fix(ci): dry run mode verifies permissions

Author: Times-Z

.github/workflows/ci.yml

@@ -54,6 +54,11 @@ jobs:
     name: Build with PlatformIO
     needs: [shellcheck, static-analysis]
     runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      issues: read
+      pull-requests: read
+      packages: read
 
     steps:
       - name: Checkout code
@@ -78,23 +83,22 @@ jobs:
       - name: Install PlatformIO
         run: pip install platformio
 
-      - name: Install semantic-release (dry-run)
+      - name: Install semantic-release and plugins (dry-run)
         if: github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/')
-        run: npm install -g semantic-release @semantic-release/commit-analyzer
+        run: npm install -g semantic-release @semantic-release/changelog @semantic-release/git @semantic-release/github
 
       - name: Compute next version and create local tag
         if: github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/')
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: |
-          DRY_RUN_OUTPUT="$(semantic-release --dry-run --no-ci --plugins @semantic-release/commit-analyzer 2>&1 || true)"
+          DRY_RUN_OUTPUT="$(semantic-release --dry-run --no-ci 2>&1 || true)"
           echo "$DRY_RUN_OUTPUT"
 
           NEXT_VERSION="$(printf '%s\n' "$DRY_RUN_OUTPUT" | sed -nE 's/.*next release version is ([0-9]+\.[0-9]+\.[0-9]+).*/\1/p' | tail -n 1)"
           if [ -n "$NEXT_VERSION" ]; then
-            TAG_NAME="v$NEXT_VERSION"
-            git tag -f "$TAG_NAME" "$GITHUB_SHA"
-            echo "Created local tag: $TAG_NAME"
+            git tag -f "v$NEXT_VERSION" "$GITHUB_SHA"
+            echo "Created local tag: v$NEXT_VERSION"
             git describe --tags --always --dirty=-dev --broken=-dev --abbrev=2
           else
             echo "No next release version detected, fallback to existing tags"