chore: add workflow stubs for testing

[ignaciosantise]

Summary

Temporary stub workflows to enable workflow_dispatch from feature branches.

These are placeholders that will be replaced by the full implementation when PR #311 is merged.

Purpose

Allows testing the consolidated workflows on chore/ci-improvements branch before merging:

gh workflow run release-appkit.yaml \
  --ref chore/ci-improvements \
  -f platform=android \
  -f release-type=internal \
  -f e2e-build=false

Files Added

• release-appkit.yaml (stub)
• release-walletkit.yaml (stub)
• release-pos.yaml (stub)

Note: Merge this first, then test PR #311, then merge PR #311 which will replace these stubs.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Review	Updated (UTC)
react-native-examples	Ready	Preview, Comment	Jan 12, 2026 7:00pm

[claude]

Claude finished @ignaciosantise's task in 34s —— View job

---

Review Complete

✅ No issues found

---

Automated Checks

✅ No external domain URLs detected
✅ No cache-control issues detected
✅ No workflow security issues detected
✅ No WalletConnect Pay architecture violations detected

---

The stub workflows are minimal and secure. They only use workflow_dispatch trigger (manual dispatch only), run on ubuntu-latest, and execute a simple echo command. No security risks introduced.

In general, the fix is to explicitly define a permissions block for the workflow (or specific jobs) that grants only the minimal required scopes to GITHUB_TOKEN. For a stub job that only runs a shell echo command and does not interact with the GitHub API or repository contents, the safest and most accurate configuration is to fully disable GITHUB_TOKEN by setting permissions: {} at the workflow level.

Concretely, in .github/workflows/release-appkit.yaml, add a permissions: {} block near the top of the workflow (after the name: line and before on:) so that it applies to all jobs. This ensures that the stub job has no token permissions at all, matching its current behavior and not changing any existing functionality. No imports or additional definitions are needed because this is a YAML configuration change only.

In general, the fix is to explicitly define a permissions block for the workflow or for the specific job, setting the GITHUB_TOKEN to the minimal required permissions. Since this stub job does not interact with GitHub APIs at all, we can safely set permissions: contents: read at the workflow level, which is the typical minimal baseline and satisfies the CodeQL recommendation while preserving behavior.

The best way to fix this without changing functionality is to add a workflow-level permissions section just after the name field (around line 4), before the on: block. This ensures all jobs in this workflow default to these restricted permissions. Concretely, in .github/workflows/release-pos.yaml, insert:

permissions:
  contents: read

between the existing name: Release Mobile POS line and the on: block. No additional imports, methods, or other definitions are needed, as this is purely a YAML configuration change to the GitHub Actions workflow.

In general, the fix is to explicitly specify permissions for the workflow or each job so that the GITHUB_TOKEN is restricted to the minimum needed (or fully disabled) rather than inheriting potentially broad repository defaults.

For this specific stub workflow, the job only prints a message and does not interact with the GitHub API, so the safest and least-privileged configuration is to set permissions: {} at the workflow (top) level. This disables all default permissions for GITHUB_TOKEN for all jobs in this workflow. Concretely, in .github/workflows/release-walletkit.yaml, add a permissions: {} block near the top-level metadata (e.g., after the name: line and before the on: block). No other functionality changes are required and no additional imports or methods are needed, since this is pure YAML configuration.

[Copilot]

Pull request overview

This PR adds three stub workflow files to enable workflow_dispatch testing from feature branches. These are temporary placeholders that will be replaced when PR #311 is merged.

Changes:

• Added stub workflow files for AppKit, WalletKit, and Mobile POS releases
• Each stub defines workflow inputs matching the intended final implementation
• All stubs execute a simple echo statement to indicate they are placeholders

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 1 comment.

File	Description
.github/workflows/release-appkit.yaml	Stub workflow for AppKit releases with platform, release-type, and e2e-build inputs
.github/workflows/release-walletkit.yaml	Stub workflow for WalletKit releases with platform, release-type, and e2e-build inputs
.github/workflows/release-pos.yaml	Stub workflow for Mobile POS releases with platform and variant inputs

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The description for the 'e2e-build' parameter mentions "AppKit SDK repo tests" in the WalletKit workflow. This should reference WalletKit instead of AppKit for consistency, since this is the WalletKit release workflow.

Suggested change

	description: 'Build for E2E tests (uploads to S3 for AppKit SDK repo tests)'
	description: 'Build for E2E tests (uploads to S3 for WalletKit SDK repo tests)'