From a0a12a1ea4888ef624174df8ae0b3e377afbea25 Mon Sep 17 00:00:00 2001
From: MatteoPologruto <m.pologruto@arduino.cc>
Date: Thu, 23 Oct 2025 15:48:21 +0200
Subject: [PATCH 1/2] Automatically determine pre-releases

---
 .github/workflows/release.yml | 26 +++++++++++++++++++++++++-
 1 file changed, 25 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index af98bc2..41e2ca0 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -8,6 +8,9 @@ on:
 env:
   PROJECT_NAME: "arduino-flasher-cli"
   DIST_DIR: build
+  # The project's folder on Arduino's download server for uploading builds
+  AWS_PLUGIN_TARGET: /arduino-flasher-cli/
+  AWS_REGION: "us-east-1"
 
 jobs:
   build:
@@ -276,10 +279,31 @@ jobs:
           merge-multiple: true
           path: ${{ env.DIST_DIR }}
 
+      - name: Identify Prerelease
+        # This is a workaround while waiting for create-release action
+        # to implement auto pre-release based on tag
+        id: prerelease
+        run: |
+          wget \
+            -q \
+            -P /tmp https://github.com/fsaintjacques/semver-tool/archive/3.2.0.zip
+
+          unzip \
+            -p /tmp/3.2.0.zip semver-tool-3.2.0/src/semver \
+          >/tmp/semver
+
+          chmod \
+            +x \
+            /tmp/semver
+
+          if [[ "$(/tmp/semver get prerel "${GITHUB_REF/refs\/tags\//}")" ]]; then
+            echo "IS_PRE=true" >>$GITHUB_OUTPUT
+          fi
+
       - name: Upload artifacts index
         uses: ncipollo/release-action@v1
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
           draft: false
-          prerelease: true
+          prerelease: ${{ steps.prerelease.outputs.IS_PRE }}
           artifacts: ${{ env.DIST_DIR }}/*

From 1cb31e754aa69799ce8531d2cc92b50d0138ac2c Mon Sep 17 00:00:00 2001
From: MatteoPologruto <m.pologruto@arduino.cc>
Date: Thu, 23 Oct 2025 15:59:30 +0200
Subject: [PATCH 2/2] Push releases to the downloads bucket

---
 .github/workflows/release.yml | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 41e2ca0..087f957 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -267,6 +267,10 @@ jobs:
   create-release:
     runs-on: ubuntu-24.04
     needs: [build, sign-windows-executable, notarize-macos]
+    environment: production
+    permissions:
+      contents: write
+      id-token: write # This is required for requesting the JWT
     steps:
       - name: Checkout
         uses: actions/checkout@v4
@@ -307,3 +311,18 @@ jobs:
           draft: false
           prerelease: ${{ steps.prerelease.outputs.IS_PRE }}
           artifacts: ${{ env.DIST_DIR }}/*
+
+      - name: configure aws credentials
+        uses: aws-actions/configure-aws-credentials@v5
+        with:
+          role-to-assume: ${{ secrets.AWS_IAM_ROLE }}
+          role-session-name: "github_${{ env.PROJECT_NAME }}"
+          aws-region: ${{ env.AWS_REGION }}
+        if: ${{ steps.prerelease.outputs.IS_PRE != 'true' }}
+
+      - name: Upload release files on Arduino downloads servers
+        run: |
+          aws s3 sync \
+            ${{ env.DIST_DIR }} \
+            s3://${{ secrets.DOWNLOADS_BUCKET }}${{ env.AWS_PLUGIN_TARGET }}
+        if: ${{ steps.prerelease.outputs.IS_PRE != 'true' }}