Skip to content

fix: auto-trigger CI and Docker publish for release-please PRs#21

Merged
GraysonCAdams merged 2 commits intomainfrom
fix/release-pr-checks
Mar 1, 2026
Merged

fix: auto-trigger CI and Docker publish for release-please PRs#21
GraysonCAdams merged 2 commits intomainfrom
fix/release-pr-checks

Conversation

@GraysonCAdams
Copy link
Copy Markdown
Collaborator

@GraysonCAdams GraysonCAdams commented Mar 1, 2026

Summary

  • Add release-pr-checks.yml using pull_request_target to run CI and CodeQL on release-please PRs
  • Add workflow_run trigger to docker-publish.yml for automatic Docker image publishing after releases
  • Clean up stale TODO comments in release.yml

Problem

release-please uses GITHUB_TOKEN to create PRs and releases. GitHub Actions does not trigger workflows from GITHUB_TOKEN events (to prevent recursive runs). This means:

  1. Release PRs had no CI/CodeQL status checks, requiring manual empty commits to trigger them
  2. Docker publish didn't fire on release creation, requiring manual workflow_dispatch

Solution

  • pull_request_target IS triggered by GITHUB_TOKEN events (it runs in the base branch context). A new workflow uses this to run CI + CodeQL specifically on release-please PRs.
  • workflow_run IS triggered by GITHUB_TOKEN workflow completions. Docker publish now watches for the Release workflow to complete and checks if a new version needs publishing.

Test plan

  • Next release-please PR should automatically get CI and CodeQL checks
  • Next release should automatically trigger Docker image publish
  • Manual workflow_dispatch still works as fallback

@GraysonCAdams
fix: auto-trigger CI, CodeQL, and Docker publish for release-please PRs
e614610 
release-please uses GITHUB_TOKEN which doesn't trigger other workflows.
This caused release PRs to have no status checks, blocking merges when
branch protection requires them.

Fix with three changes:
- Add release-pr-checks.yml using pull_request_target (which IS triggered
  by GITHUB_TOKEN) to run CI and CodeQL on release-please PRs
- Add workflow_run trigger to docker-publish.yml so Docker images are
  automatically published when release-please creates a release
- Clean up stale TODO comments in release.yml
@GraysonCAdams
fix: always run CodeQL on PRs to satisfy branch protection
b11bbe0 
Repository rules require CodeQL results for all PRs, even when only
workflow YAML files are changed. Previously CodeQL was skipped when
the paths filter found no security-relevant files, which blocked
merging workflow-only PRs.
@GraysonCAdams GraysonCAdams merged commit fb7ba4a into main Mar 1, 2026
12 checks passed
@GraysonCAdams GraysonCAdams deleted the fix/release-pr-checks branch March 1, 2026 07:33
@github-actions github-actions Bot mentioned this pull request Mar 1, 2026
Merged
@github-actions github-actions Bot mentioned this pull request Apr 2, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@GraysonCAdams