Keep prereleases out of stable package channels

[robzolkos]

Summary

This keeps prerelease tags out of the normal package-manager upgrade path while still producing GitHub release artifacts for technical testers.

A stable tag like v4.0.0 still behaves as a normal release. A prerelease tag like v4.0.0-beta1 is treated as a tester-only prerelease unless someone explicitly downloads/installs it.

Surface behavior examples

Surface	v4.0.0 stable tag	v4.0.0-beta1 prerelease tag
GitHub Releases	Published as a normal release and eligible to become latest.	Published as a GitHub prerelease and explicitly not marked latest.
Release assets	Uploads binaries, archives, checksums, SBOMs, .deb, and .rpm artifacts.	Uploads the same assets for explicit tester download/install.
curl installer	Follows GitHub releases/latest, so it can install v4.0.0.	Does not install the beta via releases/latest; testers must download assets explicitly.
Homebrew	Updates normal basecamp/tap/fizzy; brew upgrade fizzy can move users to v4.0.0.	Does not update the normal cask (skip_upload: auto), so brew upgrade fizzy stays on stable.
Scoop	Updates normal fizzy manifest.	Does not update the normal manifest (skip_upload: auto), so normal Scoop upgrades stay on stable.
AUR	Updates normal fizzy-cli package if AUR_KEY is configured.	Skips the AUR publish job, so AUR users stay on stable.
Go install	Tag exists for explicit version installs.	Prerelease tag exists for explicit version installs; no package-manager manifest is updated.

Changes

• Add GoReleaser release.prerelease: auto.
• Set GoReleaser release.make_latest false for prerelease tags.
• Add skip_upload: auto for Homebrew cask publishing.
• Add skip_upload: auto for Scoop manifest publishing.
• Skip the AUR publish job when the tag contains a prerelease suffix (-).
• Document the beta/prerelease flow in RELEASING.md.

Validation

• goreleaser check
• actionlint .github/workflows/release.yml
• YAML parse for .goreleaser.yaml and .github/workflows/release.yml
• git diff --check

---

Summary by cubic

Keep prerelease tags out of stable package channels while still shipping GitHub prerelease assets for testers. Stable tags install normally; prerelease tags like v4.0.0-beta1 are not marked latest and do not update Homebrew, Scoop, or AUR.

• Refactors
  • Set release.prerelease: auto and template make_latest to false for prerelease tags in GoReleaser.
  • Add skip_upload: auto to homebrew_casks and scoops so stable basecamp/homebrew-tap manifests aren’t updated on prereleases.
  • Gate the AUR publish job to stable tags only (!contains(github.ref_name, '-')) in the release workflow.
  • Document the prerelease flow and examples in RELEASING.md.

^{Written for commit d1ad54b. Summary will update on new commits. Review in cubic}

[github-actions]

Sensitive Change Detection (shadow mode)

This PR modifies control-plane files:

• .github/workflows/release.yml
• .goreleaser.yaml

Shadow mode — this check is informational only. When activated, changes to these paths will require approval from a maintainer.

[cubic-dev-ai]

No issues found across 3 files

[Copilot]

Pull request overview

This PR adjusts the release pipeline so SemVer prerelease tags (e.g., v4.0.0-beta1, v4.1.0-rc.1) still generate GitHub release artifacts for testers, but do not flow into stable package-manager upgrade channels (Homebrew/Scoop/AUR) or become GitHub “latest”.

Changes:

• Configure GoReleaser to auto-mark prereleases and avoid publishing Homebrew/Scoop updates for prerelease tags.
• Update the GitHub Actions release workflow to skip the AUR publish job for prerelease tags.
• Document the stable vs prerelease release flow in RELEASING.md.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.

File	Description
RELEASING.md	Documents prerelease intent/behavior and clarifies which channels are stable-only.
.goreleaser.yaml	Adds prerelease/latest behavior and skips Homebrew/Scoop uploads for prerelease tags.
.github/workflows/release.yml	Skips AUR publishing when the tag indicates a prerelease.

Tip

If you aren't ready for review, convert to a draft PR.
Click "Convert to draft" or run gh pr ready --undo.
Click "Ready for review" or run gh pr ready to reengage.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.