Separate github release workflow from build

This ensures github token write permissions are limited to part of workflow that actually needs it. Change also prevents github release from running on forks.
QTC-UMD · Oct 8, 2024 · b4f2cc1 · b4f2cc1
1 parent de7f4cb
commit b4f2cc1
Showing 1 changed file with 14 additions and 1 deletion.
diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
@@ -28,8 +28,21 @@ jobs:
           name: dds-sweeper-firmware-${{ github.sha }}
           path: build/dds-sweeper/*.uf2
 
+  github-release:
+    name: Github Release
+    runs-on: ubuntu-latest
+    if: (github.event_name == 'push' && contains(github.ref, '/tags') && github.repository_owner == 'QTC-UMD')
+    needs: [build-firmware]
+    permissions:
+      packages: read
+      contents: write
+    steps:
+      - name: Download Artifact
+        uses: actions/download-artifact@v4
+        with:
+          name: dds-sweeper-firmware-${{ github.sha }}
+          path: build/dds-sweeper/*.uf2
       - name: Create release
-        if: (github.event_name == 'push' && contains(github.ref, '/tags'))
         uses: "marvinpinto/action-automatic-releases@latest"
         with:
           repo_token: "${{ secrets.GITHUB_TOKEN }}"