From b72214a50d6996782306a4e8bb2e53892031feeb Mon Sep 17 00:00:00 2001 From: Alan Tse Date: Mon, 1 Jun 2026 21:09:40 -0700 Subject: [PATCH 1/2] ci: auto-upload AIO to Nexus on stable release MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The release-build Nexus job was a dry-run that also targeted the CORE archive (artifact_pattern: CommunityShaders-*.7z) instead of the AIO. Now that the aio upload is proven end-to-end (v1.6.1 shipped to mod 180419): - Drop the artifact_pattern override so aio mode uses its default (CommunityShaders_AIO-*.7z) — the actual fork distributable. - Flip dry_run to false so a published stable release auto-uploads the AIO to 180419 (the reusable workflow skips a version already on Nexus). - Use `secrets: inherit` so the nested nexus-upload workflow receives the UNEX_* secrets. Nested reusable workflows don't auto-inherit repo secrets; the prior call passed only UNEX_APIKEY (enough for the dry-run version check) but a real upload also needs UNEX_NEXUSMODS_SESSION_COOKIE. Pre-release tags are still skipped (the `-` guard). Co-Authored-By: Claude Opus 4.8 --- .github/workflows/release-build.yaml | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/.github/workflows/release-build.yaml b/.github/workflows/release-build.yaml index 2f18d8ffc2..2826763af9 100644 --- a/.github/workflows/release-build.yaml +++ b/.github/workflows/release-build.yaml @@ -194,7 +194,7 @@ jobs: # the prior release-nexus-trigger.yaml fired in parallel with this # build and tried to download artifacts before they existed. # Stable tags only (no '-' in the tag name). - name: Nexus Upload (dry run) + name: Nexus Upload needs: [release] if: > always() && !cancelled() && @@ -205,7 +205,11 @@ jobs: uses: ./.github/workflows/nexus-upload.yaml with: tag: ${{ github.event.release.tag_name }} - artifact_pattern: "CommunityShaders-*.7z" - dry_run: "true" - secrets: - UNEX_APIKEY: ${{ secrets.UNEX_APIKEY }} + # aio mode (the default) ships CommunityShaders_AIO-*.7z to the fork + # page (180419); leave artifact_pattern unset so it uses that default + # rather than the CORE archive. Real upload (dry_run=false): the + # reusable workflow skips a version already on Nexus, so re-runs are safe. + dry_run: "false" + # Nested reusable workflows don't auto-inherit repo secrets; inherit + # passes the UNEX_* set (cookie + API key) without enumerating each. + secrets: inherit From 602d7187b9f83bc226e6174449d1a4731b0e17d1 Mon Sep 17 00:00:00 2001 From: Alan Tse Date: Mon, 1 Jun 2026 21:49:22 -0700 Subject: [PATCH 2/2] ci: rename nexus job id to nexus-upload MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The job id was still `nexus-dry-run` after flipping it to a real upload — misleading. Rename to `nexus-upload` (display name already updated). No other job/branch-protection references it (grep-verified), so the rename is internal-only. Co-Authored-By: Claude Opus 4.8 --- .github/workflows/release-build.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release-build.yaml b/.github/workflows/release-build.yaml index 2826763af9..20ef339414 100644 --- a/.github/workflows/release-build.yaml +++ b/.github/workflows/release-build.yaml @@ -188,7 +188,7 @@ jobs: body-file: ${{ steps.combined_notes.outputs.body_file }} download-artifact: "false" - nexus-dry-run: + nexus-upload: # Chained from `release` to avoid the artifact-attachment race a # parallel `release: published` trigger on a separate workflow had: # the prior release-nexus-trigger.yaml fired in parallel with this