What task are you trying to do?
Keep PawWork's pinned bundled OfficeCLI version current without making release packaging depend on upstream latest.
What do you do today?
Issue #106 defines the release-safe baseline: PawWork should pin the bundled OfficeCLI version in the repo, download that pinned asset per target platform, and verify it before packaging. That makes releases reproducible, but it still leaves version bumping as a manual maintenance step.
What would a good result look like?
Add a workflow that can be triggered manually, and optionally on a low-frequency schedule, to check iOfficeAI/OfficeCLI releases against PawWork's bundled-tool manifest. When a newer OfficeCLI release exists, the workflow should update the pinned version, run the bundled-tool verification, and open a PR such as chore: bump bundled OfficeCLI to vX.Y.Z with the upstream release link and verification summary. The release workflow itself must continue to consume only the pinned version from the repo.
Which audience does this matter to most?
Maintainers.
Extra context
This is a follow-up to #106. It should not be part of the #106 implementation PR because the urgent fix is release safety, platform-correct packaging, checksum verification, and license attribution. The bump workflow is maintenance automation after the pinned manifest exists.
What task are you trying to do?
Keep PawWork's pinned bundled OfficeCLI version current without making release packaging depend on upstream
latest.What do you do today?
Issue #106 defines the release-safe baseline: PawWork should pin the bundled OfficeCLI version in the repo, download that pinned asset per target platform, and verify it before packaging. That makes releases reproducible, but it still leaves version bumping as a manual maintenance step.
What would a good result look like?
Add a workflow that can be triggered manually, and optionally on a low-frequency schedule, to check
iOfficeAI/OfficeCLIreleases against PawWork's bundled-tool manifest. When a newer OfficeCLI release exists, the workflow should update the pinned version, run the bundled-tool verification, and open a PR such aschore: bump bundled OfficeCLI to vX.Y.Zwith the upstream release link and verification summary. The release workflow itself must continue to consume only the pinned version from the repo.Which audience does this matter to most?
Maintainers.
Extra context
This is a follow-up to #106. It should not be part of the #106 implementation PR because the urgent fix is release safety, platform-correct packaging, checksum verification, and license attribution. The bump workflow is maintenance automation after the pinned manifest exists.