chore: test only push

.github/workflows/release-automation.yaml

@@ -2,6 +2,9 @@ name: Release Finch latest version
 on:
   workflow_dispatch:
   workflow_call:
+  pull_request:
+    branches:
+      - main
 
 jobs:
   get-latest-tag:
@@ -19,85 +22,10 @@ jobs:
       - name: 'Get the latest tag'
         id: latest-tag
         uses: "WyriHaximus/github-action-get-previous-tag@04e8485ecb6487243907e330d522ff60f02283ce" # v1.4.0
-
-  build-and-test-finch-pkg:
-    needs: get-latest-tag
-    uses: ./.github/workflows/build-and-test-pkg.yaml
-    secrets: inherit
-    with:
-      ref_name: ${{ needs.get-latest-tag.outputs.tag }}
-
-  upload-pkg-and-dependency-source-code-to-release:
-    needs:
-      - get-latest-tag
-      - build-and-test-finch-pkg
-    uses: ./.github/workflows/upload-installer-to-release.yaml
-    permissions:
-      # This is required for configure-aws-credentials to request an OIDC JWT ID token to access AWS resources later on.
-      # More info: https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#adding-permissions-settings
-      id-token: write
-      contents: write # this is used to upload to the release
-    secrets: inherit
-    with:
-      ref_name: ${{ needs.get-latest-tag.outputs.tag }}
-
-  build-and-test-finch-msi:
-    needs: get-latest-tag
-    uses: ./.github/workflows/build-and-test-msi.yaml
-    permissions:
-      # This is required for configure-aws-credentials to request an OIDC JWT ID token to access AWS resources later on.
-      # More info: https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#adding-permissions-settings
-      id-token: write
-      contents: read # this is required for actions/checkout
-    secrets: inherit
-    with:
-      ref_name: ${{ needs.get-latest-tag.outputs.tag }}
-
-  upload-msi-to-release:
-    needs:
-      - get-latest-tag
-      - build-and-test-finch-msi
-    uses: ./.github/workflows/upload-msi-to-release.yaml
-    permissions:
-      # This is required for configure-aws-credentials to request an OIDC JWT ID token to access AWS resources later on.
-      # More info: https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#adding-permissions-settings
-      id-token: write
-      contents: read # this is required for actions/checkout
-    secrets: inherit
-    with:
-      ref_name: ${{ needs.get-latest-tag.outputs.tag }}
-
-  build-and-test-finch-deb:
-    needs: get-latest-tag
-    uses: ./.github/workflows/build-and-test-deb.yaml
-    permissions:
-      # This is required for configure-aws-credentials to request an OIDC JWT ID token to access AWS resources later on.
-      # More info: https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#adding-permissions-settings
-      id-token: write
-      contents: read # this is required for actions/checkout
-    secrets: inherit
-    with:
-      ref_name: ${{ needs.get-latest-tag.outputs.tag }}
-
-  upload-deb-to-release:
-    needs:
-      - get-latest-tag
-      - build-and-test-finch-deb
-    uses: ./.github/workflows/upload-deb-to-release.yaml
-    permissions:
-      # This is required for configure-aws-credentials to request an OIDC JWT ID token to access AWS resources later on.
-      # More info: https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#adding-permissions-settings
-      id-token: write 
-      contents: write # this is required for uploading the release assets
-    secrets: inherit
-    with:
-      ref_name: ${{ needs.get-latest-tag.outputs.tag }}
-
-  update-latest-version-in-s3:
+
+  upload-release-definition-to-s3:
     needs: 
       - get-latest-tag
-      - upload-pkg-and-dependency-source-code-to-release
-      - upload-msi-to-release
     runs-on: ubuntu-latest
     permissions:
       id-token: write
@@ -106,18 +34,34 @@ jobs:
       - name: Configure AWS credentials
         uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 # v5.0.0
         with:
-          role-to-assume: ${{ secrets.ROLE }}
-          role-session-name: update-latest-version-in-s3
-          aws-region: ${{ secrets.REGION }}
+          role-to-assume: ${{ vars.AWS_RELEASE_TRIGGER_ROLE }}
+          role-session-name: upload-release-definition-to-s3
+          aws-region: ${{ vars.AWS_RELEASE_TRIGGER_REGION }}
 
-      - name: Update latest version in S3
+      - name: Create and upload release definition to S3
         run: |
-          # Create latest-version.json with the latest Finch release version to track updates
-          cat > latest-version.json << EOF
+          # Extract version without 'v' prefix for filename
+          VERSION="${{ needs.get-latest-tag.outputs.tag }}"
+          VERSION_NO_V="${VERSION#v}"
+
+          # Create release definition JSON file
+          cat > "release-def-${VERSION_NO_V}.json" << EOF
           {
-            "latest_version": "${{ needs.get-latest-tag.outputs.tag }}"
+              "tag_name": "${VERSION}",
+              "assets": [
+                  {
+                      "name": "Finch-${{ needs.get-latest-tag.outputs.tag }}-aarch64.pkg",
+                      "os": "mac",
+                      "architecture": "aarch64"
+                  },
+                  {
+                      "name": "Finch-${{ needs.get-latest-tag.outputs.tag }}-x86_64.pkg",
+                      "os": "mac",
+                      "architecture": "x86_64"
+                  }
+              ]
           }
           EOF
 
           # Upload to S3
-          aws s3 cp latest-version.json s3://${{ secrets.ARTIFACT_BUCKET_NAME }}/manifest/latest-version.json --content-type "application/json"
+          aws s3 cp "release-def-${VERSION_NO_V}.json" s3://${{ vars.AWS_RELEASE_TRIGGER_BUCKET }}/manifest/release-def-${VERSION_NO_V}.json --content-type "application/json"