Skip to content

Improve release workflow reliability and remove push-protected dependency#1222

Merged
Ndpnt merged 6 commits intomainfrom
refactor-release
Jan 8, 2026
Merged

Improve release workflow reliability and remove push-protected dependency#1222
Ndpnt merged 6 commits intomainfrom
refactor-release

Conversation

@Ndpnt
Copy link
Contributor

@Ndpnt Ndpnt commented Jan 8, 2026

  • NPM publish now happens before pushing to repository to ensures consistency if publish fails
  • Removed CasperWA/push-protected@v2 dependency, use GitHub Rulesets with bypass configuration instead

Ndpnt added 6 commits January 8, 2026 11:15
@Ndpnt
Reorganize step order to ensure consistency
27f6dd8 
Do not rely anymore en CasperWA/push-protected
Rely now to GitHub rulesets with bypass for OTA-Release-Bot instead of classic branch protection
@Ndpnt
Update dependency
eb4fca2
@Ndpnt
Remove obsolete step
f2adc25
@Ndpnt
Lint
16e27dd
@Ndpnt
Explicitly set branch to enable workflow testing
4dac0a9 
This allows the workflow to be tested against a non-main branch by replacing main with the name of the branch that contains the release code under test.
@Ndpnt
Add changelog entry
c731ab2
@Ndpnt Ndpnt requested a review from clementbiron January 8, 2026 14:54
clementbiron
clementbiron approved these changes Jan 8, 2026
View reviewed changes
Copy link
Member

@clementbiron clementbiron left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Seen in sync 🚀

@Ndpnt Ndpnt force-pushed the refactor-release branch 2 times, most recently from 3bcb7e7 to c731ab2 Compare January 8, 2026 15:05
@Ndpnt Ndpnt merged commit 17fdb06 into main Jan 8, 2026
28 checks passed
@Ndpnt Ndpnt deleted the refactor-release branch January 8, 2026 15:10
MattiSG
MattiSG reviewed Jan 13, 2026
View reviewed changes
.github/workflows/release.yml

- name: Create GitHub release
uses: softprops/action-gh-release@v1
uses: softprops/action-gh-release@v2
Copy link
Member

@MattiSG MattiSG Jan 13, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For security, as long as GitHub does not provide immutable releases, using the full SHA is the only way to prevent supply chain attacks.

MattiSG
MattiSG reviewed Jan 13, 2026
View reviewed changes
.github/workflows/release.yml
run: |
git commit -m "Clean changelog" CHANGELOG.md
git push origin
git push origin main
Copy link
Member

@MattiSG MattiSG Jan 13, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍 very good hardening to not rely on branch name matching!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@MattiSG MattiSG MattiSG left review comments

@clementbiron clementbiron clementbiron approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Ndpnt @MattiSG @clementbiron