Refactor release mgmt to use multiple workflows and dedicated environments#296
Merged
data-douser merged 8 commits intomainfrom Feb 16, 2026
Merged
Refactor release mgmt to use multiple workflows and dedicated environments#296data-douser merged 8 commits intomainfrom
data-douser merged 8 commits intomainfrom
Conversation
New workflows: - release.yml: orchestrates tag creation, CodeQL pack publish, and GitHub Release creation (supports tag push and workflow_dispatch) - release-tag.yml: validates, version-bumps, tests, and tags releases - release-codeql.yml: publishes and bundles CodeQL packs to GHCR New scripts: - scripts/update-release-version.sh: deterministic version updates across all 15 qlpack.yml files with --check and --dry-run modes - scripts/install-packs.sh: installs CodeQL pack dependencies with optional --framework filtering Modified: - update-codeql.yml: reformatted indentation, added job summary step, preserved current_version output for summary reporting
data-douser
added
enhancement
Contributor
There was a problem hiding this comment.
Pull request overview
This PR introduces a modular GitHub Actions–based release automation for the CodeQL SAP JavaScript packs, splitting the release process into composable stages (tag creation, pack publish/bundling, and GitHub Release creation) and adding supporting scripts for version and dependency management.
Changes:
- Added a release orchestrator workflow (
release.yml) plus two reusable workflows for tag creation/validation and CodeQL pack publishing/bundling. - Added scripts to deterministically update versions across pack files and to install pack dependencies across frameworks.
- Refined the existing CodeQL CLI dependency update workflow for consistency/readability.
Reviewed changes
Copilot reviewed 6 out of 6 changed files in this pull request and generated 5 comments.
Show a summary per file
| File | Description |
|---|---|
| scripts/update-release-version.sh | New script to update/check pack versions across all version-bearing qlpack.yml files and internal dependency references. |
| scripts/install-packs.sh | New helper script to install CodeQL pack dependencies across all packs (or per-framework). |
| .github/workflows/update-codeql.yml | Formatting/step-name consistency updates for the CodeQL CLI dependency update workflow. |
| .github/workflows/release.yml | New top-level release orchestrator coordinating version resolution, tagging, pack publish/bundling, and GitHub Release creation. |
| .github/workflows/release-tag.yml | New reusable workflow to update versions, upgrade lockfiles, run tests, and create/push the release tag. |
| .github/workflows/release-codeql.yml | New reusable workflow to validate versions, optionally publish packs to GHCR, bundle packs, and upload artifacts. |
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
- Rewrite update-codeql.yml to orchestrate via release-tag.yml and release-codeql.yml instead of inline logic and PR creation - Fix release-tag.yml step ordering: update version before installing CodeQL so qlt.conf.json is correct when QLT reads it - Use install-packs.sh in release-tag.yml and release-codeql.yml - Add qlt.conf.json support to update-release-version.sh (jq primary, sed fallback) with --check validation - Add pre-release suffix support (X.Y.Z-alpha, X.Y.Z-rc1) across version validation, workflow descriptions, and script documentation - Add --framework argument guard to install-packs.sh - Fix collect_versions error handling and check_versions error propagation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What This PR Contributes
This pull request introduces a new, modular release automation system for CodeQL SAP JavaScript packs using GitHub Actions. It adds three new workflows to handle the release process in distinct, reusable stages: tag creation, CodeQL pack publishing/bundling, and GitHub Release creation. The workflows are designed to be composable, robust, and to support both tag-based and manually triggered releases. Minor improvements are also made to the CodeQL CLI update workflow for consistency.
Outline of Changes
Release Automation Workflows
.github/workflows/release.ymlas the main orchestrator for the release process, coordinating version resolution, tag creation, pack publishing/bundling, and GitHub Release creation. This workflow supports both tag pushes and manual triggers with customizable options..github/workflows/release-tag.yml, a reusable workflow for creating and validating release tags. It ensures all version-bearing files are updated, lock files are upgraded, tests are run, and the tag is created or reused if it already exists..github/workflows/release-codeql.yml, a reusable workflow for publishing CodeQL packs to GHCR and bundling them as release artifacts. It validates version consistency, installs dependencies, and uploads bundled packs.Workflow Improvements and Consistency
.github/workflows/update-codeql.ymlby standardizing naming conventions, step names, and comments for better readability and maintainability. [1] [2]Future Works
N/A