How to upload a file to a GitHub release in a workflow


I built a little CLI utility for converting RSS/Atom feeds to Markdown files called FeedMD.

I wanted to create a workflow which:

  • triggers when I create a relase
  • builds the application for each of the supported platforms
  • uploads the compiled binaries to the release I just created

The research

First thing I did was to search for the details on how to do this using ’that big search engine that shall not be named’. All I really found were a bunch of third party actions.

Honestly I was expecting some more GitHub CLI, I only found one reference buried in a StackOverflow answer. Third party actions have their place, but they’re not for doing routine work; they’re a lot to use securely. You’ll need to fork, code review, and actively keep your fork up to date etc…

The approach I took

I just used the GitHub CLI. I try to avoid pulling in actions from the marketplace if practical, especially is it’s for something simple. The GitHub CLI is pre-installed on all GitHub runners and allow you to run any GitHub CLI command. Including gh release upload <tag> <files>... which uploads files to a release with a specifc tag. Perfect.

Here’s the important parts of the deployment file

# Trigger this workflow on release
    types: [published]

# Make sure the GITHUB_TOKEN has permission to upload to our releases
  contents: write


# Build the FeedMD CLI utility, and upload to the release that triggered the workflow 
- name: '📦 Package windows x64'
    run: |
        cd ${{github.workspace}}
        dotnet publish feedmd.csproj -r win-x64 -c Release -o bin/win-x64
        zip -r bin/win-x64 -j
        gh release upload ${{github.event.release.tag_name}}        
      GITHUB_TOKEN: ${{ github.TOKEN }}
    shell: bash

You can view the full deployment file here.


Maybe this should have been a blog post about the problems of blindly trusting GitHub Actions in the marketplace. Who knows, at least we know how to simply and safely upload to our GitHub releases now.

Noticed an error or omission? Please look at submitting a pull request.