Skip to content

Commit 075e845

Browse files
dopeyclaude
dopey
and
claude
authored
Fix release workflow leaving permanent draft releases on GitHub (#1652)
The release workflow was creating a GitHub draft release before goreleaser ran. goreleaser preserves the draft state of releases it didn't create itself, so every release was left as a permanent draft. Removes the pre-goreleaser softprops/action-gh-release step entirely and lets goreleaser own the full lifecycle: create draft, upload assets, publish. Also renames the job from create_release to release_metadata (it only computes tag/version metadata now) and tightens workflow-level permissions from contents:write to contents:read. Change-Type: fix Release-Note: no Audience: operator Impact: medium Breaking: false Co-authored-by: Claude <noreply@anthropic.com>
1 parent f662820 commit 075e845

1 file changed

Lines changed: 13 additions & 23 deletions

File tree

.github/workflows/release.yml

Lines changed: 13 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,7 @@ on:
77
- 'v*' # Push events to matching v*, i.e. v1.0, v20.15.10
88

99
permissions:
10-
contents: write
10+
contents: read
1111

1212
jobs:
1313
ci:
@@ -18,10 +18,10 @@ jobs:
1818
uses: ./.github/workflows/ci.yml
1919
secrets: inherit
2020

21-
create_release:
22-
name: Create Release
21+
release_metadata:
22+
name: Release Metadata
2323
permissions:
24-
contents: write
24+
contents: read
2525
needs: ci
2626
runs-on: ubuntu-latest
2727
env:
@@ -58,53 +58,43 @@ jobs:
5858
run: |
5959
echo "DOCKER_TAGS=${{ env.DOCKER_TAGS }},${{ env.DOCKER_IMAGE }}:latest" >> "${GITHUB_ENV}"
6060
echo "DOCKER_TAGS_DEBIAN=${{ env.DOCKER_TAGS_DEBIAN }},${{ env.DOCKER_IMAGE }}:${DEBIAN_TAG}" >> "${GITHUB_ENV}"
61-
- name: Create Release
62-
id: create_release
63-
uses: softprops/action-gh-release@b4309332981a82ec1c5618f44dd2e27cc8bfbfda # v3.0.0
64-
env:
65-
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
66-
with:
67-
tag_name: ${{ github.ref_name }}
68-
name: Release ${{ github.ref_name }}
69-
draft: true
70-
prerelease: ${{ steps.is_prerelease.outputs.IS_PRERELEASE }}
7161
7262
goreleaser:
73-
needs: create_release
63+
needs: release_metadata
7464
permissions:
7565
id-token: write
7666
contents: write
7767
packages: write
7868
uses: smallstep/workflows/.github/workflows/goreleaser.yml@main
7969
with:
8070
enable-packages-upload: true
81-
is-prerelease: ${{ needs.create_release.outputs.is_prerelease == 'true' }}
71+
is-prerelease: ${{ needs.release_metadata.outputs.is_prerelease == 'true' }}
8272
secrets: inherit
8373

8474
build_upload_docker:
8575
name: Build & Upload Docker Images
86-
needs: create_release
76+
needs: release_metadata
8777
permissions:
8878
id-token: write
8979
contents: read
9080
uses: smallstep/workflows/.github/workflows/docker-buildx-push.yml@main
9181
with:
9282
platforms: linux/amd64,linux/386,linux/arm,linux/arm64
93-
tags: ${{ needs.create_release.outputs.docker_tags }}
83+
tags: ${{ needs.release_metadata.outputs.docker_tags }}
9484
docker_image: smallstep/step-cli
9585
docker_file: docker/Dockerfile
9686
secrets: inherit
9787

9888
build_upload_docker_debian:
9989
name: Build & Upload Docker Images using Debian
100-
needs: create_release
90+
needs: release_metadata
10191
permissions:
10292
id-token: write
10393
contents: read
10494
uses: smallstep/workflows/.github/workflows/docker-buildx-push.yml@main
10595
with:
10696
platforms: linux/amd64,linux/386,linux/arm,linux/arm64
107-
tags: ${{ needs.create_release.outputs.docker_tags_debian }}
97+
tags: ${{ needs.release_metadata.outputs.docker_tags_debian }}
10898
docker_image: smallstep/step-cli
10999
docker_file: docker/Dockerfile.debian
110100
secrets: inherit
@@ -116,8 +106,8 @@ jobs:
116106
permissions:
117107
contents: read
118108
runs-on: ubuntu-latest
119-
needs: create_release
120-
if: needs.create_release.outputs.is_prerelease == 'false'
109+
needs: release_metadata
110+
if: needs.release_metadata.outputs.is_prerelease == 'false'
121111
steps:
122112
- name: Checkout
123113
uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
@@ -179,7 +169,7 @@ jobs:
179169
180170
mv manifest.json.new manifest.json
181171
182-
git add . && git commit -a -m "step-cli ${{ needs.create_release.outputs.vversion }} reference update"
172+
git add . && git commit -a -m "step-cli ${{ needs.release_metadata.outputs.vversion }} reference update"
183173
- name: Push changes
184174
uses: ad-m/github-push-action@881a6320fdb16eb5318c5054f31c218aec2b324c # v1.3.0
185175
with:

0 commit comments

Comments
 (0)