feat(release): id-token write permissions (#26) #5

	name: Release
	on:
	push:
	branches:
	- main
	- master

	permissions:
	id-token: write # Required to authenticate with ECR
	contents: write # Required to create tags & GitHub Releases

	jobs:
	release:
	runs-on: ubuntu-latest
	concurrency:
	group: ${{ github.workflow }}-release-${{ github.ref_name }}
	cancel-in-progress: false
	environment:
	name: release-ecr

	steps:
	# Use a merge queue to avoid `main` commit race conditions.
	- name: Checkout release branch
	uses: actions/checkout@v4
	with:
	ref: ${{ github.ref_name }}
	fetch-depth: 0
	fetch-tags: true

	- name: Setup Python
	uses: actions/setup-python@v5

	- name: Install uv
	uses: astral-sh/setup-uv@v6.4.3

	- name: Setup
	run: uv run task setup

	- name: Build
	run: uv run task build

	- name: Setup AWS
	uses: aws-actions/configure-aws-credentials@v4
	with:
	aws-region: ${{ vars.AWS_REGION }}
	role-to-assume: ${{ vars.AWS_ROLE_ARN }}
	role-session-name: github-actions-release-ecr

	- name: Release (ECR)
	run: uv run task release-ecr-no-build

Provide feedback