From 85c0d66358d2b30256566e05cd91c359c77866f7 Mon Sep 17 00:00:00 2001 From: Patrick Dawkins Date: Wed, 20 May 2026 16:45:59 +0100 Subject: [PATCH] ci(release): trigger only on tag push Remove the workflow_dispatch trigger and its inputs (tag, upload_taps, upload_repos). The release workflow now runs solely from a v* tag push, which is already gated by the tag ruleset. Read github.ref_name via an env: block in the "Resolve tag" step. Drop the now-dead conditionals on inputs.tag and inputs.upload_repos, and the unreachable "Build snapshot (branch)" step. Co-Authored-By: Claude Opus 4.7 (1M context) --- .github/workflows/release.yml | 33 ++++++--------------------------- 1 file changed, 6 insertions(+), 27 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 5e8bdf4d..7fe8c83c 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -4,19 +4,6 @@ on: push: tags: - "v[0-9]*" - workflow_dispatch: - inputs: - tag: - description: "Tag to release (must already be pushed, e.g. v5.10.0-rc1)" - required: true - upload_taps: - description: "Upload to Homebrew/Scoop taps (overrides pre-release skip)" - type: boolean - default: false - upload_repos: - description: "Upload to package repositories via repogen (overrides pre-release skip)" - type: boolean - default: false permissions: contents: write @@ -37,8 +24,9 @@ jobs: steps: - name: Resolve tag id: tag + env: + TAG: ${{ github.ref_name }} run: | - TAG="${{ inputs.tag || github.ref_name }}" if ! echo "$TAG" | grep -qE '^v[0-9]+\.[0-9]+\.[0-9]+(-[a-zA-Z0-9.]+)?(\+[a-zA-Z0-9.]+)?$'; then echo "::error::Tag '$TAG' does not match semver format (vMAJOR.MINOR.PATCH)" exit 1 @@ -125,15 +113,13 @@ jobs: - name: Generate GitHub App token for homebrew-tap id: app-token - if: startsWith(github.ref, 'refs/tags/') || inputs.tag uses: actions/create-github-app-token@v3 with: app-id: ${{ vars.APP_ID }} private-key: ${{ secrets.APP_PRIVATE_KEY }} repositories: homebrew-tap - - name: Build release (tag) - if: startsWith(github.ref, 'refs/tags/') || inputs.tag + - name: Build release env: GORELEASER_CURRENT_TAG: ${{ steps.tag.outputs.tag }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} @@ -141,18 +127,11 @@ jobs: RSA_SIGNING_KEY_FILE: ${{ steps.signing-keys.outputs.key_dir }}/rsa-signing-key.pem GPG_SIGNING_KEY_FILE: ${{ steps.signing-keys.outputs.key_dir }}/gpg-signing-key.asc CLOUDSMITH_API_KEY: ${{ secrets.CLOUDSMITH_API_KEY }} - SKIP_UPLOAD_TAPS: ${{ inputs.upload_taps == true && 'false' || 'auto' }} + SKIP_UPLOAD_TAPS: auto run: make release - - name: Build snapshot (branch) - if: "!startsWith(github.ref, 'refs/tags/') && !inputs.tag" - env: - RSA_SIGNING_KEY_FILE: ${{ steps.signing-keys.outputs.key_dir }}/rsa-signing-key.pem - GPG_SIGNING_KEY_FILE: ${{ steps.signing-keys.outputs.key_dir }}/gpg-signing-key.asc - run: make snapshot - - name: Configure AWS credentials - if: steps.tag.outputs.is_prerelease == 'false' || inputs.upload_repos == true + if: steps.tag.outputs.is_prerelease == 'false' uses: aws-actions/configure-aws-credentials@v6 with: aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} @@ -160,7 +139,7 @@ jobs: aws-region: eu-west-1 - name: Upload packages to repository - if: steps.tag.outputs.is_prerelease == 'false' || inputs.upload_repos == true + if: steps.tag.outputs.is_prerelease == 'false' env: GPG_PRIVATE_KEY_FILE: ${{ steps.signing-keys.outputs.key_dir }}/gpg-signing-key.asc RSA_PRIVATE_KEY_FILE: ${{ steps.signing-keys.outputs.key_dir }}/rsa-signing-key.pem