Skip to content

Backport: Fix release workflow#6006

Merged
nscuro merged 1 commit intoDependencyTrack:4.14.xfrom
nscuro:backport-pr-6003
Apr 3, 2026
Merged

Backport: Fix release workflow#6006
nscuro merged 1 commit intoDependencyTrack:4.14.xfrom
nscuro:backport-pr-6003

Conversation

@nscuro
Copy link
Copy Markdown
Member

@nscuro nscuro commented Apr 3, 2026

Description

Fixes release workflow.

It turns out that creating a draft release doesn't trigger a release: created event. Instead, we need to push a tag, which then fires the push: tags event.

For this to work, the push must be performed with a non-default PAT. A BOT_RELEASE_GITHUB_TOKEN secrets has been created with minimal privileges, and scoped to this repository.

Note that tags were previously created implicitly when creating the GitHub release.

Also replaces commits via GitHub CLI with actual commits using git.

Addressed Issue

Backports #6003

Additional Details

N/A

Checklist

  • I have read and understand the contributing guidelines
  • This PR fixes a defect, and I have provided tests to verify that the fix is effective
  • This PR implements an enhancement, and I have provided tests to verify that it works as intended
  • This PR introduces changes to the database model, and I have added corresponding update logic
  • This PR introduces new or alters existing behavior, and I have updated the documentation accordingly

@nscuro
Fix release workflow
eed9049 
It turns out that creating a draft release doesn't trigger a `release: created` event. Instead, we need to push a tag, which then fires the `push: tags` event.

For this to work, the push must be performed with a non-default PAT. A BOT_RELEASE_GITHUB_TOKEN secrets has been created with minimal privileges, and scoped to this repository.

Note that tags were previously created implicitly when creating the GitHub release.

Also replaces commits via GitHub CLI with actual commits using git.

Signed-off-by: nscuro <[email protected]>
@nscuro nscuro added this to the 4.14.1 milestone Apr 3, 2026
@owasp-dt-bot
Copy link
Copy Markdown

owasp-dt-bot commented Apr 3, 2026

Snyk checks have passed. No issues have been found so far.

Status Scan Engine Critical High Medium Low Total (0)
Open Source Security 0 0 0 0 0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

@codacy-production
Copy link
Copy Markdown

codacy-production bot commented Apr 3, 2026
edited
Loading

Up to standards ✅

🟢 Issues 0 issues

Results:
0 new issues

View in Codacy

🟢 Coverage ∅ diff coverage

Metric Results
Coverage variation Report missing for d53530c1
Diff coverage diff coverage (70.00%)

View coverage diff in Codacy

Coverage variation details
Coverable lines Covered lines Coverage
Common ancestor commit (d53530c) Report Missing Report Missing Report Missing
Head commit (eed9049) 24798 20120 81.14%

Coverage variation is the difference between the coverage for the head and common ancestor commits of the pull request branch: <coverage of head commit> - <coverage of common ancestor commit>

Diff coverage details
Coverable lines Covered lines Diff coverage
Pull request (#6006) 0 0 ∅ (not applicable)

Diff coverage is the percentage of lines that are covered by tests out of the coverable lines that the pull request added or modified: <covered lines added or modified>/<coverable lines added or modified> * 100%

1 Codacy didn't receive coverage data for the commit, or there was an error processing the received data. Check your integration for errors and validate that your coverage setup is correct.

TIP This summary will be updated as you push new changes. Give us feedback

@nscuro nscuro merged commit dca27c3 into DependencyTrack:4.14.x Apr 3, 2026
7 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

4.14.1

Development

Successfully merging this pull request may close these issues.

2 participants

@nscuro @owasp-dt-bot