Skip to main content
The hotfix release workflow automatically creates release drafts when hotfix pull requests are merged to main or release branches.

Overview

The hotfix release workflow:
  • Trigger: Automatically when hotfix PR is merged to main or release branches
  • Condition: Only runs for merged pull requests
  • Quality Checks: Code quality validation before draft creation
  • Automatic: No manual intervention required
  • Fast: 15-minute timeout for quick hotfix releases

Workflow Flowchart

Workflow Configuration

The hotfix release draft workflow is defined in .github/workflows/hotfix-release-draft.yaml: 
name: Create new hotfix release draft
run-name: Create new hotfix release draft

on:
  pull_request:
    types:
      - closed
    branches:
      - main
      - release/**

permissions:
  contents: read

jobs:
  create_release_draft:
    name: Create release draft
    if: github.event.pull_request.merged == true
    runs-on: ubuntu-latest
    timeout-minutes: 15
    permissions:
      contents: write
      pull-requests: write
    steps:
      - name: Setup project
        id: setup-project
        uses: backbase-common/gc-ai-workflows/setup-project@main
        with:
            ref: ${{ github.event.pull_request.base.ref }}
            fetchDepth: "0"
            githubPrivateKey: ${{ secrets.GIT_GITHUB_APP_PEM_FILE }}
            githubAppId: ${{ secrets.GIT_GITHUB_APP_ID }}

      - name: Check actions pinning
        id: check_pin
        uses: backbase-common/gc-ai-workflows/check-action-pinning@main
      
      - name: Run code quality checks
        id: code-quality
        uses: backbase-common/gc-ai-workflows/code-quality@main
        with:
            sourcePath: "src/"

      - name: Create release draft
        id: create-release-draft
        uses: backbase-common/gc-ai-workflows/create-release-draft@main
        with:
            githubToken: ${{ steps.setup-project.outputs.githubToken }}
            baseBranch: ${{ github.event.pull_request.base.ref }}
            headBranch: ${{ github.event.pull_request.base.ref }}

Hotfix Process

1. PR Merge Trigger

When a hotfix PR is merged:
  • Workflow is automatically triggered
  • Only runs if PR was merged (not just closed)
  • Works for PRs merged to main or release/** branches
  • Uses the base branch as both source and target

2. Setup Project

  • Authenticates using GitHub App
  • Checks out code from the base branch (where PR was merged)
  • Sets up Python environment
  • Resolves project metadata

3. Action Pinning Check

  • Validates GitHub Actions are pinned to SHA versions
  • Ensures security compliance
  • Quick validation step

4. Code Quality Checks

  • Runs pylint for code quality
  • Executes pytest for unit tests
  • Runs hadolint for Dockerfile validation
  • Ensures hotfix doesn’t introduce quality issues

5. Create Release Draft

  • Creates release draft for the base branch
  • Updates version (typically patch version)
  • Generates release notes
  • Creates GitHub release draft

When to Use Hotfix Releases

Hotfix releases are appropriate for:
  • Critical Bug Fixes: Urgent fixes that need immediate release
  • Security Patches: Security vulnerabilities requiring quick resolution
  • Production Issues: Fixes for production issues affecting users
  • Emergency Fixes: Time-sensitive fixes that can’t wait for regular release cycle

Hotfix Workflow Characteristics

Automatic Triggering

  • No manual intervention required
  • Automatically runs when hotfix PR is merged
  • Streamlined process for urgent fixes

Fast Execution

  • 15-minute timeout for quick turnaround
  • Focused quality checks
  • Efficient release draft creation

Branch-Specific

  • Creates release draft for the branch where PR was merged
  • Supports both main and release branches
  • Maintains branch-specific versioning

Reusable Components Used

This workflow leverages:
  • setup-project: Sets up Python environment and resolves metadata
  • check-action-pinning: Validates GitHub Actions security
  • code-quality: Runs code quality checks
  • create-release-draft: Creates release draft with versioning
See the Reusable Components page for detailed documentation.

Hotfix Release Process

Steps

  1. Create Hotfix Branch: Create a branch from the target release branch
  2. Fix Issue: Implement the hotfix
  3. Create PR: Open pull request to main or release branch
  4. PR Validation: PR checks run automatically
  5. Merge PR: Merge the hotfix PR
  6. Auto-Trigger: Hotfix release workflow automatically starts
  7. Review Draft: Review the created release draft
  8. Publish: Publish the release when ready

Version Management

Hotfix releases typically:
  • Increment patch version (e.g., 1.2.31.2.4)
  • Maintain compatibility with base release
  • Include hotfix-specific release notes

Best Practices

  • Target Correct Branch: Merge hotfix to the appropriate branch (main or release)
  • Quick Quality Checks: Ensure code quality checks pass quickly
  • Clear PR Description: Include clear description of the hotfix
  • Test Thoroughly: Test hotfix before merging
  • Review Release Draft: Review auto-generated release notes

Troubleshooting

Common Issues

  1. Workflow Not Triggering
    • Ensure PR was merged (not just closed)
    • Verify PR was merged to main or release branch
    • Check workflow file exists and is correct
  2. Timeout Issues
    • Workflow has 15-minute timeout
    • Optimize code quality checks if needed
    • Review workflow logs for bottlenecks
  3. Quality Check Failures
    • Fix code quality issues before merging
    • Address pylint, pytest, or hadolint failures
    • Ensure hotfix doesn’t introduce new issues
  4. Release Draft Creation Failures
    • Verify release-drafter configuration
    • Check GitHub App credentials
    • Ensure proper repository permissions

Verification

  • Check workflow logs in GitHub Actions
  • Verify release draft was created
  • Review code quality check results
  • Confirm version numbers are correct

Next Steps