Merge pull request #26 from haya14busa/add-output-tags #13

Workflow file for this run

.github/workflows/release.yml at f367549

	name: Release

	on:
	push:
	branches:
	- main # Only run on main branch pushes (PR merges)
	pull_request:
	types:
	- labeled # Run when PRs are labeled

	permissions:
	contents: read

	jobs:
	verify-releaser:
	runs-on: ubuntu-latest
	permissions:
	contents: read
	steps:
	- name: Harden the runner (Audit all outbound calls)
	uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
	with:
	egress-policy: audit

	- uses: actions/checkout@v5
	- name: Verify Trusted Tag Releaser
	uses: actionutils/trusted-tag-verifier@v0
	with:
	repository: 'actionutils/trusted-tag-releaser'
	tag: 'v0'

	# Post version bump information comment on PR when labeled
	release-preview-comment:
	needs: [verify-releaser]
	if: github.event.action == 'labeled'
	permissions:
	pull-requests: write
	uses: actionutils/trusted-tag-releaser/.github/workflows/release-preview-comment.yml@v0
	secrets:
	github-token: ${{ secrets.GITHUB_TOKEN }}

	# First check if a release is needed
	release-check:
	needs: [verify-releaser]
	if: github.event.action != 'labeled'
	permissions:
	contents: write # Required for GitHub's generate-release-note API (notes are only displayed in job summary, not written to any file)
	pull-requests: read
	uses: actionutils/trusted-tag-releaser/.github/workflows/release-check.yml@v0

	# Environment protection job
	release-approval:
	needs: [release-check]
	if: github.event.action != 'labeled' && needs.release-check.outputs.skip != 'true'
	runs-on: ubuntu-latest
	environment: release
	concurrency:
	group: "release-approval"
	cancel-in-progress: true
	steps:
	- name: Harden the runner (Audit all outbound calls)
	uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
	with:
	egress-policy: audit

	- name: Approve release
	run: echo "Release approved in the release environment"

	# Use the reusable trusted tag workflow for releases if approved
	release:
	needs: [release-check, release-approval]
	if: github.event.action != 'labeled' && needs.release-check.outputs.skip != 'true'
	concurrency:
	group: "release"
	cancel-in-progress: false
	permissions:
	id-token: write # Required for signed tags
	contents: write # Required for release and tag creation
	pull-requests: write # Required for bumpr commenting
	attestations: write # Required for build provenance attestation
	uses: actionutils/trusted-tag-releaser/.github/workflows/trusted-release-workflow.yml@v0
	secrets:
	github-token: ${{ secrets.GITHUB_TOKEN }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Merge pull request #26 from haya14busa/add-output-tags #13

Workflow file

Merge pull request #26 from haya14busa/add-output-tags #13

Uh oh!

Workflow file for this run