88 - " *.*.*"
99 pull_request :
1010 workflow_dispatch :
11+ inputs :
12+ release_version :
13+ description : " Optional tag/version to release after successful builds, for example 1.0.0. Leave empty for build-only."
14+ required : false
15+ type : string
16+ prerelease :
17+ description : " Mark a manual release as prerelease."
18+ required : false
19+ default : false
20+ type : boolean
1121
1222concurrency :
1323 group : sqlite-columnar-${{ github.workflow }}-${{ github.ref }}
@@ -192,7 +202,7 @@ jobs:
192202 run : ' sqlite3 :memory: ".load ./dist/columnar" "SELECT columnar_version();"'
193203
194204 - name : validate macOS signing secrets
195- if : startsWith(github.ref, 'refs/tags/') && matrix.notarize
205+ if : ( startsWith(github.ref, 'refs/tags/') || (github.event_name == 'workflow_dispatch' && github.event.inputs.release_version != '') ) && matrix.notarize
196206 env :
197207 APPLE_CERTIFICATE : ${{ secrets.APPLE_CERTIFICATE }}
198208 CERTIFICATE_PASSWORD : ${{ secrets.CERTIFICATE_PASSWORD }}
@@ -212,7 +222,7 @@ jobs:
212222 exit "$missing"
213223
214224name : create keychain for macOS codesign
215- if : startsWith(github.ref, 'refs/tags/') && matrix.notarize
225+ if : ( startsWith(github.ref, 'refs/tags/') || (github.event_name == 'workflow_dispatch' && github.event.inputs.release_version != '') ) && matrix.notarize
216226 env :
217227 APPLE_CERTIFICATE : ${{ secrets.APPLE_CERTIFICATE }}
218228 CERTIFICATE_PASSWORD : ${{ secrets.CERTIFICATE_PASSWORD }}
@@ -231,7 +241,7 @@ jobs:
231241 security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
232242
233243name : codesign macOS dylib
234- if : startsWith(github.ref, 'refs/tags/') && matrix.notarize
244+ if : ( startsWith(github.ref, 'refs/tags/') || (github.event_name == 'workflow_dispatch' && github.event.inputs.release_version != '') ) && matrix.notarize
235245 env :
236246 APPLE_TEAM_ID : ${{ secrets.APPLE_TEAM_ID }}
237247 run : |
@@ -247,14 +257,18 @@ jobs:
247257 printf "%s\n" "${{ github.sha }}" > package/GIT_COMMIT
248258
249259name : notarize macOS release archive
250- if : startsWith(github.ref, 'refs/tags/') && matrix.notarize
260+ if : ( startsWith(github.ref, 'refs/tags/') || (github.event_name == 'workflow_dispatch' && github.event.inputs.release_version != '') ) && matrix.notarize
251261 env :
252262 APPLE_ID : ${{ secrets.APPLE_ID }}
253263 APPLE_PASSWORD : ${{ secrets.APPLE_PASSWORD }}
254264 APPLE_TEAM_ID : ${{ secrets.APPLE_TEAM_ID }}
255265 run : |
256266 set -euo pipefail
257- VERSION="${GITHUB_REF_NAME}"
267+ if [ "${GITHUB_REF#refs/tags/}" != "$GITHUB_REF" ]; then
268+ VERSION="$GITHUB_REF_NAME"
269+ else
270+ VERSION="${{ github.event.inputs.release_version }}"
271+ fi
258272 RELEASE_DIR="release/${{ matrix.artifact }}-${VERSION}"
259273 RELEASE_ZIP="release/${{ matrix.artifact }}-${VERSION}.zip"
260274 mkdir -p "$RELEASE_DIR"
@@ -263,42 +277,53 @@ jobs:
263277 xcrun notarytool submit "$RELEASE_ZIP" --apple-id "$APPLE_ID" --password "$APPLE_PASSWORD" --team-id "$APPLE_TEAM_ID" --wait
264278
265279name : cleanup macOS signing keychain
266- if : always() && startsWith(github.ref, 'refs/tags/') && matrix.notarize
280+ if : always() && ( startsWith(github.ref, 'refs/tags/') || (github.event_name == 'workflow_dispatch' && github.event.inputs.release_version != '') ) && matrix.notarize
267281 run : |
268282 rm -f "$RUNNER_TEMP/developer_id_application.p12"
269283 security delete-keychain "$RUNNER_TEMP/columnar-signing.keychain-db" || true
270284
271285uses : actions/upload-artifact@v4.6.2
272- if : startsWith(github.ref, 'refs/tags/') && matrix.notarize
286+ if : ( startsWith(github.ref, 'refs/tags/') || (github.event_name == 'workflow_dispatch' && github.event.inputs.release_version != '') ) && matrix.notarize
273287 with :
274288 name : ${{ matrix.artifact }}
275289 path : release/*.zip
276290 if-no-files-found : error
277291 retention-days : 14
278292
279293 - uses : actions/upload-artifact@v4.6.2
280- if : ${{ !startsWith(github.ref, 'refs/tags/') || !matrix.notarize }}
294+ if : ${{ !( startsWith(github.ref, 'refs/tags/') || (github.event_name == 'workflow_dispatch' && github.event.inputs.release_version != '') ) || !matrix.notarize }}
281295 with :
282296 name : ${{ matrix.artifact }}
283297 path : package/
284298 if-no-files-found : error
285299 retention-days : 14
286300
287301 release :
288- if : startsWith(github.ref, 'refs/tags/')
302+ if : startsWith(github.ref, 'refs/tags/') || (github.event_name == 'workflow_dispatch' && github.event.inputs.release_version != '')
289303 needs : build
290304 runs-on : ubuntu-22.04
291305 permissions :
292306 contents : write
293307 steps :
308+ - name : resolve release version
309+ id : release
310+ run : |
311+ set -euo pipefail
312+ if [ "${GITHUB_REF#refs/tags/}" != "$GITHUB_REF" ]; then
313+ VERSION="$GITHUB_REF_NAME"
314+ else
315+ VERSION="${{ github.event.inputs.release_version }}"
316+ fi
317+ echo "version=$VERSION" >> "$GITHUB_OUTPUT"
318+
294319uses : actions/download-artifact@v4.2.1
295320 with :
296321 path : artifacts
297322
298323 - name : package release archives
299324 run : |
300325 set -e
301- VERSION="${GITHUB_REF_NAME }"
326+ VERSION="${{ steps.release.outputs.version } }"
302327 mkdir -p release
303328 for dir in artifacts/columnar-*; do
304329 name="$(basename "$dir")"
@@ -312,6 +337,10 @@ jobs:
312337
313338uses : softprops/action-gh-release@v2
314339 with :
340+ tag_name : ${{ steps.release.outputs.version }}
341+ target_commitish : ${{ github.sha }}
342+ generate_release_notes : true
343+ prerelease : ${{ github.event_name == 'workflow_dispatch' && github.event.inputs.prerelease == 'true' }}
315344 files : |
316345 release/*.zip
317346 release/*.tar.gz
0 commit comments