Fix release workflow: GitHub token permissions and deprecated actions

## Problem

The release workflow is FAILING due to GitHub token permission issues and deprecated actions.

Latest run: https://github.com/getlumos/lumos/actions/runs/19602113902 (v0.1.1 tag)

Error: Resource not accessible by integration

Root Cause:
1. GITHUB_TOKEN lacks write permissions (Contents: read, needs: write)
2. Using deprecated actions/create-release@v1 (unmaintained since 2021)
3. Using deprecated actions/upload-release-asset@v1 (unmaintained)

---

## Current Workflow Issues

Problems in .github/workflows/release.yml:

1. Missing Permissions Block - Workflow does not explicitly grant write permissions
2. Deprecated Actions - actions/create-release@v1 and actions/upload-release-asset@v1 are no longer maintained
3. Missing Secret Validation - CARGO_REGISTRY_TOKEN used but not validated

---

## Proposed Solution

### 1. Add Permissions Block
Add after env block: permissions with contents write

### 2. Replace Deprecated Actions
Use softprops/action-gh-release@v1 or ncipollo/release-action@v1

### 3. Validate Secrets
Add validation step to check CARGO_REGISTRY_TOKEN exists before publishing

---

## Benefits
- Release workflow works without permission errors
- Modern maintained actions
- Better error messages
- Automated multi-platform binaries
- Auto-publish to crates.io

---

## Implementation Plan

Phase 1 Quick Fix:
- Add permissions: contents: write to release.yml
- Test with next version tag

Phase 2 Modernize Actions:
- Replace deprecated create-release and upload-release-asset actions
- Simplify workflow

Phase 3 Robustness:
- Add secret validation step
- Add dry-run mode for testing

---

## Testing Checklist

After fixing test with patch release:
- GitHub release created successfully
- Binaries uploaded for all platforms
- lumos-core published to crates.io
- lumos-cli published to crates.io
- lumos-lsp published to crates.io
- Release notes generated

---

## Required Secrets

Verify CARGO_REGISTRY_TOKEN exists at:
https://github.com/getlumos/lumos/settings/secrets/actions

Generate token at: https://crates.io/me/tokens
Scopes needed: publish-update permission

---

## References
- GitHub Actions permissions docs
- softprops/action-gh-release
- cargo publish documentation
- Previous failed run: https://github.com/getlumos/lumos/actions/runs/19602113902

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Fix release workflow: GitHub token permissions and deprecated actions #109

Problem

Current Workflow Issues

Proposed Solution

1. Add Permissions Block

2. Replace Deprecated Actions

3. Validate Secrets

Benefits

Implementation Plan

Testing Checklist

Required Secrets

References

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Uh oh!

Fix release workflow: GitHub token permissions and deprecated actions #109

Description

Problem

Current Workflow Issues

Proposed Solution

1. Add Permissions Block

2. Replace Deprecated Actions

3. Validate Secrets

Benefits

Implementation Plan

Testing Checklist

Required Secrets

References

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions