GHA-287 Support gh-action_release v7#145
GHA-287 Support gh-action_release v7#145alex-meseldzija-sonarsource wants to merge 7 commits intomasterfrom
Conversation
hashicorp-vault-sonar-prod
Bot
changed the title
SummaryAdds This PR makes the Key change: v7 uses a draft-first flow where releases are always created as drafts and the action only passes Documentation updated throughout to reflect v7 changes, with examples showing the simplified workflow inputs.
|
![sonar-review-alpha[bot]](https://avatars.githubusercontent.com/in/3025063?s=60&v=4){kind=small}
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
alex-meseldzija-sonarsource
force-pushed
the
alex/v7
branch
from
0f526c4 to
9773338
Compare
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
alex-meseldzija-sonarsource
force-pushed
the
alex/v7
branch
from
9b549af to
4427f2b
Compare
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
jonas-wielage-sonarsource
left a comment
jonas-wielage-sonarsource
left a comment
There was a problem hiding this comment.
There's a lot of good changes already and I think the support for v7 works with the changes. (Did you validate this?)
However we can't just break compatibility with v6, we need to be backwards compatible for a while (especially so close to a SQS release)
| # Trigger the workflow — gh-action_release v7 will reuse the draft | ||
| # created above and publish it after successful artifact promotion | ||
| gh workflow run "$RELEASE_WORKFLOW" \ | ||
| --repo "${{ github.repository }}" \ | ||
| --ref $GITHUB_REF \ | ||
| -f "version=$VALIDATED_VERSION" \ | ||
| -f "releaseId=$RELEASE_ID_VALUE" \ | ||
| -f "dryRun=$DRAFT_MODE" | ||
| -f "dryRun=$DRY_RUN" |
There was a problem hiding this comment.
While this is now supporting v7, this change is essentially breaking all release workflows for users still on v6.
Especially so close to SQS release, we shouldn't expect users to migrate to v7 before they can release.
My suggestion:
Verify which release flow is used and then either add the releaseId or not.
Something like this (but cleaned up)
# Fetch the workflow YAML once
WORKFLOW_YAML=$(gh workflow view "$RELEASE_WORKFLOW" --repo "${{ github.repository }}" --yaml)
ON_V7 = "false"
if echo "$WORKFLOW_YAML" | grep -q "main.yaml@v7"; then
ON_V7 = "true"
fi
V6_ADDITIONAL_INPUT=""
if [[ "$ON_V7" != "true" ]]; then
V6_ADDITIONAL_INPUT="-f "releaseId=$RELEASE_ID_VALUE""
fi
....
gh workflow run "$RELEASE_WORKFLOW" \
--repo "${{ github.repository }}" \
--ref $GITHUB_REF \
-f "version=$VALIDATED_VERSION" \
-f "dryRun=$DRY_RUN" \
$V6_ADDITIONAL_INPUT
There was a problem hiding this comment.
Good idea! I figured it would have to be a breaking change, but didnt think about actually parsing the yaml.
| $NOTES_FLAG \ | ||
| $DRAFT_FLAG) | ||
| --draft) |
There was a problem hiding this comment.
In order to support v6 we still need to be able to not create draft PR's.
| - **When `draft=true`**: If a release with the same title already exists, the action logs a warning and skips creation without failing. | ||
| - **When `draft=false`**: If an existing draft release with the same title is found, it will be published instead of creating a new release. If a published release with the same title already exists, the action will fail with an error. | ||
| - **When using v7**: Existing drafts are reused (idempotent). Existing published releases cause an error. |
There was a problem hiding this comment.
The first two bullets describe v6-only behavior, but there's no label saying so. For v7 callers, neither bullet applies — the behavior is always governed by the third bullet regardless of whether draft is true or false. Suggest making the v6 scope explicit:
- When
draft=true(v6 only): … - When
draft=false(v6 only): … - When using v7: …
Otherwise a v7 user reading the first bullet would expect a warning when an existing release is found, but the code silently reuses the draft.
| - **When `draft=true`**: If a release with the same title already exists, the action logs a warning and skips creation without failing. | |
| - **When `draft=false`**: If an existing draft release with the same title is found, it will be published instead of creating a new release. If a published release with the same title already exists, the action will fail with an error. | |
| - **When using v7**: Existing drafts are reused (idempotent). Existing published releases cause an error. | |
| - **When `draft=true` (v6 only)**: If a release with the same title already exists, the action logs a warning and skips creation without failing. | |
| - **When `draft=false` (v6 only)**: If an existing draft release with the same title is found, it will be published instead of creating a new release. If a published release with the same title already exists, the action will fail with an error. | |
| - **When using v7**: Existing drafts are reused (idempotent). Existing published releases cause an error. |
- Mark as noise
| The action: | ||
| - Uses the GitHub CLI (`gh`) to create releases and trigger workflows | ||
| - Validates version input using either the `release-version` input or `RELEASE_VERSION` environment variable | ||
| - Detects `gh-action_release` version by grepping the caller's release workflow for `@v6` or `@v7` |
There was a problem hiding this comment.
This says the action greps for @v6 or @v7, but the detection code (action.yml line 70) only greps for @v6. Anything that doesn't match is treated as v7 by default — there's no explicit v7 pattern. The description is misleading for anyone trying to understand or debug the detection logic.
| - Detects `gh-action_release` version by grepping the caller's release workflow for `@v6` or `@v7` | |
| - Detects `gh-action_release` version by grepping the caller's release workflow for `@v6`; defaults to v7 if not found |
- Mark as noise
| - name: Publish GitHub Release | ||
| id: publish-github-release | ||
| uses: SonarSource/release-github-actions/publish-github-release@v1 | ||
| uses: SonarSource/release-github-actions/publish-github-release@alex/v7 |
There was a problem hiding this comment.
This is for testing and needs to be reverted before merge.
It is hard to validate the V7 behaviour fully as the dry-run skips the step that picks up or creates the draft release.
I have a test with sonar-vb pointing at this branch.
Test run can be found here.
Which triggered this dry-run release which is green
2 participants
Part of NET-2437
Might be easiest to review by commit: