chore: Add release tag orchestrator workflows#2540
Conversation
Automates Steps 1.4-1.5 of the SynapseML Fabric Release Guide: Workflow 1 (release-tag.yml): - Triggers when a primary version tag (v1.1.2) is pushed - Creates python3.11 tag on master - Opens PR to rebase spark4.0 onto master Workflow 2 (release-tag-spark.yml): - Triggers when the rebase PR is merged into spark4.0 - Creates spark4.0 and python3.12 derivative tags - Cleans up the release branch spark4.1 is skipped (WIP) until ready for release. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
|
Hey @smamindl 👋! We use semantic commit messages to streamline the release process. Examples of commit messages with semantic prefixes:
To test your commit locally, please follow our guild on building from source. |
Dependency ReviewThe following issues were found:
Snapshot WarningsEnsure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice. License Issues.github/workflows/release-tag.yml
OpenSSF Scorecard
Scanned Files
|
There was a problem hiding this comment.
Pull request overview
Note
Copilot was unable to run its full agentic suite in this review.
Adds GitHub Actions workflows to automate release tagging and spark branch rebase orchestration per the SynapseML Fabric Release Guide (Steps 1.4–1.5).
Changes:
- Adds a workflow triggered by pushing a primary
vX.Y.Ztag to create a-python3.11tag and open a rebase PR intospark4.0. - Adds a workflow triggered by merging the rebase PR to create
-spark4.0and-python3.12tags and delete the release branch.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 7 comments.
| File | Description |
|---|---|
| .github/workflows/release-tag.yml | New workflow to react to primary version tags, mint a python tag, and open a spark rebase PR. |
| .github/workflows/release-tag-spark.yml | New workflow to create spark/python derivative tags after the rebase PR merge and clean up the release branch. |
| on: | ||
| push: | ||
| tags: | ||
| - "v[0-9]+.[0-9]+.[0-9]+" |
There was a problem hiding this comment.
GitHub Actions on.push.tags uses glob patterns, not regex. The pattern v[0-9]+.[0-9]+.[0-9]+ will not match v1.2.3 as intended. Use a glob such as v*.*.* or v[0-9]*.[0-9]*.[0-9]* (and keep the strict X.Y.Z validation in the script).
| - "v[0-9]+.[0-9]+.[0-9]+" | |
| - "v[0-9]*.[0-9]*.[0-9]*" |
| if git rev-parse "$TAG" >/dev/null 2>&1; then | ||
| echo "⚠️ $TAG already exists — skipping" | ||
| else | ||
| git tag "$TAG" |
There was a problem hiding this comment.
This step claims to create the tag "on master", but it never checks out master (the workflow is triggered from a tag ref, so HEAD will be detached at the pushed tag’s commit). As written, git tag \"$TAG\" will tag the current HEAD, which might not be master. Fix by explicitly targeting origin/master (e.g., checkout/switch to master or create the tag at the origin/master commit SHA).
| git tag "$TAG" | |
| git tag "$TAG" origin/master |
| if ! git checkout spark4.0 2>/dev/null; then | ||
| echo "⚠️ spark4.0 branch doesn't exist — skipping" | ||
| exit 0 | ||
| fi | ||
|
|
There was a problem hiding this comment.
git checkout spark4.0 can fail even when the remote branch exists, because a local spark4.0 branch may not exist in the runner clone. Prefer checking out explicitly from the remote (e.g., fetch and create/reset a local branch from origin/spark4.0). This makes the workflow reliable across clean runners.
| if ! git checkout spark4.0 2>/dev/null; then | |
| echo "⚠️ spark4.0 branch doesn't exist — skipping" | |
| exit 0 | |
| fi | |
| git fetch origin spark4.0 | |
| if ! git show-ref --verify --quiet refs/remotes/origin/spark4.0; then | |
| echo "⚠️ spark4.0 branch doesn't exist — skipping" | |
| exit 0 | |
| fi | |
| git checkout -B spark4.0 origin/spark4.0 |
| exit 0 | ||
| fi | ||
|
|
||
| git checkout -b "$BRANCH" |
There was a problem hiding this comment.
The workflow is described as idempotent, but reruns can fail or create duplicates: git checkout -b fails if the branch already exists, and gh pr create can error or open a second PR for the same head/base. Consider making this section rerun-safe by reusing/updating an existing branch (or skipping if it exists) and querying for an existing open PR for the same head/base before creating a new one.
| git push -u origin "$BRANCH" | ||
|
|
||
| gh pr create \ | ||
| --base spark4.0 \ | ||
| --head "$BRANCH" \ | ||
| --title "chore: Rebase spark4.0 for v${VERSION} release" \ |
There was a problem hiding this comment.
The workflow is described as idempotent, but reruns can fail or create duplicates: git checkout -b fails if the branch already exists, and gh pr create can error or open a second PR for the same head/base. Consider making this section rerun-safe by reusing/updating an existing branch (or skipping if it exists) and querying for an existing open PR for the same head/base before creating a new one.
| uses: actions/checkout@v4 | ||
| with: | ||
| ref: ${{ github.event.pull_request.base.ref }} | ||
| token: ${{ secrets.GITHUB_TOKEN }} |
There was a problem hiding this comment.
This checkout uses the default shallow fetch (depth 1) and may not fetch tags. That makes the later git rev-parse \"$TAG\" existence checks unreliable (it may think tags don’t exist locally), and increases the chance of push conflicts. Set fetch-depth: 0 (and ensure tags are fetched) so tag existence checks reflect the remote state.
| token: ${{ secrets.GITHUB_TOKEN }} | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| fetch-depth: 0 | |
| fetch-tags: true |
| if git rev-parse "$TAG" >/dev/null 2>&1; then | ||
| echo "⚠️ $TAG already exists — skipping" | ||
| else | ||
| git tag "$TAG" | ||
| echo "🏷️ Created $TAG" | ||
| fi | ||
| done | ||
|
|
||
| git push origin "$SPARK_TAG" "$PYTHON_TAG" 2>/dev/null || true | ||
| echo "✅ Tags pushed" |
There was a problem hiding this comment.
This suppresses all push failures (auth, protected refs, network) and still prints success, which can produce false positives and hidden release errors. Since you already check for existing tags, the push should fail the job on unexpected errors; only selectively ignore the specific 'already exists' case (or push each tag with explicit error handling and clear output).
| if git rev-parse "$TAG" >/dev/null 2>&1; then | |
| echo "⚠️ $TAG already exists — skipping" | |
| else | |
| git tag "$TAG" | |
| echo "🏷️ Created $TAG" | |
| fi | |
| done | |
| git push origin "$SPARK_TAG" "$PYTHON_TAG" 2>/dev/null || true | |
| echo "✅ Tags pushed" | |
| if git ls-remote --exit-code --tags origin "refs/tags/$TAG" >/dev/null 2>&1; then | |
| echo "⚠️ $TAG already exists on origin — skipping" | |
| continue | |
| fi | |
| if git rev-parse "$TAG" >/dev/null 2>&1; then | |
| echo "🏷️ $TAG already exists locally" | |
| else | |
| git tag "$TAG" | |
| echo "🏷️ Created $TAG" | |
| fi | |
| git push origin "refs/tags/$TAG" | |
| echo "✅ Pushed $TAG" | |
| done | |
| echo "✅ Tag processing complete" |
Summary
Automates Steps 1.4–1.5 of the SynapseML Fabric Release Guide — the ~15 manual git commands for tagging and rebasing release branches.
Two workflows
release-tag.ymlv*.*.*tagpython3.11tag on master + opens PR to rebasespark4.0release-tag-spark.ymlspark4.0spark4.0+python3.12tags, cleans up branchFlow
Design decisions
Related