CI: Migrate release-drafter to v7 split#57
Merged
tykeal merged 1 commit intolfreleng-actions:mainfrom Mar 19, 2026
Merged
Conversation
There was a problem hiding this comment.
Pull request overview
This PR migrates the repository’s Release Drafter automation from the v6 “combined” workflow to the v7 split architecture by separating release drafting (push-only) from PR autolabeling (PR events, including fork-safe pull_request_target).
Changes:
- Split the existing Release Drafter workflow into two workflows: push-only release drafting and PR-triggered autolabeling.
- Bumped actions to
release-drafter@v7.1.0and addedstep-security/harden-runner@v2.16.0to both workflows. - Removed the repository-local
.github/release-drafter.ymlconfiguration file.
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
.github/workflows/release-drafter.yaml |
Migrates to release-drafter@v7, removes PR triggers, adds hardening/concurrency, and restricts permissions. |
.github/workflows/autolabeler.yaml |
Adds a dedicated autolabeler workflow (fork-safe via pull_request_target) with minimal permissions and runner hardening. |
.github/release-drafter.yml |
Removes repo-local Release Drafter configuration. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Release-drafter v7 removed the disable-releaser and disable-autolabeler inputs, replacing them with dedicated sub-actions. This commit: - Splits the combined workflow into two files: release-drafter.yaml (push-only, drafter) and autolabeler.yaml (PR events, autolabeler) - Updates to release-drafter v7.1.0 - Updates harden-runner to v2.16.0 - Removes the per-repo release-drafter config (falls back to org-level .github repo config) - Removes deprecated env GITHUB_TOKEN usage - Removes debug concurrency group step Co-authored-by: Claude <claude@anthropic.com> Signed-off-by: Matthew Watkins <mwatkins@linuxfoundation.org>
ModeSevenIndustrialSolutions
force-pushed
the
fix/release-drafter-v7-split
branch
from
83cecc8 to
3917554
Compare
tykeal
approved these changes
Mar 19, 2026
Contributor
tykeal
left a comment
tykeal
left a comment
There was a problem hiding this comment.
Auto-approved by dependamerge
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Migrates release-drafter from v6 (combined workflow) to v7 (split architecture).
Release-drafter v7 removed the
disable-releaseranddisable-autolabelerinputs, replacing them with dedicated sub-actions. These inputs were left as dead code inaction.yml— accepted without warning but never acted upon (upstream bug report).Changes
release-drafter.yamlworkflow into two:release-drafter.yaml— push-only trigger, uses root drafter action,contents: writeautolabeler.yaml— PR trigger (bothpull_requestandpull_request_targetfor fork support), uses dedicated/autolabelersub-action,pull-requests: write+contents: read.github/release-drafter.ymlconfig (falls back to the org-level.githubrepo config)env: GITHUB_TOKENusage (v7 defaults to${{ github.token }}viatokeninput)Context
This is part of an org-wide migration. The same change is being applied to all lfreleng-actions repositories that have release-drafter configured. The canonical fix was first applied in lfreleng-actions/github2gerrit-action#172.
Security
The
pull_request_targettrigger in the autolabeler workflow is safe because: