From 2c284665807f1d93442803ceb3e0473b2c8d91b3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Martin=20Bru=C5=BEina?= <martin@bruzina.cz>
Date: Fri, 20 Mar 2026 21:57:31 +0100
Subject: [PATCH] feat: make the semantic release workflow reusable

---
 .github/workflows/semantic-release.yaml | 18 +++++-
 README.md                               | 83 ++++++++++++++++++++++++-
 2 files changed, 98 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/semantic-release.yaml b/.github/workflows/semantic-release.yaml
index ab5857f..04d1b09 100644
--- a/.github/workflows/semantic-release.yaml
+++ b/.github/workflows/semantic-release.yaml
@@ -4,6 +4,14 @@ on:
   push:
     branches:
       - main
+  workflow_call:
+    inputs:
+      GH_APP_ID:
+        type: string
+        required: false
+    secrets:
+      GH_APP_PEM_FILE:
+        required: false
 
 concurrency:
   group: release-${{ github.ref }}
@@ -18,9 +26,17 @@ jobs:
       issues: write
       pull-requests: write
     steps:
+      - name: Create GitHub App token
+        uses: actions/create-github-app-token@v3
+        id: gh-app-token
+        if: ${{ inputs.GH_APP_ID && secrets.GH_APP_PEM_FILE }}
+        with:
+          app-id: ${{ inputs.GH_APP_ID }}
+          private-key: ${{ secrets.GH_APP_PEM_FILE }}
       - name: Checkout repository
         uses: actions/checkout@v6
         with:
+          token: ${{ steps.gh-app-token.outputs.token || secrets.GITHUB_TOKEN }}
           fetch-depth: 0 
       - name: Set up Node.js
         uses: actions/setup-node@v6
@@ -37,5 +53,5 @@ jobs:
         run: npm audit signatures
       - name: Run Semantic Release
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_TOKEN: ${{ steps.gh-app-token.outputs.token || secrets.GITHUB_TOKEN }}
         run: npx semantic-release
diff --git a/README.md b/README.md
index b173afd..e0f61f1 100644
--- a/README.md
+++ b/README.md
@@ -6,9 +6,88 @@ A collection of GitHub composite actions and reusable workflows
 
 - [Semantic Release Workflow](#semantic-release-workflow)
 
-### Semantic Release Workflow
+### Reusable Semantic Release Workflow
 
-[Semantic Release workflow](.github/workflows/semantic-release.yaml) using the Conventional Commits preset to automate versioning, generates [GitHub releases](https://github.com/bruzit/github-actions-and-workflows/releases), and updates the [CHANGELOG](CHANGELOG.md).
+Reusable [Semantic Release workflow](.github/workflows/semantic-release.yaml) using the Conventional Commits preset to automate versioning, generates [GitHub releases](https://github.com/bruzit/github-actions-and-workflows/releases), and updates the [CHANGELOG](CHANGELOG.md).
+
+## Usage
+
+### Use Semantic Release Workflow
+
+Create a workflow, for example, `.github/workflows/semantic-release.yaml`:
+
+```yaml
+---
+name: Semantic Release
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  release:
+    name: Release
+    uses: bruzit/github-actions-and-workflows/.github/workflows/semantic-release.yaml@v0.2.0
+    with:
+      GH_APP_ID: ${{ vars.GH_APP_SEM_REL_ID }}
+    secrets:
+      GH_APP_PEM_FILE: ${{ secrets.GH_APP_SEM_REL_PEM_FILE }}
+```
+
+To create a GitHub App and a GitHub App Installation:
+
+- GitHub
+  - _Organization_ / Settings / Developer settings / GitHub Apps
+    - **New GitHub App**
+      - Create GitHub App
+        - GitHub App name: _name_
+        - Description: _description_
+        - Homepage URL: _homepage URL_
+      - Webhook
+        - Active: off
+      - Permissions
+        - Organization permissions
+          - Contents: Read and write
+          - Issues: Read and write
+          - Pull requests: Read and write
+        - Where can this GitHub App be installed?: _choose what suits you best_
+      - **Create GitHub App**
+    - _your app_
+      - General
+        - **Generate a private key**
+      - Install App
+        - _your organization_: **Install**
+  - _Repository_ / Settings / Secrets and variables / Actions
+    - Secrets
+      - Repository secrets / **New repository secret**
+        - Name: `GH_APP_PEM_FILE`
+        - Secret: _content of the PEM file_
+        - **Add secret**
+    - Variables
+      - Repository variables / **New repository variable**
+        - Name: `GH_APP_ID`
+        - Value: _GitHub App ID_
+        - **Add variable**
+
+Configure Semantic Release in the repository, for example, `.releaserc.yaml`:
+
+```yaml
+---
+branches:
+  - main
+plugins:
+  - - "@semantic-release/commit-analyzer"
+    - preset: conventionalcommits
+  - - "@semantic-release/release-notes-generator"
+    - preset: conventionalcommits
+  - "@semantic-release/github"
+  - - "@semantic-release/changelog"
+    - changelogTitle: '# Changelog'
+  - - "@semantic-release/git"
+    - assets:
+      - CHANGELOG.md
+```
 
 ## Copyright and Licensing