From 37f4146b5ded5a99c9403a2cd5ae29f3248f9bcf Mon Sep 17 00:00:00 2001
From: chrisbloe <kris.bloe2@nhs.net>
Date: Tue, 17 Mar 2026 14:01:46 +0000
Subject: [PATCH 1/2] [PRM-691] Inherit the secrets

---
 .github/workflows/tool-create-release.yml | 16 ++--------------
 1 file changed, 2 insertions(+), 14 deletions(-)

diff --git a/.github/workflows/tool-create-release.yml b/.github/workflows/tool-create-release.yml
index 71d4f444..9030a8cd 100644
--- a/.github/workflows/tool-create-release.yml
+++ b/.github/workflows/tool-create-release.yml
@@ -16,6 +16,7 @@ jobs:
   create_release:
     name: Create Release
     runs-on: ubuntu-latest
+    environment: dev
     permissions:
       contents: write
       id-token: write
@@ -49,20 +50,6 @@ jobs:
           git tag $tag
           git push origin $tag
 
-      - name: Update floating tag (minor versions)
-        if: endsWith(env.tag, '.0.0') != true
-        run: |
-          git config user.name "github-actions"
-          git config user.email "github-actions@github.com"
-          floating_tag="v${tag%%.*}"
-          git tag -d $floating_tag
-          echo "${floating_tag} deleted locally."
-          git push --delete origin $floating_tag
-          echo "${floating_tag} deleted from origin."
-          git tag -a $floating_tag -m "Floating tag for v${tag%%.*}"
-          git push origin $floating_tag
-          echo "${floating_tag} pushed to origin."
-
       - name: Create new floating tag (Major Version)
         if: endsWith(env.tag, '.0.0')
         run: |
@@ -81,3 +68,4 @@ jobs:
     uses: NHSDigital/orphaned-record-continuity/.github/workflows/tool-create-release.yml@cfad34f8d0788ae346cc1ece251d5b6c8a3b5ee5
     with:
       tag: ${{ inputs.tag }}
+    secrets: inherit

From 866a5dfe8825c1853db333e76e0e18184b91609e Mon Sep 17 00:00:00 2001
From: chrisbloe <kris.bloe2@nhs.net>
Date: Tue, 17 Mar 2026 14:05:16 +0000
Subject: [PATCH 2/2] Pass IAM_ROLE secret only

---
 .github/workflows/tool-create-release.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/tool-create-release.yml b/.github/workflows/tool-create-release.yml
index 9030a8cd..8def37df 100644
--- a/.github/workflows/tool-create-release.yml
+++ b/.github/workflows/tool-create-release.yml
@@ -68,4 +68,5 @@ jobs:
     uses: NHSDigital/orphaned-record-continuity/.github/workflows/tool-create-release.yml@cfad34f8d0788ae346cc1ece251d5b6c8a3b5ee5
     with:
       tag: ${{ inputs.tag }}
-    secrets: inherit
+    secrets:
+      IAM_ROLE: ${{ secrets.IAM_ROLE }}