Skip to content

chore: release 0.8.0 #32

chore: release 0.8.0

chore: release 0.8.0 #32

Workflow file for this run

name: tag-release
on:
push:
branches: [main]
concurrency:
group: tag-release
cancel-in-progress: false
# Set at the workflow level so the token isn't capped by the repo's
# default_workflow_permissions. When that default is "read", per-job
# permissions can't elevate a reusable-workflow token past it, so the
# release job's create-release call fails with "Resource not accessible
# by integration". An explicit top-level block overrides the repo default.
permissions:
contents: write
jobs:
tag:
runs-on: ubuntu-latest
permissions:
contents: write
outputs:
created: ${{ steps.tag.outputs.created }}
tag: ${{ steps.tag.outputs.tag }}
steps:
- uses: actions/checkout@v6
with:
fetch-depth: 0
- name: Read version
id: version
run: echo "v=$(node -e "console.log(require('./src-tauri/tauri.conf.json').version)")" >> $GITHUB_OUTPUT
- name: Create tag if new version
id: tag
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SSH_SIGNING_KEY: ${{ secrets.SSH_SIGNING_KEY }}
run: |
TAG="v${{ steps.version.outputs.v }}"
echo "tag=$TAG" >> "$GITHUB_OUTPUT"
if git rev-parse "$TAG" >/dev/null 2>&1; then
echo "Tag $TAG already exists, nothing to do"
echo "created=false" >> "$GITHUB_OUTPUT"
exit 0
fi
# Sign the tag with an SSH key registered to the account as a
# signing key, so GitHub shows it as Verified. Tagger email is the
# account's private noreply address (keeps the real email private).
install -m 600 /dev/null "$RUNNER_TEMP/sk"
printf '%s\n' "$SSH_SIGNING_KEY" > "$RUNNER_TEMP/sk"
git config user.name "kipavy"
git config user.email "88386090+kipavy@users.noreply.github.com"
git config gpg.format ssh
git config user.signingkey "$RUNNER_TEMP/sk"
git tag -s "$TAG" -m "Release $TAG"
git push origin "$TAG"
echo "created=true" >> "$GITHUB_OUTPUT"
echo "Created and pushed signed tag $TAG"
release:
needs: tag
if: needs.tag.outputs.created == 'true'
permissions:
contents: write
uses: ./.github/workflows/release.yml
with:
tag: ${{ needs.tag.outputs.tag }}
secrets: inherit