ci(release): fail workflow as a reminder to generate release notes

thomasleplus · thomasleplus · commit bfee96a6a1a2 · 2025-09-20T16:09:22.000+02:00
diff --git a/.github/workflows/docker-release.yml b/.github/workflows/docker-release.yml
@@ -43,7 +43,6 @@ jobs:
             type=semver,pattern={{major}}
             type=sha
       - uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0
-        if: startsWith(github.ref, 'refs/tags/')
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
@@ -74,3 +73,12 @@ jobs:
             images+=("${tag}@${DIGEST}")
           done
           cosign sign --recursive --yes "${images[@]}"
+      - name: Manually generate release note
+        shell: bash
+        run: |
+          set -euo pipefail
+          IFS=$'\n\t'
+          echo "This failure is expected. It is a reminder to update the release notes for this newly created release."
+          echo "To do so, go to ${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}/releases/latest and click on the edit button."
+          echo "Then click on the 'Generate release notes' button and finally the 'Update release' button. Cheers!"
+          exit 1
diff --git a/.zizmor.yml b/.zizmor.yml
@@ -3,12 +3,15 @@ rules:
   forbidden-uses:
     config:
       allow:
+        - Azure/*
         - actions/*
+        - aws-actions/*
         - docker/*
-        - github/codeql-action/*
-        - google/osv-scanner-action/*
-        - microsoft/DevSkim-Action
-        - microsoft/security-devops-action
-        - ossf/scorecard-action
-        - sigstore/cosign-installer
+        - github/*
+        - google-github-actions/*
+        - google/*
+        - googleapis/*
+        - microsoft/*
+        - ossf/*
+        - sigstore/*
         - super-linter/super-linter
