[gha] Trigger installer_release on deploy_release (#4083)

Copilot · web-flow · commit d2f2aa398d18 · 2026-01-08T15:06:06.000-05:00
Also, enable manual triggering
diff --git a/.github/workflows/installer_release.yml b/.github/workflows/installer_release.yml
@@ -1,15 +1,21 @@
 name: installer_release
 
 on:
-  release:
-    types: [published]
+  workflow_dispatch:
+  workflow_run:
+    workflows: ["Deploy Update to Live Server"]
+    types:
+      - completed
 
 permissions:
   contents: read
 
 jobs:
   make_installer:
     runs-on: ubuntu-latest
+    if: ${{ github.event_name == 'workflow_dispatch' || github.event.workflow_run.conclusion == 'success' }}
+    outputs:
+      release_tag: ${{ steps.release.outputs.tag }}
     steps:
       # See https://docs.stepsecurity.io/harden-runner/getting-started/ for instructions on
       # configuring harden-runner and identifying allowed endpoints.
@@ -20,6 +26,7 @@ jobs:
           allowed-endpoints: >
             *-docker.pkg.dev:443
             *.cloudfront.net:443
+            api.github.com:443
             azure.archive.ubuntu.com:80
             cdn.dl.k8s.io:443
             dl.k8s.io:443
@@ -47,10 +54,16 @@ jobs:
           sudo apt-get update
           sudo apt-get install -y makeself
         shell: bash
+      - name: Get latest release tag
+        env:
+          GH_TOKEN: ${{ github.token }}
+        id: release
+        run: |
+          echo "tag=$(gh release view --json tagName -q .tagName)" >> $GITHUB_OUTPUT
       - name: Make installer with release version
         run: |
           cd installer
-          ./make-combine-installer.sh ${{ github.event.release.tag_name }} --debug
+          ./make-combine-installer.sh ${{ steps.release.outputs.tag }} --debug
         shell: bash
       - name: Upload installer artifact
         uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
@@ -70,6 +83,7 @@ jobs:
         with:
           egress-policy: block
           allowed-endpoints: >
+            github.com:443
             s3.${{ secrets.AWS_DEFAULT_REGION }}.amazonaws.com:443
             sts.${{ secrets.AWS_DEFAULT_REGION }}.amazonaws.com:443
       - name: Download installer artifact
@@ -85,6 +99,6 @@ jobs:
           aws-region: ${{ secrets.AWS_DEFAULT_REGION }}
       - name: Upload installer to S3
         run: |
-          TARGET=s3://software.thecombine.app/combine-installer-${{ github.event.release.tag_name }}.run
+          TARGET=s3://software.thecombine.app/combine-installer-${{ needs.make_installer.outputs.release_tag }}.run
           aws s3 cp installer/combine-installer.run $TARGET --content-type application/octet-stream
         shell: bash
