Hotfix release workflow

• Trigger: Automatically when hotfix PR is merged to main or release branches
• Condition: Only runs for merged pull requests
• Quality Checks: Code quality validation before draft creation
• Automatic: No manual intervention required
• Fast: 15-minute timeout for quick hotfix releases

​

Workflow flowchart

​

Workflow configuration

name: Create new hotfix release draft
run-name: Create new hotfix release draft

on:
  pull_request:
    types:
      - closed
    branches:
      - main
      - release/**

permissions:
  contents: read

jobs:
  create_release_draft:
    name: Create release draft
    if: github.event.pull_request.merged == true
    runs-on: ubuntu-latest
    timeout-minutes: 15
    permissions:
      contents: write
      pull-requests: write
    steps:
      - name: Setup project
        id: setup-project
        uses: backbase-common/gc-ai-workflows/setup-project@main
        with:
            ref: ${{ github.event.pull_request.base.ref }}
            fetchDepth: "0"
            githubPrivateKey: ${{ secrets.GIT_GITHUB_APP_PEM_FILE }}
            githubAppId: ${{ secrets.GIT_GITHUB_APP_ID }}

      - name: Check actions pinning
        id: check_pin
        uses: backbase-common/gc-ai-workflows/check-action-pinning@main
      
      - name: Run code quality checks
        id: code-quality
        uses: backbase-common/gc-ai-workflows/code-quality@main
        with:
            sourcePath: "src/"

      - name: Create release draft
        id: create-release-draft
        uses: backbase-common/gc-ai-workflows/create-release-draft@main
        with:
            githubToken: ${{ steps.setup-project.outputs.githubToken }}
            baseBranch: ${{ github.event.pull_request.base.ref }}
            headBranch: ${{ github.event.pull_request.base.ref }}

​

Hotfix process

​

1. PR merge trigger

• Workflow is automatically triggered
• Only runs if PR was merged (not just closed)
• Works for PRs merged to main or release/** branches
• Uses the base branch as both source and target

​

2. Set up project

• Authenticates using GitHub App
• Checks out code from the base branch (where PR was merged)
• Sets up Python environment
• Resolves project metadata

​

3. Action pinning check

• Validates GitHub Actions are pinned to SHA versions
• Ensures security compliance
• Quick validation step

​

4. Code quality checks

• Runs pylint for code quality
• Executes pytest for unit tests
• Runs hadolint for Dockerfile validation
• Ensures hotfix doesn’t introduce quality issues

​

5. Create release draft

• Creates release draft for the base branch
• Updates version (typically patch version)
• Generates release notes
• Creates GitHub release draft

​

When to use hotfix releases

• Critical Bug Fixes: Urgent fixes that need immediate release
• Security Patches: Security vulnerabilities requiring quick resolution
• Production Issues: Fixes for production issues affecting users
• Emergency Fixes: Time-sensitive fixes that can’t wait for regular release cycle

​

Hotfix workflow characteristics

​

Automatic triggering

• No manual intervention required
• Automatically runs when hotfix PR is merged
• Streamlined process for urgent fixes

​

Fast execution

• 15-minute timeout for quick turnaround
• Focused quality checks
• Efficient release draft creation

​

Branch-specific

• Creates release draft for the branch where PR was merged
• Supports both main and release branches
• Maintains branch-specific versioning

​

Reusable components used

• setup-project: Sets up Python environment and resolves metadata
• check-action-pinning: Validates GitHub Actions security
• code-quality: Runs code quality checks
• create-release-draft: Creates release draft with versioning

​

Hotfix release process

​

Steps

1. Create Hotfix Branch: Create a branch from the target release branch
2. Fix Issue: Implement the hotfix
3. Create PR: Open pull request to main or release branch
4. PR Validation: PR checks run automatically
5. Merge PR: Merge the hotfix PR
6. Auto-Trigger: Hotfix release workflow automatically starts
7. Review Draft: Review the created release draft
8. Publish: Publish the release when ready

​

Version management

• Increment patch version (e.g., 1.2.3 → 1.2.4)
• Maintain compatibility with base release
• Include hotfix-specific release notes

​

Best practices

• Target Correct Branch: Merge hotfix to the appropriate branch (main or release)
• Quick Quality Checks: Ensure code quality checks pass quickly
• Clear PR Description: Include clear description of the hotfix
• Test Thoroughly: Test hotfix before merging
• Review Release Draft: Review auto-generated release notes

​

Troubleshooting

​

Common issues

1. Workflow Not Triggering
   • Ensure PR was merged (not just closed)
   • Verify PR was merged to main or release branch
   • Check workflow file exists and is correct
2. Timeout Issues
   • Workflow has 15-minute timeout
   • Optimize code quality checks if needed
   • Review workflow logs for bottlenecks
3. Quality Check Failures
   • Fix code quality issues before merging
   • Address pylint, pytest, or hadolint failures
   • Ensure hotfix doesn’t introduce new issues
4. Release Draft Creation Failures
   • Verify release-drafter configuration
   • Check GitHub App credentials
   • Ensure proper repository permissions

​

Verification

• Check workflow logs in GitHub Actions
• Verify release draft was created
• Review code quality check results
• Confirm version numbers are correct

​

Next steps

• Publish the hotfix release
• Learn about regular release drafts
• Review CI/CD overview