ci: tag per build job

We need to tag the HEAD commit to make sure the right version is baked into the built binaries. See for more details: - https://github.com/cli/cli/issues/12263 Signed-off-by: Babak K. Shandiz <babakks@github.com>
2026-01-06 16:57:57 +00:00 · 2026-01-06 16:57:57 +00:00 · fa871ffa67
commit fa871ffa67
parent 4b86a43997
1 changed files with 21 additions and 0 deletions
--- a/.github/workflows/deployment.yml
+++ b/.github/workflows/deployment.yml
@ -56,6 +56,13 @@ jobs:
          # our scripts, which rely on the specific file names generated by GoReleaser.
          version: v2.13.1
          install-only: true
+      # We temporarily create a tag on HEAD to make the right version embedded
+      # in the built binaries, BUT we don't push it to the remote.
+      - name: Tag
+        env:
+          TAG_NAME: ${{ inputs.tag_name }}
+        run: |
+          git tag "$TAG_NAME"
      - name: Build release binaries
        env:
          TAG_NAME: ${{ inputs.tag_name }}
@ -111,6 +118,13 @@ jobs:
          # our scripts, which rely on the specific file names generated by GoReleaser.
          version: v2.13.1
          install-only: true
+      # We temporarily create a tag on HEAD to make the right version embedded
+      # in the built binaries, BUT we don't push it to the remote.
+      - name: Tag
+        env:
+          TAG_NAME: ${{ inputs.tag_name }}
+        run: |
+          git tag "$TAG_NAME"
      - name: Build release binaries
        env:
          TAG_NAME: ${{ inputs.tag_name }}
@ -187,6 +201,13 @@ jobs:
            Endpoint =  "https://wus3.codesigning.azure.net/"
          } | ConvertTo-Json | Out-File -FilePath $Env:METADATA_PATH

+      # We temporarily create a tag on HEAD to make the right version embedded
+      # in the built binaries, BUT we don't push it to the remote.
+      - name: Tag
+        env:
+          TAG_NAME: ${{ inputs.tag_name }}
+        run: |
+          git tag "$TAG_NAME"
      # Azure Code Signing leverages the environment variables for secrets that complement the metadata.json
      # file generated above (AZURE_CLIENT_ID, AZURE_CLIENT_SECRET, AZURE_TENANT_ID)
      # For more information, see https://learn.microsoft.com/en-us/dotnet/api/azure.identity.defaultazurecredential?view=azure-dotnet