From b7c92e95caf04fecace756f1b90795a63598b1ac Mon Sep 17 00:00:00 2001
From: Markus Waldheim <mawa@if.de>
Date: Wed, 10 Jun 2026 12:43:45 +0200
Subject: [PATCH] ci: trigger binary release.yml workflow after semrel creates
 tag

GITHUB_TOKEN cannot trigger other workflows via tag push (GitHub security
restriction). Explicitly dispatch release.yml via `gh workflow run` so
binaries are built and GitHub Releases are created for every new semrel tag.
---
 .github/workflows/semrel-release.yaml | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/.github/workflows/semrel-release.yaml b/.github/workflows/semrel-release.yaml
index f40b7c0..a4a3d0b 100644
--- a/.github/workflows/semrel-release.yaml
+++ b/.github/workflows/semrel-release.yaml
@@ -87,6 +87,15 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
+      - name: Trigger binary build
+        if: steps.semrel.outputs.released == 'true'
+        run: |
+          TAG="${{ steps.semrel.outputs.tag }}"
+          echo "Triggering release.yml for tag $TAG"
+          gh workflow run release.yml --ref "$TAG" --repo "${{ github.repository }}"
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
       - name: Summary
         run: |
           if [ "${{ steps.semrel.outputs.released }}" = "true" ]; then