Use release environment in release workflow#68
Conversation
Align the release workflow with mmdbinspect's: trigger on release: published (with workflow_dispatch/pull_request/push-to-main for CI), run the goreleaser job in the release deployment environment, scope contents: write to the job, and guard the job so it only runs for published releases.
|
Note Gemini is unable to generate a review for this pull request due to the file types involved not being currently supported. |
📝 WalkthroughWalkthroughThe release workflow's triggers were expanded to include workflow_dispatch, pull_request, and push to main, alongside published release events. The goreleaser job now runs only on published releases, is bound to a release environment, and permissions were moved from workflow-level to job-level. ChangesRelease Workflow Update
Estimated code review effort: 1 (Trivial) | ~5 minutes Poem
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In @.github/workflows/release.yml:
- Around line 4-16: The new workflow triggers are currently ineffective because
the only job, goreleaser, still runs only for github.event_name == 'release'
with action 'published'. Update the workflow so workflow_dispatch, pull_request,
and push either have a job that can actually run on those events or adjust the
goreleaser job’s if condition to allow the intended non-release paths; use the
goreleaser job definition and its event guard as the main place to fix this.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: ASSERTIVE
Plan: Pro Plus
Run ID: 64544e2f-9611-4d2d-a5f9-c1fefe18bd89
📒 Files selected for processing (1)
.github/workflows/release.yml
| workflow_dispatch: | ||
| pull_request: | ||
| push: | ||
| tags: | ||
| - 'v*' | ||
|
|
||
| permissions: | ||
| contents: write | ||
| branches: | ||
| - main | ||
| release: | ||
| types: | ||
| - published | ||
|
|
||
| jobs: | ||
| goreleaser: | ||
| name: Release with GoReleaser | ||
| if: github.event_name == 'release' && github.event.action == 'published' |
There was a problem hiding this comment.
🎯 Functional Correctness | 🟠 Major | ⚡ Quick win
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
set -euo pipefail
echo "== release workflow =="
git ls-files .github/workflows/release.yml
wc -l .github/workflows/release.yml
cat -n .github/workflows/release.yml
echo
echo "== other workflow files mentioning release or goreleaser =="
rg -n "goreleaser|workflow_dispatch|pull_request|push:|release:" .github/workflows -S || trueRepository: maxmind/mmdbconvert
Length of output: 2771
New triggers are no-ops here
workflow_dispatch, pull_request, and push now start this workflow, but the only job is still limited to release/published, so PR and push runs will skip everything. If these events are meant to provide CI or manual release execution, add a non-release job or broaden the if guard.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In @.github/workflows/release.yml around lines 4 - 16, The new workflow triggers
are currently ineffective because the only job, goreleaser, still runs only for
github.event_name == 'release' with action 'published'. Update the workflow so
workflow_dispatch, pull_request, and push either have a job that can actually
run on those events or adjust the goreleaser job’s if condition to allow the
intended non-release paths; use the goreleaser job definition and its event
guard as the main place to fix this.
Align the release workflow with mmdbinspect's structure.
release: publishedinstead of pushes ofv*tags, and addworkflow_dispatch,pull_request, and push-to-maintriggers for CI.goreleaserjob in thereleasedeployment environment, so its deployment protection policy actually applies.contents: writeto the job rather than the whole workflow.if: github.event_name == 'release' && github.event.action == 'published'so it only runs for published releases.Summary by CodeRabbit