Ci/release workflow#9
Merged
virtexalejandro merged 3 commits intomainfrom Apr 28, 2026
Merged
Conversation
…ICENSES at install root Apache 2.0 §4(d) requires the NOTICE file to ship in any binary distribution. The existing install rules covered headers, libs, binaries, and the CMake package config but did not include the top-level legal/docs files. Anyone shipping a release archive built from cmake --install was relying on a manual copy step (which is what v0.1.0 did) -- this commit makes the install tree self-contained. Files installed at the install prefix root, matching the layout of vtx-sdk-0.1.0-windows-x64.zip: LICENSE NOTICE README.md CHANGELOG.md SECURITY.md THIRD_PARTY_LICENSES.md
Triggered by pushing a v*.*.* tag (or via manual workflow_dispatch).
Builds, packages, and uploads 6 assets to the GitHub release for the
tag:
vtx-sdk-<version>-linux-x64.tar.gz + .sha256
vtx-sdk-<version>-windows-x64.zip + .sha256
vtx-samples-<version>.zip + .sha256
Linux SDK package: libs + vtx_cli + headers + legal/docs (Apache
NOTICE, LICENSE, README, CHANGELOG, SECURITY, THIRD_PARTY_LICENSES).
Windows SDK package: same plus vtx_inspector + vtx_schema_creator.
Samples package: source-only zip of samples/ for users to build
standalone against an installed SDK.
Pre-flight in derive-version aborts before the build matrix if:
- Tag X.Y.Z component disagrees with project(VTX_SDK VERSION ...)
in CMakeLists.txt.
- CHANGELOG.md is missing a '## [Unreleased]' section, or that
section is empty.
The release body is sourced from '## [Unreleased]', with the heading
rewritten to '## [<version>] - <YYYY-MM-DD>' so published releases
keep the same shape as v0.1.0 ('[0.1.0] - 2026-04-24' etc.).
After publishing, the publish job rotates CHANGELOG.md on main: the
just-released entries move into '## [<version>] - <date>', and a
fresh empty '## [Unreleased]' is inserted on top so the next dev
cycle starts clean. The bot commit carries [skip ci] to avoid
retriggering build.yml on a docs-only change. Push retries 3x with
rebase on conflict; if it still fails (branch protection, race), the
workflow logs a warning without failing -- the release is already
out and rotation can be done manually.
Re-runnable: if the release for the tag already exists, the workflow
refreshes the body via gh release edit and replaces assets via
gh release upload --clobber instead of failing.
Default GITHUB_TOKEN can be silently downgraded to read-only by the
repo's "Workflow permissions" setting at Settings → Actions → General.
When that setting is restrictive (or hidden by an org policy), the
publish job's gh release create / git push for CHANGELOG rotation
both fail with a 403.
Switch the publish job to RELEASE_PAT, a fine-grained PAT with
Contents: Read and write configured as a repo secret. Used in two
places:
- actions/checkout@v4 with: token: -- the credentials baked into
git config carry through to the rotation step's git push.
- GH_TOKEN env on the release create/upload/edit steps.
Other jobs (derive-version, build-linux, build-windows,
package-samples) continue to use the default token: they only do
read-only operations (checkout + read files) so no PAT is needed.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Ci/release workflow