            yield { data: [otherRelease] };
-            yield { data: [targetRelease] };
-          },
-        };
+    it.each([
+      {
+        name: 'returns early when input_draft is true',
+        input_draft: true,
+        expectedCalls: 0,
+        expectedResult: draftRelease,
+      },
+      {
+        name: 'finalizes release when input_draft is false',
+        input_draft: false,
+        expectedCalls: 1,
+        expectedResult: finalizedRelease,
+      },
+    ])('$name', async ({ input_draft, expectedCalls, expectedResult }) => {
+      const finalizeReleaseSpy = vi.fn(async () => ({ data: finalizedRelease }));
 
-        const result = await findTagFromReleases(releaser, owner, repo, emptyTag);
-        assert.deepStrictEqual(result, targetRelease);
-      });
+      const releaser: Releaser = {
+        getReleaseByTag: () => Promise.reject('Not implemented'),
+        createRelease: () => Promise.reject('Not implemented'),
+        updateRelease: () => Promise.reject('Not implemented'),
+        finalizeRelease: finalizeReleaseSpy,
+        allReleases: async function* () {
+          throw new Error('Not implemented');
+        },
+        listReleaseAssets: () => Promise.reject('Not implemented'),
+        deleteReleaseAsset: () => Promise.reject('Not implemented'),
+        uploadReleaseAsset: () => Promise.reject('Not implemented'),
+      };
 
-      it('returns undefined when a release is not found in any batch', async () => {
-        const otherRelease = {
-          ...mockRelease,
-          owner,
-          repo,
-          tag_name: 'v1.0.1',
-        };
-        const releaser = {
-          ...mockReleaser,
-          allReleases: async function* () {
-            yield { data: [otherRelease] };
-            yield { data: [otherRelease] };
-          },
-        };
+      const result = await finalizeRelease(
+        {
+          ...config,
+          input_draft,
+        },
+        releaser,
+        draftRelease,
+      );
 
-        const result = await findTagFromReleases(releaser, owner, repo, emptyTag);
+      expect(finalizeReleaseSpy).toHaveBeenCalledTimes(expectedCalls);
+      assert.strictEqual(result, expectedResult);
 
-        assert.strictEqual(result, undefined);
-      });
-
-      it('returns undefined when no releases are returned', async () => {
-        const releaser = {
-          ...mockReleaser,
-          allReleases: async function* () {
-            yield { data: [] };
-          },
-        };
-
-        const result = await findTagFromReleases(releaser, owner, repo, emptyTag);
-
-        assert.strictEqual(result, undefined);
-      });
+      if (expectedCalls === 1) {
+        expect(finalizeReleaseSpy).toHaveBeenCalledWith({
+          owner: 'owner',
+          repo: 'repo',
+          release_id: draftRelease.id,
+        });
+      }
     });
   });
 
   describe('error handling', () => {
     it('handles 422 already_exists error gracefully', async () => {
+      const existingRelease = {
+        id: 1,
+        upload_url: 'test',
+        html_url: 'test',
+        tag_name: 'v1.0.0',
+        name: 'test',
+        body: 'test',
+        target_commitish: 'main',
+        draft: false,
+        prerelease: false,
+        assets: [],
+      };
+
+      let createAttempts = 0;
       const mockReleaser: Releaser = {
-        getReleaseByTag: () => Promise.reject('Not implemented'),
-        createRelease: () =>
-          Promise.reject({
+        getReleaseByTag: ({ tag }) => {
+          // First call returns 404 (release doesn't exist yet), subsequent calls find it
+          if (createAttempts === 0) {
+            return Promise.reject({ status: 404 });
+          }
+          return Promise.resolve({ data: existingRelease });
+        },
+        createRelease: () => {
+          createAttempts++;
+          return Promise.reject({
             status: 422,
             response: { data: { errors: [{ code: 'already_exists' }] } },
-          }),
+          });
+        },
         updateRelease: () =>
           Promise.resolve({
             data: {
@@ -260,49 +256,16 @@ describe('github', () => {
               assets: [],
             },
           }),
-        finalizeRelease: async () => {},
+        finalizeRelease: () => Promise.reject('Not implemented'),
         allReleases: async function* () {
-          yield {
-            data: [
-              {
-                id: 1,
-                upload_url: 'test',
-                html_url: 'test',
-                tag_name: 'v1.0.0',
-                name: 'test',
-                body: 'test',
-                target_commitish: 'main',
-                draft: false,
-                prerelease: false,
-                assets: [],
-              },
-            ],
-          };
+          yield { data: [existingRelease] };
         },
+        listReleaseAssets: () => Promise.reject('Not implemented'),
+        deleteReleaseAsset: () => Promise.reject('Not implemented'),
+        uploadReleaseAsset: () => Promise.reject('Not implemented'),
       } as const;
 
-      const config = {
-        github_token: 'test-token',
-        github_ref: 'refs/tags/v1.0.0',
-        github_repository: 'owner/repo',
-        input_tag_name: undefined,
-        input_name: undefined,
-        input_body: undefined,
-        input_body_path: undefined,
-        input_files: [],
-        input_draft: undefined,
-        input_prerelease: undefined,
-        input_preserve_order: undefined,
-        input_overwrite_files: undefined,
-        input_fail_on_unmatched_files: false,
-        input_target_commitish: undefined,
-        input_discussion_category_name: undefined,
-        input_generate_release_notes: false,
-        input_append_body: false,
-        input_make_latest: undefined,
-      };
-
-      const result = await release(config, mockReleaser, 1);
+      const result = await release(config, mockReleaser, 2);
       assert.ok(result);
       assert.equal(result.id, 1);
     });

package.json

@@ -1,12 +1,12 @@
 {
   "name": "action-gh-release",
-  "version": "2.5.0",
+  "version": "2.5.1",
   "private": true,
   "description": "GitHub Action for creating GitHub Releases",
   "main": "lib/main.js",
   "scripts": {
-    "build": "ncc build src/main.ts --minify --target es2022",
-    "build-debug": "ncc build src/main.ts --v8-cache --source-map",
+    "build": "esbuild src/main.ts --bundle --platform=node --format=cjs --target=node20 --outfile=dist/index.js --minify",
+    "build-debug": "esbuild src/main.ts --bundle --platform=node --format=cjs --target=node20 --outfile=dist/index.js --sourcemap --keep-names",
     "typecheck": "tsc --noEmit",
     "test": "vitest --coverage",
     "fmt": "prettier --write \"src/**/*.ts\" \"__tests__/**/*.ts\"",
@@ -22,20 +22,20 @@
   ],
   "author": "softprops",
   "dependencies": {
-    "@actions/core": "^1.11.1",
-    "@actions/github": "^6.0.1",
-    "@octokit/plugin-retry": "^8.0.3",
+    "@actions/core": "^3.0.0",
+    "@actions/github": "^9.0.0",
+    "@octokit/plugin-retry": "^8.1.0",
     "@octokit/plugin-throttling": "^11.0.3",
-    "glob": "^13.0.0",
+    "glob": "^13.0.6",
     "mime-types": "^3.0.2"
   },
   "devDependencies": {
     "@types/glob": "^9.0.0",
     "@types/mime-types": "^3.0.1",
-    "@types/node": "^20.19.25",
-    "@vercel/ncc": "^0.38.4",
-    "@vitest/coverage-v8": "^4.0.13",
-    "prettier": "3.6.2",
+    "@types/node": "^20.19.37",
+    "@vitest/coverage-v8": "^4.1.0",
+    "esbuild": "^0.27.3",
+    "prettier": "3.8.1",
     "ts-node": "^10.9.2",
     "typescript": "^5.9.3",
     "typescript-formatter": "^7.2.2",

src/github.ts

@@ -62,9 +62,26 @@ export interface Releaser {
     owner: string;
     repo: string;
     release_id: number;
+    make_latest: 'true' | 'false' | 'legacy' | undefined;
   }): Promise<{ data: Release }>;
 
-  allReleases(params: { owner: string; repo: string }): AsyncIterableIterator<{ data: Release[] }>;
+  allReleases(params: { owner: string; repo: string }): AsyncIterable<{ data: Release[] }>;
+
+  listReleaseAssets(params: {
+    owner: string;
+    repo: string;
+    release_id: number;
+  }): Promise<Array<{ id: number; name: string; [key: string]: any }>>;
+
+  deleteReleaseAsset(params: { owner: string; repo: string; asset_id: number }): Promise<void>;
+
+  uploadReleaseAsset(params: {
+    url: string;
+    size: number;
+    mime: string;
+    token: string;
+    data: any;
+  }): Promise<{ status: number; data: any }>;
 }
 
 export class GitHubReleaser implements Releaser {
@@ -166,21 +183,65 @@ export class GitHubReleaser implements Releaser {
     return this.github.rest.repos.updateRelease(params);
   }
 
-  async finalizeRelease(params: { owner: string; repo: string; release_id: number }) {
+  async finalizeRelease(params: {
+    owner: string;
+    repo: string;
+    release_id: number;
+    make_latest: 'true' | 'false' | 'legacy' | undefined;
+  }) {
     return await this.github.rest.repos.updateRelease({
       owner: params.owner,
       repo: params.repo,
       release_id: params.release_id,
       draft: false,
+      make_latest: params.make_latest,
     });
   }
 
-  allReleases(params: { owner: string; repo: string }): AsyncIterableIterator<{ data: Release[] }> {
+  allReleases(params: { owner: string; repo: string }): AsyncIterable<{ data: Release[] }> {
     const updatedParams = { per_page: 100, ...params };
     return this.github.paginate.iterator(
       this.github.rest.repos.listReleases.endpoint.merge(updatedParams),
     );
   }
+
+  async listReleaseAssets(params: {
+    owner: string;
+    repo: string;
+    release_id: number;
+  }): Promise<Array<{ id: number; name: string; [key: string]: any }>> {
+    return this.github.paginate(this.github.rest.repos.listReleaseAssets, {
+      ...params,
+      per_page: 100,
+    });
+  }
+
+  async deleteReleaseAsset(params: {
+    owner: string;
+    repo: string;
+    asset_id: number;
+  }): Promise<void> {
+    await this.github.rest.repos.deleteReleaseAsset(params);
+  }
+
+  async uploadReleaseAsset(params: {
+    url: string;
+    size: number;
+    mime: string;
+    token: string;
+    data: any;
+  }): Promise<{ status: number; data: any }> {
+    return this.github.request({
+      method: 'POST',
+      url: params.url,
+      headers: {
+        'content-length': `${params.size}`,
+        'content-type': params.mime,
+        authorization: `token ${params.token}`,
+      },
+      data: params.data,
+    });
+  }
 }
 
 export const asset = (path: string): ReleaseAsset => {
@@ -197,7 +258,7 @@ export const mimeOrDefault = (path: string): string => {
 
 export const upload = async (
   config: Config,
-  github: GitHub,
+  releaser: Releaser,
   url: string,
   path: string,
   currentAssets: Array<{ id: number; name: string }>,
@@ -216,7 +277,7 @@ export const upload = async (
       return null;
     } else {
       console.log(`♻️ Deleting previously uploaded asset ${name}...`);
-      await github.rest.repos.deleteReleaseAsset({
+      await releaser.deleteReleaseAsset({
         asset_id: currentAsset.id || 1,
         owner,
         repo,
@@ -228,14 +289,11 @@ export const upload = async (
   endpoint.searchParams.append('name', name);
   const fh = await open(path);
   try {
-    const resp = await github.request({
-      method: 'POST',
+    const resp = await releaser.uploadReleaseAsset({
       url: endpoint.toString(),
-      headers: {
-        'content-length': `${size}`,
-        'content-type': mime,
-        authorization: `token ${config.github_token}`,
-      },
+      size,
+      mime,
+      token: config.github_token,
       data: fh.readableWebStream({ type: 'bytes' }),
     });
     const json = resp.data;
@@ -389,17 +447,58 @@ export const finalizeRelease = async (
       owner,
       repo,
       release_id: release.id,
+      make_latest: config.input_make_latest,
     });
 
     return data;
-  } catch {
+  } catch (error) {
+    console.warn(`error finalizing release: ${error}`);
     console.log(`retrying... (${maxRetries - 1} retries remaining)`);
     return finalizeRelease(config, releaser, release, maxRetries - 1);
   }
 };
 
 /**
- * Finds a release by tag name from all a repository's releases.
+ * Lists assets belonging to a release.
+ *
+ * @param config - Release configuration as specified by user
+ * @param releaser - The GitHub API wrapper for release operations
+ * @param release - The existing release to be checked
+ * @param maxRetries - The maximum number of attempts
+ */
+export const listReleaseAssets = async (
+  config: Config,
+  releaser: Releaser,
+  release: Release,
+  maxRetries: number = 3,
+): Promise<Array<{ id: number; name: string; [key: string]: any }>> => {
+  if (maxRetries <= 0) {
+    console.log(`❌ Too many retries. Aborting...`);
+    throw new Error('Too many retries.');
+  }
+
+  const [owner, repo] = config.github_repository.split('/');
+  try {
+    const assets = await releaser.listReleaseAssets({
+      owner,
+      repo,
+      release_id: release.id,
+    });
+
+    return assets;
+  } catch (error) {
+    console.warn(`error listing assets of release: ${error}`);
+    console.log(`retrying... (${maxRetries - 1} retries remaining)`);
+    return listReleaseAssets(config, releaser, release, maxRetries - 1);
+  }
+};
+
+/**
+ * Finds a release by tag name.
+ *
+ * Uses the direct getReleaseByTag API for O(1) lookup instead of iterating
+ * through all releases. This also avoids GitHub's API pagination limit of
+ * 10000 results which would cause failures for repositories with many releases.
  *
  * @param releaser - The GitHub API wrapper for release operations
  * @param owner - The owner of the repository
@@ -413,16 +512,17 @@ export async function findTagFromReleases(
   repo: string,
   tag: string,
 ): Promise<Release | undefined> {
-  for await (const { data: releases } of releaser.allReleases({
-    owner,
-    repo,
-  })) {
-    const release = releases.find((release) => release.tag_name === tag);
-    if (release) {
-      return release;
+  try {
+    const { data: release } = await releaser.getReleaseByTag({ owner, repo, tag });
+    return release;
+  } catch (error) {
+    // Release not found (404) or other error - return undefined to allow creation
+    if (error.status === 404) {
+      return undefined;
     }
+    // Re-throw unexpected errors
+    throw error;
   }
-  return undefined;
 }
 
 async function createRelease(

src/main.ts

@@ -1,6 +1,6 @@
 import { setFailed, setOutput } from '@actions/core';
 import { getOctokit } from '@actions/github';
-import { GitHubReleaser, release, finalizeRelease, upload } from './github';
+import { GitHubReleaser, release, finalizeRelease, upload, listReleaseAssets } from './github';
 import { isTag, parseConfig, paths, unmatchedPatterns, uploadUrl } from './util';
 
 import { env } from 'process';
@@ -50,6 +50,7 @@ async function run() {
     //);
     const releaser = new GitHubReleaser(gh);
     let rel = await release(config, releaser);
+    let uploadedAssetIds: Set<number> = new Set();
     if (config.input_files && config.input_files.length > 0) {
       const files = paths(config.input_files, config.input_working_directory);
       if (files.length == 0) {
@@ -61,15 +62,12 @@ async function run() {
       }
       const currentAssets = rel.assets;
 
-      const uploadFile = async (path) => {
-        const json = await upload(config, gh, uploadUrl(rel.upload_url), path, currentAssets);
-        if (json) {
-          delete json.uploader;
-        }
-        return json;
+      const uploadFile = async (path: string) => {
+        const json = await upload(config, releaser, uploadUrl(rel.upload_url), path, currentAssets);
+        return json ? (json.id as number) : undefined;
       };
 
-      let results: (any | null)[];
+      let results: (number | undefined)[];
       if (!config.input_preserve_order) {
         results = await Promise.all(files.map(uploadFile));
       } else {
@@ -79,13 +77,29 @@ async function run() {
         }
       }
 
-      const assets = results.filter(Boolean);
-      setOutput('assets', assets);
+      uploadedAssetIds = new Set(results.filter((id): id is number => id !== undefined));
     }
 
     console.log('Finalizing release...');
     rel = await finalizeRelease(config, releaser, rel);
 
+    // Draft releases use temporary "untagged-..." URLs for assets.
+    // URLs will be changed to correct ones once the release is published.
+    console.log('Getting assets list...');
+    {
+      let assets: any[] = [];
+      if (uploadedAssetIds.size > 0) {
+        const updatedAssets = await listReleaseAssets(config, releaser, rel);
+        assets = updatedAssets
+          .filter((a) => uploadedAssetIds.has(a.id))
+          .map((a) => {
+            const { uploader, ...rest } = a;
+            return rest;
+          });
+      }
+      setOutput('assets', assets);
+    }
+
     console.log(`🎉 Release ready at ${rel.html_url}`);
     setOutput('url', rel.html_url);
     setOutput('id', rel.id.toString());

tsconfig.json

@@ -45,7 +45,7 @@
     // "paths": {},                           /* A series of entries which re-map imports to lookup locations relative to the 'baseUrl'. */
     // "rootDirs": [],                        /* List of root folders whose combined content represents the structure of the project at runtime. */
     // "typeRoots": [],                       /* List of folders to include type definitions from. */
-    "types": ["vitest/globals"],
+    "types": ["node", "vitest/globals"],
     // "allowSyntheticDefaultImports": true,  /* Allow default imports from modules with no default export. This does not affect code emit, just typechecking. */
     "esModuleInterop": true                   /* Enables emit interoperability between CommonJS and ES Modules via creation of namespace objects for all imports. Implies 'allowSyntheticDefaultImports'. */
     // "preserveSymlinks": true,              /* Do not resolve the real path of symlinks. */