Skip to content

Gate release publishing#3539

Merged
koxudaxi merged 3 commits into
mainfrom
gate-publish-releases
Jul 2, 2026
Merged

Gate release publishing#3539
koxudaxi merged 3 commits into
mainfrom
gate-publish-releases

Conversation

@koxudaxi

@koxudaxi koxudaxi commented Jul 2, 2026

Copy link
Copy Markdown
Owner

Summary by CodeRabbit

  • Chores
    • Improved release publishing to only run on version-style tag patterns (including release candidates and backports) with stricter tag validation.
    • Added a manual option to bypass the release test gate, with a warning when enabled.
    • Ensured the build step runs only after verification completes.
    • Disabled caching for the build setup to keep release outputs consistent.
    • Enhanced published container images with provenance metadata and an SBOM.

@coderabbitai

coderabbitai Bot commented Jul 2, 2026

Copy link
Copy Markdown

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 70689587-56e6-4a62-9cd5-e9b4abe2412b

📥 Commits

Reviewing files that changed from the base of the PR and between 3352cf3 and d2d3dc8.

📒 Files selected for processing (1)
  • .github/workflows/publish.yaml
🚧 Files skipped from review as they are similar to previous changes (1)
  • .github/workflows/publish.yaml

📝 Walkthrough

Walkthrough

The publish workflow now restricts release-tag triggers, verifies tag and test-gate state before building, disables uv caching, and enables Docker provenance and SBOM output.

Changes

Publish Workflow Release Gating

Layer / File(s) Summary
Tag pattern matching and test-gate verification logic
.github/workflows/publish.yaml
Push tag triggers now match only release-style tags, workflow_dispatch adds skip_test_gate, and verify enforces tag/ref validation plus test-gate alignment with the Test workflow on main.
Build job wiring and cache settings
.github/workflows/publish.yaml
build now depends on verify, and setup-uv disables caching.
Docker publication outputs
.github/workflows/publish.yaml
docker/build-push-action now emits provenance metadata and SBOM output.

Estimated code review effort: 3 (Moderate) | ~20 minutes

Suggested labels: ci, github-actions
Suggested reviewers: koxudaxi

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title matches the main change: adding gating around release publishing.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch gate-publish-releases

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@github-actions

github-actions Bot commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

📚 Docs Preview: https://pr-3539.datamodel-code-generator.pages.dev

@codspeed-hq

codspeed-hq Bot commented Jul 2, 2026

Copy link
Copy Markdown

Merging this PR will not alter performance

⚠️ Unknown Walltime execution environment detected

Using the Walltime instrument on standard Hosted Runners will lead to inconsistent data.

For the most accurate results, we recommend using CodSpeed Macro Runners: bare-metal machines fine-tuned for performance measurement consistency.

✅ 11 untouched benchmarks
⏩ 98 skipped benchmarks1


Comparing gate-publish-releases (d2d3dc8) with main (3fed219)

Open in CodSpeed

Footnotes

  1. 98 benchmarks were skipped, so the baseline results were used instead. If they were deleted from the codebase, click here and archive them to remove them from the performance reports.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧹 Nitpick comments (1)
.github/workflows/publish.yaml (1)

198-199: 📐 Maintainability & Code Quality | 🔵 Trivial | 💤 Low value

Expect unknown/unknown entries on the Docker Hub tag page.

Enabling provenance: mode=max + sbom: true on a multi-platform build attaches attestation manifests to the image index, which registry UIs surface as extra unknown/unknown architecture rows — a known cosmetic side effect, not a build failure. Since this is a public repo, mode=max provenance is already the default, and the only build-arg exposed in provenance (VERSION) is non-sensitive, so this is purely a display consideration. If the extra entries are undesirable, they can be suppressed via annotations/output config; otherwise this is fine to keep for supply-chain metadata.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/publish.yaml around lines 198 - 199, The Docker build
attestation settings in the publish workflow are causing extra unknown/unknown
rows on Docker Hub, so decide whether to keep or suppress them. If you want to
avoid the cosmetic entries, adjust the buildx configuration in the publish
workflow to disable or redirect the provenance/SBOM output using the relevant
build configuration instead of leaving provenance: mode=max and sbom: true
attached to the image index; otherwise keep the current settings as-is since
they’re intentional supply-chain metadata.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In @.github/workflows/publish.yaml:
- Around line 198-199: The Docker build attestation settings in the publish
workflow are causing extra unknown/unknown rows on Docker Hub, so decide whether
to keep or suppress them. If you want to avoid the cosmetic entries, adjust the
buildx configuration in the publish workflow to disable or redirect the
provenance/SBOM output using the relevant build configuration instead of leaving
provenance: mode=max and sbom: true attached to the image index; otherwise keep
the current settings as-is since they’re intentional supply-chain metadata.

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: a4cfa4ac-1e36-43e2-837a-40d506803477

📥 Commits

Reviewing files that changed from the base of the PR and between 95a12c0 and ac50ebd.

📒 Files selected for processing (1)
  • .github/workflows/publish.yaml

@codecov

codecov Bot commented Jul 2, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 100.00%. Comparing base (95a12c0) to head (d2d3dc8).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files
@@            Coverage Diff            @@
##              main     #3539   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files          161       161           
  Lines        34363     34363           
  Branches      4011      4011           
=========================================
  Hits         34363     34363           
Flag Coverage Δ
unittests 100.00% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@koxudaxi koxudaxi merged commit 958c5b6 into main Jul 2, 2026
60 checks passed
@koxudaxi koxudaxi deleted the gate-publish-releases branch July 2, 2026 08:33
@github-actions

github-actions Bot commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

Breaking Change Analysis

Result: No breaking changes detected

Reasoning: The PR changes only .github/workflows/publish.yaml, an internal CI/CD release workflow. It adds a "verify" release gate (tag validation and test-gate check), restricts the publish trigger to specific tag patterns instead of '', disables uv caching, and enables provenance/sbom for the Docker build. None of these affect user-facing surfaces: no changes to generated code output, Jinja2 templates, CLI options, the Python API, supported Python versions, or error handling for the tool/library. The only removed line (the '' tag glob) only affects the release automation trigger, not any user-facing behavior. Therefore there are no breaking changes.


This analysis was performed by Claude Code Action

@github-actions

github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

🎉 Released in 0.67.0

This PR is now available in the latest release. See the release notes for details.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant