v1.16.1: build/listener/widget/update cleanups + parser tests (#83) #62
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: release-please | |
| on: | |
| push: | |
| branches: | |
| - main | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| jobs: | |
| release-please: | |
| runs-on: ubuntu-latest | |
| steps: | |
| # Watches conventional commits on main, opens (and updates) a Release PR | |
| # that bumps .release-please-manifest.json + regenerates CHANGELOG.md. | |
| # When the Release PR is merged, this action creates the git tag (vX.Y.Z) | |
| # and the GitHub Release. release.yml then attaches signed/notarized | |
| # artifacts to the release. | |
| # | |
| # `token` is a fine-grained PAT (`RELEASE_PAT`) — NOT the default | |
| # GITHUB_TOKEN. GitHub deliberately suppresses downstream workflow | |
| # triggers from pushes made with GITHUB_TOKEN (anti-loop guard), so | |
| # the tag-push release-please-action makes when the Release PR | |
| # merges wouldn't fire release.yml automatically. With a PAT the | |
| # tag push looks like a normal user push and the build workflow | |
| # cascades. | |
| # | |
| # PAT scope (fine-grained, on StackOneHQ/stack-nudge): | |
| # - Contents: read+write (commit + tag the bump) | |
| # - Pull requests: read+write (open + edit the Release PR) | |
| # - Workflows: read+write (safety: in case the bump ever | |
| # touches .github/workflows/) | |
| # The fallback `workflow_dispatch` trigger on release.yml stays — | |
| # if `RELEASE_PAT` is unset, the action uses GITHUB_TOKEN and you | |
| # can still dispatch the build manually. | |
| - uses: googleapis/release-please-action@v4 | |
| with: | |
| token: ${{ secrets.RELEASE_PAT }} | |
| config-file: .release-please-config.json | |
| manifest-file: .release-please-manifest.json |