Skip to content

Fixes for multi-workflow release process#301

Open
data-douser wants to merge 7 commits intomainfrom
dd/release-mgmt/1
Open

Fixes for multi-workflow release process#301
data-douser wants to merge 7 commits intomainfrom
dd/release-mgmt/1

Conversation

@data-douser
Copy link
Collaborator

@data-douser data-douser commented Feb 16, 2026

What This PR Contributes

Summary of Changes

This pull request updates the release workflows for CodeQL and tag management to streamline tool installation, improve version validation, and ensure safer tagging practices. The main changes are a migration away from the QLT toolkit in favor of the GitHub CLI for CodeQL installation, enhanced validation and recreation of tags with incorrect versions, and improved safety around branch protection during tagging.

Outline of Changes

Release workflow improvements:

  • Replaces the use of the QLT toolkit for installing CodeQL with installation via the GitHub CLI (gh codeql), simplifying setup and aligning with newer best practices. (.github/workflows/release-codeql.yml, .github/workflows/release-tag.yml) [1] [2]
  • Updates all CodeQL-related commands to use the codeql CLI directly instead of relying on QLT-provided environment variables. (.github/workflows/release-codeql.yml, .github/workflows/release-tag.yml) [1] [2] [3]

Tag validation and creation logic:

  • Adds steps to validate whether an existing tag matches the expected release versions. If the tag exists but has incorrect versions, it is deleted and recreated to ensure consistency. (.github/workflows/release-tag.yml)
  • Introduces a new mechanism (needs-creation) to determine whether a tag needs to be created or recreated, and conditions all subsequent steps on this check to prevent unnecessary or incorrect tag creation. (.github/workflows/release-tag.yml)

Commit and tag handling:

  • Ensures that the version update commit is created on a detached HEAD, and only the tag (not the branch) is pushed to the remote, preventing accidental updates to protected branches. (.github/workflows/release-tag.yml) [1] [2]
  • Improves artifact staging logic to avoid including generated files in the version commit. (.github/workflows/release-tag.yml)

Release summary output:

  • Enhances the release summary to indicate whether a tag was replaced due to incorrect versions and clarifies the tag's status in the workflow output. (.github/workflows/release-tag.yml)

Future Works

None

data-douser and others added 6 commits February 16, 2026 14:14
@data-douser
Address PR review comments
43b9ef8
@data-douser
Apply suggestions from code review
93054ec 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
@data-douser
Deduplicate published packs info in workflows
5d704ce
@data-douser
fix: release-tag handle mismatched versions
673a3d0 
Add validation for existing tags created via GitHub UI without
version updates. When an invalid tag is detected, it is deleted
and recreated with correct versions through the full release flow.

Use detached HEAD for the version commit and push only the tag
ref, avoiding branch protection errors on main.
@data-douser
Remove qlt from release workflows
3df8176
@data-douser
Remove redundant pack install step
730ea22
@data-douser data-douser self-assigned this Feb 16, 2026
@data-douser data-douser added the bug Something isn't working label Feb 16, 2026
@data-douser data-douser marked this pull request as ready for review February 17, 2026 02:09
@data-douser data-douser enabled auto-merge (squash) February 17, 2026 02:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@data-douser data-douser

Labels

bug Something isn't working

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@data-douser

Comments