Skip to content

ci(release): gate release-trigger on the release environment#3003

Merged
dkirov-dd merged 2 commits into
masterfrom
dk/release-trigger-environment
May 11, 2026
Merged

ci(release): gate release-trigger on the release environment#3003
dkirov-dd merged 2 commits into
masterfrom
dk/release-trigger-environment

Conversation

@dkirov-dd
Copy link
Copy Markdown
Contributor

@dkirov-dd dkirov-dd commented May 11, 2026
edited
Loading

Summary

  • Add environment: release to the dispatch job in release-trigger.yml so GitHub's deployment protection runs before the reusable release-dispatch.yml workflow starts — the prepare step (which creates tags) now requires manual approval
  • Remove the inner environment: release from release-dispatch.yml's dispatch job; a single gate at the trigger level is sufficient

Problem

The prepare job in release-dispatch.yml creates git tags before reaching the environment: release gate on the inner dispatch job, so tags could be created without a manual approval step.

Test plan

  • Trigger a push to master that touches a CHANGELOG to confirm the deployment approval gate fires before any tags are created

@dkirov-dd @claude
ci(release): gate release-trigger on the release environment
39e4669 
Add environment: release to the dispatch job that calls the reusable
release-dispatch.yml workflow. GitHub's deployment protection runs
before any of the reusable workflow's jobs start, so the prepare step
(which creates tags) requires manual approval.

Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
@dkirov-dd dkirov-dd requested a review from a team as a code owner May 11, 2026 13:52
@dkirov-dd @claude
ci(release): gate release-trigger via intermediate approve job
8862948 
environment: release cannot be used on a job that calls a reusable
workflow (uses:). Instead, add an explicit approve job that holds the
environment gate; the dispatch job depends on it, so the reusable
workflow's prepare step (which creates tags) cannot run until a
reviewer approves the deployment.

Remove the previously-added environment: release from the dispatch
job (invalid) and the inner environment: release from release-dispatch.yml
(redundant — a single gate is sufficient).

Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
@dkirov-dd dkirov-dd added this pull request to the merge queue May 11, 2026
Merged via the queue into master with commit bd1e7bf May 11, 2026
14 checks passed
@dkirov-dd dkirov-dd deleted the dk/release-trigger-environment branch May 11, 2026 15:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@iliakur iliakur iliakur approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@dkirov-dd @iliakur