RDKE-1065: Semi Automated Release workflow#553
Open
yogeswaransky wants to merge 4 commits into
Open
Conversation
Signed-off-by: Yogeswaran K <yogeswaransky@gmail.com>
Contributor
There was a problem hiding this comment.
Pull request overview
Adds a two-workflow semi-automated release pipeline using git-flow + auto-changelog. A manually-dispatched workflow either fully finishes a release ("auto-complete", restricted to maintainers) or opens an approvable PR from release/<version> to develop; a companion workflow watches pull_request_review events on those release PRs and, once the PR is approved, finishes the git-flow release (merges to main, tags, merges back to develop) and closes the PR.
Changes:
- New
component-release.ymldispatch workflow with version validation, maintainer authorization for auto-complete, and two release paths (auto-complete / approvable). - New
component-release-finish-on-approval.ymlworkflow that re-checksreviewDecision, runsgit flow release finish, pushesmain/tags/develop, and closes the release PR. - Both workflows target the
comcast-ubuntu-latestself-hosted runner and assume amain+developgit-flow branching model.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 6 comments.
| File | Description |
|---|---|
.github/workflows/component-release.yml |
Manual dispatch workflow implementing the auto-complete and approvable release modes, including version validation, maintainer gating, changelog generation, and failure cleanup. |
.github/workflows/component-release-finish-on-approval.yml |
Approval-triggered workflow that finishes the git-flow release for an approved release/* → develop PR and closes the PR. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
+136
to
+146
| existing_pr=$(gh pr list --head "${release_branch}" --base develop --state open --json number -q '.[0].number') | ||
| if [ -z "${existing_pr}" ]; then | ||
| gh pr create \ | ||
| --base develop \ | ||
| --head "${release_branch}" \ | ||
| --title "Release ${RELEASE_VERSION}" \ | ||
| --body "Automated release PR for ${RELEASE_VERSION}. Approve this PR to trigger release finish." | ||
| echo "PR created. Waiting for approval to finish release." | ||
| else | ||
| echo "PR from ${release_branch} to develop already exists (#${existing_pr})." | ||
| fi |
| git checkout develop | ||
| git reset --hard origin/develop | ||
| git fetch origin main:main | ||
| git flow init -d |
Comment on lines
+151
to
+156
| - name: Cleanup on failure | ||
| if: failure() | ||
| run: | | ||
| git tag -d "${RELEASE_VERSION}" 2>/dev/null || true | ||
| git push origin ":refs/tags/${RELEASE_VERSION}" 2>/dev/null || true | ||
| git push origin --delete "release/${RELEASE_VERSION}" 2>/dev/null || true |
Comment on lines
+46
to
+56
| permission=$(gh api "repos/${REPO}/collaborators/${ACTOR}/permission" -q '.permission' | tr '[:upper:]' '[:lower:]') | ||
| echo "Actor '${ACTOR}' permission: ${permission}" | ||
| case "${permission}" in | ||
| admin|maintain) | ||
| echo "Authorization successful." | ||
| ;; | ||
| *) | ||
| echo "ERROR: Only maintainers/owners can run auto-complete releases." | ||
| exit 1 | ||
| ;; | ||
| esac |
Comment on lines
+87
to
+90
| # Ensure main and develop exist locally | ||
| git checkout main 2>/dev/null || git checkout -b main origin/main | ||
| git checkout develop 2>/dev/null || git checkout -b develop origin/develop | ||
| git checkout "${RELEASE_BRANCH}" |
|
You are seeing this message because GitHub Code Scanning has recently been set up for this repository, or this pull request contains the workflow file for the Code Scanning tool. What Enabling Code Scanning Means:
For more information about GitHub Code Scanning, check out the documentation. |
Signed-off-by: Yogeswaran K <yogeswaransky@gmail.com>
Signed-off-by: Yogeswaran K <yogeswaransky@gmail.com>
| git commit -m "${RELEASE_VERSION} release changelog updates" | ||
| fi | ||
| git flow release publish "${RELEASE_VERSION}" | ||
| git flow release finish -m "${RELEASE_VERSION} release" "${RELEASE_VERSION}" |
| git checkout develop | ||
| git reset --hard origin/develop | ||
| git fetch origin main:main | ||
| git flow init -d |
Comment on lines
+152
to
+157
| - name: Cleanup on failure | ||
| if: failure() | ||
| run: | | ||
| git tag -d "${RELEASE_VERSION}" 2>/dev/null || true | ||
| git push origin ":refs/tags/${RELEASE_VERSION}" 2>/dev/null || true | ||
| git push origin --delete "release/${RELEASE_VERSION}" 2>/dev/null || true |
Comment on lines
+137
to
+138
| existing_pr=$(gh pr list --head "${release_branch}" --base develop --state open --json number -q '.[0].number') | ||
| if [ -z "${existing_pr}" ]; then |
Comment on lines
+139
to
+144
| gh pr create \ | ||
| --base develop \ | ||
| --head "${release_branch}" \ | ||
| --title "Release ${RELEASE_VERSION}" \ | ||
| --body "Automated release PR for ${RELEASE_VERSION}. Approve this PR to trigger release finish." | ||
| echo "PR created. Waiting for approval to finish release." |
Comment on lines
+30
to
+41
| - name: Verify approver is a maintainer | ||
| id: auth | ||
| run: | | ||
| set -euo pipefail | ||
| permission=$(gh api "repos/${REPO}/collaborators/${ACTOR}/permission" -q '.permission' | tr '[:upper:]' '[:lower:]') | ||
| echo "Approver '${ACTOR}' permission: ${permission}" | ||
| if [[ "${permission}" == "admin" || "${permission}" == "maintain" ]]; then | ||
| echo "is_maintainer=true" >> "$GITHUB_OUTPUT" | ||
| else | ||
| echo "Approver is not a maintainer. Skipping release finish." | ||
| echo "is_maintainer=false" >> "$GITHUB_OUTPUT" | ||
| fi |
Comment on lines
+11
to
+13
| concurrency: | ||
| group: release-finish-${{ github.event.pull_request.head.ref }} | ||
| cancel-in-progress: false |
Comment on lines
+22
to
+27
| runs-on: comcast-ubuntu-latest | ||
| env: | ||
| REPO: ${{ github.repository }} | ||
| ACTOR: ${{ github.event.review.user.login }} | ||
| GH_TOKEN: ${{ secrets.RDKCM_RDKE }} | ||
| RELEASE_BRANCH: ${{ github.event.pull_request.head.ref }} |
Signed-off-by: Yogeswaran K <yogeswaransky@gmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.