Packaging workflow using actions does not upload to latest release

[lordofscripts]

Why are you starting this discussion?

Question

What GitHub Actions topic or product is this about?

Workflow Configuration

Discussion Details

I have a workflow that runs successfully (no errors produced) by generating an RPM and DEB packages for the latest repository release tag. However, when it finishes the action does not deposit the generated RPM/DEB packages into the latest release, they simply vanish.

Pre-conditions

• Build is successful
• Tag exists
• Release exists

Workflow

# DEB & RPM Build & Packaging of GO project v1.0

name: Debian and RPM Packaging

on:
  workflow_run:
    workflows: [Multi platform Release]
    types:
      - completed

permissions:
  contents: read
  pull-requests: read

env:
  DIST: clys
  ARCH: x86_64
  PKG_NAME: caesarx

jobs:
  success:
    runs-on: ubuntu-latest
    if: ${{ github.event.workflow_run.conclusion == 'success' }}
    steps:
      - run: echo 'The Release workflow completed successfully.'
  failure:
    runs-on: ubuntu-latest
    if: ${{ github.event.workflow_run.conclusion == 'failure' }}
    steps:
      - run: echo 'The Release workflow failed.'
  exit:
    needs: failure
    runs-on: ubuntu-latest
    steps:
      - run: exit 1

  extractTag:
    runs-on: ubuntu-latest
    outputs:
      my_version: ${{ steps.tagStep.outputs.my_version }}
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4    
      - name: Extract version from version.go
        id: tagStep
        run: echo "my_version=$(grep -m 1 'MANUAL_VERSION' version.go | sed -E 's/.*\"([^\"]+)\".*/\1/')" >> $GITHUB_OUTPUT

  use-tag:
    needs: extractTag
    runs-on: ubuntu-latest
    steps:
      - name: Use the tag name
        run: echo "The tag name is ${{ needs.extractTag.outputs.my_version }}"

  build_tarball:
    name: Build source archive
    needs: extractTag
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Set up Go
        uses: actions/setup-go@v5
        with:
          go-version: '1.25'

      - name: Install dependencies
        run: |
          go get .

      - name: Build
        run: go build -v ./...        

      - name: Debug Info
        run: |
          echo "Current directory: $(pwd)"
          echo "Environment variables: $(printenv)"
          echo "Tag Name: $(TAG_NAME) or ${{ needs.extractTag.outputs.my_version }}"
          go version

# - name: Create source archive
#   run: tar -cvf ${{ env.PKG_NAME }}-${{ github.ref_name }}.tar.gz *

# - name: Upload source archive as artifact
#   uses: actions/upload-artifact@v4
#   with:
#     name: ${{ env.PKG_NAME }}-${{ github.ref_name }}.tar.gz
#     path: ${{ env.PKG_NAME }}-${{ github.ref_name }}.tar.gz

  build_rpm:
    name: Build .rpm package
    needs: [build_tarball, extractTag]
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Replace version in RPM spec so correct source is downloaded when building RPM
        run: sed -Ei "s/(^Version:[[:space:]]*).*/\1${{ needs.extractTag.outputs.my_version }}/" distrib/Fedora/${{ env.PKG_NAME }}.spec

      - name: Run rpmbuild on RPM spec to produce package
        id: rpm
        uses: naveenrajm7/rpmbuild@master
        with:
          spec_file: distrib/Fedora/${{ env.PKG_NAME }}.spec

      - name: Get Latest Release
        id: get_release
        run: |
          RELEASE_JSON=$(gh release list --repo ${{ github.repository }} --limit 1 --json name)
          echo "::set-output name=release_name::$(echo $RELEASE_JSON | jq -r '.[0].name')"
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

      - name: Upload .rpm package as artifact
        uses: actions/upload-artifact@v4
        with:
          name: ${{ env.PKG_NAME }}-${{ needs.extractTag.outputs.my_version }}-1.${{ env.DIST }}.${{ env.ARCH }}.rpm
          path: rpmbuild/RPMS/${{ env.ARCH }}/*.rpm

      - name: Attach to Existing Release
        uses: softprops/action-gh-release@v2
        if: github.ref_type == 'tag'
        with:
          tag_name: ${{ steps.get_release.outputs.release_name }}
          files: rpmbuild/RPMS/${{ env.ARCH }}/*.rpm
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

  build_deb:
    name: Build .deb package
    needs: [build_rpm, extractTag]
    runs-on: ubuntu-latest
    steps:
      - name: Download .rpm artifact
        uses: actions/download-artifact@v4
        id: download
        with:
          name: ${{ env.PKG_NAME }}-${{ needs.extractTag.outputs.my_version }}-1.${{ env.DIST }}.${{ env.ARCH }}.rpm

      - name: find .
        run: find .

      - name: Convert .rpm to .deb
        run: |
          sudo apt install -y alien
          sudo alien -k --verbose --to-deb *.rpm

      - name: find .
        run: find . -exec readlink -f {} \;

      - name: Get Latest Release
        id: get_release
        run: |
          RELEASE_JSON=$(gh release list --repo ${{ github.repository }} --limit 1 --json name)
          echo "::set-output name=release_name::$(echo $RELEASE_JSON | jq -r '.[0].name')"
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

      - name: Upload .deb package as artifact
        uses: actions/upload-artifact@v4
        with:
          name: ${{ env.PKG_NAME }}-${{ needs.extractTag.outputs.my_version }}-1.${{ env.DIST }}.${{ env.ARCH }}.deb
          path: ${{ env.PKG_NAME }}*.deb

      - name: Attach to Existing Release
        uses: softprops/action-gh-release@v2
        if: github.ref_type == 'tag'
        with:
          tag_name: ${{ steps.get_release.outputs.release_name }}
          files: ${{ env.PKG_NAME }}*.deb
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

# release:
#   name: Create release with all assets
#   needs: [build_tarball, build_rpm, build_deb]
#   runs-on: ubuntu-latest
#   steps:
#     - name: Download .rpm artifact
#       uses: actions/download-artifact@v4

#     - name: find .
#       run: find .

#     - name: Release
#       uses: softprops/action-gh-release@v1
#       with:
#         files: |
#           ${{ env.PKG_NAME }}-${{ github.ref_name }}.tar.gz/*.tar.gz
#           ${{ env.PKG_NAME }}-${{ github.ref_name }}-1.${{ env.DIST }}.${{ env.ARCH }}.rpm/**/*.rpm
#           ${{ env.PKG_NAME }}-${{ github.ref_name }}-1.${{ env.DIST }}.${{ env.ARCH }}.deb/**/*.deb

[IGIRANEZAFabrice]

Your build is actually working. The packages aren’t “vanishing”, they’re never being attached to the release in the first place. There are three separate issues in this workflow that explain the behavior.

1. workflow_run does not run on a tag

This is the biggest blocker.

You are using:

on:
workflow_run:

In that context, these conditions are false:

if: github.ref_type == 'tag'

Because workflow_run is triggered by another workflow, not by a tag push. As a result, both softprops/action-gh-release steps are silently skipped.

That alone explains why nothing ends up in the release.

Fix: remove that condition entirely, or gate on the tag explicitly via the event payload.

2. Wrong permission level for attaching release assets

You currently have:

permissions:
contents: read

Uploading assets to a release requires write access.

The action may appear to run, but GitHub will not attach anything.

Fix:

permissions:
contents: write

3. action-gh-release expects a tag, not a release name

You are doing:

tag_name: ${{ steps.get_release.outputs.release_name }}

But release_name is not the same thing as a tag.
If the release name and tag differ, the action will not attach files.

Fix: pass the actual tag, for example the version you already extracted:

tag_name: ${{ needs.extractTag.outputs.my_version }}

Or retrieve the release tagName instead of name via gh.

Why artifacts appear but releases don’t

actions/upload-artifact works because it stores files inside the workflow

Release uploads fail because:

the step is skipped

permissions are insufficient

the wrong identifier is used

Nothing is being deleted. The release upload never happens.

[IGIRANEZAFabrice]

To fix the issue:

Remove if: github.ref_type == 'tag'

Change permissions to contents: write

Pass a tag, not a release name, to action-gh-release

Once those are corrected, the RPM and DEB files will reliably appear in the release assets.

[github-actions[bot]]

🕒 Discussion Activity Reminder 🕒

This Discussion has been labeled as dormant by an automated system for having no activity in the last 60 days. Please consider one the following actions:

1️⃣ Close as Out of Date: If the topic is no longer relevant, close the Discussion as out of date at the bottom of the page.

2️⃣ Provide More Information: Share additional details or context — or let the community know if you've found a solution on your own.

3️⃣ Mark a Reply as Answer: If your question has been answered by a reply, mark the most helpful reply as the solution.

Note: This dormant notification will only apply to Discussions with the Question label. To learn more, see our recent announcement.

Thank you for helping bring this Discussion to a resolution! 💬

[ahadmughal458]

The packages are not disappearing; the upload step is never actually attaching them to the release.

First, the workflow is triggered by workflow_run, not by a tag push:

on:
  workflow_run:
    workflows: [Multi platform Release]
    types:
      - completed

Because of this, the event context does not contain a tag. The condition below will always evaluate to false:

if: github.ref_type == 'tag'

As a result, the step that uploads the files to the release is skipped:

- name: Attach to Existing Release
  uses: softprops/action-gh-release@v2

Removing that condition allows the step to run.

The second issue is permissions. The workflow currently uses read-only access:

permissions:
  contents: read

Uploading assets to a release requires write access. Change it to:

permissions:
  contents: write

After removing the github.ref_type condition and granting contents: write, the RPM and DEB assets should attach to the release correctly.