From 78954652a795b1b8498095fcf9c9f72415e84999 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?K=C3=A9vin=20Dunglas?= Date: Fri, 15 May 2026 13:27:08 +0200 Subject: [PATCH 1/2] fix(release): stage PGO blob through --rawfile to avoid ARG_MAX `jq --arg content "$(base64 -w0 "$tmp" + jq -nc --rawfile content "$tmp" \ '{content: $content, encoding: "base64"}' \ | gh api "repos/${REPO}/git/blobs" --input - -q .sha + rm -f "$tmp" } parent_sha=$(gh api "repos/${REPO}/git/refs/heads/main" -q .object.sha) From 4075145cbd62a58abad5ad79918458bb7c286fe6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?K=C3=A9vin=20Dunglas?= Date: Fri, 15 May 2026 14:07:38 +0200 Subject: [PATCH 2/2] fix(release): clean up base64 tmpfile even on jq/gh failure Per Copilot review: with set -euo pipefail, a failure in base64, jq, or gh api inside make_blob short-circuited before the rm. Wrap the function body in a subshell and trap EXIT so cleanup always runs. --- .github/workflows/release.yaml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 539ff5a465..af026a6057 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -139,16 +139,17 @@ jobs: else # Stage the base64 in a temp file and feed it to jq via # --rawfile: passing big blobs (the PGO profile is ~2 MB encoded) - # through --arg exceeds ARG_MAX on the runner. - make_blob() { + # through --arg exceeds ARG_MAX on the runner. Subshell body + + # EXIT trap clean up the tmpfile even if base64/jq/gh aborts. + make_blob() ( local tmp tmp=$(mktemp) + trap 'rm -f "$tmp"' EXIT base64 -w0 <"$1" >"$tmp" jq -nc --rawfile content "$tmp" \ '{content: $content, encoding: "base64"}' \ | gh api "repos/${REPO}/git/blobs" --input - -q .sha - rm -f "$tmp" - } + ) parent_sha=$(gh api "repos/${REPO}/git/refs/heads/main" -q .object.sha) base_tree=$(gh api "repos/${REPO}/git/commits/${parent_sha}" -q .tree.sha)