Fix release notes tag pattern to match actual semver tags (no v prefix)#2664
Merged
piyalbasu merged 2 commits intofeature/new-release-pipelinefrom Mar 24, 2026
Merged
Conversation
…refix) Co-authored-by: piyalbasu <6789586+piyalbasu@users.noreply.github.com> Agent-Logs-Url: https://github.com/stellar/freighter/sessions/774e2d0a-dd3f-44b9-ae49-778d641f5c0c
Copilot
AI
changed the title
[WIP] [WIP] Address feedback on new release pipeline implementation
Fix release notes tag pattern to match actual semver tags (no Mar 24, 2026
v prefix)
piyalbasu
approved these changes
Mar 24, 2026
piyalbasu
added a commit
that referenced
this pull request
Mar 27, 2026
* first pass at new release pipeline * Add PR preview and integration test pipelines, remove manifest v2 from createRelease - Add prPreview.yml: builds extension on every PR commit and publishes as a GitHub release - Add runIntegrationTests.yml: manual workflow for running tests with INTEGRATION_MODE=true - Remove manifest v2 update steps from createRelease.yml Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Rename createRelease to new-release with validation, release notes, and emergency release support Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Update .github/workflows/runIntegrationTests.yml Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * Fix release notes tag pattern to match actual semver tags (no `v` prefix) (#2664) * Initial plan * Fix tag pattern in new-release.yml to match plain semver tags (no v prefix) Co-authored-by: piyalbasu <6789586+piyalbasu@users.noreply.github.com> Agent-Logs-Url: https://github.com/stellar/freighter/sessions/774e2d0a-dd3f-44b9-ae49-778d641f5c0c --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: piyalbasu <6789586+piyalbasu@users.noreply.github.com> * Harden CI workflows against injection and supply-chain attacks - Validate inputs.branch with regex and pass through env context to prevent command injection - Replace git add -A with explicit file paths to avoid staging unintended files - Pin actions/checkout, actions/setup-node, and actions/upload-artifact to full commit SHAs - Restrict integration test workflow_dispatch to master branch only Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Add same-repo guard to PR preview workflow Restrict build-and-release and cleanup jobs to only run for PRs originating from the same repository, not forks. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Harden CI/CD workflows: security audit fixes - Rename new-release.yml to newRelease.yml - Add validate-branch-from composite action with tag validation - Replace third-party jossef/action-set-json-field with inline jq - Pin all actions to commit SHAs, remove mutable tag references - Add permissions blocks (least-privilege) to all workflows - Fix concurrency group to scope per-PR instead of global - Add runtime branch guard on integration test workflow_dispatch - Move branch input validation before checkout in release workflow - Add duplicate release tag guard - Use random heredoc delimiters to prevent output injection - Use mktemp for temp files, exact grep matches for branch checks - Reduce fetch-depth to 1 on test workflows - Move commented-out prPreview.yml to workflow-drafts/ - Remove unnecessary GITHUB_ENV export and token on checkout Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Fix env var formatting and git fetch error handling per review feedback Agent-Logs-Url: https://github.com/stellar/freighter/sessions/da96990c-afc7-4c32-8778-9dfb0f1bb116 Co-authored-by: piyalbasu <6789586+piyalbasu@users.noreply.github.com> * Apply review suggestions: checkout order fix, guard empty commits in release workflow Agent-Logs-Url: https://github.com/stellar/freighter/sessions/bde2ad2e-5cbf-4d02-bfa7-d25fa69154c2 Co-authored-by: piyalbasu <6789586+piyalbasu@users.noreply.github.com> * Remove unnecessary actions: write permission from runTests and runIntegrationTests workflows Agent-Logs-Url: https://github.com/stellar/freighter/sessions/035dca62-de23-4032-ac71-cca8afbcb069 Co-authored-by: piyalbasu <6789586+piyalbasu@users.noreply.github.com> --------- Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com> Co-authored-by: piyalbasu <6789586+piyalbasu@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Release notes generation in
new-release.ymlsearched for tags matchingv*/^v[0-9]+\.[0-9]+\.[0-9]+$, butsubmitProduction.ymlcreates plain semver tags (e.g.5.39.0). This causedlast_release_tagto always be empty, resulting in release notes spanning the entire repo history.Changes
.github/workflows/new-release.yml: Update tag glob and regex to match plain semver format:🔒 GitHub Advanced Security automatically protects Copilot coding agent pull requests. You can protect all pull requests by enabling Advanced Security for your repositories. Learn more about Advanced Security.