Fix release.yml: move HOMEBREW_TAP_TOKEN guard into steps

GitHub Actions rejects `secrets.*` in job-level `if:` conditions at
runtime (job-level `if` is evaluated before secrets are available),
causing the workflow to abort in 0s with "workflow file issue" on
every trigger. Moving the guard into a step-level check that writes
`HOMEBREW_TAP_SKIP` to GITHUB_ENV lets the rest of the steps
conditionally no-op when the tap token isn't configured.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

.github/workflows/release.yml

@@ -70,15 +70,24 @@ jobs:
   update_homebrew_tap:
     name: Update Homebrew tap
     needs: build_release
-    if: ${{ secrets.HOMEBREW_TAP_TOKEN != '' }}
     runs-on: ubuntu-latest
     permissions:
       contents: read
+    env:
+      HOMEBREW_TAP_TOKEN: ${{ secrets.HOMEBREW_TAP_TOKEN }}
     steps:
+      - name: Skip if HOMEBREW_TAP_TOKEN is not configured
+        if: env.HOMEBREW_TAP_TOKEN == ''
+        run: |
+          echo "HOMEBREW_TAP_TOKEN is not set; skipping Homebrew tap update."
+          echo "HOMEBREW_TAP_SKIP=1" >> "$GITHUB_ENV"
+
       - name: Checkout source
+        if: env.HOMEBREW_TAP_SKIP != '1'
         uses: actions/checkout@v5.0.1
 
       - name: Checkout Homebrew tap
+        if: env.HOMEBREW_TAP_SKIP != '1'
         uses: actions/checkout@v5.0.1
         with:
           repository: ModernRelay/homebrew-tap
@@ -86,12 +95,14 @@ jobs:
           path: homebrew-tap
 
       - name: Update formula from release assets
+        if: env.HOMEBREW_TAP_SKIP != '1'
         env:
           GH_TOKEN: ${{ github.token }}
         run: |
           ./scripts/update-homebrew-formula.sh "${GITHUB_REF_NAME}" homebrew-tap/Formula/omnigraph.rb
 
       - name: Commit and push formula update
+        if: env.HOMEBREW_TAP_SKIP != '1'
         working-directory: homebrew-tap
         run: |
           if git diff --quiet -- Formula/omnigraph.rb; then