From 9aaec0373cc117f664f88e8a2335e8376e5f6d12 Mon Sep 17 00:00:00 2001 From: ndonkoHenri Date: Fri, 3 Jul 2026 00:14:01 +0200 Subject: [PATCH 1/2] ci: cut a GitHub Release on tag runs MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Add a `release` job that publishes a GitHub Release for v* tags, mirroring the release step in flet / python-build. - needs: publish — cut the release only after all six packages are live on pub.dev, so a release always marks a genuinely-published version. - Scoped `contents: write` (top-level stays `contents: read`). - generate_release_notes: true — notes from merged PRs since the last tag; no artifacts to attach (serious_python ships to pub.dev). - Hyphen-suffixed tags (e.g. v1.2.0-beta.1) are marked as pre-releases; github.ref_name is passed via env, not interpolated (no template injection). - softprops/action-gh-release pinned to the same SHA python-build uses. --- .github/workflows/ci.yml | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 6ff86017..2e86e824 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -607,3 +607,31 @@ jobs: publish_pkg src/serious_python_linux sleep 600 publish_pkg src/serious_python + + release: + name: Publish GitHub Release + needs: + - publish + runs-on: ubuntu-latest + if: ${{ startsWith(github.ref, 'refs/tags/v') }} + permissions: + contents: write + steps: + - name: Detect pre-release + id: prerelease + env: + REF_NAME: ${{ github.ref_name }} + run: | + if [[ "$REF_NAME" == *-* ]]; then + echo "is_prerelease=true" >> "$GITHUB_OUTPUT" + else + echo "is_prerelease=false" >> "$GITHUB_OUTPUT" + fi + + - name: Create GitHub Release + uses: softprops/action-gh-release@718ea10b132b3b2eba29c1007bb80653f286566b # v3.0.1 + with: + name: ${{ github.ref_name }} + tag_name: ${{ github.ref_name }} + prerelease: ${{ steps.prerelease.outputs.is_prerelease == 'true' }} + generate_release_notes: true From 59d2325b195e041b92f7ba1bc5b479534b1fda48 Mon Sep 17 00:00:00 2001 From: ndonkoHenri Date: Fri, 3 Jul 2026 00:15:04 +0200 Subject: [PATCH 2/2] update --- .github/workflows/ci.yml | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 2e86e824..cd7cd2f2 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -102,7 +102,7 @@ jobs: restore-keys: | flet-cache-${{ runner.os }}-${{ runner.arch }}-py${{ matrix.python_version }}- flet-cache-${{ runner.os }}-${{ runner.arch }}- - # Read-only on tag/release builds to avoid cache poisoning. + # Avoid release-time cache poisoning. lookup-only: ${{ startsWith(github.ref, 'refs/tags/') }} - name: Configure ${{ matrix.build_system }} @@ -170,7 +170,7 @@ jobs: restore-keys: | flet-cache-${{ runner.os }}-${{ runner.arch }}-py${{ matrix.python_version }}- flet-cache-${{ runner.os }}-${{ runner.arch }}- - # Read-only on tag/release builds to avoid cache poisoning. + # Avoid release-time cache poisoning. lookup-only: ${{ startsWith(github.ref, 'refs/tags/') }} - name: Setup iOS Simulator @@ -254,7 +254,7 @@ jobs: restore-keys: | flet-cache-${{ runner.os }}-${{ runner.arch }}-py${{ matrix.python_version }}- flet-cache-${{ runner.os }}-${{ runner.arch }}- - # Read-only on tag/release builds to avoid cache poisoning. + # Avoid release-time cache poisoning. lookup-only: ${{ startsWith(github.ref, 'refs/tags/') }} - name: Enable KVM @@ -270,7 +270,7 @@ jobs: # v5 was the last fully MIT-licensed major and is on Node 24. uses: gradle/actions/setup-gradle@0723195856401067f7a2779048b490ace7a47d7c # v5.0.2 with: - # Disable the Gradle cache on tag/release builds to avoid cache poisoning. + # Avoid release-time cache poisoning. cache-disabled: ${{ startsWith(github.ref, 'refs/tags/') }} - name: AVD cache @@ -281,7 +281,7 @@ jobs: ~/.android/avd/* ~/.android/adb* key: avd-bridge - # Read-only on tag/release builds to avoid cache poisoning. + # Avoid release-time cache poisoning. lookup-only: ${{ startsWith(github.ref, 'refs/tags/') }} - name: Setup Android Emulator + Run tests @@ -362,7 +362,7 @@ jobs: restore-keys: | flet-cache-${{ runner.os }}-${{ runner.arch }}-py${{ matrix.python_version }}- flet-cache-${{ runner.os }}-${{ runner.arch }}- - # Read-only on tag/release builds to avoid cache poisoning. + # Avoid release-time cache poisoning. lookup-only: ${{ startsWith(github.ref, 'refs/tags/') }} - name: Package + run integration test @@ -537,8 +537,7 @@ jobs: - name: Setup uv uses: astral-sh/setup-uv@fac544c07dec837d0ccb6301d7b5580bf5edae39 # v8.2.0 with: - # Publish runs on tags; disable the uv cache there to avoid - # release-time cache poisoning. + # Avoid release-time cache poisoning. enable-cache: ${{ !startsWith(github.ref, 'refs/tags/') }} - name: Setup Flutter @@ -619,6 +618,8 @@ jobs: steps: - name: Detect pre-release id: prerelease + # Dart/pub pre-releases carry a semver hyphen suffix (e.g. v1.2.0-beta.1); + # mark those as GitHub pre-releases. env: REF_NAME: ${{ github.ref_name }} run: |