Skip to content

Commit c5838ac

Browse files
kateinoigakukunkateinoigakukun
committed
Restructure release workflows to adopt Trusted Publisher for tag releases
1 parent 016914a commit c5838ac

File tree

2 files changed

+31
-8
lines changed

2 files changed

+31
-8
lines changed

.github/workflows/build.yml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,6 @@ name: Build ruby.wasm
22
on:
33
push:
44
branches: [main]
5-
tags: ["*"]
65
paths-ignore:
76
- "*.md"
87
- "docs/**"
@@ -12,13 +11,14 @@ on:
1211
publish:
1312
type: boolean
1413
description: "Whether to publish or not"
15-
default: true
14+
default: false
1615
prerel_name:
1716
type: string
1817
description: "Pre-release name to be released"
19-
required: true
18+
default: ""
2019

2120
jobs:
21+
2222
lint:
2323
runs-on: ubuntu-24.04
2424
if: ${{ github.event_name == 'pull_request' }}

.github/workflows/nightly-release.yml renamed to .github/workflows/release.yml

Lines changed: 28 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,17 +1,22 @@
1-
name: Nightly release
1+
name: Release ruby.wasm
22
on:
33
schedule:
4-
- cron: '0 15 * * *'
4+
- cron: "0 15 * * *"
55
workflow_dispatch:
66
inputs:
77
tag-name:
88
type: string
9-
description: 'Nightly release tag'
9+
description: "Nightly release tag"
1010
required: true
11+
push:
12+
tags: ["*"]
1113

1214
jobs:
1315
create-nightly-tag:
16+
if: ${{ github.event_name != 'push' }}
1417
runs-on: ubuntu-24.04
18+
permissions:
19+
contents: write
1520
outputs:
1621
tag-name: ${{ steps.generate-tag.outputs.TAG_NAME }}
1722
steps:
@@ -26,9 +31,27 @@ jobs:
2631
echo "TAG_NAME=${MANUAL_TAG:-$(date +'%Y-%m-%d')-a}" >> $GITHUB_OUTPUT
2732
- run: git tag "${{ steps.generate-tag.outputs.TAG_NAME }}"
2833
- run: git push origin "${{ steps.generate-tag.outputs.TAG_NAME }}"
29-
build-and-publish:
30-
needs: [create-nightly-tag]
34+
35+
release-nightly:
36+
if: ${{ github.event_name != 'push' }}
37+
needs:
38+
- create-nightly-tag
39+
permissions:
40+
contents: write
41+
id-token: write
3142
uses: ./.github/workflows/build.yml
3243
with:
3344
publish: true
3445
prerel_name: ${{ needs.create-nightly-tag.outputs.tag-name }}
46+
secrets: inherit
47+
48+
release-tag:
49+
if: ${{ github.event_name == 'push' && github.actor != 'github-actions[bot]' }}
50+
permissions:
51+
contents: write
52+
id-token: write
53+
uses: ./.github/workflows/build.yml
54+
with:
55+
publish: true
56+
prerel_name: ${{ github.ref_name }}
57+
secrets: inherit

0 commit comments

Comments
 (0)