release 2.5.2

Signed-off-by: Rui Chen <rui@chenrui.dev>

.github/ISSUE_TEMPLATE/bug_report.yml

@@ -0,0 +1,97 @@
+name: Bug report
+description: Report a bug or regression in action-gh-release
+title: "[Bug]: "
+labels:
+  - bug
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Before filing:
+        - confirm the problem still reproduces on the latest release or `master`
+        - search existing issues for the same behavior
+        - if the original repository is private, include a minimal public repro, a sanitized workflow snippet, or exact redacted steps a maintainer can follow
+  - type: checkboxes
+    id: checks
+    attributes:
+      label: Pre-flight checks
+      options:
+        - label: I searched existing issues and did not find a duplicate
+          required: true
+        - label: I reproduced this with the latest released version or current `master`
+          required: true
+        - label: I included a reproducible example or a sanitized/redacted reproduction path if the original repository is private
+          required: true
+  - type: input
+    id: action_version
+    attributes:
+      label: action-gh-release version
+      description: Tag, SHA, or ref used in your workflow
+      placeholder: v2.5.2
+    validations:
+      required: true
+  - type: dropdown
+    id: runner
+    attributes:
+      label: Runner operating system
+      options:
+        - ubuntu-latest
+        - windows-latest
+        - macos-latest
+        - other
+    validations:
+      required: true
+  - type: input
+    id: target_repository
+    attributes:
+      label: Release target repository
+      description: Fill this in if you set the `repository:` input
+      placeholder: owner/repo
+  - type: input
+    id: repro_reference
+    attributes:
+      label: Reproduction repo, gist, or artifact
+      description: Link a minimal repro repository, gist, run URL, or other shareable artifact if you have one
+      placeholder: https://github.com/owner/repro-repo
+  - type: textarea
+    id: workflow
+    attributes:
+      label: Workflow snippet
+      description: Include the relevant `uses:` step and inputs. If the original repo is private, paste a sanitized version here.
+      render: yaml
+  - type: textarea
+    id: expected
+    attributes:
+      label: Expected behavior
+    validations:
+      required: true
+  - type: textarea
+    id: actual
+    attributes:
+      label: Actual behavior
+    validations:
+      required: true
+  - type: textarea
+    id: reproduce
+    attributes:
+      label: Steps to reproduce
+      description: Include tags, matrix/concurrency details, and any repo rules involved. If the original repo is private, describe the smallest setup a maintainer can recreate locally or in a throwaway repo.
+      placeholder: |
+        1. Trigger workflow with ...
+        2. Action creates ...
+        3. Action fails with ...
+    validations:
+      required: true
+  - type: textarea
+    id: logs
+    attributes:
+      label: Relevant logs
+      description: Paste the relevant error output or run URL
+      render: shell
+    validations:
+      required: true
+  - type: textarea
+    id: additional
+    attributes:
+      label: Additional context
+      description: Any extra environment, token, ruleset, or asset details

.github/ISSUE_TEMPLATE/feature_request.yml

@@ -0,0 +1,50 @@
+name: Feature request
+description: Propose an enhancement or new capability for action-gh-release
+title: "[Feature]: "
+labels:
+  - enhancement
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Use this template for new capabilities, behavior changes, or ergonomics improvements.
+        If you are reporting something broken, use the bug report template instead.
+  - type: checkboxes
+    id: checks
+    attributes:
+      label: Pre-flight checks
+      options:
+        - label: I searched existing issues and did not find a duplicate request
+          required: true
+        - label: This is not a bug report for existing behavior
+          required: true
+  - type: textarea
+    id: problem
+    attributes:
+      label: Problem to solve
+      description: What workflow pain point or gap are you trying to address?
+    validations:
+      required: true
+  - type: textarea
+    id: proposal
+    attributes:
+      label: Proposed solution
+      description: Describe the behavior, input, or output you want
+    validations:
+      required: true
+  - type: textarea
+    id: workflow
+    attributes:
+      label: Example workflow snippet
+      description: Show how you would expect to use this
+      render: yaml
+  - type: textarea
+    id: alternatives
+    attributes:
+      label: Alternatives considered
+      description: Workarounds or other approaches you evaluated
+  - type: textarea
+    id: impact
+    attributes:
+      label: Why this belongs in action-gh-release
+      description: Explain the user impact or why this should live in the action rather than in workflow glue

CHANGELOG.md

@@ -1,3 +1,22 @@
+## 2.5.2
+
+`2.5.2` is a patch release focused on the remaining release-creation and prerelease regressions in the `2.5.x` bug-fix cycle.
+It fixes `#705`, fixes `#708`, fixes `#740`, fixes `#741`, and fixes `#722`.
+Regression testing covers the shared-tag race, prerelease event behavior, dotfile asset labels,
+same-filename concurrent uploads, and blocked-tag cleanup behavior.
+
+If you still hit an issue after upgrading, please open a report with the bug template and include a minimal repro or sanitized workflow snippet where possible.
+
+## What's Changed
+
+### Bug fixes 🐛
+
+* fix: canonicalize releases after concurrent create by @chenrui333 in https://github.com/softprops/action-gh-release/pull/746
+* fix: preserve prereleased events for prereleases by @chenrui333 in https://github.com/softprops/action-gh-release/pull/748
+* fix: restore dotfile asset labels by @chenrui333 in https://github.com/softprops/action-gh-release/pull/749
+* fix: handle upload already_exists races across workflows by @api2062 in https://github.com/softprops/action-gh-release/pull/745
+* fix: clean up orphan drafts when tag creation is blocked by @chenrui333 in https://github.com/softprops/action-gh-release/pull/750
+
 ## 2.5.1
 
 `2.5.1` is a patch release focused on regressions introduced in `2.5.0` and on release lookup reliability.

__tests__/github.test.ts

@@ -6,8 +6,12 @@ import {
   release,
   Release,
   Releaser,
+  upload,
 } from '../src/github';
 
+import { mkdtempSync, rmSync, writeFileSync } from 'fs';
+import { tmpdir } from 'os';
+import { join } from 'path';
 import { assert, describe, expect, it, vi } from 'vitest';
 
 describe('github', () => {
@@ -77,6 +81,8 @@ describe('github', () => {
       },
       listReleaseAssets: () => Promise.reject('Not implemented'),
       deleteReleaseAsset: () => Promise.reject('Not implemented'),
+      deleteRelease: () => Promise.reject('Not implemented'),
+      updateReleaseAsset: () => Promise.reject('Not implemented'),
       uploadReleaseAsset: () => Promise.reject('Not implemented'),
     } as const;
 
@@ -158,21 +164,35 @@ describe('github', () => {
       ...draftRelease,
       draft: false,
     };
+    const publishedPrerelease: Release = {
+      ...draftRelease,
+      draft: false,
+      prerelease: true,
+    };
 
     it.each([
       {
         name: 'returns early when input_draft is true',
         input_draft: true,
+        release: draftRelease,
         expectedCalls: 0,
         expectedResult: draftRelease,
       },
       {
         name: 'finalizes release when input_draft is false',
         input_draft: false,
+        release: draftRelease,
         expectedCalls: 1,
         expectedResult: finalizedRelease,
       },
-    ])('$name', async ({ input_draft, expectedCalls, expectedResult }) => {
+      {
+        name: 'returns early when release is already published',
+        input_draft: false,
+        release: publishedPrerelease,
+        expectedCalls: 0,
+        expectedResult: publishedPrerelease,
+      },
+    ])('$name', async ({ input_draft, release, expectedCalls, expectedResult }) => {
       const finalizeReleaseSpy = vi.fn(async () => ({ data: finalizedRelease }));
 
       const releaser: Releaser = {
@@ -185,6 +205,8 @@ describe('github', () => {
         },
         listReleaseAssets: () => Promise.reject('Not implemented'),
         deleteReleaseAsset: () => Promise.reject('Not implemented'),
+        deleteRelease: () => Promise.reject('Not implemented'),
+        updateReleaseAsset: () => Promise.reject('Not implemented'),
         uploadReleaseAsset: () => Promise.reject('Not implemented'),
       };
 
@@ -194,7 +216,7 @@ describe('github', () => {
           input_draft,
         },
         releaser,
-        draftRelease,
+        release,
       );
 
       expect(finalizeReleaseSpy).toHaveBeenCalledTimes(expectedCalls);
@@ -204,13 +226,217 @@ describe('github', () => {
         expect(finalizeReleaseSpy).toHaveBeenCalledWith({
           owner: 'owner',
           repo: 'repo',
-          release_id: draftRelease.id,
+          release_id: release.id,
         });
       }
     });
+
+    it('deletes a newly created draft when tag creation is blocked by repository rules', async () => {
+      const finalizeReleaseSpy = vi.fn(async () => {
+        throw {
+          status: 422,
+          response: {
+            data: {
+              errors: [
+                {
+                  field: 'pre_receive',
+                  message:
+                    'pre_receive Repository rule violations found\n\nCannot create ref due to creations being restricted.\n\n',
+                },
+              ],
+            },
+          },
+        };
+      });
+      const deleteReleaseSpy = vi.fn(async () => undefined);
+
+      const releaser: Releaser = {
+        getReleaseByTag: () => Promise.reject('Not implemented'),
+        createRelease: () => Promise.reject('Not implemented'),
+        updateRelease: () => Promise.reject('Not implemented'),
+        finalizeRelease: finalizeReleaseSpy,
+        allReleases: async function* () {
+          throw new Error('Not implemented');
+        },
+        listReleaseAssets: () => Promise.reject('Not implemented'),
+        deleteReleaseAsset: () => Promise.reject('Not implemented'),
+        deleteRelease: deleteReleaseSpy,
+        updateReleaseAsset: () => Promise.reject('Not implemented'),
+        uploadReleaseAsset: () => Promise.reject('Not implemented'),
+      };
+
+      await expect(
+        finalizeRelease(
+          {
+            ...config,
+            input_draft: false,
+          },
+          releaser,
+          draftRelease,
+          true,
+        ),
+      ).rejects.toThrow(
+        'Tag creation for v1.0.0 is blocked by repository rules. Deleted draft release 1 to avoid leaving an orphaned draft release.',
+      );
+
+      expect(finalizeReleaseSpy).toHaveBeenCalledTimes(1);
+      expect(deleteReleaseSpy).toHaveBeenCalledWith({
+        owner: 'owner',
+        repo: 'repo',
+        release_id: draftRelease.id,
+      });
+    });
+
+    it('does not delete an existing draft release when tag creation is blocked by repository rules', async () => {
+      const finalizeReleaseSpy = vi.fn(async () => {
+        throw {
+          status: 422,
+          response: {
+            data: {
+              errors: [
+                {
+                  field: 'pre_receive',
+                  message:
+                    'pre_receive Repository rule violations found\n\nCannot create ref due to creations being restricted.\n\n',
+                },
+              ],
+            },
+          },
+        };
+      });
+      const deleteReleaseSpy = vi.fn(async () => undefined);
+
+      const releaser: Releaser = {
+        getReleaseByTag: () => Promise.reject('Not implemented'),
+        createRelease: () => Promise.reject('Not implemented'),
+        updateRelease: () => Promise.reject('Not implemented'),
+        finalizeRelease: finalizeReleaseSpy,
+        allReleases: async function* () {
+          throw new Error('Not implemented');
+        },
+        listReleaseAssets: () => Promise.reject('Not implemented'),
+        deleteReleaseAsset: () => Promise.reject('Not implemented'),
+        deleteRelease: deleteReleaseSpy,
+        updateReleaseAsset: () => Promise.reject('Not implemented'),
+        uploadReleaseAsset: () => Promise.reject('Not implemented'),
+      };
+
+      await expect(
+        finalizeRelease(
+          {
+            ...config,
+            input_draft: false,
+          },
+          releaser,
+          draftRelease,
+          false,
+          1,
+        ),
+      ).rejects.toThrow('Too many retries.');
+
+      expect(finalizeReleaseSpy).toHaveBeenCalledTimes(1);
+      expect(deleteReleaseSpy).not.toHaveBeenCalled();
+    });
   });
 
   describe('error handling', () => {
+    it('creates published prereleases without the forced draft-first path', async () => {
+      const prereleaseConfig = {
+        ...config,
+        input_prerelease: true,
+        input_draft: false,
+      };
+      const createdRelease: Release = {
+        id: 1,
+        upload_url: 'test',
+        html_url: 'test',
+        tag_name: 'v1.0.0',
+        name: 'test',
+        body: 'test',
+        target_commitish: 'main',
+        draft: false,
+        prerelease: true,
+        assets: [],
+      };
+
+      const createReleaseSpy = vi.fn(async () => ({ data: createdRelease }));
+      const mockReleaser: Releaser = {
+        getReleaseByTag: () => Promise.reject({ status: 404 }),
+        createRelease: createReleaseSpy,
+        updateRelease: () => Promise.reject('Not implemented'),
+        finalizeRelease: () => Promise.reject('Not implemented'),
+        allReleases: async function* () {
+          yield { data: [createdRelease] };
+        },
+        listReleaseAssets: () => Promise.reject('Not implemented'),
+        deleteReleaseAsset: () => Promise.reject('Not implemented'),
+        deleteRelease: () => Promise.reject('Not implemented'),
+        updateReleaseAsset: () => Promise.reject('Not implemented'),
+        uploadReleaseAsset: () => Promise.reject('Not implemented'),
+      } as const;
+
+      const result = await release(prereleaseConfig, mockReleaser, 1);
+
+      assert.equal(result.release.id, createdRelease.id);
+      assert.equal(result.created, true);
+      expect(createReleaseSpy).toHaveBeenCalledWith(
+        expect.objectContaining({
+          draft: false,
+          prerelease: true,
+        }),
+      );
+    });
+
+    it('retries upload after deleting conflicting asset on 422 already_exists race', async () => {
+      const uploadReleaseAsset = vi
+        .fn()
+        .mockRejectedValueOnce({
+          status: 422,
+          response: { data: { errors: [{ code: 'already_exists' }] } },
+        })
+        .mockResolvedValueOnce({
+          status: 201,
+          data: { id: 123, name: 'release.txt' },
+        });
+
+      const listReleaseAssets = vi.fn().mockResolvedValue([{ id: 99, name: 'release.txt' }]);
+      const deleteReleaseAsset = vi.fn().mockResolvedValue(undefined);
+
+      const mockReleaser: Releaser = {
+        getReleaseByTag: () => Promise.reject('Not implemented'),
+        createRelease: () => Promise.reject('Not implemented'),
+        updateRelease: () => Promise.reject('Not implemented'),
+        finalizeRelease: () => Promise.reject('Not implemented'),
+        allReleases: async function* () {
+          throw new Error('Not implemented');
+        },
+        listReleaseAssets,
+        deleteReleaseAsset,
+        uploadReleaseAsset,
+      };
+
+      const result = await upload(
+        config,
+        mockReleaser,
+        'https://uploads.github.com/repos/owner/repo/releases/1/assets',
+        '__tests__/release.txt',
+        [],
+      );
+
+      expect(result).toStrictEqual({ id: 123, name: 'release.txt' });
+      expect(listReleaseAssets).toHaveBeenCalledWith({
+        owner: 'owner',
+        repo: 'repo',
+        release_id: 1,
+      });
+      expect(deleteReleaseAsset).toHaveBeenCalledWith({
+        owner: 'owner',
+        repo: 'repo',
+        asset_id: 99,
+      });
+      expect(uploadReleaseAsset).toHaveBeenCalledTimes(2);
+    });
+
     it('handles 422 already_exists error gracefully', async () => {
       const existingRelease = {
         id: 1,
@@ -262,12 +488,245 @@ describe('github', () => {
         },
         listReleaseAssets: () => Promise.reject('Not implemented'),
         deleteReleaseAsset: () => Promise.reject('Not implemented'),
+        deleteRelease: () => Promise.reject('Not implemented'),
         uploadReleaseAsset: () => Promise.reject('Not implemented'),
       } as const;
 
       const result = await release(config, mockReleaser, 2);
       assert.ok(result);
-      assert.equal(result.id, 1);
+      assert.equal(result.release.id, 1);
+      assert.equal(result.created, false);
+    });
+
+    it('reuses a canonical release after concurrent create success and removes empty duplicates', async () => {
+      const canonicalRelease: Release = {
+        id: 1,
+        upload_url: 'canonical-upload',
+        html_url: 'canonical-html',
+        tag_name: 'v1.0.0',
+        name: 'canonical',
+        body: 'test',
+        target_commitish: 'main',
+        draft: true,
+        prerelease: false,
+        assets: [],
+      };
+      const duplicateRelease: Release = {
+        id: 2,
+        upload_url: 'duplicate-upload',
+        html_url: 'duplicate-html',
+        tag_name: 'v1.0.0',
+        name: 'duplicate',
+        body: 'test',
+        target_commitish: 'main',
+        draft: true,
+        prerelease: false,
+        assets: [],
+      };
+
+      let lookupCount = 0;
+      const deleteReleaseSpy = vi.fn(async () => undefined);
+      const mockReleaser: Releaser = {
+        getReleaseByTag: () => {
+          lookupCount += 1;
+          if (lookupCount === 1) {
+            return Promise.reject({ status: 404 });
+          }
+          return Promise.resolve({ data: canonicalRelease });
+        },
+        createRelease: () => Promise.resolve({ data: duplicateRelease }),
+        updateRelease: () => Promise.reject('Not implemented'),
+        finalizeRelease: () => Promise.reject('Not implemented'),
+        allReleases: async function* () {
+          yield { data: [duplicateRelease, canonicalRelease] };
+        },
+        listReleaseAssets: () => Promise.reject('Not implemented'),
+        deleteReleaseAsset: () => Promise.reject('Not implemented'),
+        deleteRelease: deleteReleaseSpy,
+        updateReleaseAsset: () => Promise.reject('Not implemented'),
+        uploadReleaseAsset: () => Promise.reject('Not implemented'),
+      };
+
+      const result = await release(config, mockReleaser, 2);
+
+      assert.equal(result.release.id, canonicalRelease.id);
+      assert.equal(result.created, false);
+      expect(deleteReleaseSpy).toHaveBeenCalledWith({
+        owner: 'owner',
+        repo: 'repo',
+        release_id: duplicateRelease.id,
+      });
+    });
+
+    it('falls back to recent releases when tag lookup still lags after create', async () => {
+      const canonicalRelease: Release = {
+        id: 1,
+        upload_url: 'canonical-upload',
+        html_url: 'canonical-html',
+        tag_name: 'v1.0.0',
+        name: 'canonical',
+        body: 'test',
+        target_commitish: 'main',
+        draft: true,
+        prerelease: false,
+        assets: [],
+      };
+      const duplicateRelease: Release = {
+        id: 2,
+        upload_url: 'duplicate-upload',
+        html_url: 'duplicate-html',
+        tag_name: 'v1.0.0',
+        name: 'duplicate',
+        body: 'test',
+        target_commitish: 'main',
+        draft: true,
+        prerelease: false,
+        assets: [],
+      };
+
+      const deleteReleaseSpy = vi.fn(async () => undefined);
+      const mockReleaser: Releaser = {
+        getReleaseByTag: () => Promise.reject({ status: 404 }),
+        createRelease: () => Promise.resolve({ data: duplicateRelease }),
+        updateRelease: () => Promise.reject('Not implemented'),
+        finalizeRelease: () => Promise.reject('Not implemented'),
+        allReleases: async function* () {
+          yield { data: [duplicateRelease, canonicalRelease] };
+        },
+        listReleaseAssets: () => Promise.reject('Not implemented'),
+        deleteReleaseAsset: () => Promise.reject('Not implemented'),
+        deleteRelease: deleteReleaseSpy,
+        updateReleaseAsset: () => Promise.reject('Not implemented'),
+        uploadReleaseAsset: () => Promise.reject('Not implemented'),
+      };
+
+      const result = await release(config, mockReleaser, 1);
+
+      assert.equal(result.release.id, canonicalRelease.id);
+      assert.equal(result.created, false);
+      expect(deleteReleaseSpy).toHaveBeenCalledWith({
+        owner: 'owner',
+        repo: 'repo',
+        release_id: duplicateRelease.id,
+      });
+    });
+  });
+
+  describe('upload', () => {
+    it('restores a dotfile label when GitHub normalizes the uploaded asset name', async () => {
+      const tempDir = mkdtempSync(join(tmpdir(), 'gh-release-dotfile-'));
+      const dotfilePath = join(tempDir, '.config');
+      writeFileSync(dotfilePath, 'config');
+
+      const updateReleaseAssetSpy = vi.fn(async () => ({
+        data: {
+          id: 1,
+          name: 'default.config',
+          label: '.config',
+        },
+      }));
+      const releaser: Releaser = {
+        getReleaseByTag: () => Promise.reject('Not implemented'),
+        createRelease: () => Promise.reject('Not implemented'),
+        updateRelease: () => Promise.reject('Not implemented'),
+        finalizeRelease: () => Promise.reject('Not implemented'),
+        allReleases: async function* () {
+          throw new Error('Not implemented');
+        },
+        listReleaseAssets: () => Promise.reject('Not implemented'),
+        deleteReleaseAsset: () => Promise.reject('Not implemented'),
+        deleteRelease: () => Promise.reject('Not implemented'),
+        updateReleaseAsset: updateReleaseAssetSpy,
+        uploadReleaseAsset: () =>
+          Promise.resolve({
+            status: 201,
+            data: {
+              id: 1,
+              name: 'default.config',
+              label: '',
+            },
+          }),
+      };
+
+      try {
+        const result = await upload(
+          config,
+          releaser,
+          'https://uploads.example.test/assets',
+          dotfilePath,
+          [],
+        );
+
+        expect(updateReleaseAssetSpy).toHaveBeenCalledWith({
+          owner: 'owner',
+          repo: 'repo',
+          asset_id: 1,
+          name: 'default.config',
+          label: '.config',
+        });
+        expect(result).toEqual({
+          id: 1,
+          name: 'default.config',
+          label: '.config',
+        });
+      } finally {
+        rmSync(tempDir, { recursive: true, force: true });
+      }
+    });
+
+    it('matches an existing asset by label when overwriting a dotfile', async () => {
+      const tempDir = mkdtempSync(join(tmpdir(), 'gh-release-dotfile-'));
+      const dotfilePath = join(tempDir, '.config');
+      writeFileSync(dotfilePath, 'config');
+
+      const deleteReleaseAssetSpy = vi.fn(async () => undefined);
+      const releaser: Releaser = {
+        getReleaseByTag: () => Promise.reject('Not implemented'),
+        createRelease: () => Promise.reject('Not implemented'),
+        updateRelease: () => Promise.reject('Not implemented'),
+        finalizeRelease: () => Promise.reject('Not implemented'),
+        allReleases: async function* () {
+          throw new Error('Not implemented');
+        },
+        listReleaseAssets: () => Promise.reject('Not implemented'),
+        deleteReleaseAsset: deleteReleaseAssetSpy,
+        deleteRelease: () => Promise.reject('Not implemented'),
+        updateReleaseAsset: () =>
+          Promise.resolve({
+            data: {
+              id: 2,
+              name: 'default.config',
+              label: '.config',
+            },
+          }),
+        uploadReleaseAsset: () =>
+          Promise.resolve({
+            status: 201,
+            data: {
+              id: 2,
+              name: 'default.config',
+              label: '',
+            },
+          }),
+      };
+
+      try {
+        await upload(config, releaser, 'https://uploads.example.test/assets', dotfilePath, [
+          {
+            id: 1,
+            name: 'default.config',
+            label: '.config',
+          },
+        ]);
+
+        expect(deleteReleaseAssetSpy).toHaveBeenCalledWith({
+          asset_id: 1,
+          owner: 'owner',
+          repo: 'repo',
+        });
+      } finally {
+        rmSync(tempDir, { recursive: true, force: true });
+      }
     });
   });
 });

package-lock.json

@@ -1,12 +1,12 @@
 {
   "name": "action-gh-release",
-  "version": "2.5.1",
+  "version": "2.5.2",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "action-gh-release",
-      "version": "2.5.1",
+      "version": "2.5.2",
       "dependencies": {
         "@actions/core": "^3.0.0",
         "@actions/github": "^9.0.0",

package.json

@@ -1,6 +1,6 @@
 {
   "name": "action-gh-release",
-  "version": "2.5.1",
+  "version": "2.5.2",
   "private": true,
   "description": "GitHub Action for creating GitHub Releases",
   "main": "lib/main.js",

src/github.ts

@@ -23,7 +23,12 @@ export interface Release {
   target_commitish: string;
   draft: boolean;
   prerelease: boolean;
-  assets: Array<{ id: number; name: string }>;
+  assets: Array<{ id: number; name: string; label?: string | null }>;
+}
+
+export interface ReleaseResult {
+  release: Release;
+  created: boolean;
 }
 
 export interface Releaser {
@@ -71,10 +76,20 @@ export interface Releaser {
     owner: string;
     repo: string;
     release_id: number;
-  }): Promise<Array<{ id: number; name: string; [key: string]: any }>>;
+  }): Promise<Array<{ id: number; name: string; label?: string | null; [key: string]: any }>>;
 
   deleteReleaseAsset(params: { owner: string; repo: string; asset_id: number }): Promise<void>;
 
+  deleteRelease(params: { owner: string; repo: string; release_id: number }): Promise<void>;
+
+  updateReleaseAsset(params: {
+    owner: string;
+    repo: string;
+    asset_id: number;
+    name: string;
+    label: string;
+  }): Promise<{ data: any }>;
+
   uploadReleaseAsset(params: {
     url: string;
     size: number;
@@ -209,7 +224,7 @@ export class GitHubReleaser implements Releaser {
     owner: string;
     repo: string;
     release_id: number;
-  }): Promise<Array<{ id: number; name: string; [key: string]: any }>> {
+  }): Promise<Array<{ id: number; name: string; label?: string | null; [key: string]: any }>> {
     return this.github.paginate(this.github.rest.repos.listReleaseAssets, {
       ...params,
       per_page: 100,
@@ -224,6 +239,20 @@ export class GitHubReleaser implements Releaser {
     await this.github.rest.repos.deleteReleaseAsset(params);
   }
 
+  async deleteRelease(params: { owner: string; repo: string; release_id: number }): Promise<void> {
+    await this.github.rest.repos.deleteRelease(params);
+  }
+
+  async updateReleaseAsset(params: {
+    owner: string;
+    repo: string;
+    asset_id: number;
+    name: string;
+    label: string;
+  }): Promise<{ data: any }> {
+    return await this.github.rest.repos.updateReleaseAsset(params);
+  }
+
   async uploadReleaseAsset(params: {
     url: string;
     size: number;
@@ -261,15 +290,18 @@ export const upload = async (
   releaser: Releaser,
   url: string,
   path: string,
-  currentAssets: Array<{ id: number; name: string }>,
+  currentAssets: Array<{ id: number; name: string; label?: string | null }>,
 ): Promise<any> => {
   const [owner, repo] = config.github_repository.split('/');
   const { name, mime, size } = asset(path);
+  const releaseIdMatch = url.match(/\/releases\/(\d+)\/assets/);
+  const releaseId = releaseIdMatch ? Number(releaseIdMatch[1]) : undefined;
   const currentAsset = currentAssets.find(
     // note: GitHub renames asset filenames that have special characters, non-alphanumeric characters, and leading or trailing periods. The "List release assets" endpoint lists the renamed filenames.
     // due to this renaming we need to be mindful when we compare the file name we're uploading with a name github may already have rewritten for logical comparison
     // see https://docs.github.com/en/rest/releases/assets?apiVersion=2022-11-28#upload-a-release-asset
-    ({ name: currentName }) => currentName == alignAssetName(name),
+    ({ name: currentName, label: currentLabel }) =>
+      currentName === name || currentName === alignAssetName(name) || currentLabel === name,
   );
   if (currentAsset) {
     if (config.input_overwrite_files === false) {
@@ -287,15 +319,23 @@ export const upload = async (
   console.log(`⬆️ Uploading ${name}...`);
   const endpoint = new URL(url);
   endpoint.searchParams.append('name', name);
+  const uploadAsset = async () => {
     const fh = await open(path);
     try {
-    const resp = await releaser.uploadReleaseAsset({
+      return await releaser.uploadReleaseAsset({
         url: endpoint.toString(),
         size,
         mime,
         token: config.github_token,
         data: fh.readableWebStream({ type: 'bytes' }),
       });
+    } finally {
+      await fh.close();
+    }
+  };
+
+  try {
+    const resp = await uploadAsset();
     const json = resp.data;
     if (resp.status !== 201) {
       throw new Error(
@@ -304,10 +344,67 @@ export const upload = async (
         }\n${json.message}\n${JSON.stringify(json.errors)}`,
       );
     }
+    if (json.name && json.name !== name && json.id) {
+      console.log(`✏️ Restoring asset label to ${name}...`);
+      try {
+        const { data } = await releaser.updateReleaseAsset({
+          owner,
+          repo,
+          asset_id: json.id,
+          name: json.name,
+          label: name,
+        });
+        console.log(`✅ Uploaded ${name}`);
+        return data;
+      } catch (error) {
+        console.warn(`error updating release asset label for ${name}: ${error}`);
+      }
+    }
     console.log(`✅ Uploaded ${name}`);
     return json;
-  } finally {
-    await fh.close();
+  } catch (error: any) {
+    const errorStatus = error?.status ?? error?.response?.status;
+    const errorData = error?.response?.data;
+
+    // Handle race conditions across concurrent workflows uploading the same asset.
+    if (
+      config.input_overwrite_files !== false &&
+      errorStatus === 422 &&
+      errorData?.errors?.[0]?.code === 'already_exists' &&
+      releaseId !== undefined
+    ) {
+      console.log(
+        `⚠️ Asset ${name} already exists (race condition), refreshing assets and retrying once...`,
+      );
+      const latestAssets = await releaser.listReleaseAssets({
+        owner,
+        repo,
+        release_id: releaseId,
+      });
+      const latestAsset = latestAssets.find(
+        ({ name: currentName }) => currentName == alignAssetName(name),
+      );
+      if (latestAsset) {
+        await releaser.deleteReleaseAsset({
+          owner,
+          repo,
+          asset_id: latestAsset.id,
+        });
+        const retryResp = await uploadAsset();
+        const retryJson = retryResp.data;
+        if (retryResp.status !== 201) {
+          throw new Error(
+            `Failed to upload release asset ${name}. received status code ${
+              retryResp.status
+            }\n${retryJson.message}\n${JSON.stringify(retryJson.errors)}`,
+          );
+        }
+        console.log(`✅ Uploaded ${name}`);
+        return retryJson;
+      }
+    }
+
+    throw error;
   }
 };
 
@@ -315,7 +412,7 @@ export const release = async (
   config: Config,
   releaser: Releaser,
   maxRetries: number = 3,
-): Promise<Release> => {
+): Promise<ReleaseResult> => {
   if (maxRetries <= 0) {
     console.log(`❌ Too many retries. Aborting...`);
     throw new Error('Too many retries.');
@@ -395,7 +492,10 @@ export const release = async (
       generate_release_notes,
       make_latest,
     });
-    return release.data;
+    return {
+      release: release.data,
+      created: false,
+    };
   } catch (error) {
     if (error.status !== 404) {
       console.log(
@@ -430,9 +530,10 @@ export const finalizeRelease = async (
   config: Config,
   releaser: Releaser,
   release: Release,
+  releaseWasCreated: boolean = false,
   maxRetries: number = 3,
 ): Promise<Release> => {
-  if (config.input_draft === true) {
+  if (config.input_draft === true || release.draft === false) {
     return release;
   }
 
@@ -453,8 +554,34 @@ export const finalizeRelease = async (
     return data;
   } catch (error) {
     console.warn(`error finalizing release: ${error}`);
+
+    if (releaseWasCreated && release.draft && isTagCreationBlockedError(error)) {
+      let deleted = false;
+
+      try {
+        console.log(
+          `🧹 Deleting draft release ${release.id} for tag ${release.tag_name} because tag creation is blocked by repository rules...`,
+        );
+        await releaser.deleteRelease({
+          owner,
+          repo,
+          release_id: release.id,
+        });
+        deleted = true;
+      } catch (cleanupError) {
+        console.warn(`error deleting orphan draft release ${release.id}: ${cleanupError}`);
+      }
+
+      const cleanupResult = deleted
+        ? `Deleted draft release ${release.id} to avoid leaving an orphaned draft release.`
+        : `Failed to delete draft release ${release.id}; manual cleanup may still be required.`;
+      throw new Error(
+        `Tag creation for ${release.tag_name} is blocked by repository rules. ${cleanupResult}`,
+      );
+    }
+
     console.log(`retrying... (${maxRetries - 1} retries remaining)`);
-    return finalizeRelease(config, releaser, release, maxRetries - 1);
+    return finalizeRelease(config, releaser, release, releaseWasCreated, maxRetries - 1);
   }
 };
 
@@ -525,6 +652,141 @@ export async function findTagFromReleases(
   }
 }
 
+const CREATED_RELEASE_DISCOVERY_RETRY_DELAY_MS = 1000;
+const RECENT_RELEASE_SCAN_PAGES = 2;
+
+async function sleep(ms: number): Promise<void> {
+  await new Promise((resolve) => setTimeout(resolve, ms));
+}
+
+async function recentReleasesByTag(
+  releaser: Releaser,
+  owner: string,
+  repo: string,
+  tag: string,
+): Promise<Release[]> {
+  const matches: Release[] = [];
+  let pages = 0;
+
+  for await (const page of releaser.allReleases({ owner, repo })) {
+    matches.push(...page.data.filter((release) => release.tag_name === tag));
+    pages += 1;
+
+    if (pages >= RECENT_RELEASE_SCAN_PAGES) {
+      break;
+    }
+  }
+
+  return matches;
+}
+
+function pickCanonicalRelease(
+  releases: Release[],
+  releaseByTag: Release | undefined,
+): Release | undefined {
+  if (releaseByTag && releases.some((release) => release.id === releaseByTag.id)) {
+    return releaseByTag;
+  }
+
+  if (releases.length === 0) {
+    return releaseByTag;
+  }
+
+  return [...releases].sort((left, right) => {
+    if (left.draft !== right.draft) {
+      return Number(left.draft) - Number(right.draft);
+    }
+
+    return left.id - right.id;
+  })[0];
+}
+
+async function cleanupDuplicateDraftReleases(
+  releaser: Releaser,
+  owner: string,
+  repo: string,
+  tag: string,
+  canonicalReleaseId: number,
+  recentReleases: Release[],
+): Promise<void> {
+  for (const duplicate of recentReleases) {
+    if (duplicate.id === canonicalReleaseId || !duplicate.draft || duplicate.assets.length > 0) {
+      continue;
+    }
+
+    try {
+      console.log(`🧹 Removing duplicate draft release ${duplicate.id} for tag ${tag}...`);
+      await releaser.deleteRelease({
+        owner,
+        repo,
+        release_id: duplicate.id,
+      });
+    } catch (error) {
+      console.warn(`error deleting duplicate release ${duplicate.id}: ${error}`);
+    }
+  }
+}
+
+async function canonicalizeCreatedRelease(
+  releaser: Releaser,
+  owner: string,
+  repo: string,
+  tag: string,
+  createdRelease: Release,
+  maxRetries: number,
+): Promise<Release> {
+  const attempts = Math.max(maxRetries, 1);
+
+  for (let attempt = 1; attempt <= attempts; attempt += 1) {
+    let releaseByTag: Release | undefined;
+    try {
+      releaseByTag = await findTagFromReleases(releaser, owner, repo, tag);
+    } catch (error) {
+      console.warn(`error reloading release for tag ${tag}: ${error}`);
+    }
+
+    let recentReleases: Release[] = [];
+    try {
+      recentReleases = await recentReleasesByTag(releaser, owner, repo, tag);
+    } catch (error) {
+      console.warn(`error listing recent releases for tag ${tag}: ${error}`);
+    }
+
+    const canonicalRelease = pickCanonicalRelease(recentReleases, releaseByTag);
+    if (canonicalRelease) {
+      if (canonicalRelease.id !== createdRelease.id) {
+        console.log(
+          `↪️ Using release ${canonicalRelease.id} for tag ${tag} instead of duplicate draft ${createdRelease.id}`,
+        );
+      }
+
+      await cleanupDuplicateDraftReleases(
+        releaser,
+        owner,
+        repo,
+        tag,
+        canonicalRelease.id,
+        recentReleases,
+      );
+      return canonicalRelease;
+    }
+
+    if (attempt < attempts) {
+      console.log(
+        `Release ${createdRelease.id} is not yet discoverable by tag ${tag}, retrying... (${
+          attempts - attempt
+        } retries remaining)`,
+      );
+      await sleep(CREATED_RELEASE_DISCOVERY_RETRY_DELAY_MS);
+    }
+  }
+
+  console.log(
+    `⚠️ Continuing with newly created release ${createdRelease.id} because tag ${tag} is still not discoverable`,
+  );
+  return createdRelease;
+}
+
 async function createRelease(
   tag: string,
   config: Config,
@@ -534,11 +796,12 @@ async function createRelease(
   discussion_category_name: string | undefined,
   generate_release_notes: boolean | undefined,
   maxRetries: number,
-) {
+): Promise<ReleaseResult> {
   const tag_name = tag;
   const name = config.input_name || tag;
   const body = releaseBody(config);
   const prerelease = config.input_prerelease;
+  const draft = prerelease === true ? config.input_draft === true : true;
   const target_commitish = config.input_target_commitish;
   const make_latest = config.input_make_latest;
   let commitMessage: string = '';
@@ -547,20 +810,31 @@ async function createRelease(
   }
   console.log(`👩‍🏭 Creating new GitHub release for tag ${tag_name}${commitMessage}...`);
   try {
-    let release = await releaser.createRelease({
+    const createdRelease = await releaser.createRelease({
       owner,
       repo,
       tag_name,
       name,
       body,
-      draft: true,
+      draft,
       prerelease,
       target_commitish,
       discussion_category_name,
       generate_release_notes,
       make_latest,
     });
-    return release.data;
+    const canonicalRelease = await canonicalizeCreatedRelease(
+      releaser,
+      owner,
+      repo,
+      tag_name,
+      createdRelease.data,
+      maxRetries,
+    );
+    return {
+      release: canonicalRelease,
+      created: canonicalRelease.id === createdRelease.data.id,
+    };
   } catch (error) {
     // presume a race with competing matrix runs
     console.log(`⚠️ GitHub release failed with status: ${error.status}`);
@@ -596,3 +870,17 @@ async function createRelease(
     return release(config, releaser, maxRetries - 1);
   }
 }
+
+function isTagCreationBlockedError(error: any): boolean {
+  const errors = error?.response?.data?.errors;
+  if (!Array.isArray(errors) || error?.status !== 422) {
+    return false;
+  }
+
+  return errors.some(
+    ({ field, message }: { field?: string; message?: string }) =>
+      field === 'pre_receive' &&
+      typeof message === 'string' &&
+      message.includes('creations being restricted'),
+  );
+}

src/main.ts

@@ -49,7 +49,9 @@ async function run() {
     });
     //);
     const releaser = new GitHubReleaser(gh);
-    let rel = await release(config, releaser);
+    const releaseResult = await release(config, releaser);
+    let rel = releaseResult.release;
+    const releaseWasCreated = releaseResult.created;
     let uploadedAssetIds: Set<number> = new Set();
     if (config.input_files && config.input_files.length > 0) {
       const files = paths(config.input_files, config.input_working_directory);
@@ -81,7 +83,7 @@ async function run() {
     }
 
     console.log('Finalizing release...');
-    rel = await finalizeRelease(config, releaser, rel);
+    rel = await finalizeRelease(config, releaser, rel, releaseWasCreated);
 
     // Draft releases use temporary "untagged-..." URLs for assets.
     // URLs will be changed to correct ones once the release is published.