From f2e0456f8defb259f2fe55a2ab4dec6b9422abc2 Mon Sep 17 00:00:00 2001 From: Mike Swanson Date: Fri, 29 May 2026 07:27:17 -0700 Subject: [PATCH] ci: gate release workflow to manual dispatch Release builds (auto-versioning + Azure Trusted Signing + Gitea release) no longer run on every push to main; trigger deliberately via workflow_dispatch. build-and-test.yml remains the automatic PR/push CI gate. Co-Authored-By: Claude Opus 4.8 (1M context) --- .gitea/workflows/release.yml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/.gitea/workflows/release.yml b/.gitea/workflows/release.yml index 0a29125..824bfc4 100644 --- a/.gitea/workflows/release.yml +++ b/.gitea/workflows/release.yml @@ -2,7 +2,7 @@ name: Release # SPEC-001 §2/§3/§4 — auto-versioning, signed Windows build, changelog generation, release. # -# On every push to main this workflow: +# When manually dispatched (gated — not on every push), this workflow: # 1. version — determine the next semver from conventional commits, bump component manifests, # commit `chore: release vX.Y.Z [skip ci]`, and create + push tag vX.Y.Z. # 2. changelog — generate CHANGELOG.md + per-component changelogs with git-cliff (run inside @@ -19,9 +19,10 @@ name: Release # tool that signs PE binaries on Linux, so no Windows runner is required. on: - push: - branches: - - main + # Gated: releases are deliberate, NOT automatic on every push to main. + # Trigger manually (Actions -> Release -> Run workflow). Auto-versioning still + # computes the next semver from conventional commits at dispatch time. + # build-and-test.yml remains the automatic PR/push CI gate. workflow_dispatch: jobs: