From a32a319128fe41dd44009f687f84dd33647c446a Mon Sep 17 00:00:00 2001
From: MatteoPologruto <m.pologruto@arduino.cc>
Date: Tue, 14 Oct 2025 12:19:44 +0200
Subject: [PATCH 01/13] Add release workflow

---
 .github/PULL_REQUEST_TEMPLATE.md |  19 ++
 .github/workflows/release.yml    | 291 +++++++++++++++++++++++++++++++
 Taskfile.yml                     |  24 +++
 3 files changed, 334 insertions(+)
 create mode 100644 .github/PULL_REQUEST_TEMPLATE.md
 create mode 100644 .github/workflows/release.yml
 create mode 100644 Taskfile.yml

diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md
new file mode 100644
index 0000000..37ee028
--- /dev/null
+++ b/.github/PULL_REQUEST_TEMPLATE.md
@@ -0,0 +1,19 @@
+### Motivation
+
+<!-- Why this pull request? -->
+
+### Change description
+
+<!-- What does your code do? -->
+
+### Additional Notes
+
+<!-- Link any useful metadata: Jira task, GitHub issue, ... -->
+
+### Reviewer checklist
+
+- [ ] PR addresses a single concern.
+- [ ] PR title and description are properly filled.
+- [ ] Changes will be merged in `main`.
+- [ ] Changes are covered by tests.
+- [ ] Logging is meaningful in case of troubleshooting.
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
new file mode 100644
index 0000000..09a2974
--- /dev/null
+++ b/.github/workflows/release.yml
@@ -0,0 +1,291 @@
+name: Release Arduino Flasher CLI
+
+on:
+  push:
+    tags:
+      - "*" # Trigger on all tags
+
+env:
+  GO_VERSION: "1.25.1"
+  PROJECT_NAME: "arduino-flasher-cli"
+  GITHUB_TOKEN: ${{ secrets.ARDUINOBOT_TOKEN }}
+  GITHUB_USERNAME: ArduinoBot
+  DIST_DIR: build
+
+jobs:
+  build:
+    strategy:
+      matrix:
+        runon: [ubuntu-24.04]
+        os: [linux, darwin]
+        arch: [amd64, arm64]
+        include:
+          - runon: windows-2025
+            os: windows
+            arch: amd64
+    runs-on: ${{ matrix.runon }}
+    outputs:
+      release: ${{ steps.set-version.outputs.RELEASE_NAME }}
+    defaults:
+      run:
+        shell: bash
+    steps:
+      - name: Tag version
+        run: |
+          echo "VERSION=${GITHUB_REF##*/}" >> $GITHUB_ENV
+          echo "RELEASE_NAME=${{ env.PROJECT_NAME }}-${VERSION}-${{ matrix.os }}-${{ matrix.arch }}" >> $GITHUB_ENV
+        env:
+          GITHUB_REF: ${{ github.ref }}
+
+      - name: Set Windows version
+        id: set-version
+        run: |
+          echo "RELEASE_NAME=${{ env.RELEASE_NAME }}" >> $GITHUB_OUTPUT
+        if: matrix.os == 'windows'
+
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: ${{ env.GO_VERSION }}
+
+      - name: Install Taskfile
+        uses: arduino/setup-task@v2
+        with:
+          version: "3.x"
+          repo-token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Configure Git for private repo cloning
+        run: |
+          git config --global url."https://${{ env.GITHUB_USERNAME }}:${{ env.GITHUB_TOKEN }}@github.com".insteadOf "https://github.com"
+
+      - name: Build Binary
+        run: |
+          task arduino-flasher-cli:build
+        env:
+          GOARCH: ${{ matrix.arch }}
+          GOOS: ${{ matrix.os }}
+
+      - name: Prepare Build Artifacts (!windows)
+        working-directory: ./${{ env.DIST_DIR }}
+        run: tar -czf ${{ env.RELEASE_NAME }}.tar.gz arduino-flasher-cli -C ../arduino-flasher-cli LICENSE
+        if: matrix.os != 'windows'
+      - name: Prepare Build Artifacts (windows)
+        working-directory: ./${{ env.DIST_DIR }}
+        run: 7z a -tzip ${{ env.RELEASE_NAME }}.zip arduino-flasher-cli.exe ../arduino-flasher-cli/LICENSE
+        if: matrix.os == 'windows'
+
+      - name: Upload artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: ${{ env.PROJECT_NAME }}-${{ matrix.os }}-${{ matrix.arch }}
+          path: |
+            ${{ env.DIST_DIR }}/${{ env.RELEASE_NAME }}.tar.gz
+            ${{ env.DIST_DIR }}/${{ env.RELEASE_NAME }}.zip
+          if-no-files-found: error
+
+  sign-windows-executable:
+    runs-on: windows-sign-pc
+    needs: build
+
+    defaults:
+      run:
+        shell: bash
+
+    env:
+      RELEASE_NAME: ${{ needs.build.outputs.release }}
+      INSTALLER_CERT_WINDOWS_CER: "/tmp/cert.cer"
+      # We are hardcoding the path for signtool because is not present on the windows PATH env var by default.
+      # Keep in mind that this path could change when upgrading to a new runner version
+      SIGNTOOL_PATH: "C:/Program Files (x86)/Windows Kits/10/bin/10.0.19041.0/x86/signtool.exe"
+      SEVENZ_PATH: "C:/ProgramData/chocolatey/tools/7z.exe"
+
+    steps:
+      - name: Download artifacts
+        uses: actions/download-artifact@v5
+        with:
+          name: ${{ env.PROJECT_NAME }}-windows-amd64
+
+      - name: Save Win signing certificate to file
+        run: echo "${{ secrets.INSTALLER_CERT_WINDOWS_CER }}" | base64 --decode > ${{ env.INSTALLER_CERT_WINDOWS_CER}}
+
+      - name: Extract build
+        run: |
+          ${{ env.SEVENZ_PATH }} x ${{ env.RELEASE_NAME }}.zip -aoa
+          rm ${{ env.RELEASE_NAME }}.zip
+
+      - name: Sign executable
+        env:
+          CERT_PASSWORD: ${{ secrets.INSTALLER_CERT_WINDOWS_PASSWORD }}
+          CONTAINER_NAME: ${{ secrets.INSTALLER_CERT_WINDOWS_CONTAINER }}
+          # https://stackoverflow.com/questions/17927895/automate-extended-validation-ev-code-signing-with-safenet-etoken
+        run: |
+          "${{ env.SIGNTOOL_PATH }}" sign -d "Arduino Flasher CLI" -f ${{ env.INSTALLER_CERT_WINDOWS_CER}} -csp "eToken Base Cryptographic Provider" -k "[{{${{ env.CERT_PASSWORD }}}}]=${{ env.CONTAINER_NAME }}" -fd sha256 -tr http://timestamp.digicert.com -td SHA256 -v "arduino-flasher-cli.exe"
+
+      - name: Prepare Build Artifacts
+        run: |
+          ${{ env.SEVENZ_PATH }} a -tzip ${{ env.RELEASE_NAME }}.zip arduino-flasher-cli.exe LICENSE
+
+      - name: Upload artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: ${{ env.PROJECT_NAME }}-windows-amd64
+          path: ${{ env.RELEASE_NAME }}.zip
+          if-no-files-found: error
+          overwrite: true
+
+      # This step is needed because the self hosted runner does not delete files automatically
+      - name: Cleanup
+        run: rm ${{ env.RELEASE_NAME }}.zip LICENSE arduino-flasher-cli.exe
+
+  notarize-macos:
+    name: Notarize macOS
+    runs-on: macos-15
+    needs: build
+    permissions:
+      contents: read
+
+    env:
+      GON_CONFIG_PATH: gon.config.hcl
+
+    strategy:
+      matrix:
+        build: [darwin-amd64, darwin-arm64]
+    steps:
+      - name: Set environment variables
+        run: |
+          TAG_NAME="${GITHUB_REF##*/}"
+          VERSION="${TAG_NAME#flasher-}"
+          echo "PACKAGE_FILENAME=${{ env.PROJECT_NAME }}-${VERSION}-${{ matrix.build }}.tar.gz" >>$GITHUB_ENV
+
+      - name: Checkout repository
+        uses: actions/checkout@v5
+
+      - name: Download artifacts
+        uses: actions/download-artifact@v5
+        with:
+          name: ${{ env.PROJECT_NAME }}-${{ matrix.build }}
+          path: ${{ env.DIST_DIR }}
+
+      - name: Extract build
+        working-directory: ${{ env.DIST_DIR }}
+        run: |
+          tar -xvf ${{ env.PACKAGE_FILENAME }}
+
+      - name: Import Code-Signing Certificates
+        env:
+          KEYCHAIN: "sign.keychain"
+          INSTALLER_CERT_MAC_PATH: "/tmp/ArduinoCerts2020.p12"
+          # Arbitrary password for a keychain that exists only for the duration of the job, so not secret
+          KEYCHAIN_PASSWORD: keychainpassword
+        run: |
+          echo "${{ secrets.INSTALLER_CERT_MAC_P12 }}" | base64 --decode >"${{ env.INSTALLER_CERT_MAC_PATH }}"
+
+          security create-keychain \
+            -p "${{ env.KEYCHAIN_PASSWORD }}" \
+            "${{ env.KEYCHAIN }}"
+
+          security default-keychain \
+            -s "${{ env.KEYCHAIN }}"
+
+          security unlock-keychain \
+            -p "${{ env.KEYCHAIN_PASSWORD }}" \
+            "${{ env.KEYCHAIN }}"
+
+          security import \
+            "${{ env.INSTALLER_CERT_MAC_PATH }}" \
+            -k "${{ env.KEYCHAIN }}" \
+            -f pkcs12 \
+            -A \
+            -T "/usr/bin/codesign" \
+            -P "${{ secrets.INSTALLER_CERT_MAC_PASSWORD }}"
+
+          security set-key-partition-list \
+            -S apple-tool:,apple: \
+            -s \
+            -k "${{ env.KEYCHAIN_PASSWORD }}" \
+            "${{ env.KEYCHAIN }}"
+
+      - name: Install gon for code signing and app notarization
+        run: |
+          wget \
+            -q https://github.com/Bearer/gon/releases/download/v0.0.27/gon_macos.zip
+
+          unzip \
+            gon_macos.zip \
+            -d /usr/local/bin
+
+      - name: Write gon config to file
+        # gon does not allow env variables in config file (https://github.com/mitchellh/gon/issues/20)
+        run: |
+          cat >"${{ env.GON_CONFIG_PATH }}" \
+          <<EOF
+          # See: https://github.com/Bearer/gon#configuration-file
+          source = ["${{ env.DIST_DIR }}/${{ env.PROJECT_NAME }}"]
+          bundle_id = "cc.arduino.${{ env.PROJECT_NAME }}"
+
+          sign {
+            application_identity = "Developer ID Application: ARDUINO SA (7KT7ZWMCJT)"
+          }
+
+          # Ask Gon for zip output to force notarization process to take place.
+          # The CI will ignore the zip output, using the signed binary only.
+          zip {
+            output_path = "unused.zip"
+          }
+          EOF
+
+      - name: Sign and notarize binary
+        env:
+          AC_USERNAME: ${{ secrets.AC_USERNAME }}
+          AC_PASSWORD: ${{ secrets.AC_PASSWORD }}
+          AC_PROVIDER: ${{ secrets.AC_PROVIDER }}
+        run: |
+          gon "${{ env.GON_CONFIG_PATH }}"
+
+      - name: Re-package binary
+        working-directory: ${{ env.DIST_DIR }}
+        # Repackage the signed binary replaced in place by Gon (ignoring the output zip file)
+        run: |
+          # GitHub's upload/download-artifact actions don't preserve file permissions,
+          # so we need to add execution permission back until the action is made to do this.
+          chmod \
+            +x \
+            "${{ env.PROJECT_NAME }}"
+
+          tar -czf ${{ env.PACKAGE_FILENAME }} ${{ env.PROJECT_NAME }} LICENSE
+
+      - name: Replace artifact with notarized build
+        uses: actions/upload-artifact@v4
+        with:
+          if-no-files-found: error
+          name: ${{ env.PROJECT_NAME }}-${{ matrix.build }}
+          overwrite: true
+          path: ${{ env.DIST_DIR }}/${{ env.PACKAGE_FILENAME }}
+
+  create-release:
+    runs-on: ubuntu-24.04
+    needs: [build, sign-windows-executable, notarize-macos]
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0 # fetch all history for the create changelog step to work properly
+
+      - name: Download artifact
+        uses: actions/download-artifact@v5
+        with:
+          merge-multiple: true
+          path: ${{ env.DIST_DIR }}
+
+      - name: Upload artifacts index
+        uses: ncipollo/release-action@v1
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          draft: false
+          prerelease: true
+          artifacts: ${{ env.DIST_DIR }}/*
diff --git a/Taskfile.yml b/Taskfile.yml
new file mode 100644
index 0000000..987741e
--- /dev/null
+++ b/Taskfile.yml
@@ -0,0 +1,24 @@
+version: "3"
+
+vars:
+  VERSION: # if version is not passed we hack the semver by encoding the commit as pre-release
+    sh: echo "${VERSION:-0.0.0-$(git rev-parse --short HEAD)}"
+
+tasks:
+  arduino-flasher-cli:build:
+    deps:
+      - arduino-flasher-cli:artifacts
+    desc: "Build the arduino-flasher-cli locally"
+    dir: arduino-flasher-cli
+    vars:
+      VERSION: "{{.VERSION }}"
+    cmds:
+      - cmd: go build -ldflags "-X main.Version={{.VERSION}}" -v -o ../build/arduino-flasher-cli .
+        platforms: [linux, darwin]
+      - cmd: go build -ldflags "-X main.Version={{.VERSION}}" -v -o ../build/arduino-flasher-cli.exe .
+        platforms: [windows]
+
+  arduino-flasher-cli:artifacts:
+    desc: Prepare the arduino-flasher-cli artifacts
+    internal: true
+    cmd: sh ./arduino-flasher-cli/updater/artifacts/download_resources.sh

From 6b218647aee3dcc45c4bfbed4bbc793a9fce558b Mon Sep 17 00:00:00 2001
From: MatteoPologruto <m.pologruto@arduino.cc>
Date: Tue, 14 Oct 2025 12:34:10 +0200
Subject: [PATCH 02/13] Update Taskfile and .gitignore

---
 .gitignore   | 6 +++++-
 Taskfile.yml | 7 +++----
 2 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/.gitignore b/.gitignore
index 364fdec..76f5ac2 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,5 @@
-public/
+# Binaries for programs and plugins
+*.exe
+*.exe~
+
+build/
diff --git a/Taskfile.yml b/Taskfile.yml
index 987741e..a7aa9f0 100644
--- a/Taskfile.yml
+++ b/Taskfile.yml
@@ -9,16 +9,15 @@ tasks:
     deps:
       - arduino-flasher-cli:artifacts
     desc: "Build the arduino-flasher-cli locally"
-    dir: arduino-flasher-cli
     vars:
       VERSION: "{{.VERSION }}"
     cmds:
-      - cmd: go build -ldflags "-X main.Version={{.VERSION}}" -v -o ../build/arduino-flasher-cli .
+      - cmd: go build -ldflags "-X main.Version={{.VERSION}}" -v -o ./build/arduino-flasher-cli .
         platforms: [linux, darwin]
-      - cmd: go build -ldflags "-X main.Version={{.VERSION}}" -v -o ../build/arduino-flasher-cli.exe .
+      - cmd: go build -ldflags "-X main.Version={{.VERSION}}" -v -o ./build/arduino-flasher-cli.exe .
         platforms: [windows]
 
   arduino-flasher-cli:artifacts:
     desc: Prepare the arduino-flasher-cli artifacts
     internal: true
-    cmd: sh ./arduino-flasher-cli/updater/artifacts/download_resources.sh
+    cmd: sh ./updater/artifacts/download_resources.sh

From 06ccfe5962f98b83b6fe1c6d3e4547065b8da825 Mon Sep 17 00:00:00 2001
From: MatteoPologruto <m.pologruto@arduino.cc>
Date: Tue, 14 Oct 2025 14:38:24 +0200
Subject: [PATCH 03/13] Fix some leftovers

---
 .github/workflows/release.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 09a2974..189571f 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -72,11 +72,12 @@ jobs:
 
       - name: Prepare Build Artifacts (!windows)
         working-directory: ./${{ env.DIST_DIR }}
-        run: tar -czf ${{ env.RELEASE_NAME }}.tar.gz arduino-flasher-cli -C ../arduino-flasher-cli LICENSE
+        run: tar -czf ${{ env.RELEASE_NAME }}.tar.gz arduino-flasher-cli -C ../ LICENSE
         if: matrix.os != 'windows'
+
       - name: Prepare Build Artifacts (windows)
         working-directory: ./${{ env.DIST_DIR }}
-        run: 7z a -tzip ${{ env.RELEASE_NAME }}.zip arduino-flasher-cli.exe ../arduino-flasher-cli/LICENSE
+        run: 7z a -tzip ${{ env.RELEASE_NAME }}.zip arduino-flasher-cli.exe ../LICENSE
         if: matrix.os == 'windows'
 
       - name: Upload artifacts
@@ -158,8 +159,7 @@ jobs:
     steps:
       - name: Set environment variables
         run: |
-          TAG_NAME="${GITHUB_REF##*/}"
-          VERSION="${TAG_NAME#flasher-}"
+          VERSION="${GITHUB_REF##*/}"
           echo "PACKAGE_FILENAME=${{ env.PROJECT_NAME }}-${VERSION}-${{ matrix.build }}.tar.gz" >>$GITHUB_ENV
 
       - name: Checkout repository

From b789ba4ff7ef65b40f64556dcbffa1c947e1106c Mon Sep 17 00:00:00 2001
From: MatteoPologruto <m.pologruto@arduino.cc>
Date: Tue, 14 Oct 2025 14:51:42 +0200
Subject: [PATCH 04/13] Trigger workflow on a semver tag

---
 .github/workflows/release.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 189571f..5b9e505 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -3,7 +3,7 @@ name: Release Arduino Flasher CLI
 on:
   push:
     tags:
-      - "*" # Trigger on all tags
+      - "[0-9]+.[0-9]+.[0-9]+*"
 
 env:
   GO_VERSION: "1.25.1"
@@ -33,7 +33,7 @@ jobs:
       - name: Tag version
         run: |
           echo "VERSION=${GITHUB_REF##*/}" >> $GITHUB_ENV
-          echo "RELEASE_NAME=${{ env.PROJECT_NAME }}-${VERSION}-${{ matrix.os }}-${{ matrix.arch }}" >> $GITHUB_ENV
+          echo "RELEASE_NAME=${{ env.PROJECT_NAME }}-${{ env.VERSION }}-${{ matrix.os }}-${{ matrix.arch }}" >> $GITHUB_ENV
         env:
           GITHUB_REF: ${{ github.ref }}
 

From 803114d43349108666b4ae5db771902035363c85 Mon Sep 17 00:00:00 2001
From: MatteoPologruto <m.pologruto@arduino.cc>
Date: Tue, 14 Oct 2025 14:59:42 +0200
Subject: [PATCH 05/13] Fix version in release name

---
 .github/workflows/release.yml | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 5b9e505..6cf7ec7 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -32,8 +32,9 @@ jobs:
     steps:
       - name: Tag version
         run: |
-          echo "VERSION=${GITHUB_REF##*/}" >> $GITHUB_ENV
-          echo "RELEASE_NAME=${{ env.PROJECT_NAME }}-${{ env.VERSION }}-${{ matrix.os }}-${{ matrix.arch }}" >> $GITHUB_ENV
+          VERSION=${GITHUB_REF##*/}
+          echo "VERSION=${VERSION}" >> $GITHUB_ENV
+          echo "RELEASE_NAME=${{ env.PROJECT_NAME }}-${VERSION}-${{ matrix.os }}-${{ matrix.arch }}" >> $GITHUB_ENV
         env:
           GITHUB_REF: ${{ github.ref }}
 

From 8d8dadea438f179c8f26f2c5025ae826431e6d99 Mon Sep 17 00:00:00 2001
From: MatteoPologruto <109663225+MatteoPologruto@users.noreply.github.com>
Date: Wed, 15 Oct 2025 11:58:20 +0200
Subject: [PATCH 06/13] Update Taskfile.yml

Co-authored-by: Luca Rinaldi <lucarin@protonmail.com>
---
 Taskfile.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Taskfile.yml b/Taskfile.yml
index a7aa9f0..889dc06 100644
--- a/Taskfile.yml
+++ b/Taskfile.yml
@@ -5,7 +5,7 @@ vars:
     sh: echo "${VERSION:-0.0.0-$(git rev-parse --short HEAD)}"
 
 tasks:
-  arduino-flasher-cli:build:
+  build:
     deps:
       - arduino-flasher-cli:artifacts
     desc: "Build the arduino-flasher-cli locally"

From e556be0ae27a642e4d4a8224b97df2f4df3eccab Mon Sep 17 00:00:00 2001
From: MatteoPologruto <109663225+MatteoPologruto@users.noreply.github.com>
Date: Wed, 15 Oct 2025 11:58:43 +0200
Subject: [PATCH 07/13] Update Taskfile.yml

Co-authored-by: Davide <davideneri18@gmail.com>
---
 Taskfile.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Taskfile.yml b/Taskfile.yml
index 889dc06..5c96617 100644
--- a/Taskfile.yml
+++ b/Taskfile.yml
@@ -17,7 +17,7 @@ tasks:
       - cmd: go build -ldflags "-X main.Version={{.VERSION}}" -v -o ./build/arduino-flasher-cli.exe .
         platforms: [windows]
 
-  arduino-flasher-cli:artifacts:
+  artifacts:
     desc: Prepare the arduino-flasher-cli artifacts
     internal: true
     cmd: sh ./updater/artifacts/download_resources.sh

From 7730a9259a4f842d9b30442aaf0e196a118265b8 Mon Sep 17 00:00:00 2001
From: MatteoPologruto <109663225+MatteoPologruto@users.noreply.github.com>
Date: Wed, 15 Oct 2025 11:58:54 +0200
Subject: [PATCH 08/13] Update Taskfile.yml

Co-authored-by: Davide <davideneri18@gmail.com>
---
 Taskfile.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Taskfile.yml b/Taskfile.yml
index 5c96617..41f6257 100644
--- a/Taskfile.yml
+++ b/Taskfile.yml
@@ -7,7 +7,7 @@ vars:
 tasks:
   build:
     deps:
-      - arduino-flasher-cli:artifacts
+      - artifacts
     desc: "Build the arduino-flasher-cli locally"
     vars:
       VERSION: "{{.VERSION }}"

From d6cc68e850c57f18d2aed18675bc0695cafeb2d0 Mon Sep 17 00:00:00 2001
From: MatteoPologruto <109663225+MatteoPologruto@users.noreply.github.com>
Date: Wed, 15 Oct 2025 12:49:15 +0200
Subject: [PATCH 09/13] Update .github/workflows/release.yml

Co-authored-by: Luca Rinaldi <lucarin@protonmail.com>
---
 .github/workflows/release.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 6cf7ec7..b839f03 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -1,4 +1,4 @@
-name: Release Arduino Flasher CLI
+name: Release
 
 on:
   push:

From ee5eee6051b6ef4dd099906b5b3b37ba1513bac7 Mon Sep 17 00:00:00 2001
From: MatteoPologruto <m.pologruto@arduino.cc>
Date: Wed, 15 Oct 2025 12:50:34 +0200
Subject: [PATCH 10/13] Remove authentication step

---
 .github/workflows/release.yml | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index b839f03..52272c9 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -8,8 +8,6 @@ on:
 env:
   GO_VERSION: "1.25.1"
   PROJECT_NAME: "arduino-flasher-cli"
-  GITHUB_TOKEN: ${{ secrets.ARDUINOBOT_TOKEN }}
-  GITHUB_USERNAME: ArduinoBot
   DIST_DIR: build
 
 jobs:
@@ -60,10 +58,6 @@ jobs:
           version: "3.x"
           repo-token: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Configure Git for private repo cloning
-        run: |
-          git config --global url."https://${{ env.GITHUB_USERNAME }}:${{ env.GITHUB_TOKEN }}@github.com".insteadOf "https://github.com"
-
       - name: Build Binary
         run: |
           task arduino-flasher-cli:build

From cd00b00c50e6d45a7a952ccbce6f9b0005622e02 Mon Sep 17 00:00:00 2001
From: MatteoPologruto <m.pologruto@arduino.cc>
Date: Wed, 15 Oct 2025 12:51:56 +0200
Subject: [PATCH 11/13] Update task name in workflow

---
 .github/workflows/release.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 52272c9..c4aac4e 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -60,7 +60,7 @@ jobs:
 
       - name: Build Binary
         run: |
-          task arduino-flasher-cli:build
+          task build
         env:
           GOARCH: ${{ matrix.arch }}
           GOOS: ${{ matrix.os }}

From 69ac7ca491b894dc13b144d4c8915d938e3b8e51 Mon Sep 17 00:00:00 2001
From: MatteoPologruto <m.pologruto@arduino.cc>
Date: Wed, 15 Oct 2025 12:57:43 +0200
Subject: [PATCH 12/13] Set GH_TOKEN to use gh cli in workflow

---
 .github/workflows/release.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index c4aac4e..8c70c66 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -64,6 +64,7 @@ jobs:
         env:
           GOARCH: ${{ matrix.arch }}
           GOOS: ${{ matrix.os }}
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Prepare Build Artifacts (!windows)
         working-directory: ./${{ env.DIST_DIR }}

From a0aa8ee7cdff79ab777694f5244f3bdc7ba6ebfe Mon Sep 17 00:00:00 2001
From: MatteoPologruto <m.pologruto@arduino.cc>
Date: Wed, 15 Oct 2025 13:02:32 +0200
Subject: [PATCH 13/13] Try with another token

---
 .github/workflows/release.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 8c70c66..90b6be2 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -64,7 +64,7 @@ jobs:
         env:
           GOARCH: ${{ matrix.arch }}
           GOOS: ${{ matrix.os }}
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GH_TOKEN: ${{ secrets.ARDUINOBOT_TOKEN }}
 
       - name: Prepare Build Artifacts (!windows)
         working-directory: ./${{ env.DIST_DIR }}