This commit is contained in:
@@ -0,0 +1,30 @@
|
||||
name: CI (Release)
|
||||
on:
|
||||
push:
|
||||
tags:
|
||||
- 'v[0-9]*'
|
||||
|
||||
# Tags must never be cancelled — each is a public release
|
||||
concurrency:
|
||||
group: ci-release-${{ github.ref_name }}
|
||||
cancel-in-progress: false
|
||||
|
||||
# Workflow-level permissions set the ceiling for the reusable ci.yml.
|
||||
# id-token is never in the default token, so it must be granted explicitly
|
||||
# here — otherwise the ci: job's `permissions:` block exceeds the caller
|
||||
# workflow's permissions and GitHub rejects the run with startup_failure.
|
||||
permissions:
|
||||
actions: read
|
||||
contents: write
|
||||
packages: write
|
||||
id-token: write
|
||||
|
||||
jobs:
|
||||
ci:
|
||||
uses: ./.github/workflows/ci.yml
|
||||
secrets: inherit
|
||||
permissions:
|
||||
actions: read
|
||||
contents: write
|
||||
packages: write
|
||||
id-token: write
|
||||
Reference in New Issue
Block a user