build: add release workflow configuration for GitHub Actions#56
build: add release workflow configuration for GitHub Actions#56konradmichalik merged 1 commit intomainfrom
Conversation
📝 WalkthroughWalkthroughA new GitHub Actions workflow file was introduced that automatically triggers on tag pushes and delegates to a reusable release workflow from an external repository. This enables automated release processes when tags are created. Changes
Estimated code review effort🎯 1 (Trivial) | ⏱️ ~3 minutes Poem
🚥 Pre-merge checks | ✅ 3✅ Passed checks (3 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 2
🤖 Fix all issues with AI agents
In @.github/workflows/release.yml:
- Around line 3-6: The workflow's tag trigger currently uses a broad wildcard
under on.push.tags causing releases for any tag; update the tags pattern under
on.push.tags (the tags array) from '*' to 'v*.*.*' so the workflow only triggers
for semver-style tags like vX.Y.Z.
- Around line 9-10: The reusable workflow reference currently uses an unstable
ref "uses:
konradmichalik/reusable-github-actions/.github/workflows/release.yml@main";
replace the "@main" suffix with an immutable tag or commit SHA (for example a
versioned tag like `@vX.Y.Z` or a full commit SHA) so the workflow is pinned to a
specific release, and document your update process for advancing the pinned ref
in the future.
🧹 Nitpick comments (1)
.github/workflows/release.yml (1)
8-10: Ensure required token permissions are explicitly set.If the reusable workflow creates releases or uploads assets, the default
GITHUB_TOKENpermissions may be insufficient (often read-only). Consider setting minimal required permissions in the caller workflow to avoid runtime failures and improve least-privilege posture.🔧 Example (adjust to actual needs)
+permissions: + contents: write + packages: write + jobs: release: uses: konradmichalik/reusable-github-actions/.github/workflows/release.yml@<TAG_OR_SHA>
| on: | ||
| push: | ||
| tags: | ||
| - '*' |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
# Check the release workflow file
cat -n .github/workflows/release.yml | head -20Repository: konradmichalik/db-sync-tool
Length of output: 291
🏁 Script executed:
# Check if there's documentation about versioning or releases
fd -t f -e md -e txt | xargs grep -l "release\|version\|tag" | head -10Repository: konradmichalik/db-sync-tool
Length of output: 326
🏁 Script executed:
# List recent tags to understand the tagging pattern
git tag --list | tail -20Repository: konradmichalik/db-sync-tool
Length of output: 53
🏁 Script executed:
cat docs/development/release.mdRepository: konradmichalik/db-sync-tool
Length of output: 3290
🏁 Script executed:
# Check for versioning guidance in README and CONTRIBUTING
head -50 README.md | grep -A 5 -B 5 "version\|release\|tag"Repository: konradmichalik/db-sync-tool
Length of output: 967
🏁 Script executed:
cat CONTRIBUTING.md | head -100Repository: konradmichalik/db-sync-tool
Length of output: 1922
Use a stricter tag pattern to prevent accidental releases.
The wildcard pattern '*' will trigger releases on any tag, including test, lightweight, or accidental tags. The repository's release documentation explicitly requires Semantic Versioning with tags in the format vX.Y.Z. Update the pattern to 'v*.*.*' to ensure only versioned releases trigger the workflow.
Suggested change
on:
push:
tags:
- - '*'
+ - 'v*.*.*'📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| on: | |
| push: | |
| tags: | |
| - '*' | |
| on: | |
| push: | |
| tags: | |
| - 'v*.*.*' |
🤖 Prompt for AI Agents
In @.github/workflows/release.yml around lines 3 - 6, The workflow's tag trigger
currently uses a broad wildcard under on.push.tags causing releases for any tag;
update the tags pattern under on.push.tags (the tags array) from '*' to 'v*.*.*'
so the workflow only triggers for semver-style tags like vX.Y.Z.
| release: | ||
| uses: konradmichalik/reusable-github-actions/.github/workflows/release.yml@main No newline at end of file |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
# Check if the file exists and examine its content
cat -n .github/workflows/release.ymlRepository: konradmichalik/db-sync-tool
Length of output: 291
Pin the reusable workflow to an immutable ref (tag or SHA).
Using @main makes releases non-deterministic and exposes you to upstream changes. Pin to a versioned tag or commit SHA and update via a controlled process.
🔧 Suggested change (example)
- uses: konradmichalik/reusable-github-actions/.github/workflows/release.yml@main
+ uses: konradmichalik/reusable-github-actions/.github/workflows/release.yml@<TAG_OR_SHA>🤖 Prompt for AI Agents
In @.github/workflows/release.yml around lines 9 - 10, The reusable workflow
reference currently uses an unstable ref "uses:
konradmichalik/reusable-github-actions/.github/workflows/release.yml@main";
replace the "@main" suffix with an immutable tag or commit SHA (for example a
versioned tag like `@vX.Y.Z` or a full commit SHA) so the workflow is pinned to a
specific release, and document your update process for advancing the pinned ref
in the future.
1 participant
Summary by CodeRabbit
✏️ Tip: You can customize this high-level summary in your review settings.