chore: release 0.8.0 #32
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: tag-release | |
| on: | |
| push: | |
| branches: [main] | |
| concurrency: | |
| group: tag-release | |
| cancel-in-progress: false | |
| # Set at the workflow level so the token isn't capped by the repo's | |
| # default_workflow_permissions. When that default is "read", per-job | |
| # permissions can't elevate a reusable-workflow token past it, so the | |
| # release job's create-release call fails with "Resource not accessible | |
| # by integration". An explicit top-level block overrides the repo default. | |
| permissions: | |
| contents: write | |
| jobs: | |
| tag: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| outputs: | |
| created: ${{ steps.tag.outputs.created }} | |
| tag: ${{ steps.tag.outputs.tag }} | |
| steps: | |
| - uses: actions/checkout@v6 | |
| with: | |
| fetch-depth: 0 | |
| - name: Read version | |
| id: version | |
| run: echo "v=$(node -e "console.log(require('./src-tauri/tauri.conf.json').version)")" >> $GITHUB_OUTPUT | |
| - name: Create tag if new version | |
| id: tag | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| SSH_SIGNING_KEY: ${{ secrets.SSH_SIGNING_KEY }} | |
| run: | | |
| TAG="v${{ steps.version.outputs.v }}" | |
| echo "tag=$TAG" >> "$GITHUB_OUTPUT" | |
| if git rev-parse "$TAG" >/dev/null 2>&1; then | |
| echo "Tag $TAG already exists, nothing to do" | |
| echo "created=false" >> "$GITHUB_OUTPUT" | |
| exit 0 | |
| fi | |
| # Sign the tag with an SSH key registered to the account as a | |
| # signing key, so GitHub shows it as Verified. Tagger email is the | |
| # account's private noreply address (keeps the real email private). | |
| install -m 600 /dev/null "$RUNNER_TEMP/sk" | |
| printf '%s\n' "$SSH_SIGNING_KEY" > "$RUNNER_TEMP/sk" | |
| git config user.name "kipavy" | |
| git config user.email "88386090+kipavy@users.noreply.github.com" | |
| git config gpg.format ssh | |
| git config user.signingkey "$RUNNER_TEMP/sk" | |
| git tag -s "$TAG" -m "Release $TAG" | |
| git push origin "$TAG" | |
| echo "created=true" >> "$GITHUB_OUTPUT" | |
| echo "Created and pushed signed tag $TAG" | |
| release: | |
| needs: tag | |
| if: needs.tag.outputs.created == 'true' | |
| permissions: | |
| contents: write | |
| uses: ./.github/workflows/release.yml | |
| with: | |
| tag: ${{ needs.tag.outputs.tag }} | |
| secrets: inherit |