From a1df03d4391f99f030ac1e7442cbc58f6dde0b52 Mon Sep 17 00:00:00 2001 From: Markus Siebert Date: Mon, 12 Jan 2026 07:09:47 +0100 Subject: [PATCH 1/5] chore: update release workflow to respect branch protection - modify create-release workflow to create PR instead of direct push - add tag-on-merge workflow to create tags when release PRs are merged - ensures release process works with branch protection rules --- .github/workflows/create-release.yml | 22 +++++++++-- .github/workflows/tag-on-merge.yml | 57 ++++++++++++++++++++++++++++ 2 files changed, 76 insertions(+), 3 deletions(-) create mode 100644 .github/workflows/tag-on-merge.yml diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml index 4b54b366..bb0bb8c3 100644 --- a/.github/workflows/create-release.yml +++ b/.github/workflows/create-release.yml @@ -6,6 +6,7 @@ on: permissions: contents: write actions: write + pull-requests: write jobs: release: @@ -55,12 +56,27 @@ jobs: echo "Prepared release $NEW_TAG" - - name: Push changes and tag + - name: Create release branch and PR env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | - # Push the version bump commit and tag - git push --follow-tags origin main + # Create and push release branch (without tag) + BRANCH_NAME="release/${{ steps.version.outputs.new_tag }}" + git checkout -b "$BRANCH_NAME" + git push origin "$BRANCH_NAME" + + # Create pull request with tag info in body + echo "## Release ${{ steps.version.outputs.new_tag }}" > /tmp/pr_body.md + echo "" >> /tmp/pr_body.md + echo "This PR will create tag \`${{ steps.version.outputs.new_tag }}\` when merged." >> /tmp/pr_body.md + echo "" >> /tmp/pr_body.md + cat /tmp/release_notes.md >> /tmp/pr_body.md + + gh pr create \ + --title "Release ${{ steps.version.outputs.new_tag }}" \ + --body-file /tmp/pr_body.md \ + --base main \ + --head "$BRANCH_NAME" - name: Create GitHub Release env: diff --git a/.github/workflows/tag-on-merge.yml b/.github/workflows/tag-on-merge.yml new file mode 100644 index 00000000..b4073cf2 --- /dev/null +++ b/.github/workflows/tag-on-merge.yml @@ -0,0 +1,57 @@ +name: tag-on-merge + +on: + pull_request: + types: [closed] + branches: [main] + +permissions: + contents: write + actions: write + +jobs: + create-tag-and-release: + if: github.event.pull_request.merged == true && startsWith(github.event.pull_request.head.ref, 'release/') + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 + with: + fetch-depth: 0 + + - name: Extract version from branch name + id: version + run: | + BRANCH_NAME="${{ github.event.pull_request.head.ref }}" + VERSION=${BRANCH_NAME#release/} + echo "version=$VERSION" >> $GITHUB_OUTPUT + + - name: Create and push tag + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + git config user.name "github-actions[bot]" + git config user.email "41898282+github-actions[bot]@users.noreply.github.com" + + git tag ${{ steps.version.outputs.version }} + git push origin ${{ steps.version.outputs.version }} + + - name: Extract changelog for release + run: | + # Extract changelog content for this version + CHANGELOG_CONTENT=$(awk '/^## \[/{if(++count==2) exit; if(count==1) next} count==1' CHANGELOG.md) + echo "$CHANGELOG_CONTENT" > /tmp/release_notes.md + + - name: Create GitHub Release + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + gh release create ${{ steps.version.outputs.version }} \ + --title "${{ steps.version.outputs.version }}" \ + --notes-file /tmp/release_notes.md + + - name: Trigger release workflow + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + gh workflow run release.yml --ref ${{ steps.version.outputs.version }} From dd158a550c2b69ceef1204b11b5dd365e88bfa71 Mon Sep 17 00:00:00 2001 From: Markus Siebert Date: Mon, 12 Jan 2026 07:44:25 +0100 Subject: [PATCH 2/5] Update .github/workflows/tag-on-merge.yml Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- .github/workflows/tag-on-merge.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/tag-on-merge.yml b/.github/workflows/tag-on-merge.yml index b4073cf2..9a29de84 100644 --- a/.github/workflows/tag-on-merge.yml +++ b/.github/workflows/tag-on-merge.yml @@ -17,6 +17,7 @@ jobs: - name: Checkout uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 with: + ref: main fetch-depth: 0 - name: Extract version from branch name From ea2307df295b1852b623922c76c0b0cfd510953b Mon Sep 17 00:00:00 2001 From: Markus Siebert Date: Mon, 12 Jan 2026 07:45:09 +0100 Subject: [PATCH 3/5] Update .github/workflows/create-release.yml Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- .github/workflows/create-release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml index bb0bb8c3..f48a8a54 100644 --- a/.github/workflows/create-release.yml +++ b/.github/workflows/create-release.yml @@ -60,7 +60,7 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | - # Create and push release branch (without tag) + # Create and push release branch (local tag not pushed) BRANCH_NAME="release/${{ steps.version.outputs.new_tag }}" git checkout -b "$BRANCH_NAME" git push origin "$BRANCH_NAME" From eeedb2cbcc8516be8658ac285afb7b62ac098b6f Mon Sep 17 00:00:00 2001 From: Markus Siebert Date: Mon, 12 Jan 2026 07:45:21 +0100 Subject: [PATCH 4/5] Update .github/workflows/tag-on-merge.yml Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- .github/workflows/tag-on-merge.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/tag-on-merge.yml b/.github/workflows/tag-on-merge.yml index 9a29de84..442fcba7 100644 --- a/.github/workflows/tag-on-merge.yml +++ b/.github/workflows/tag-on-merge.yml @@ -8,6 +8,7 @@ on: permissions: contents: write actions: write + pull-requests: read jobs: create-tag-and-release: From 2d9ed1dffd7c6326652cf42ba4015edaa4180f9b Mon Sep 17 00:00:00 2001 From: Markus Siebert Date: Mon, 12 Jan 2026 07:45:51 +0100 Subject: [PATCH 5/5] Update .github/workflows/tag-on-merge.yml Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- .github/workflows/tag-on-merge.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/tag-on-merge.yml b/.github/workflows/tag-on-merge.yml index 442fcba7..c264e8c5 100644 --- a/.github/workflows/tag-on-merge.yml +++ b/.github/workflows/tag-on-merge.yml @@ -31,11 +31,14 @@ jobs: - name: Create and push tag env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + # Use the PR head SHA so the tag points to the actual release commit, + # not the merge commit on main. + RELEASE_SHA: ${{ github.event.pull_request.head.sha }} run: | git config user.name "github-actions[bot]" git config user.email "41898282+github-actions[bot]@users.noreply.github.com" - git tag ${{ steps.version.outputs.version }} + git tag ${{ steps.version.outputs.version }} $RELEASE_SHA git push origin ${{ steps.version.outputs.version }} - name: Extract changelog for release