feat: release workflow on tag push with create-or-upload logic#15
feat: release workflow on tag push with create-or-upload logic#15
Conversation
…#5) - Change trigger from 'release: published' to 'push: tags v*.*.*' - Replace bare 'gh release upload' with create-or-update logic: * If a draft/release already exists (Release Drafter), publish it and upload all assets (--clobber for idempotency) * Otherwise create a new release with --generate-notes and upload assets - SHA256 checksums are still generated and attached as an asset - Release Drafter config (.github/release-drafter.yml) already present
There was a problem hiding this comment.
Pull request overview
Updates the GitHub Actions release pipeline so releases are produced automatically on version tag pushes and assets are reliably attached even when a release doesn’t already exist.
Changes:
- Switch workflow trigger from
release: publishedtopushon tags matchingv*.*.*. - Add “create-or-update” logic to publish an existing drafted release or create a new release (with generated notes) before uploading assets.
- Keep generating and uploading
sha256sums.txtalongside the built binaries.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| - name: Create or update GitHub Release | ||
| env: | ||
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
| run: | | ||
| gh release upload "${{ github.ref_name }}" artifacts/* \ | ||
| --repo "${{ github.repository }}" \ | ||
| --clobber | ||
| if gh release view "${{ github.ref_name }}" --repo "${{ github.repository }}" > /dev/null 2>&1; then |
There was a problem hiding this comment.
The release job sets permissions: contents: write only, which makes all other token scopes none. actions/download-artifact@v4 typically requires actions: read to download artifacts, so this job can fail with a 403 even though contents is writeable. Add actions: read to the job permissions (or remove the permissions override and set them at workflow level) while keeping contents: write for the gh release commands.
Closes #5
Changes
release: publishedtopush: tags: v*.*.*so the workflow fires automatically when a version tag is pushed — no manual release publishing required.gh release upload(which would fail if no release exists yet) with create-or-update logic:--draft=false) and upload all assets.--generate-notesand upload assets in one step.sha256sums.txt) are still generated and included as an asset..github/release-drafter.ymland its trigger workflow were already present from prior work.Acceptance Criteria
pushto tags matchingv*.*.*x86_64-linux-musl,x86_64-macos,aarch64-macos,x86_64-windows(and many more)sql-pipe-<target>(or.exefor Windows)--generate-notesfallback)