Implement draft-release workflow#112
Conversation
📝 WalkthroughWalkthroughThe placeholder draft-release GitHub Actions workflow is replaced with an end-to-end release automation job. It computes the next semver version, updates the gem version file and changelog, generates release notes from merged PRs, opens a release PR, and creates a draft GitHub release, with added concurrency settings and explicit permissions. ChangesDraft Release Workflow
Estimated code review effort: 3 (Moderate) | ~20 minutes Sequence Diagram(s)sequenceDiagram
participant Trigger as workflow_dispatch
participant Job as draft-release job
participant Repo as Repository (lib/mailtrap/version.rb, CHANGELOG.md)
participant GitHub as GitHub API
Trigger->>Job: bump_type input
Job->>Repo: checkout main
Job->>Repo: read current version
Job->>Job: compute next semver tag
Job->>GitHub: check if tag exists
GitHub-->>Job: tag status
Job->>GitHub: generate release notes from merged PRs
Job->>Repo: update lib/mailtrap/version.rb
Job->>Repo: prepend CHANGELOG.md
Job->>GitHub: open release PR to main
Job->>GitHub: create draft release
Suggested labels: ci, release, automation Suggested reviewers: mailtrap maintainers familiar with the release process Poem: 🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
fe68971 to
c706cee
Compare
c706cee to
8be3224
Compare
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In @.github/workflows/draft-release.yml:
- Around line 31-34: The workflow still uses mutable action refs and keeps
checkout credentials available, so harden the release job by updating the
`actions/checkout` step to disable persisted credentials and pinning every
`railsware/github-actions/*` usage in the release workflow to an immutable SHA
instead of `@master`. Review the release job steps around `actions/checkout` and
the `railsware/github-actions` invocations, add `persist-credentials: false` to
checkout, and pass an explicit token only to the PR-opening step if it truly
needs write access.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
Run ID: 7b8afa4d-b9da-4e82-80b1-2943fc2aa552
📒 Files selected for processing (1)
.github/workflows/draft-release.yml
| - name: Install Ruby | ||
| uses: ruby/setup-ruby@v1 | ||
| with: | ||
| ruby-version: "3.3" |
Motivation
Automate releases
Changes
How to test
Summary by CodeRabbit