Add winget auto-submission workflow

[twibster]

Summary

• Adds .github/workflows/winget.yml — fires on release: released, uses vedantmgoyal9/winget-releaser@v2 to submit each new ScreenSound release to microsoft/winget-pkgs as twibster.ScreenSound.
• Includes a workflow_dispatch retry lane with an optional tag input so any prior release can be (re)submitted without re-cutting a release.
• installers-regex filters the release assets down to the Inno Setup ScreenSound-Setup-*.exe — the portable zip isn't a winget-installable artifact and would fail validation.
• CI-only change — no app code touched. Labeled release:skip so merging doesn't cut a version.

One-time setup required before this is useful

The workflow will fail on its first run until these three things are done. None of them can be scripted — they all require your GitHub account.

1. Fork microsoft/winget-pkgs to the twibster account. One click on the upstream repo. The fork is the staging area the action pushes manifest commits to before opening the upstream PR.
2. Create a classic Personal Access Token at https://github.com/settings/tokens — scope: public_repo only. Give it a descriptive name (e.g. ScreenSound winget-releaser) and a reasonable expiry (12 months is fine; calendar a reminder).
3. Add the PAT as a repo secret named exactly WINGET_TOKEN at https://github.com/twibster/ScreenSound/settings/secrets/actions.

GITHUB_TOKEN can't replace the PAT — the default token is scoped to this repo, so it can't push to twibster/winget-pkgs (our fork) or open a PR targeting microsoft/winget-pkgs.

First submission expectations

Microsoft's reviewers manually validate every new package's first submission to winget-pkgs (spam / brand / quality checks). That PR usually gets a response within a few days. Once merged, all subsequent updates auto-merge faster. If reviewers request changes, they'll comment on the PR — you'll see it via GitHub notifications on the microsoft/winget-pkgs PR.

Most fields are auto-detected from the Inno Setup installer's metadata (AppName, AppPublisher, AppId → PackageName, Publisher, ProductCode). Description, Tags, License, etc. come from the GitHub repo metadata and csproj <Description>. If reviewers push back on any of those, we'll tweak and push a new release.

Ordering note

First auto-submission will fire on the release after this lands on main. v2.1.0 already shipped without winget — that's per your "start with next release" choice. If you later decide v2.1.0 should go to winget too, trigger the workflow_dispatch with tag: v2.1.0 after the setup above is done.

Test plan

• Workflow file parses cleanly — GitHub shows no syntax errors under Actions
• One-time setup completed (fork, PAT, secret)
• Next release (v2.x.y) triggers the workflow and it reaches the vedantmgoyal9/winget-releaser step without auth failure
• Upstream PR to microsoft/winget-pkgs gets opened with correct twibster.ScreenSound identifier and the ScreenSound-Setup-*.exe as the sole installer
• winget install twibster.ScreenSound works from a clean Windows box once reviewers merge the upstream PR

Summary by CodeRabbit

• Chores
  • ScreenSound releases are now published to Windows Package Manager (winget) for easier installation and automatic updates on Windows.
  • Publishing runs automatically when a release is published and can also be triggered manually to submit installer builds.
  • Added weekly Dependabot updates for GitHub Actions workflows to keep CI tooling up to date (update PRs labeled to skip releases).

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: 6bdbe673-e4c5-45ea-9038-bf10d2350173

📥 Commits

Reviewing files that changed from the base of the PR and between a5d278e and 220262c.

📒 Files selected for processing (1)

• .github/dependabot.yml

✅ Files skipped from review due to trivial changes (1)

• .github/dependabot.yml

---

📝 Walkthrough

Walkthrough

Adds a new GitHub Actions workflow .github/workflows/winget.yml to publish ScreenSound release installer .exe artifacts to microsoft/winget-pkgs (package id twibster.ScreenSound) on release released events and via manual dispatch; also adds .github/dependabot.yml to enable weekly Dependabot updates for GitHub Actions.

Changes

Cohort / File(s)	Summary
Winget Publish Workflow .github/workflows/winget.yml	New workflow that publishes ScreenSound release .exe installers to microsoft/winget-pkgs using vedantmgoyal9/winget-releaser. Triggers on release released and workflow_dispatch (optional tag input); filters artifacts via installers-regex and uses WINGET_TOKEN for auth.
Dependabot config .github/dependabot.yml	New Dependabot configuration enabling weekly updates for github-actions in workflows, applying the release:skip label to generated PRs.

Sequence Diagram(s)

sequenceDiagram
    participant Release as "GitHub Release"
    participant Actions as "GitHub Actions"
    participant Releaser as "vedantmgoyal9/winget-releaser"
    participant WingetRepo as "microsoft/winget-pkgs"

    Release->>Actions: trigger on release (type: released) or workflow_dispatch(tag)
    Actions->>Actions: read release artifacts\nfilter by '^ScreenSound-Setup-.*\.exe$'
    Actions->>Releaser: invoke action with filtered installers\npass release-tag & WINGET_TOKEN
    Releaser->>WingetRepo: submit manifest & installer info
    WingetRepo-->>Releaser: accept/reject response
    Releaser-->>Actions: return publish result
    Actions-->>Release: workflow completion/status

Loading

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Poem

🐰 I hopped through tags and CI light,
I found the .exe and set it right,
With a token twinkle and a tiny cheer,
ScreenSound sails to Winget near,
Hooray — a rabbit's release delight! 🎉

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the main change: adding a GitHub Actions workflow for automated Winget package submission on releases.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feat/winget-release

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/winget.yml:
- Line 50: Replace the mutable tag on the GitHub Action usage
"vedantmgoyal9/winget-releaser@v2" with a specific commit SHA to pin the
dependency; update the workflow step that references
vedantmgoyal9/winget-releaser@v2 so it uses
vedantmgoyal9/winget-releaser@<full-commit-sha> (obtain the SHA from the action
repository's commit you trust), commit the updated workflow, and optionally add
a brief comment noting the pinned SHA and rationale for future updates.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: 56f4590d-ead2-4407-beb4-febd6690f1b4

📥 Commits

Reviewing files that changed from the base of the PR and between 505bd2d and b96f407.

📒 Files selected for processing (1)

• .github/workflows/winget.yml