The prepare-release workflow now uses GH_APP_TOKEN instead of
GITHUB_TOKEN to push commits and tags. This allows the tag push
to automatically trigger the release workflow without manual
intervention.
GITHUB_TOKEN cannot trigger other workflows due to GitHub's
security policy to prevent infinite workflow loops.
Added documentation in .github/GH_APP_TOKEN.md explaining the
token setup and requirements.
Generated with [Claude Code](https://claude.ai/code)
via [Happy](https://happy.engineering)
Co-Authored-By: Claude <noreply@anthropic.com>
Co-Authored-By: Happy <yesreply@happy.engineering>
Replace complex draft/publish release workflow with clean two-workflow approach:
1. prepare-release.yaml (manual workflow_dispatch)
- Validates version format
- Updates package.json and artifacthub-pkg.yml
- Commits to main
- Creates and pushes tag
- Triggers release workflow automatically
2. release.yaml (automatic on tag push)
- Single build-and-release job
- Creates GitHub release with tarball in one step (no draft/publish)
- Separate update-metadata job runs after release
- Updates checksum on main branch
Benefits:
- No manual tarball upload required
- No tag force-push anti-pattern
- No draft/publish asset attachment failures
- Clear separation of concerns
- Self-documenting workflow
Eliminates:
- Guard logic for infinite loop prevention
- Post-release tag manipulation
- Manual intervention after workflow "succeeds"
- Checksum chicken-and-egg problem
Generated with [Claude Code](https://claude.ai/code)
via [Happy](https://happy.engineering)
Co-Authored-By: Claude <noreply@anthropic.com>
Co-Authored-By: Happy <yesreply@happy.engineering>
Chris Farhood