Improve Release Workflow (#1173)

AlexFenlon · web-flow · commit bae43bc818cd · 2025-10-14T16:31:03.000+01:00
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -1,4 +1,5 @@
 name: Release NGINX Prometheus Exporter
+run-name: ${{ inputs.dry_run && '[DRY RUN] ' || '' }}Release NGINX Prometheus Exporter ${{ inputs.version }} from ${{ inputs.branch }} by @${{ github.actor }}
 
 on:
   workflow_dispatch:
@@ -11,6 +12,11 @@ on:
         required: false
         default: false
         type: boolean
+      branch:
+        description: 'Branch to release from (not normally needed)'
+        required: false
+        default: 'main'
+        type: string
       goreleaser_args:
         description: 'Additional GoReleaser args'
         required: false
@@ -41,6 +47,8 @@ jobs:
     steps:
       - name: Checkout Repository
         uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          ref: ${{ inputs.branch }}
 
       - name: Set up Go
         uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0
@@ -49,7 +57,7 @@ jobs:
 
       - name: Get version
         id: vars
-        run: echo "tag=${{ github.event.inputs.version }}" >> $GITHUB_OUTPUT
+        run: echo "tag=${{ inputs.version }}" >> $GITHUB_OUTPUT
 
   tag:
     if: ${{ !contains(inputs.skip_jobs, 'tag') }}
@@ -62,18 +70,19 @@ jobs:
       - name: Checkout Repository
         uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
         with:
+          ref: ${{ inputs.branch }}
           fetch-depth: 0
 
       - name: Create new release Tag
         run: |
-          git config --global user.email "kubernetes@nginx.com"
-          git config --global user.name "NGINX Kubernetes Team"
+          git config --global user.email "${{ github.actor_id }}+${{ github.actor }}@users.noreply.github.com"
+          git config --global user.name "${{ github.actor }}"
           tag="v${{ needs.variables.outputs.tag }}"
           if ! git rev-parse --verify refs/tags/${tag} 2>/dev/null; then
             echo "Adding tag ${tag}."
             git tag -a ${tag} -m "Version ${tag#v*}"
             echo "Pushing tag ${tag} to main branch"
-            if ! ${{ inputs.dry_run }}; then
+            if ${{ !inputs.dry_run }}; then
               git push origin "${tag}"
             else
               echo "DRY RUN not making any changes"
@@ -99,7 +108,7 @@ jobs:
       GOPROXY: ${{ secrets.ARTIFACTORY_ENDPOINT }}
     outputs:
       binaries: ${{ steps.prom_binaries.outputs.json }}
-    needs: [variables]
+    needs: [variables, tag]
     services:
       registry:
         image: registry:3
@@ -109,6 +118,7 @@ jobs:
       - name: Checkout Repository
         uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
         with:
+          ref: ${{ inputs.branch }}
           fetch-depth: 0
 
       - name: Setup Golang Environment
@@ -187,7 +197,7 @@ jobs:
         with:
           minor-label: "enhancement"
           major-label: "change"
-          publish: ${{ !github.event.inputs.dry_run }}
+          publish: ${{ !inputs.dry_run }}
           collapse-after: 30
           notes-footer: |
             ## Upgrade
@@ -216,7 +226,7 @@ jobs:
         uses: goreleaser/goreleaser-action@e435ccd777264be153ace6237001ef4d979d3a7a # v6.4.0
         with:
           version: v2.12.5 # renovate: datasource=github-tags depName=goreleaser/goreleaser
-          args: ${{ github.event.inputs.dry_run && 'build --snapshot' || 'release' }} --clean ${{ github.event.inputs.goreleaser_args }}
+          args: ${{ inputs.dry_run && 'build --snapshot' || 'release' }} --clean ${{ inputs.goreleaser_args }}
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           NGINX_GITHUB_TOKEN: ${{ secrets.NGINX_PAT }}
@@ -248,7 +258,7 @@ jobs:
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
           annotations: ${{ steps.meta.outputs.annotations }}
-          push: ${{ !github.event.inputs.dry_run }}
+          push: ${{ !inputs.dry_run }}
           cache-from: type=gha,scope=exporter
           cache-to: type=gha,scope=exporter,mode=max
           no-cache: true
@@ -263,14 +273,14 @@ jobs:
           image: localhost:5000/nginx/nginx-prometheus-exporter:${{ steps.meta.outputs.version }}
           only-fixed: true
           add-cpes-if-none: true
-        if: ${{ !github.event.inputs.dry_run }}
+        if: ${{ !inputs.dry_run }}
 
       - name: Upload scan result to GitHub Security tab
         uses: github/codeql-action/upload-sarif@64d10c13136e1c5bce3e5fbde8d4906eeaafc885 # v3.30.6
         continue-on-error: true
         with:
           sarif_file: ${{ steps.scan.outputs.sarif }}
-        if: ${{ !github.event.inputs.dry_run }}
+        if: ${{ !inputs.dry_run }}
 
       - name: Clean up NETRC
         run: |
