unboundsoftware/shared-workflows
6
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Activity

feat: use file-based release token instead of secret

Browse Source
This commit is contained in:
Joakim Olsson
2026-01-08 20:57:06 +01:00
parent f79decdcea
commit ca333a2500
2 changed files with 17 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files
README.md
+3 -5
View File
@@ -20,21 +20,19 @@ on:
jobs:
release:
uses: unboundsoftware/shared-workflows/.gitea/workflows/Release.yml@main
secrets:
UNBOUND_RELEASE_TOKEN: ${{ secrets.GIT_API_TOKEN }}
```
**Inputs:**
- `tag_only` (boolean, default: `false`): Set to `true` to only create tags without full releases
**Secrets:**
**Requirements:**
- `UNBOUND_RELEASE_TOKEN` (required): Token with API access to create PRs and releases. Required scopes: `repository` (read/write), `issue` (read/write)
This workflow reads the release token from `/runner-secrets/release-token`, which is automatically available on Unbound's Gitea runners. No repository secrets need to be configured.
**How it works:**
1. On each push to the default branch, generates a changelog using git-cliff
2. Creates or updates a `next-release` branch with the updated CHANGELOG.md and .version file
3. Opens or updates a PR titled "chore(release): prepare for vX.Y.Z"
4. When the .version file exists (after merging the release PR), creates a GitHub release with the changelog
4. When the .version file exists (after merging the release PR), creates a Gitea release with the changelog