Release Draft Workflow

​

Overview

• Trigger: Manual workflow dispatch (only by code owners)
• Quality Checks: Code quality validation before draft creation
• Action Pinning: Verifies GitHub Actions are properly pinned
• Code Owner Verification: Only repository code owners can trigger
• Release Notes: Auto-generates release notes using release-drafter

​

Workflow Flowchart

​

Workflow Configuration

name: Create new release draft
run-name: Create new release draft

on:
  workflow_dispatch:

permissions:
  contents: read

jobs:
  create_release_draft:
    name: Create release draft
    permissions:
      contents: write
      pull-requests: write
    runs-on: ubuntu-latest
    steps:
      - name: Setup project
        id: setup-project
        uses: backbase-common/gc-ai-workflows/setup-project@main
        with:
            ref: "main"
            fetchDepth: "0"
            githubPrivateKey: ${{ secrets.GIT_GITHUB_APP_PEM_FILE }}
            githubAppId: ${{ secrets.GIT_GITHUB_APP_ID }}

      - name: Check actions pinning
        id: check_pin
        uses: backbase-common/gc-ai-workflows/check-action-pinning@main

      - name: Verify release triggering actor
        shell: bash
        run: |
          is_owner=$(cat .github/CODEOWNERS | grep '@${{ github.triggering_actor }}' | wc -c)
          if [[ $is_owner -eq '0' ]]; then
            echo "::error file=.github/CODEOWNERS::Only repository code owners are allowed to trigger this action"
            exit 127
          fi
      
      - name: Run code quality checks
        id: code-quality
        uses: backbase-common/gc-ai-workflows/code-quality@main
        with:
            sourcePath: "src/"

      - name: Create release draft
        id: create-release-draft
        uses: backbase-common/gc-ai-workflows/create-release-draft@main
        with:
            githubToken: ${{ steps.setup-project.outputs.githubToken }}

​

Release Draft Process

​

1. Setup Project

• Authenticates using GitHub App
• Checks out code from main branch
• Sets up Python environment
• Resolves project metadata and version

​

2. Action Pinning Check

• Validates that external GitHub Actions are pinned to SHA versions
• Ensures security best practices
• Checks actions in .github directory

​

3. Code Owner Verification

• Verifies the triggering actor is listed in .github/CODEOWNERS
• Prevents unauthorized release creation
• Fails if user is not a code owner

​

4. Code Quality Checks

• Runs pylint for code quality
• Executes pytest for unit tests
• Runs hadolint for Dockerfile validation
• Ensures code quality before release

​

5. Create Release Draft

• Merges branches (develop → main by default)
• Updates version in project files
• Creates git tag with version
• Generates release notes using release-drafter
• Creates GitHub release draft

​

Creating a Release Draft

​

Steps

1. Navigate to Actions: Go to GitHub Actions in your repository
2. Select Workflow: Choose “Create new release draft”
3. Run Workflow: Click “Run workflow” button
4. Wait for Completion: Monitor workflow execution
5. Review Draft: Check the created release draft in Releases

​

Prerequisites

• You must be listed in .github/CODEOWNERS
• All GitHub Actions must be pinned to SHA versions
• Code quality checks must pass
• Release-drafter configuration must exist (.github/release-drafter.yml)

​

Configuration

[!TIP] See the Configurations page for complete setup instructions and template files.

​

Release Drafter

name-template: '$RESOLVED_VERSION'
tag-template: '$RESOLVED_VERSION'
categories:
  - title: 'Features'
    labels:
      - 'feature'
  - title: 'Bug Fixes'
    labels:
      - 'bug'
change-template: '- $TITLE (#$NUMBER) @$AUTHOR'
version-resolver:
  default: patch

​

Reusable Components Used

• setup-project: Sets up Python environment and resolves metadata
• check-action-pinning: Validates GitHub Actions security
• code-quality: Runs code quality checks
• create-release-draft: Creates release draft with versioning

​

Version Management

• Detects current version from pyproject.toml
• Calculates next release version
• Updates version in project files
• Creates git tag with version
• Generates release notes

​

Best Practices

• Code Owner Verification: Ensure CODEOWNERS file is up to date
• Action Pinning: Keep all GitHub Actions pinned to SHA versions
• Quality Checks: Address any code quality issues before creating release
• Release Notes: Review auto-generated release notes before publishing
• Version Verification: Verify version numbers are correct

​

Troubleshooting

​

Common Issues

1. Code Owner Check Failure
   • Ensure you’re listed in .github/CODEOWNERS
   • Format: * @username or path/ @username
2. Action Pinning Failures
   • Pin all external GitHub Actions to SHA versions
   • Use actions/checkout@v4 format, not @main or @v4
3. Quality Gate Failures
   • Fix pylint errors
   • Address failing tests
   • Fix Dockerfile linting issues
4. Release Draft Creation Failures
   • Verify release-drafter configuration exists
   • Check GitHub App credentials
   • Ensure proper repository permissions

​

Verification

• Check workflow logs for detailed error messages
• Verify CODEOWNERS file format
• Review code quality check results
• Confirm release-drafter configuration

​

Next Steps

• Publish the release
• Learn about hotfix releases
• Review CI/CD overview