Merge pull request #121 from lemonsaurus/fix/release-workflow-detached-head

Use SSH deploy key for reliable release workflow

Author: lemonsaurus

.github/workflows/release.yml

@@ -13,17 +13,14 @@ jobs:
     name: Bump version in repository
     runs-on: ubuntu-latest
     needs: check-submodules
-    permissions:
-      contents: write
 
     steps:
     - name: Checkout repository
       uses: actions/checkout@v4
       with:
         submodules: recursive
-        token: ${{ secrets.GITHUB_TOKEN }}
-        # Checkout the default branch, not the release tag
-        ref: ${{ github.event.repository.default_branch }}
+        ssh-key: ${{ secrets.SSH_DEPLOY_KEY }}
+        ref: main
 
     - name: Install UV
       uses: astral-sh/setup-uv@v4
@@ -48,12 +45,10 @@ jobs:
         uv version ${{ steps.get_version.outputs.VERSION }}
 
     - name: Commit version bump
-      run: |
-        git config --local user.email "action@github.com"
-        git config --local user.name "GitHub Action"
-        git add pyproject.toml
-        git commit -m "🔖 bump version to ${{ steps.get_version.outputs.VERSION }}"
-        git push origin ${{ github.event.repository.default_branch }}
+      uses: stefanzweifel/git-auto-commit-action@v4
+      with:
+        file_pattern: pyproject.toml
+        commit_message: "🔖 bump version to ${{ steps.get_version.outputs.VERSION }}"
 
   publish-to-pypi:
     name: Build and publish to PyPI
@@ -65,8 +60,7 @@ jobs:
       uses: actions/checkout@v4
       with:
         submodules: recursive
-        # Fetch the latest commit (including the version bump)
-        ref: ${{ github.event.repository.default_branch }}
+        ref: main
 
     - name: Install UV
       uses: astral-sh/setup-uv@v4