Run validation before releasing

[martyspiewak]

Changes proposed by this PR

• Updates release workflow to only create releases off tags from commits on main.
• Also only creates release if tag is formatted correctly

PR Checklist

Note: Please do not remove items. Mark items as done [x] or use strikethrough if you believe they are not relevant

• Linked to a relevant issue. Eg: Fixes #123 or Updates #123
• Removed non-atomic or wip commits
• Filled in the Release Note section above
• Modified the docs to match changes

[idoru]

LGTM, thanks!

[netlify]

✅ Deploy Preview for elated-stonebraker-105904 canceled.

Name	Link
🔨 Latest commit	92f397b
🔍 Latest deploy log	https://app.netlify.com/sites/elated-stonebraker-105904/deploys/623cb3111eebe700084676a0

[scothis]

Do we never expect to create a release from a release branch? Or back port a bug fix or security patch to a previous release that isn't on main?

[idoru]

@scothis As of #717 the release is a separately a triggered action and doesn't run tests which now run for every commit on main.

If that's the model going forward, when we have release branches then I imagine we'll also run tests for all commits on those too, and expand this restriction.

[cirocosta]

@idoru so you're saying that we could in validation.yaml remove

cartographer/.github/workflows/validation.yaml

Lines 15 to 20 in fa8800d

	name: validation
	on:
	push:
	branches: [main]
	pull_request:
	branches: [main]

by something like

name: validation
on:
  push:

so we run validation on every commit anywhere, and then drop the check this PR is adding? so that we could, before pushing a tag (from main or a release branch), make sure that the validation did take place, everything went well, and we can release from it?

I think keeping the ability to release from a tag regardless of the branch is very important

[martyspiewak]

@cirocosta I'd recommend something more like:

name: validation
on:
  push:
    branches:
      - main
      - release-*

or something to that effect, rather than running validations on every commit to any spike branch we create.

But are you also saying you'd prefer that the check introduced in this PR be removed?

[scothis]

or something to that effect, rather than running validations on every commit to any spike branch we create.

That's what forks are for.

so we run validation on every commit anywhere

It's not every commit, it's every push, just because a commit is on a branch doesn't mean that the workflow will have run for that commit. And certainly doesn't mean that the workflow passed.

If there's one commit I want to makes sure passes all validation it's a tag. Assuming the tagged commit had all the tests pass, I'd still want the release artifacts to undergone the same testing. Two builds of the same source will be very similar, but not identical.

For example, this is a workflow I've found to work well. It builds an artifact once, runs a battery of acceptance tests and then if the run is for a tag, creates a draft release with those artifacts. The released bits are the bits the tests ran against.

[idoru]

LGTM 👍