Merge pull request #5860 from zeroclaw-labs/fix/release-tag-immutability

fix(ci): split tag push from release creation to avoid immutable-release error

Author: WareWolf-MoonWall

.github/workflows/release-stable-manual.yml

@@ -444,23 +444,22 @@ jobs:
           EVENT_NAME: ${{ github.event_name }}
           COMMIT_SHA: ${{ github.sha }}
         run: |
-          # For manual dispatch, use --target to create tag + release atomically
-          # via RELEASE_TOKEN (admin PAT) which bypasses tag protection rules.
-          # For tag push, the tag already exists — just create the release.
+          # For manual dispatch, push the tag explicitly via git first using
+          # the RELEASE_TOKEN checkout (admin PAT bypasses tag protection rules),
+          # then create the release for the existing tag. This avoids the GitHub
+          # "tag_name was used by an immutable release" API error that --target
+          # triggers when a same-named tag was previously used by a deleted
+          # immutable release.
+          # For tag push, the tag already exists — skip straight to release creation.
           if [[ "$EVENT_NAME" == "workflow_dispatch" ]]; then
-            gh release create "$TAG" release-assets/* \
-              --repo "$GITHUB_REPOSITORY" \
-              --title "$TAG" \
-              --notes-file release-notes.md \
-              --target "$COMMIT_SHA" \
-              --latest
-          else
-            gh release create "$TAG" release-assets/* \
-              --repo "$GITHUB_REPOSITORY" \
-              --title "$TAG" \
-              --notes-file release-notes.md \
-              --latest
+            git tag "$TAG" "$COMMIT_SHA"
+            git push origin "$TAG"
           fi
+          gh release create "$TAG" release-assets/* \
+            --repo "$GITHUB_REPOSITORY" \
+            --title "$TAG" \
+            --notes-file release-notes.md \
+            --latest
 
       - name: Remove CHANGELOG-next.md after stable release
         shell: bash