Skip to content

GHA-221 Improve automated-release with features required by cloud-security#124

Open
jonas-wielage-sonarsource wants to merge 1 commit intomasterfrom
jw/make-automated-release-cs-ready
Open

GHA-221 Improve automated-release with features required by cloud-security#124
jonas-wielage-sonarsource wants to merge 1 commit intomasterfrom
jw/make-automated-release-cs-ready

Conversation

@jonas-wielage-sonarsource
Copy link
Contributor

@jonas-wielage-sonarsource jonas-wielage-sonarsource commented Mar 20, 2026

Part of

@hashicorp-vault-sonar-prod hashicorp-vault-sonar-prod bot changed the title Improve automated-release with features required by cloud-security GHA-221 Improve automated-release with features required by cloud-security Mar 20, 2026
@hashicorp-vault-sonar-prod
Copy link

hashicorp-vault-sonar-prod bot commented Mar 20, 2026
edited by atlassian bot
Loading

GHA-221

@sonarqubecloud
Copy link

sonarqubecloud bot commented Mar 20, 2026

SonarQube reviewer guide

Review in SonarQube

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@sonar-review-alpha
Copy link

sonar-review-alpha bot commented Mar 20, 2026
edited
Loading

Summary

Adds two new features to the automated release workflow:

  1. Rule metadata update check: Introduces require-rule-metadata-update input that runs a rule metadata validation job before release. If changes are detected, a PR is created automatically and the release is blocked until merged—ensuring metadata is always up-to-date.

  2. CLI integration tickets: Adds create-cli-ticket input and implementation to support creating integration tickets in the CLI Jira project, mirroring existing integration ticket patterns (SLI, SLE, etc.)

What reviewers should know

Where to start: Look at the two new input parameters (lines 89-93 and 129-133), then the new update-rule-metadata job (lines 276-325) which shows the validation logic. The metadata check is the most significant change—it modifies the release flow by adding a blocking gate.

Key points for reviewers:

  • The update-rule-metadata job is conditional (only runs if the input is enabled) and properly skipped if not needed
  • It blocks the release with a clear error message and PR link when metadata changes are detected
  • The prepare-release job now depends on update-rule-metadata with correct skip conditions (lines 335-338)
  • CLI ticket creation follows the existing integration ticket pattern—minimal new logic
  • The final results check (line 822) now includes the metadata job, ensuring it's part of success validation

Watch for: The error message in the metadata check tells users to start a new workflow run rather than retry—this is intentional since a metadata PR needs to be merged on master first. Verify this matches your release process expectations.

  • Generate Walkthrough
  • Generate Diagram

🗣️ Give feedback

sonar-review-alpha[bot]
sonar-review-alpha bot reviewed Mar 20, 2026
View reviewed changes
Copy link

@sonar-review-alpha sonar-review-alpha bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Conclusion: Clean, focused PR. Both features follow existing patterns faithfully, the new update-rule-metadata gate integrates correctly into the job dependency chain (including skip propagation and the final results loop), and the CLI ticket step is a straightforward copy of the established integration ticket pattern.

🗣️ Give feedback

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sonar-review-alpha sonar-review-alpha[bot] sonar-review-alpha[bot] left review comments

@yasen-pavlov-sonarsource yasen-pavlov-sonarsource yasen-pavlov-sonarsource approved these changes

@nils-werner-sonarsource nils-werner-sonarsource Awaiting requested review from nils-werner-sonarsource

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jonas-wielage-sonarsource @yasen-pavlov-sonarsource