feat(build): integrate release-please bot with GitHub App auth and CI gating#139
Merged
WilliamBerryiii merged 2 commits intomainfrom Feb 7, 2026
Merged
feat(build): integrate release-please bot with GitHub App auth and CI gating#139WilliamBerryiii merged 2 commits intomainfrom
WilliamBerryiii merged 2 commits intomainfrom
Conversation
- merge release-please into main.yml gated behind all 6 CI jobs - add publish-release job to promote draft releases - upgrade release-please-action from v4.1.0 to v4.4.0 - add draft mode, search depths, emoji changelog headers to config - delete standalone release-please.yml 🤖 - Generated by Copilot
Dependency Review✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.Scanned Files
|
agreaves-ms
approved these changes
Feb 6, 2026
- add concurrency group to release-please and publish-release jobs - replace GITHUB_TOKEN with App token in publish-release job - downgrade publish-release permissions from contents:write to contents:read 🔧 - Generated by Copilot
This was referenced Feb 7, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Consolidated release-please automation into the main CI pipeline with GitHub App authentication, CI gating, and a two-stage release workflow (draft then publish).
main.ymlas a newrelease-pleasejob gated behind all 6 CI jobs (spell-check, markdown-lint, table-format, psscriptanalyzer, link-lang-check, markdown-link-check)publish-releasejob that promotes draft releases to published whenrelease_createdis trueGITHUB_TOKENwithcontents: write/pull-requests: writeto GitHub App token viaactions/[email protected]with least-privilegecontents: readrelease-please-actionfrom v4.1.0 to v4.4.0 (SHA-pinned)release-search-depthto 800 andcommit-search-depthto 1000 inrelease-please-config.jsonrelease-please.ymlworkflow(build)to allowed commit scopes incommit-message.instructions.mdCloses #138
Type of Change
Component(s) Affected
deploy/000-prerequisites- Azure subscription setupdeploy/001-iac- Terraform infrastructuredeploy/002-setup- OSMO control plane / Helmdeploy/004-workflow- Training workflowssrc/training- Python training scriptsdocs/- DocumentationTesting Performed
planreviewed (no unexpected changes)applytested in dev environmentsmoke_test_azure.py)Checklist
Notes
release-pleasejob requires a GitHub App registered with Contents (R/W), Pull Requests (R/W), and Metadata (R) permissions. ConfigureRELEASE_APP_IDas a repository variable andRELEASE_APP_PRIVATE_KEYas a repository secret before merging.publish-releasejob usesGITHUB_TOKENwithcontents: writeto flip the draft flag — no App token needed for this step.Component(s) AffectedorTesting Performedcheckboxes apply to this workflow-only change.ifguard from the old workflow (!startsWith(...)) is intentionally not carried forward; release-please handles duplicate-release prevention internally.🚀 - Generated by Copilot