chore: skip github release and use gpg signed tag flow#222
Conversation
|
Important Review skippedAuto incremental reviews are disabled on this repository. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
WalkthroughThis PR consolidates OpenFGA release automation by moving three reusable workflow references from the ChangesRelease automation consolidation and configuration
Estimated code review effort🎯 1 (Trivial) | ⏱️ ~3 minutes Possibly related PRs
Suggested reviewers
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Pull request overview
This PR updates the repository’s release-please configuration to stop creating GitHub Release objects, aligning releases around tag-based workflows (per the PR title’s intent to skip GitHub Releases).
Changes:
- Set
skip-github-releasetotruein release-please config. - Remove the prior
draftandforce-tag-creationsettings from the config.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
🧹 Nitpick comments (1)
.github/workflows/main.yaml (1)
290-290: ⚖️ Poor tradeoffPin reusable workflow
usesto a commit SHA instead of@main.
uses: openfga/.github/.github/workflows/undraft-release.yml@mainpulls changes from the.githubrepo’s movingmainbranch. GitHub supports pinning reusable workflows from other repositories to a commit SHA in the@{ref}position, so replacing@mainwith a commit SHA would harden the supply chain. Confirm whether the org allows moving refs for internal reusable workflows before deciding.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In @.github/workflows/main.yaml at line 290, The reusable workflow reference uses an unfixed ref (uses: openfga/.github/.github/workflows/undraft-release.yml@main); replace the trailing `@main` with a specific commit SHA (or an org-approved immutable tag/ref) to pin the external workflow and prevent implicit updates — update the uses entry to the chosen SHA and, if required by org policy, confirm/record that moving refs are allowed before merging.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Nitpick comments:
In @.github/workflows/main.yaml:
- Line 290: The reusable workflow reference uses an unfixed ref (uses:
openfga/.github/.github/workflows/undraft-release.yml@main); replace the
trailing `@main` with a specific commit SHA (or an org-approved immutable tag/ref)
to pin the external workflow and prevent implicit updates — update the uses
entry to the chosen SHA and, if required by org policy, confirm/record that
moving refs are allowed before merging.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: 0a3429c4-6826-4f10-95dc-455c2786f917
📒 Files selected for processing (4)
.github/workflows/main.yaml.github/workflows/pr-title-conventional-commit.yml.github/workflows/release-please.ymlrelease-please-config.json
Pull request was closed
Description
What problem is being solved?
How is it being solved?
What changes are made to solve it?
References
Review Checklist
mainSummary by CodeRabbit