ci(GitHub-CI): draft only, also use version output

Set the draft to true and manually verify tags before release Set our version tag so we use [vX.X.X] for cleaner release
2026-06-11 00:02:29 +02:00 · 2026-05-31 06:15:01 -04:00
parent cc5ad371a8
commit 45a8539a9e
20 changed files with 56095 additions and 53058 deletions
@@ -1,7 +1,7 @@
-# 1. Push to main → build.yml runs automatically → note the run ID
-# 2. Manually trigger sign.yml with that build run ID → note the sign run ID
-# 3. Manually trigger release.yml with: version=v1.2.5, sign_run_id=<id>
-# 4. Manually trigger changelog.yml with: version=v1.2.5
+# 1. Push to main → 01-build.yml runs automatically → note the run ID
+# 2. Manually trigger 02-sign.yml with that build run ID → note the sign run ID
+# 3. Manually trigger 03-release.yml with: version=v1.2.5, sign_run_id=<id>
+# 4. Manually trigger 04-changelog.yml with: version=v1.2.5

 name: 📖 Build PDFs

@@ -24,7 +24,7 @@ on:
      - "docs/**"
      - "mkdocs.yml"
      - "scripts/**"
-      - ".github/workflows/build.yml"
+      - ".github/workflows/01-build.yml"

 permissions:
  contents: read
@@ -142,7 +142,7 @@ jobs:
            git push origin main
          fi

-      # Upload artifacts for release.yml and verify job to consume
+      # Upload artifacts for 03-release.yml and verify job to consume
      - name: 📤 Upload signatures artifact
        uses: actions/upload-artifact@v4
        with:
@@ -1,14 +1,13 @@
 name: 🚀 Release

 # Manual only — run this deliberately after build and sign are confirmed good.
-# Provide the sign.yml run ID to pull artifacts from. The release tag is
-# generated automatically as release-YYYYMMDD-<short-sha> — no version input
-# needed, no semver drift possible.
+# Provide the 02-sign.yml run ID to pull artifacts from. The release tag is
+# automatically passed to the tag input. Exports "inputs.version" to $TAG.
 on:
  workflow_dispatch:
    inputs:
      sign_run_id:
-        description: 'sign.yml run ID to pull signatures and PDFs from'
+        description: '02-sign.yml run ID to pull signatures and PDFs from'
        required: true
        type: string
      prerelease:
@@ -16,6 +15,10 @@ on:
        required: false
        default: false
        type: boolean
+      version:
+        description: 'Version string to record (e.g. v1.2.4) — required'
+        required: true
+        type: string

 permissions:
  contents: write # create releases and tags
@@ -95,7 +98,7 @@ jobs:
        run: |
          SHORT_SHA=$(echo "${{ github.sha }}" | cut -c1-7)
          DATE=$(date -u +'%Y%m%d')
-          TAG="release-${DATE}-${SHORT_SHA}"
+          TAG="${{ inputs.version }}"
          NAME="Release ${DATE} (${SHORT_SHA})"
          echo "tag=$TAG"   >> $GITHUB_OUTPUT
          echo "name=$NAME" >> $GITHUB_OUTPUT
@@ -108,12 +111,12 @@ jobs:
          tag_name:   ${{ steps.tag.outputs.tag }}
          name:       ${{ steps.tag.outputs.name }}
          prerelease: ${{ inputs.prerelease || false }}
-          draft:      false
+          draft:      true
          fail_on_unmatched_files: false
          body: |
            ## 📖 The Hitchhiker's Guide to Online Anonymity

-            Built from [`${{ github.sha }}`](${{ github.server_url }}/${{ github.repository }}/commit/${{ github.sha }}) on `${{ github.ref_name }}`.
+            Built from [`${{ inputs.version }}`](${{ github.server_url }}/${{ github.repository }}/releases/tag/${{ inputs.version }}).

            ---

@@ -1,25 +0,0 @@
-name: 🗑️ DEPRECATED — Build & Sign & Release (combined)
-
-# DEPRECATED — replaced by build.yml, sign.yml, and release.yml
-# This workflow is disabled. It is kept only as a reference until the
-# split workflows have been confirmed stable in production.
-# Do not trigger this workflow.
-
-on:
-  workflow_dispatch:
-    inputs:
-      _disabled:
-        description: 'This workflow is deprecated. Use build.yml → sign.yml → release.yml instead.'
-        required: false
-        type: string
-
-jobs:
-  noop:
-    name: Deprecated — no-op
-    runs-on: ubuntu-latest
-    steps:
-      - name: ❌ Workflow is deprecated
-        run: |
-          echo "This workflow is deprecated."
-          echo "Use build.yml → sign.yml → release.yml instead."
-          exit 1