Skip to content

chore: skip github release and use gpg signed tag flow#222

Merged
SoulPancake merged 4 commits into
mainfrom
chore/gpg-signed-tags-release-notes
Jun 3, 2026
Merged

chore: skip github release and use gpg signed tag flow#222
SoulPancake merged 4 commits into
mainfrom
chore/gpg-signed-tags-release-notes

Conversation

@SoulPancake

@SoulPancake SoulPancake commented Jun 2, 2026

Copy link
Copy Markdown
Member

Description

What problem is being solved?

How is it being solved?

What changes are made to solve it?

References

Review Checklist

  • I have clicked on "allow edits by maintainers".
  • I have added documentation for new/changed functionality in this PR or in a PR to openfga.dev [Provide a link to any relevant PRs in the references section above]
  • The correct base branch is being used, if not main
  • I have added tests to validate that the change in functionality is working as expected

Summary by CodeRabbit

  • Chores
    • Updated GitHub workflows to reference shared workflow definitions from a centralized repository.
    • Modified release configuration to skip GitHub Release creation during automated releases.

Copilot AI review requested due to automatic review settings June 2, 2026 06:01
@SoulPancake SoulPancake requested a review from a team as a code owner June 2, 2026 06:01
@coderabbitai

coderabbitai Bot commented Jun 2, 2026

Copy link
Copy Markdown

Review Change Stack

Important

Review skipped

Auto incremental reviews are disabled on this repository.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: dae729be-f8cd-4e5a-897b-78e4f2decd72

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review

Walkthrough

This PR consolidates OpenFGA release automation by moving three reusable workflow references from the openfga/sdk-generator repository to the centralized openfga/.github repository, and updates the release-please configuration to disable GitHub Release creation while keeping tag creation active.

Changes

Release automation consolidation and configuration

Layer / File(s) Summary
Workflow reference consolidation to openfga/.github
.github/workflows/main.yaml, .github/workflows/pr-title-conventional-commit.yml, .github/workflows/release-please.yml
The undraft-release, pr-title-check, and release jobs now reference their reusable workflows from openfga/.github instead of openfga/sdk-generator.
Release-please configuration update
release-please-config.json
The root package configuration changes from "draft": true to "skip-github-release": true, disabling GitHub Release creation for automated releases.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Possibly related PRs

  • openfga/dotnet-sdk#193: Introduces the release-please workflow and configuration that this PR refactors and extends.
  • openfga/dotnet-sdk#201: Modifies the release job secret wiring that is referenced by the consolidated workflow in this PR.
  • openfga/dotnet-sdk#216: Updates release-please-config.json release settings in parallel with this PR's configuration consolidation.

Suggested reviewers

  • rhamzeh
  • ewanharris
🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title accurately reflects the main changes: updating release configuration to skip GitHub releases and implementing GPG-signed tag flow across all three workflow files.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch chore/gpg-signed-tags-release-notes

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates the repository’s release-please configuration to stop creating GitHub Release objects, aligning releases around tag-based workflows (per the PR title’s intent to skip GitHub Releases).

Changes:

  • Set skip-github-release to true in release-please config.
  • Remove the prior draft and force-tag-creation settings from the config.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread release-please-config.json

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧹 Nitpick comments (1)
.github/workflows/main.yaml (1)

290-290: ⚖️ Poor tradeoff

Pin reusable workflow uses to a commit SHA instead of @main.

uses: openfga/.github/.github/workflows/undraft-release.yml@main pulls changes from the .github repo’s moving main branch. GitHub supports pinning reusable workflows from other repositories to a commit SHA in the @{ref} position, so replacing @main with a commit SHA would harden the supply chain. Confirm whether the org allows moving refs for internal reusable workflows before deciding.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/main.yaml at line 290, The reusable workflow reference
uses an unfixed ref (uses:
openfga/.github/.github/workflows/undraft-release.yml@main); replace the
trailing `@main` with a specific commit SHA (or an org-approved immutable tag/ref)
to pin the external workflow and prevent implicit updates — update the uses
entry to the chosen SHA and, if required by org policy, confirm/record that
moving refs are allowed before merging.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In @.github/workflows/main.yaml:
- Line 290: The reusable workflow reference uses an unfixed ref (uses:
openfga/.github/.github/workflows/undraft-release.yml@main); replace the
trailing `@main` with a specific commit SHA (or an org-approved immutable tag/ref)
to pin the external workflow and prevent implicit updates — update the uses
entry to the chosen SHA and, if required by org policy, confirm/record that
moving refs are allowed before merging.

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 0a3429c4-6826-4f10-95dc-455c2786f917

📥 Commits

Reviewing files that changed from the base of the PR and between dccea64 and 230a692.

📒 Files selected for processing (4)
  • .github/workflows/main.yaml
  • .github/workflows/pr-title-conventional-commit.yml
  • .github/workflows/release-please.yml
  • release-please-config.json

@SoulPancake SoulPancake enabled auto-merge June 3, 2026 04:10
@SoulPancake SoulPancake closed this Jun 3, 2026
auto-merge was automatically disabled June 3, 2026 15:03

Pull request was closed

@SoulPancake SoulPancake reopened this Jun 3, 2026
@SoulPancake SoulPancake enabled auto-merge June 3, 2026 15:04
@SoulPancake SoulPancake added this pull request to the merge queue Jun 3, 2026
Merged via the queue into main with commit d9dce1b Jun 3, 2026
39 checks passed
@SoulPancake SoulPancake deleted the chore/gpg-signed-tags-release-notes branch June 3, 2026 15:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants