From 3958928a9aac8de61d577392aa206fe157ffbf24 Mon Sep 17 00:00:00 2001 From: Rishi Tank Date: Mon, 5 Jan 2026 22:02:52 +0000 Subject: [PATCH 1/2] fix: auto-bump patch version when tag exists in workflow_run trigger MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Previously, when the Release workflow was triggered by workflow_run (after CI completes on main), it would skip the release if the current version tag already existed. This required manual version bumps before each release. Now, when triggered by workflow_run: - If current version tag doesn't exist → release with current version - If current version tag exists → auto-bump patch version, update Cargo.toml, then release This makes releases fully automatic after merging PRs to main. --- .github/workflows/release.yml | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index e2c87cf..9f74c6c 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -108,8 +108,14 @@ jobs: # Check if this version tag already exists if git tag -l "v$CURRENT_VERSION" | grep -q .; then - echo "Tag v$CURRENT_VERSION already exists, skipping release" - echo "should_release=false" >> $GITHUB_OUTPUT + echo "Tag v$CURRENT_VERSION already exists, auto-bumping patch version" + # Auto-bump patch version + IFS='.' read -r MAJOR MINOR PATCH <<< "$CURRENT_VERSION" + NEW_VERSION="${MAJOR}.${MINOR}.$((PATCH + 1))" + echo "Auto-bumped to: $NEW_VERSION" + echo "should_release=true" >> $GITHUB_OUTPUT + echo "version=$NEW_VERSION" >> $GITHUB_OUTPUT + echo "needs_bump=true" >> $GITHUB_OUTPUT else echo "New version v$CURRENT_VERSION detected, will release" echo "should_release=true" >> $GITHUB_OUTPUT From 8f78d7bf890f3cf91bb97ae7496255085f5d11ca Mon Sep 17 00:00:00 2001 From: Rishi Tank Date: Mon, 5 Jan 2026 22:16:10 +0000 Subject: [PATCH 2/2] fix: use RELEASE_TOKEN for auto-bump in release workflow MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Uses RELEASE_TOKEN (a PAT with Contents write permission) to bypass branch protection when auto-bumping the version. Setup required: 1. Create a Fine-Grained PAT at GitHub Settings → Developer Settings → Personal Access Tokens 2. Grant it 'Contents: Read and write' permission for this repo 3. Add it as a repository secret named RELEASE_TOKEN The workflow falls back to GITHUB_TOKEN if RELEASE_TOKEN is not set, which will fail on protected branches but work on unprotected ones. --- .github/workflows/release.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 9f74c6c..725dab4 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -129,6 +129,7 @@ jobs: echo "should_release=false" >> $GITHUB_OUTPUT # Bump version in Cargo.toml if needed + # Uses RELEASE_TOKEN (PAT) to bypass branch protection, falls back to GITHUB_TOKEN bump-version: needs: check if: needs.check.outputs.should_release == 'true' && needs.check.outputs.needs_bump == 'true' @@ -136,7 +137,7 @@ jobs: steps: - uses: actions/checkout@v4 with: - token: ${{ secrets.GITHUB_TOKEN }} + token: ${{ secrets.RELEASE_TOKEN || secrets.GITHUB_TOKEN }} - name: Update Cargo.toml version run: | @@ -154,7 +155,7 @@ jobs: git commit -m "chore: bump version to $VERSION [skip ci]" git push env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GITHUB_TOKEN: ${{ secrets.RELEASE_TOKEN || secrets.GITHUB_TOKEN }} build: needs: [check, bump-version]