From a0136bfa7f77a46dcb40b4d2df53e48dcf247053 Mon Sep 17 00:00:00 2001
From: mlischetti <lischettim@gmail.com>
Date: Thu, 23 Oct 2025 17:12:53 -0300
Subject: [PATCH] W-20004524: Set permissions on release

---
 .github/workflows/release.yml | 28 +++++++++++-----------------
 1 file changed, 11 insertions(+), 17 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 70e01ef..210f943 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -1,6 +1,10 @@
 name: Release DataWeave Native CLI
+on:
+  push:
+    # Sequence of patterns matched against refs/tags
+    tags:
+      - 'v*' # Push events to matching v*, i.e. v1.0, v20.15.10
 
-on: workflow_dispatch
 
 jobs:
 
@@ -18,27 +22,21 @@ jobs:
           - os: macos-latest
             script_name: osx
     runs-on: ${{ matrix.os }}
+
+    # Set permissions
+    permissions:
+      contents: write
+
     # Steps represent a sequence of tasks that will be executed as part of the job
     steps:
+      # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
       - uses: actions/checkout@v4
 
-      # Check tag
-      - name: Check Tag
-        id: check-tag
-        run: |
-          echo "Check tag ${{ github.event.ref }}"
-          if [[ ${{ github.event.ref }} =~ ^refs/tags/v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
-              echo "match=true" >> $GITHUB_OUTPUT
-          fi 
-
-      # Setup Gradle
       - name: Setup Gradle
-        if: steps.check-tag.outputs.match == 'true'
         uses: gradle/actions/setup-gradle@v3
 
       # Setup Graalvm
       - name: Setup Graalvm
-        if: steps.check-tag.outputs.match == 'true'
         uses: graalvm/setup-graalvm@v1
         with:
 #          version: ${{env.GRAALVM_VERSION}}
@@ -47,27 +45,23 @@ jobs:
           github-token: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Guess Extension Version
-        if: steps.check-tag.outputs.match == 'true'
         run: |
           echo "NATIVE_VERSION=$(echo '${{github.ref}}' | sed -e 's,.*/v\(.*\),\1,')" >> $GITHUB_ENV
         shell: bash
       
       # Runs a single command using the runners shell
       - name: Run Build
-        if: steps.check-tag.outputs.match == 'true'
         run: |
           ./gradlew --stacktrace --no-problems-report build -PnativeVersion=${{env.NATIVE_VERSION}}
         shell: bash
       
       # Generate distro
       - name: Create Distro
-        if: steps.check-tag.outputs.match == 'true'
         run: ./gradlew --stacktrace --no-problems-report native-cli:distro -PnativeVersion=${{env.NATIVE_VERSION}}
         shell: bash
 
       # Upload the artifact file
       - name: Upload binaries to release
-        if: steps.check-tag.outputs.match == 'true'
         uses: svenstaro/upload-release-action@v2
         with:
           repo_token: ${{ secrets.GITHUB_TOKEN }}