Merge pull request #12428 from cli/bk-kw/tag-per-build

ci: tag per build job

.github/workflows/deployment.yml

@@ -56,6 +56,12 @@ jobs:
           # our scripts, which rely on the specific file names generated by GoReleaser.
           version: v2.13.1
           install-only: true
+      # We temporarily create a tag on HEAD to make the right version embedded
+      # in the built binaries, BUT we don't push it to the remote.
+      - name: Create temporary tag
+        env:
+          TAG_NAME: ${{ inputs.tag_name }}
+        run: git tag "$TAG_NAME"
       - name: Build release binaries
         env:
           TAG_NAME: ${{ inputs.tag_name }}
@@ -111,6 +117,12 @@ jobs:
           # our scripts, which rely on the specific file names generated by GoReleaser.
           version: v2.13.1
           install-only: true
+      # We temporarily create a tag on HEAD to make the right version embedded
+      # in the built binaries, BUT we don't push it to the remote.
+      - name: Create temporary tag
+        env:
+          TAG_NAME: ${{ inputs.tag_name }}
+        run: git tag "$TAG_NAME"
       - name: Build release binaries
         env:
           TAG_NAME: ${{ inputs.tag_name }}
@@ -187,6 +199,12 @@ jobs:
             Endpoint =  "https://wus3.codesigning.azure.net/"
           } | ConvertTo-Json | Out-File -FilePath $Env:METADATA_PATH
 
+      # We temporarily create a tag on HEAD to make the right version embedded
+      # in the built binaries, BUT we don't push it to the remote.
+      - name: Create temporary tag
+        env:
+          TAG_NAME: ${{ inputs.tag_name }}
+        run: git tag "$TAG_NAME"
       # Azure Code Signing leverages the environment variables for secrets that complement the metadata.json
       # file generated above (AZURE_CLIENT_ID, AZURE_CLIENT_SECRET, AZURE_TENANT_ID)
       # For more information, see https://learn.microsoft.com/en-us/dotnet/api/azure.identity.defaultazurecredential?view=azure-dotnet