Merge pull request 'feat: add tag-release workflow for manual major release tagging' (#13) from feature/tag-release into main

Reviewed-on: #13 Reviewed-by: Markus.Opahle@schmalz.de <Markus.Opahle@schmalz.de>
2026-05-04 08:21:02 +00:00 · 2026-05-04 08:21:02 +00:00 · 73591365cf
commit 73591365cf
parent 55121b1397 14bf6ad0da
1 changed files with 75 additions and 0 deletions
--- a/.forgejo/workflows/tag-release.yml
+++ b/.forgejo/workflows/tag-release.yml
@ -0,0 +1,75 @@
+name: tag-release
+
+# Manually create or move a major release tag for a shared action.
+# Tag format: <action-name>-v<major>  (e.g. checkout-v1, pnpm-build-v2)
+#
+# If the tag already exists it is force-moved to the selected ref.
+
+on:
+  workflow_dispatch:
+    inputs:
+      action:
+        description: Action to release
+        required: true
+        type: choice
+        options:
+          - aikido-full-scan
+          - aikido-pr-scan
+          - aws-configure
+          - checkout
+          - pnpm-build
+          - publish-static-contents
+          - terraform-apply
+          - terraform-validate
+      major-version:
+        description: 'Major version number (e.g. 1)'
+        required: true
+        type: string
+      ref:
+        description: 'Branch, tag, or commit SHA to tag (defaults to the default branch)'
+        required: false
+        type: string
+        default: ''
+
+permissions:
+  contents: write
+
+jobs:
+  tag-release:
+    runs-on: stackit-ubuntu-22
+    steps:
+      - name: Checkout
+        uses: https://schmalz-git.git.onstackit.cloud/schmalz/shared-actions/checkout@checkout-v1
+        with:
+          ref: ${{ inputs.ref }}
+          fetch-depth: 0
+
+      - name: Validate major version
+        env:
+          MAJOR: ${{ inputs.major-version }}
+        run: |
+          if ! echo "$MAJOR" | grep -qE '^[0-9]+$'; then
+            echo "::error::major-version must be a positive integer, got: $MAJOR"
+            exit 1
+          fi
+
+      - name: Create or move major tag
+        env:
+          ACTION: ${{ inputs.action }}
+          MAJOR: ${{ inputs.major-version }}
+        run: |
+          set -euo pipefail
+
+          TAG="${ACTION}-v${MAJOR}"
+          COMMIT=$(git rev-parse HEAD)
+
+          echo "Tag    : $TAG"
+          echo "Commit : $COMMIT"
+
+          git config user.name  "forgejo-actions[bot]"
+          git config user.email "forgejo-actions[bot]@noreply.forgejo.org"
+
+          git tag -f "$TAG" "$COMMIT"
+          git push origin -f "refs/tags/$TAG"
+
+          echo "::notice::Tag $TAG now points to $COMMIT"