Skip to content

Add nightly release pipeline validation#28176

Draft
ashley-cui wants to merge 2 commits intocontainers:mainfrom
ashley-cui:nightly
Draft

Add nightly release pipeline validation#28176
ashley-cui wants to merge 2 commits intocontainers:mainfrom
ashley-cui:nightly

Conversation

@ashley-cui
Copy link
Copy Markdown
Member

@ashley-cui ashley-cui commented Mar 2, 2026

Build installers nightly, and test that our bot key is still valid. This is to catch hiccups before release time.

The intention is that after this is tested, the build-artifacts can be used in release.yml, like it is used in the validation action
But for now, the actual release does not use the build-artifacts action yet, let's let the testing bake a little first.

Checklist

Ensure you have completed the following checklist for your pull request to be reviewed:

  • Certify you wrote the patch or otherwise have the right to pass it on as an open-source patch by signing all
    commits. (git commit -s). (If needed, use git commit -s --amend). The author email must match
    the sign-off email address. See CONTRIBUTING.md
    for more information.
  • Referenced issues using Fixes: #00000 in commit message (if applicable)
  • Tests have been added/updated (or no tests are needed)
  • Documentation has been updated (or no documentation changes are needed)
  • All commits pass make validatepr (format/lint checks)
  • Release note entered in the section below (or None if no user-facing changes)

Does this PR introduce a user-facing change?

None

@ashley-cui
Remove deprecated release actions
ac22828 
Our new release has been mostly stable at this point, remove legacy actions.

Signed-off-by: Ashley Cui <acui@redhat.com>
@ashley-cui
Add nightly release pipeline validation
cf5d27d 
Build installers nightly, and test that our bot key is still valid. This is to catch hiccups before release time.

The intention is that after this is tested, the build-artifacts can be used in release.yml, like it is used in the validation action
But for now, the actual release does not use the build-artifacts action yet, let's let the testing bake a little first.

Signed-off-by: Ashley Cui <acui@redhat.com>
github-advanced-security[bot]
github-advanced-security AI found potential problems Mar 2, 2026
View reviewed changes
Comment thread .github/workflows/build-artifacts.yml
version_display: ${{ steps.set-version.outputs.version_display }}
steps:
- name: Checkout Version
uses: actions/checkout@v6

Check failure

Code scanning / zizmor

unpinned action reference Error

unpinned action reference
Comment thread .github/workflows/build-artifacts.yml
id: set-version
run: |
sha=$(git rev-parse --short HEAD)
if [[ "${{ inputs.version }}" =~ ^v[0-9]+\.[0-9]+\.[0-9]+ ]]; then

Check failure

Code scanning / zizmor

code injection via template expansion Error

code injection via template expansion
Comment thread .github/workflows/build-artifacts.yml
run: |
sha=$(git rev-parse --short HEAD)
if [[ "${{ inputs.version }}" =~ ^v[0-9]+\.[0-9]+\.[0-9]+ ]]; then
echo "version_display=${{ inputs.version }}" >> "$GITHUB_OUTPUT"

Check failure

Code scanning / zizmor

code injection via template expansion Error

code injection via template expansion
Comment thread .github/workflows/build-artifacts.yml
if [[ "${{ inputs.version }}" =~ ^v[0-9]+\.[0-9]+\.[0-9]+ ]]; then
echo "version_display=${{ inputs.version }}" >> "$GITHUB_OUTPUT"
else
echo "version_display=${{ inputs.version }}-$sha" >> "$GITHUB_OUTPUT"

Check failure

Code scanning / zizmor

code injection via template expansion Error

code injection via template expansion
Comment thread .github/workflows/build-artifacts.yml
echo "version_display=${{ inputs.version }}-$sha" >> "$GITHUB_OUTPUT"
fi
- name: Set up Go
uses: actions/setup-go@v6

Check failure

Code scanning / zizmor

unpinned action reference Error

unpinned action reference
Comment thread .github/workflows/release-pipeline-validation.yml

build-artifacts-latest-branch:
name: Build Artifacts (latest release branch)
uses: ./.github/workflows/build-artifacts.yml

Check warning

Code scanning / zizmor

secrets unconditionally inherited by called workflow Warning

secrets unconditionally inherited by called workflow
Comment thread .github/workflows/release-pipeline-validation.yml

build-artifacts-single:
name: Build Artifacts
uses: ./.github/workflows/build-artifacts.yml

Check warning

Code scanning / zizmor

secrets unconditionally inherited by called workflow Warning

secrets unconditionally inherited by called workflow
Comment thread .github/workflows/release-pipeline-validation.yml
**Workflow run:** $RUN_URL

**Failed jobs:**
- validate-tokens: ${{ needs.validate-tokens.result }}

Check notice

Code scanning / zizmor

code injection via template expansion Note

code injection via template expansion
Comment thread .github/workflows/release-pipeline-validation.yml

**Failed jobs:**
- validate-tokens: ${{ needs.validate-tokens.result }}
- build-artifacts-main: ${{ needs.build-artifacts-main.result }}

Check notice

Code scanning / zizmor

code injection via template expansion Note

code injection via template expansion
Comment thread .github/workflows/release-pipeline-validation.yml
**Failed jobs:**
- validate-tokens: ${{ needs.validate-tokens.result }}
- build-artifacts-main: ${{ needs.build-artifacts-main.result }}
- build-artifacts-latest-branch: ${{ needs.build-artifacts-latest-branch.result }}

Check notice

Code scanning / zizmor

code injection via template expansion Note

code injection via template expansion
@ashley-cui ashley-cui marked this pull request as draft March 2, 2026 14:07
@github-actions
Copy link
Copy Markdown

github-actions bot commented Apr 2, 2026

A friendly reminder that this PR had no activity for 30 days.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

stale-pr

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ashley-cui @github-advanced-security