Consolidate release artifacts, simplify release_tag usage, fix release creation order, and modernize with JavaScript#10490
Conversation
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
- Moved Docker Buildx setup, login, metadata extraction, build/push, SBOM generation, and attestation steps into the release job - Removed the separate docker-image job that was downloading binaries from the release - Docker image now built using locally built binaries from dist/ directory - Updated release job permissions already include packages: write for Docker push Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
- Added Go setup and module download steps - Added SBOM generation (SPDX and CycloneDX formats) - Added SBOM secrets audit step - Added SBOM artifact upload and release attachment - Removed separate generate-sbom job - SBOM generation now happens immediately after binary build in same job Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Done! Merged the generate-sbom steps into the release job as well (commit 02745e3). The workflow now has all build steps consolidated:
Removed both the |
|
@copilot step to publish release should happen after all binaries, sbom, docker image are built . |
- Removed release_tag output from release job (line 119) - Removed release_tag assignment in get_release step (line 179) - Updated agent job to use needs.config.outputs.release_tag directly (line 288) - Eliminates unnecessary pass-through of release_tag value from config to release to agent - All jobs now consistently reference needs.config.outputs.release_tag Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Reviewed and simplified Found issue: The Fixed by:
Flow: config job (computes) → release job + agent job (both read directly from config) No behavioral change, just cleaner architecture with single source of truth. |
- Removed gh-extension-precompile action (was creating release too early) - Added direct binary build step using scripts/build-release.sh - Removed intermediate "Set draft mode", "Upload checksums", "Attach SBOM" steps - Added final "Create GitHub release" step that creates release with all artifacts - Release now created AFTER binaries, SBOMs, and Docker image are all built - All artifacts attached atomically: dist/*, sbom.spdx.json, sbom.cdx.json - Draft mode handled correctly with --draft flag at creation time Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Fixed! Release is now created AFTER all artifacts are built (commit 6078798). Changes:
Order now:
All files ( |
- Replaced bash script with actions/github-script@v7 - Uses GitHub REST API to fetch latest release instead of gh CLI - More concise and readable with JavaScript syntax - Eliminated need for GH_TOKEN env var (provided by github-script) - Same functionality: computes next version for workflow_dispatch or uses tag from push event Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
There was a problem hiding this comment.
@copilot use release id to retreive release data as it is in draft mode
There was a problem hiding this comment.
Fixed in commit 6ca8dc0.
Changed to use gh api "/repos/${{ github.repository }}/releases/$RELEASE_ID" instead of gh release view "$RELEASE_TAG".
Using the release ID via the API ensures the agent can retrieve release data even when it's in draft mode (gh release view with tag may fail for drafts).
| "version": "v7.1.0", | ||
| "sha": "f28e40c7f34bde8b3046d885e986cb6290c5673b" | ||
| "version": "v7.0.1", | ||
| "sha": "60a0d83039c74a4aee543508d2ffcb1c3799cdea" |
There was a problem hiding this comment.
@copilot revert this change, do not update to lower version
There was a problem hiding this comment.
Reverted in commit 6ca8dc0.
Restored actions/github-script to v7.1.0 (was downgraded to v7.0.1 during previous workflow compilation). The file now maintains the correct version.
- Changed agent setup to use gh api with release ID instead of gh release view with tag - Using release ID works correctly for draft releases (gh release view may fail) - Reverted action_pins.json to restore actions/github-script@v7.1.0 (was incorrectly downgraded to v7.0.1) - Maintains compatibility with draft release workflow Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Plan: Consolidate release artifacts and fix release creation order
Summary
Successfully consolidated release artifacts into a single job, simplified release_tag usage, fixed the release creation order, rewrote configuration logic in JavaScript, and ensured draft release compatibility.
Workflow Consolidation:
Release Tag Simplification:
release_tagoutput from release jobneeds.config.outputs.release_tagRelease Creation Order Fix:
JavaScript Refactoring:
Draft Release Compatibility:
gh apiwith release ID to fetch release dataVersion Management:
Benefits:
Original prompt
✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.