Skip to content

Implement draft release job#68

Merged
IgorDobryn merged 1 commit into
mainfrom
implement-draft-release-workflow-for-mailtrap-php
Jul 9, 2026
Merged

Implement draft release job#68
IgorDobryn merged 1 commit into
mainfrom
implement-draft-release-workflow-for-mailtrap-php

Conversation

@IgorDobryn

@IgorDobryn IgorDobryn commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

Motivation

Release automation

Changes

  • Implement draft-release workflow

How to test

  • Trigger draft release workflow
  • Assert new release PR created
  • Assert new release tag is added

Summary by CodeRabbit

  • New Features

    • Automated draft release creation now generates release notes, updates the changelog, and opens a release pull request.
    • The release flow now calculates the next version automatically from the latest published tag.
  • Chores

    • Added safeguards to prevent overlapping release workflow runs.
    • Updated workflow permissions so release actions can complete reliably.

@coderabbitai

coderabbitai Bot commented Jul 9, 2026

Copy link
Copy Markdown

Review Change Stack

📝 Walkthrough

Walkthrough

A placeholder GitHub Actions workflow for drafting PHP releases was replaced with a functional pipeline. The new workflow computes the next semantic version, generates release notes from merged PRs, updates CHANGELOG.md, opens a release PR, and creates a draft GitHub release, with added concurrency and permissions settings.

Changes

Draft PHP release automation

Layer / File(s) Summary
Workflow header, concurrency, and permissions
.github/workflows/draft-release.yml
Workflow renamed to "Draft PHP Release" with descriptive comments, plus added concurrency grouping and explicit contents: write/pull-requests: write permissions.
Release job implementation
.github/workflows/draft-release.yml
Placeholder job replaced with steps that checkout main, read the latest release tag, compute next semver, generate release notes, prepend them to CHANGELOG.md, and conditionally open a release PR and draft GitHub release.

Estimated code review effort: 3 (Moderate) | ~20 minutes

Sequence Diagram(s)

sequenceDiagram
  participant Workflow as draft-release workflow
  participant GH as GitHub CLI
  participant SemverAction as compute-next-semver
  participant NotesAction as release notes action
  participant Repo as CHANGELOG.md / main

  Workflow->>GH: fetch latest release tag
  Workflow->>SemverAction: compute next version from current version
  Workflow->>NotesAction: generate release notes from merged PRs
  NotesAction-->>Workflow: release_notes output
  alt release_notes not empty
    Workflow->>Repo: prepend notes to CHANGELOG.md
    Workflow->>Repo: open release PR against main
    Workflow->>GH: create draft GitHub release
  end
Loading
🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Title check ✅ Passed The title is concise and accurately describes the main change: implementing the draft release job.
Description check ✅ Passed The description covers Motivation, Changes, and How to test, with only the optional Images and GIFs section omitted.
✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch implement-draft-release-workflow-for-mailtrap-php

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@IgorDobryn IgorDobryn marked this pull request as ready for review July 9, 2026 10:53

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🧹 Nitpick comments (1)
.github/workflows/draft-release.yml (1)

47-47: 🔒 Security & Privacy | 🔵 Trivial | ⚖️ Poor tradeoff

Consider pinning third-party actions to a commit SHA.

All five railsware/github-actions/* actions are referenced at @master, a mutable ref. Given these steps run with contents: write/pull-requests: write and access the job token, a mutated master would execute untrusted code with those privileges. Pinning to a full commit SHA (with a version comment) mitigates supply-chain drift.

Also applies to: 54-54, 60-60, 67-67, 77-77

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/draft-release.yml at line 47, The workflow uses multiple
railsware/github-actions steps via the mutable `@master` ref, which should be
pinned to immutable commit SHAs. Update each referenced action in the
draft-release workflow, including compute-next-semver and the other
railsware/github-actions/* usages, to a full commit SHA and keep a version
comment so the action versions are fixed and auditable.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/draft-release.yml:
- Around line 42-43: The release version lookup in the draft-release workflow
fails before any published release exists because the `gh api ...
releases/latest` call returns 404. Update the version-seeding logic around the
`latest`/`GITHUB_OUTPUT` step to handle the no-published-release case
gracefully, either by falling back to a default initial version or by detecting
the 404 and using a safe starting version so the draft release can still be
created.

---

Nitpick comments:
In @.github/workflows/draft-release.yml:
- Line 47: The workflow uses multiple railsware/github-actions steps via the
mutable `@master` ref, which should be pinned to immutable commit SHAs. Update
each referenced action in the draft-release workflow, including
compute-next-semver and the other railsware/github-actions/* usages, to a full
commit SHA and keep a version comment so the action versions are fixed and
auditable.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: f0d03547-c013-4e12-925c-dbc1654c3162

📥 Commits

Reviewing files that changed from the base of the PR and between 7d7d181 and 5538dd3.

📒 Files selected for processing (1)
  • .github/workflows/draft-release.yml

Comment on lines +42 to +43
latest=$(gh api "repos/$GITHUB_REPOSITORY/releases/latest" --jq '.tag_name')
echo "version=${latest#v}" >> "$GITHUB_OUTPUT"

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🩺 Stability & Availability | 🟠 Major | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -euo pipefail

# Inspect the workflow around the cited lines
cat -n .github/workflows/draft-release.yml | sed -n '1,120p'

# Find any references to compute-next-semver in the repo
rg -n "compute-next-semver|releases/latest|latest release|version=" .github/workflows . -g '!node_modules'

Repository: mailtrap/mailtrap-php

Length of output: 3764


🌐 Web query:

GitHub API releases/latest draft prerelease excluded no published release 404 compute-next-semver empty current input

💡 Result:

The GitHub API endpoint GET /repos/{owner}/{repo}/releases/latest is designed to return the most recent non-prerelease, non-draft release [1][2][3]. If a repository has only draft or prerelease releases, or no releases at all, this endpoint will return a 404 Not Found error [2][4][5]. This occurs because the endpoint specifically ignores drafts and prereleases when determining the "latest" version [1][2][6]. Key behaviors and technical details: - Definition of Latest: The "latest" release is strictly defined as the most recent published full release, sorted by the created_at attribute [1][3]. - API 404: The 404 response is the standard behavior when the criteria for a "latest" release are not met [4]. While some official documentation may not explicitly list 404 as a potential response code, it is widely documented as the expected behavior for repositories lacking stable, published releases [4]. - Prerelease/Draft Exclusion: These release types are intentionally excluded from this specific endpoint [1][5]. They cannot be set as the "latest" release via the API's make_latest parameter [1][3]. - Handling 404s: Developers relying on this endpoint for automated tooling (like version resolvers) must implement handling for the 404 error, typically by falling back to listing all releases and manually parsing tags to find the latest available version [2][7]. For scenarios where you need to support prereleases or drafts, you should avoid /releases/latest and instead use the /repos/{owner}/{repo}/releases endpoint to list all releases and filter them programmatically [2].

Citations:


🌐 Web query:

railsware/github-actions compute-next-semver empty current input default initial version

💡 Result:

The railsware/github-actions repository contains a collection of utility actions [1], but there is no widely documented or specialized GitHub Action named compute-next-semver within that specific organization [2][3][1]. It is highly likely that the action you are referring to is a different project—such as MiguelRipoll23/get-next-version [4], mirceanton/action-semver-metadata [5], or lhstrh/action-repo-semver [6]—which are commonly used to compute semantic versions and handle initial version inputs. If you are encountering issues with "empty" inputs for initial versions in such GitHub Actions: 1. Handling of Empty Inputs: In GitHub Actions, if a workflow input is empty, it does not automatically revert to a default value unless the action logic explicitly checks for an empty string and applies a fallback [4][7]. 2. Default Behavior: Most well-designed semver actions (like mirceanton/action-semver-metadata [5] or lhstrh/action-repo-semver [6]) have explicit input fields (e.g., default-version) to handle the case where no previous release exists. 3. Troubleshooting: - Verify the exact repository name you are using. - Check the action.yml file of the specific action for an input parameter named something like default-initial-version, initial-version, or default-version [4][5][6]. - Ensure you are providing this input in your workflow if you do not want to rely on the hardcoded default (which is often 0.0.0 or 1.0.0) [5][6]. If you are using a custom or private action, you may need to update its logic to check if the input is empty or null and provide a default accordingly [4].

Citations:


🌐 Web query:

site:github.com/railsware/github-actions compute-next-semver action.yml current input default empty

💡 Result:

Based on the provided search results, there is no widely recognized GitHub Action named exactly compute-next-semver. Several similar tools exist, such as allegro-actions/next-version [1], fabien-marty/github-next-semantic-version [2], and other CLI-based tools like git-semver [3] and next-ver [4]. In the context of GitHub Actions, inputs defined in an action.yml file that are left empty or omitted by the user behave according to the default value specified in the configuration. If a default is defined as an empty string or not provided, the input will hold an empty value within the action's execution environment. For example, in the documentation for github-next-semantic-version, specific options like --must-have-labels explicitly note that "empty => no filtering" [2]. If you are working with a specific custom action, you should check its action.yml file to see how the default property is defined for each input.

Citations:


Handle the no-published-release case in draft-release.yml

GET /repos/$GITHUB_REPOSITORY/releases/latest returns 404 until the repo has a published release, and this workflow only creates drafts. Seed an initial version or fall back cleanly here so the first draft release doesn’t fail.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/draft-release.yml around lines 42 - 43, The release
version lookup in the draft-release workflow fails before any published release
exists because the `gh api ... releases/latest` call returns 404. Update the
version-seeding logic around the `latest`/`GITHUB_OUTPUT` step to handle the
no-published-release case gracefully, either by falling back to a default
initial version or by detecting the 404 and using a safe starting version so the
draft release can still be created.

@IgorDobryn IgorDobryn merged commit 21c27d0 into main Jul 9, 2026
23 checks passed
@IgorDobryn IgorDobryn deleted the implement-draft-release-workflow-for-mailtrap-php branch July 9, 2026 13:29
@github-actions github-actions Bot mentioned this pull request Jul 9, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants