ci: add release workflow with permanent skill ZIP download

stanwu · claude · stanwu · commit fd6c6d704c7e · 2026-03-20T16:19:46.000+08:00
Create GitHub Release with scan-epub-skill.zip on tag push.
Tests run before release. Update README download link to Releases page.

Co-Authored-By: Claude Opus 4.6 (1M context) &lt;noreply@anthropic.com&gt;
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -0,0 +1,58 @@
+name: Release
+
+on:
+  push:
+    tags: ["v*"]
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        python-version: ["3.9", "3.10", "3.11", "3.12", "3.13"]
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Python ${{ matrix.python-version }}
+        uses: actions/setup-python@v5
+        with:
+          python-version: ${{ matrix.python-version }}
+
+      - name: Install dependencies
+        run: pip install -r requirements-dev.txt
+
+      - name: Lint with ruff
+        run: ruff check epub_safety_scanner.py test_epub_safety_scanner.py
+
+      - name: Format check with ruff
+        run: ruff format --check epub_safety_scanner.py test_epub_safety_scanner.py
+
+      - name: Type check with mypy
+        run: mypy epub_safety_scanner.py
+
+      - name: Security check with bandit
+        run: bandit -c pyproject.toml -r epub_safety_scanner.py
+
+      - name: Run tests
+        run: pytest -v
+
+  release:
+    runs-on: ubuntu-latest
+    needs: test
+    permissions:
+      contents: write
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Package skill ZIP
+        run: |
+          cp epub_safety_scanner.py skills/scan-epub/epub_safety_scanner.py
+          cd skills && zip -r ../scan-epub-skill.zip scan-epub/
+
+      - name: Create GitHub Release
+        uses: softprops/action-gh-release@v2
+        with:
+          files: scan-epub-skill.zip
+          generate_release_notes: true
diff --git a/README.md b/README.md
@@ -7,7 +7,7 @@ Detect and fix malicious content embedded in EPUB files. Scans entirely in-memor
 > [!TIP]
 > For security, always download from this GitHub repository directly. Do not download from third-party sources.
 
-**[Download scan-epub-skill.zip](https://github.com/stanwu/epub-safety-scanner/actions/workflows/ci.yml?query=branch%3Amain+is%3Asuccess)** — go to the latest successful run, scroll to **Artifacts**, and download `scan-epub-skill`.
+**[Download scan-epub-skill.zip](https://github.com/stanwu/epub-safety-scanner/releases/latest)** from the latest release.
 
 ## Features
 
