mirror of
https://github.com/affaan-m/everything-claude-code.git
synced 2026-03-30 21:53:28 +08:00
46f37ae4fb
Pin all GitHub Actions to commit SHAs instead of mutable version tags across ci.yml, release.yml, maintenance.yml, and all reusable workflows. This prevents supply-chain attacks via tag hijacking. Add the required Skills section to CLAUDE.md mapping project files (README.md, .github/workflows/*.yml) to their respective review skills.
57 lines
1.5 KiB
YAML
57 lines
1.5 KiB
YAML
name: Reusable Release Workflow
|
|
|
|
on:
|
|
workflow_call:
|
|
inputs:
|
|
tag:
|
|
description: 'Version tag (e.g., v1.0.0)'
|
|
required: true
|
|
type: string
|
|
generate-notes:
|
|
description: 'Auto-generate release notes'
|
|
required: false
|
|
type: boolean
|
|
default: true
|
|
|
|
permissions:
|
|
contents: write
|
|
|
|
jobs:
|
|
release:
|
|
name: Create Release
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
|
|
with:
|
|
fetch-depth: 0
|
|
|
|
- name: Validate version tag
|
|
run: |
|
|
if ! [[ "${{ inputs.tag }}" =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
|
|
echo "Invalid version tag format. Expected vX.Y.Z"
|
|
exit 1
|
|
fi
|
|
|
|
- name: Generate release highlights
|
|
env:
|
|
TAG_NAME: ${{ inputs.tag }}
|
|
run: |
|
|
TAG_VERSION="${TAG_NAME#v}"
|
|
cat > release_body.md <<EOF
|
|
## ECC ${TAG_VERSION}
|
|
|
|
### What This Release Focuses On
|
|
- Harness reliability and cross-platform compatibility
|
|
- Eval-driven quality improvements
|
|
- Better workflow and operator ergonomics
|
|
EOF
|
|
|
|
- name: Create GitHub Release
|
|
uses: softprops/action-gh-release@153bb8e04406b158c6c84fc1615b65b24149a1fe # v2
|
|
with:
|
|
tag_name: ${{ inputs.tag }}
|
|
body_path: release_body.md
|
|
generate_release_notes: ${{ inputs.generate-notes }}
|