Require PR approval for release tagging

[ajpallares]

Motivation

The release workflow currently allows tagging a release branch without verifying that the PR has been reviewed and approved. This adds a safeguard to ensure the release PR is properly approved before the tag is created.

Description

Adds a validate_pr_approved step to the tag-release-branch CI job that verifies the release PR has been approved by an org member with write permissions before the git tag is created. If the PR is not approved, the job fails and the tag is not pushed.

---

Note

Medium Risk
Changes the release-tagging CI path to hard-fail if the approval check is missing/misconfigured, which could block release tags from being created.

Overview
Adds a new guard step to the CircleCI tag-release-branch job that runs fastlane run validate_pr_approved before tag_current_branch, ensuring the release PR is approved by an org member with write permissions prior to tagging.

^{Written by Cursor Bugbot for commit 120734c. This will update automatically on new commits. Configure here.}

[claude]

Code review

Found 2 issues that need to be addressed:

---

Issue 1: Missing Content-Type header in get_pr_review_decision (Critical)

Location:

purchases-ios/fastlane/Fastfile

Lines 2376 to 2381 in 89428fa

	request = Net::HTTP::Post.new(uri)
	request["Authorization"] = "bearer #{token}"
	request.body = {
	query: "{ repository(owner: \"RevenueCat\", name: \"#{REPO_NAME}\") { pullRequest(number: #{pr_number}) { reviewDecision } } }"
	}.to_json
	response = Net::HTTP.start(uri.hostname, uri.port, use_ssl: true) { |http| http.request(request) }

The get_pr_review_decision function sends a POST request to the GitHub GraphQL API without setting the Content-Type: application/json header.

Ruby's Net::HTTP::Post does not automatically set Content-Type when .body is assigned directly. The GitHub GraphQL API requires this header to parse the JSON request body. Without it, the API will not process the query correctly, causing .dig("data", "repository", "pullRequest", "reviewDecision") to return nil, which falls back to "NONE". This will make the check_release_pr_approved lane always report the PR as unapproved, blocking all releases.

Other API calls in this file correctly set the Content-Type header (see

purchases-ios/fastlane/Fastfile

Lines 1205 to 1207 in 89428fa

	# Make request
	headers = {"Circle-Token": circle_token, "Content-Type": "application/json", "Accept": "application/json"}
	data = {

).

Suggested fix - Add this line after line 2377:

request["Content-Type"] = "application/json"

---

Issue 2: Missing Content-Type header in merge_pr

Location:

purchases-ios/fastlane/Fastfile

Lines 2393 to 2396 in 89428fa

	request = Net::HTTP::Put.new(uri)
	request["Authorization"] = "token #{token}"
	request.body = { merge_method: merge_method }.to_json
	response = Net::HTTP.start(uri.hostname, uri.port, use_ssl: true) { |http| http.request(request) }

The merge_pr function sends a PUT request to the GitHub REST API with a JSON body but without setting Content-Type: application/json.

Without this header, the GitHub API will not parse the JSON body correctly, causing the merge_method: "squash" parameter to be ignored. The merge would either fail or default to a regular merge commit instead of the intended squash merge.

Suggested fix - Add this line after line 2394:

request["Content-Type"] = "application/json"

---

Both issues follow the same pattern: JSON is being sent in the request body (.to_json) but the Content-Type header is not set, which prevents the GitHub API from parsing the body correctly.

[rickvdl]

Nice work! I think this makes sense

[tonidero]

I think if we just move to use fastlane's github_action it would be simpler? Other than that, looks good to me!

[tonidero]

I wonder how this will work in case the branch is not up to date with main... It might not work correctly right? I guess it would fail in that case, and we would need human intervention, which is not too bad I guess, so let's try with this! 👍

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{Bugbot Autofix is OFF. To automatically fix reported issues with Cloud Agents, enable Autofix in the Cursor dashboard.}

[ajpallares]

I split the automerge part of this PR into #6363, as requiring PR approval for release tagging and enabling automerge of release PRs are actually two separate things

[Copilot]

Pull request overview

This PR adds a validation step to ensure release PRs are approved before tagging. The change prevents accidental release tags from being created without proper review.

Changes:

• Added a PR approval validation step to the tag-release-branch CI job that runs before the git tag is created

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[tonidero]

🚢

[tonidero]

I'm slightly concerned that some folks might approve the hold job without approving the PR, then move to other stuff, and this will take probably a few seconds since it needs to spin the machine to trigger... But I don't have a better option. Let's go with this for now and see how people feel about it.

[ajpallares]

Yes, that's a good point. Let's see how this works. We can always undo 👍