codereview-cli/.github/workflows/release.yml at main · open-cli-collective/codereview-cli · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
name: Release

# Triggered by the release tag that auto-release.yml mints (or a manual tag
# push). Builds with GoReleaser and publishes the GitHub release. codereview-cli
# declares the standard package channels in packaging/identity.yml; the reusable
# workflow publishes each channel only when its manifest entry is present.
on:
  push:
    tags:
      - "v*"
  workflow_dispatch:
    inputs:
      dry-run:
        description: "Build + render but skip publishing (only meaningful from a tag ref)"
        type: boolean
        default: true

# The reusable workflow's goreleaser job publishes the release via GITHUB_TOKEN.
permissions:
  contents: write

jobs:
  release:
    uses: open-cli-collective/.github/.github/workflows/release.yml@v1
    with:
      # tag push is live (false); workflow_dispatch honors the checkbox. Compare
      # against both true and 'true' because a workflow_dispatch boolean input
      # may surface as a real boolean or the string "true" depending on context
      # — this is robust to either and always yields a real boolean.
      dry-run: ${{ github.event_name == 'workflow_dispatch' && (inputs.dry-run == true || inputs.dry-run == 'true') }}
    secrets:
      homebrew-tap-token: ${{ secrets.TAP_GITHUB_TOKEN }}
      chocolatey-api-key: ${{ secrets.CHOCOLATEY_API_KEY }}
      winget-token: ${{ secrets.WINGET_GITHUB_TOKEN }}
      linux-dispatch-token: ${{ secrets.LINUX_PACKAGES_DISPATCH_TOKEN }}
      macos-cert-p12: ${{ secrets.MACOS_CERT_P12 }}
      macos-cert-password: ${{ secrets.MACOS_CERT_PASSWORD }}
      macos-cert-cn: ${{ secrets.MACOS_CERT_CN }}
      macos-cert-leaf-sha: ${{ secrets.MACOS_CERT_LEAF_SHA }}