diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 46dc980..172ea25 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -35,6 +35,9 @@ jobs: name: Release needs: [lint, test] runs-on: ubuntu-latest + concurrency: + group: release-${{ github.ref }} + cancel-in-progress: false if: (github.event_name == 'push' && github.ref == 'refs/heads/main') || github.event_name == 'workflow_dispatch' permissions: contents: write @@ -45,6 +48,11 @@ jobs: - uses: actions/checkout@v6 with: fetch-depth: 0 + # FerrFlow runs with bot: true — it pushes via an App installation + # token from its OIDC exchange, not the checkout-persisted + # GITHUB_TOKEN. Persisting GITHUB_TOKEN would let it win over the bot + # token on push (github-actions[bot] can't bypass branch rules). + persist-credentials: false - name: Record previous tag id: prev-tag run: echo "tag=$(git describe --tags --abbrev=0 2>/dev/null || echo '')" >> "$GITHUB_OUTPUT"