Skip to content

fix(ci): sign auto-tags via GitHub API and handle missing seed tag#11

Merged
persimmon16 merged 1 commit intomainfrom
fix/release-auto-tag-signing
Apr 1, 2026
Merged

fix(ci): sign auto-tags via GitHub API and handle missing seed tag#11
persimmon16 merged 1 commit intomainfrom
fix/release-auto-tag-signing

Conversation

@persimmon16
Copy link
Copy Markdown
Owner

@persimmon16 persimmon16 commented Apr 1, 2026

Summary

  • Bootstrap support: When no v*.*.* tags exist in the repo, seed from v0.0.0 so the first auto-tag creates v0.0.1 instead of failing with "No existing v*.. tags found"
  • Signed tags: Replace lightweight git tag + git push with GitHub's Git database API (gh api git/tags + git/refs), which creates annotated tag objects signed by the token identity — tags now show as "Verified" in the GitHub UI

Test plan

  • Trigger Release Auto-Tag workflow via workflow_dispatch on this branch
  • Verify first run creates v0.0.1 (bootstrap from no tags)
  • Verify the created tag shows "Verified" badge in GitHub UI
  • Verify subsequent runs correctly increment the patch version

@persimmon16
fix(ci): sign auto-tags via GitHub API and handle missing seed tag
430d37d 
Two fixes for the Release Auto-Tag workflow:

1. Bootstrap support: when no v*.*.* tags exist, seed from v0.0.0
   so the first auto-tag creates v0.0.1 instead of failing.

2. Signed tags: replace lightweight `git tag` + `git push` with
   GitHub's Git database API (gh api git/tags + git/refs), which
   creates annotated tag objects signed by the token identity.
   Tags now show as "Verified" in the GitHub UI.
@persimmon16 persimmon16 merged commit 6f57f18 into main Apr 1, 2026
5 of 10 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@persimmon16