From fefb253924222930d6c57d8d57d16b66a5732123 Mon Sep 17 00:00:00 2001
From: Simone Scarduzio <sscarduzio@users.noreply.github.com>
Date: Mon, 25 May 2026 09:39:35 +0200
Subject: [PATCH] ci(release): make tag-creation idempotent so locally-pushed
 tags work (#10)

When the workflow's PAT_TOKEN lacks push-tag permission to this org
repo (the v6.2.0 release hit this), the maintainer can push the
tag locally and re-dispatch the workflow. Previously the "Check if
tag already exists" step errored out fatally; now we fetch tags,
reuse one if present, and only create+push when the tag's missing.

This also lets us recover from a half-completed earlier run without
having to delete the tag and rebuild from scratch.

No behaviour change on a clean run from a writable PAT_TOKEN: the
fetch is a no-op, the rev-parse misses, and the create+push branch
fires exactly as before.

Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 .github/workflows/release.yml | 27 +++++++++++++++------------
 1 file changed, 15 insertions(+), 12 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index b83034f..69f52d3 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -38,20 +38,23 @@ jobs:
             exit 1
           fi
 
-      - name: Check if tag already exists
-        run: |
-          if git rev-parse "v${{ github.event.inputs.version }}" >/dev/null 2>&1; then
-            echo "Error: Tag v${{ github.event.inputs.version }} already exists"
-            exit 1
-          fi
-
-      - name: Create and push tag
+      # Pre-existing tag is no longer fatal: it lets the workflow
+      # recover from a half-completed earlier run, or from a tag
+      # pushed locally by the maintainer when the bot's PAT lacks
+      # push-tag permission on this org repo (the v6.2.0 release went
+      # this route after PAT_TOKEN's scope proved insufficient).
+      - name: Tag (create if missing, otherwise reuse existing)
         id: create_tag
         run: |
-          git config --global user.name "github-actions[bot]"
-          git config --global user.email "github-actions[bot]@users.noreply.github.com"
-          git tag -a "v${{ github.event.inputs.version }}" -m "Release v${{ github.event.inputs.version }}"
-          git push origin "v${{ github.event.inputs.version }}"
+          git fetch --tags origin
+          if git rev-parse "v${{ github.event.inputs.version }}" >/dev/null 2>&1; then
+            echo "Tag v${{ github.event.inputs.version }} already exists; reusing it."
+          else
+            git config --global user.name "github-actions[bot]"
+            git config --global user.email "github-actions[bot]@users.noreply.github.com"
+            git tag -a "v${{ github.event.inputs.version }}" -m "Release v${{ github.event.inputs.version }}"
+            git push origin "v${{ github.event.inputs.version }}"
+          fi
           echo "tag=v${{ github.event.inputs.version }}" >> $GITHUB_OUTPUT
 
   lint: