[Security/Reliability] Replace `workflow_run` with Tag trigger or Workflow Call

[ZhanZiyuan]

Description:

The release-gui.yml uses on: workflow_run. This trigger has some known limitations:

• Context/Permissions: workflow_run always runs in the context of the default branch. If you are testing a release on a feature branch, it might not behave as expected.
• Security: It can be tricky to pass data securely between the two workflows.
• Manual Trigger Redundancy: The check-version job re-implements logic to check if a release exists, which adds overhead and complexity.

Suggested Solution:

• Use workflow_call (Reusable Workflows) to chain the CLI and GUI releases together.
• Alternatively, trigger both workflows simultaneously when a new tag v* is pushed. This ensures both use the exact same commit SHA and simplifies the logic significantly.

[TrueNine]

Hi @ZhanZiyuan, thanks for the suggestion!

This has been addressed in #6 — replaced the tag-based trigger with workflow_call so the CLI workflow directly calls the GUI workflow with an explicit version input. The redundant check-version job has been removed entirely.

The issue will be automatically closed once the PR is merged.

[ZhanZiyuan]

LGTM!