feat: auto desktop pre-release on every master merge

[iamvirul]

Summary

• Rewrites release.yml to trigger on every push to master instead of manual tags
• Generates a timestamp tag (build-YYYYMMDD-HHMMSS) automatically for each release
• Publishes a pre-release to the GitHub Releases section with Windows and macOS artifacts attached
• Auto-generates release notes from commits since the previous release

What this replaces

The previous release.yml referenced non-existent action versions (checkout@v6, upload-artifact@v7, download-artifact@v8, action-gh-release@v3) and required a manual v* tag push to trigger. This was never functional.

Build pipeline

push to master triggers:

• build-windows (windows-latest) produces BMS-windows-build-YYYYMMDD-HHMMSS.zip
• build-macos (macos-latest) produces BMS-macos-build-YYYYMMDD-HHMMSS.zip
• release job creates GitHub pre-release with both zips attached

macOS note

The app is ad-hoc signed so it runs locally. Gatekeeper will warn on first open -- right-click > Open to bypass. Full notarization requires Apple Developer credentials and is out of scope here.

Test plan

• Merge this PR and verify the workflow triggers
• Confirm a new pre-release appears under Releases with both zip files
• Verify the tag is build-YYYYMMDD-HHMMSS format
• Download and run both artifacts to confirm they launch

Summary by CodeRabbit

• Chores
  • Reworked the release workflow to run automatically on pushes to the master branch (Desktop Release).
  • Builds and packages only Windows and macOS, removing the previous web build and its release publication.
  • Generates a timestamped prerelease tag, downloads both platform artifacts, renames them with the tag, and uploads them to the prerelease.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: 13ae38fa-d060-4a79-a023-a1a770549007

📥 Commits

Reviewing files that changed from the base of the PR and between 25714f6 and 99431d1.

📒 Files selected for processing (1)

• .github/workflows/release.yml

🚧 Files skipped from review as they are similar to previous changes (1)

• .github/workflows/release.yml

---

📝 Walkthrough

Walkthrough

The GitHub Actions release workflow is rewritten to trigger on pushes to master instead of tags or manual dispatch. The web build job is removed; Windows and macOS build jobs now use SHA-pinned actions with credential persistence disabled and produce BMS-windows.zip and BMS-macos.zip. The release job generates a timestamped tag, renames artifacts, and publishes a prerelease.

Changes

Desktop Release Workflow Rewrite

Layer / File(s)	Summary
Workflow trigger and permissions .github/workflows/release.yml	Trigger changed from tag-based and workflow_dispatch to push on master; top-level permissions changed to contents: read with the release job explicitly using contents: write.
Windows and macOS build jobs .github/workflows/release.yml	Both jobs pin action versions by SHA, disable checkout credential persistence, update build/packaging commands (dart run build_runner on Windows; ditto on macOS), and upload BMS-windows.zip / BMS-macos.zip with short retention. Web build job is removed.
Timestamped prerelease publication .github/workflows/release.yml	Release job depends only on Windows/macOS jobs, generates a timestamped tag, downloads and renames both artifacts to include the tag, and publishes a GitHub prerelease via pinned softprops/action-gh-release with generated release notes and target_commitish: github.sha.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🐇 Hop hop, no more waiting for a tag,
Each push to master fills the release bag!
Windows and macOS, zipped up with care,
A timestamped prerelease floats in the air.
The web job is gone, the workflow is lean —
The cleanest CI this rabbit has seen! 🌟

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately summarizes the main change: automating desktop pre-releases on every master branch merge, which is the core objective of the workflow rewrite.
Description check	✅ Passed	The description comprehensively covers the Summary section, explains what is being replaced, details the build pipeline, addresses platform-specific considerations, and includes a test plan—aligning well with the template structure.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feat/desktop-release-workflow

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

Preview deployed

URL	https://getbms.github.io/bms/pr-21/
Commit	e97a251
Status	Live

Updates automatically on every push.

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

.github/workflows/release.yml (1)

78-80: ⚡ Quick win

Harden tag generation against rare collisions.

Line 80 uses second-level timestamps only; concurrent/near-simultaneous runs can generate the same tag and fail release creation.

Suggested hardening

-      - name: Generate timestamp tag
+      - name: Generate timestamp tag
         id: tag
-        run: echo "name=build-$(date -u +%Y%m%d-%H%M%S)" >> "$GITHUB_OUTPUT"
+        run: echo "name=build-$(date -u +%Y%m%d-%H%M%S)-${GITHUB_RUN_ID}-${GITHUB_RUN_ATTEMPT}" >> "$GITHUB_OUTPUT"

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/release.yml around lines 78 - 80, The tag generation in
the "Generate timestamp tag" step uses only second-level precision with the date
format %Y%m%d-%H%M%S, which can cause collisions when concurrent or
near-simultaneous workflow runs occur. Enhance the timestamp-based tag by adding
additional entropy such as milliseconds or microseconds from the date command,
or append a random component (like using $RANDOM or a UUID) to ensure uniqueness
across concurrent executions. The output variable name should remain unchanged
while updating the echo command that writes to GITHUB_OUTPUT to include this
additional collision-prevention measure.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/release.yml:
- Around line 7-8: The workflow currently has a top-level permissions block that
grants contents: write access to all jobs in the workflow, which unnecessarily
exposes repository write access during the build process. Move the contents:
write permission from the global permissions section to a job-specific
permissions block that applies only to the release job, ensuring build jobs do
not retain write access. Apply this same narrowing pattern to any other
job-level permissions blocks mentioned in the workflow to follow the principle
of least privilege.

---

Nitpick comments:
In @.github/workflows/release.yml:
- Around line 78-80: The tag generation in the "Generate timestamp tag" step
uses only second-level precision with the date format %Y%m%d-%H%M%S, which can
cause collisions when concurrent or near-simultaneous workflow runs occur.
Enhance the timestamp-based tag by adding additional entropy such as
milliseconds or microseconds from the date command, or append a random component
(like using $RANDOM or a UUID) to ensure uniqueness across concurrent
executions. The output variable name should remain unchanged while updating the
echo command that writes to GITHUB_OUTPUT to include this additional
collision-prevention measure.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: fb2bfbcb-1a0b-4dd3-8624-8b6a1242405b

📥 Commits

Reviewing files that changed from the base of the PR and between 2c7b9ac and 25714f6.

📒 Files selected for processing (1)

• .github/workflows/release.yml