Skip to content

Validate supplied branch and tag exist for RN gen #18481

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
donoghuc merged 2 commits into from
Dec 10, 2025
Merged

Validate supplied branch and tag exist for RN gen #18481

donoghuc merged 2 commits into from
Dec 10, 2025
+19 −3

Conversation

@donoghuc
Copy link
Member

@donoghuc donoghuc commented Dec 10, 2025

Release notes

[rn:skip]

What does this PR do?

Add a validation step to the action for generating release notes. Without input validation tags/branches that do not exist (due to typo, errors in workflow inputs) can go un-noticed with PRs that have empty commit ranges.

@donoghuc
Validate supplied branch and tag exist for RN gen
400cf04 
Add a validation step to the action for generating release notes. Without input
validation tags/branches that do not exist (due to typo, errors in workflow
inputs) can go un-noticed with PRs that have empty commit ranges.
@donoghuc donoghuc requested review from a team as code owners December 10, 2025 18:21
@github-actions
Copy link
Contributor

github-actions bot commented Dec 10, 2025

🤖 GitHub comments

Just comment with:

  • run docs-build : Re-trigger the docs validation. (use unformatted text in the comment!)
  • /run exhaustive tests : Run the exhaustive tests Buildkite pipeline.

@mergify
Copy link
Contributor

mergify bot commented Dec 10, 2025

This pull request does not have a backport label. Could you fix it @donoghuc? 🙏
To fixup this pull request, you need to add the backport labels for the needed
branches, such as:

  • backport-8./d is the label to automatically backport to the 8./d branch. /d is the digit.
  • If no backport is necessary, please add the backport-skip label

@donoghuc donoghuc mentioned this pull request Dec 10, 2025
Open
v1v
v1v reviewed Dec 10, 2025
View reviewed changes
.github/workflows/gen_release_notes.yml Outdated
Comment on lines 27 to 31
fetch-depth: 0
- name: Validate the supplied target branch and last release tag exist
run: |
git fetch --tags
Copy link
Member

@v1v v1v Dec 10, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: if you want to use the more native github approach, although https://github.com/actions/checkout#fetch-all-history-for-all-tags-and-branches.

but I think

 # Whether to fetch tags, even if fetch-depth > 0.
 # Default: false
 fetch-tags: ''
Suggested change
fetch-depth: 0
- name: Validate the supplied target branch and last release tag exist
run: |
git fetch --tags
fetch-depth: 0
fetch-tags: true
- name: Validate the supplied target branch and last release tag exist
run: |

Copy link
Member Author

@donoghuc donoghuc Dec 10, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ah, right. Good call.

.github/workflows/gen_release_notes.yml Outdated
Comment on lines 32 to 40
if ! git rev-parse --verify "origin/${{ github.event.inputs.branch }}" >/dev/null 2>&1; then
echo "Error: Branch ${{ github.event.inputs.branch }} does not exist"
exit 1
fi
if ! git rev-parse --verify "v${{ github.event.inputs.last_release }}" >/dev/null 2>&1; then
echo "Error: Tag v${{ github.event.inputs.last_release }} does not exist"
exit 1
fi
Copy link
Member

@v1v v1v Dec 10, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Use intermediate env variables for inputs as explained in the security hardening:

Suggested change
if ! git rev-parse --verify "origin/${{ github.event.inputs.branch }}" >/dev/null 2>&1; then
echo "Error: Branch ${{ github.event.inputs.branch }} does not exist"
exit 1
fi
if ! git rev-parse --verify "v${{ github.event.inputs.last_release }}" >/dev/null 2>&1; then
echo "Error: Tag v${{ github.event.inputs.last_release }} does not exist"
exit 1
fi
if ! git rev-parse --verify "origin/${BRANCH}" >/dev/null 2>&1; then
echo "Error: Branch ${BRANCH} does not exist"
exit 1
fi
if ! git rev-parse --verify "v${LAST_RELEASE}" >/dev/null 2>&1; then
echo "Error: Tag v${LAST_RELEASE} does not exist"
exit 1
fi
env:
LAST_RELEASE: ${{ inputs.last_release }}
BRANCH: ${{ inputs.branch }}

Maybe these env variables should be created a the job-level so it can be used in other steps

Copy link
Member Author

@donoghuc donoghuc Dec 10, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Updated with your last thought (ENV vars at job level).

@donoghuc
Codereview feedback application
a0080ab 
Use action for fetching tags and env vars for looking up inputs
@donoghuc donoghuc added the backport-skip Skip automated backport with mergify label Dec 10, 2025
@donoghuc donoghuc merged commit cfa4fb9 into elastic:main Dec 10, 2025
12 checks passed
@donoghuc donoghuc mentioned this pull request Dec 10, 2025
Closed
@donoghuc
Copy link
Member Author

donoghuc commented Dec 10, 2025

Run showing validation is working (fails when tag does not exist): https://github.com/elastic/logstash/actions/runs/20114283936
Run showing happy path works: https://github.com/elastic/logstash/actions/runs/20114309562

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@v1v v1v v1v approved these changes

Assignees

No one assigned

Labels

backport-skip Skip automated backport with mergify

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@donoghuc @v1v