[build] consolidate pre-release workflow

[titusfortner]

User description

Ruby & Rust version bumps update their lockfiles requiring re-pinning, which makes things inconsistent, this is here to help

What does this PR do?

• Ruby & Rust version tasks no longer include calling update task
• Neither versions nor changelogs need to be managed in separate jobs during pre-release
• Edit: turns out changelogs does need to be in a separate job so it can use calculate-depth job, it will still run in parallel just not in the matrix
• Explicitly calling version and update in same step for pre-release workflow
• Adding explicit Rust handling since Rust is no longer part of all: tasks

Implementation Notes

Pre-release workflow runs the updates separately in parallel for visibility. The same functionality in one task:
./go release_updates

The pre-release workflow matrix for release-updates now includes:

• bindings-versions: ./go all:version && ./go all:update (bindings)
• rust-versions: ./go rust:version && ./go rust:update (Rust separately)
• changelogs: ./go all:changelogs && ./go rust:changelogs

This ensures:

1. Ruby's lockfile coupling is handled (version runs before update in same job)
2. Rust is handled separately since it's excluded from all: tasks
3. Reduced workflow complexity without creating top-level jobs

• The separate Rust release flow (generate-rust-version -> push-rust-version -> selenium-manager) remains unchanged for Selenium Manager releases

Additional Considerations

Plan to merge this before #16987

Types of changes

• Cleanup (formatting, renaming)

---

PR Type

Enhancement

---

Description

• Consolidate pre-release workflow by merging separate jobs into single matrix job

• Remove automatic update invocations from Ruby and Rust version bump tasks

• Add explicit Rust handling in release workflow since excluded from all: tasks

• Rename and restructure release preparation task for clarity and consistency

---

Diagram Walkthrough

flowchart LR
  A["Pre-release Workflow"] -->|"Consolidate"| B["Single release-updates Job"]
  B -->|"Matrix includes"| C["Browsers, DevTools, Manager"]
  B -->|"Matrix includes"| D["Multitool, Binding-versions, Rust-versions"]
  B -->|"Matrix includes"| E["Authors, Changelogs"]
  F["Ruby/Rust version tasks"] -->|"Remove auto-update"| G["Manual update invocation"]
  H["prep_release task"] -->|"Rename to"| I["release_updates task"]

Loading

File Walkthrough

Relevant files

Enhancement

ruby.rake Remove automatic update from Ruby version task                      rake_tasks/ruby.rake Remove automatic rb:update task invocation from rb:version task Version bump now only updates version file without triggering dependency updates +0/-2      rust.rake Remove automatic update from Rust version task                      rake_tasks/rust.rake Remove automatic rust:update task invocation from rust:version task Version bump now only updates Cargo.toml and BUILD.bazel without triggering dependency updates +0/-2      pre-release.yml Consolidate workflow jobs into single matrix job                  .github/workflows/pre-release.yml Rename generate-updates job to release-updates and consolidate multiple separate jobs into single matrix job Add binding-versions and rust-versions matrix entries that explicitly run version and update tasks in sequence Replace release_update with update_multitool and add explicit changelog generation Remove separate generate-versions and generate-changelogs jobs Update create-pr job dependencies and patch application logic to reflect consolidated workflow Update PR body table to show new component names and remove redundant entries +18/-28  Rakefile Rename and restructure release preparation task                    Rakefile Rename prep_release task to release_updates for consistency with workflow naming Update task to invoke update_multitool instead of java:update Add explicit invocations of all:update and rust:update tasks to handle dependency updates separately Update documentation comments and error messages to reflect new task name +7/-5

---

[qodo-code-review]

PR Compliance Guide 🔍

Below is a summary of compliance checks for this PR:

Security Compliance
🟢	No security concerns identified No security vulnerabilities detected by AI analysis. Human verification advised for critical code.
Ticket Compliance
⚪	🎫 No ticket provided Create ticket/issue
Codebase Duplication Compliance
⚪	Codebase context is not defined Follow the guide to enable codebase context checks.
Custom Compliance
🟢	Generic: Comprehensive Audit Trails Objective: To create a detailed and reliable record of critical system actions for security analysis and compliance. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Meaningful Naming and Self-Documenting Code Objective: Ensure all identifiers clearly express their purpose and intent, making code self-documenting Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Secure Error Handling Objective: To prevent the leakage of sensitive system information through error messages while providing sufficient detail for internal debugging. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Secure Logging Practices Objective: To ensure logs are useful for debugging and auditing without exposing sensitive information like PII, PHI, or cardholder data. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
⚪	Generic: Robust Error Handling and Edge Case Management Objective: Ensure comprehensive error handling that provides meaningful context and graceful degradation Status: Unhandled IO errors: The new/modified version-bump logic performs file reads/writes and string substitutions without explicit handling for missing files or failed writes, which may be acceptable for CI tasks but needs confirmation. Referred Code ['rust/Cargo.toml', 'rust/BUILD.bazel'].each do |file| text = File.read(file).gsub(old_version, new_version) File.open(file, 'w') { |f| f.puts text } end Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Security-First Input Validation and Data Handling Objective: Ensure all data inputs are validated, sanitized, and handled securely to prevent vulnerabilities Status: Channel not validated: The new release_updates task validates version presence but does not validate or constrain the optional channel argument before passing it into update tasks, which may be fine if downstream tasks handle validation but requires confirmation. Referred Code task :release_updates, [:version, :channel] do |_task, arguments| version = arguments[:version] raise 'Missing required version: ./go release_updates 4.31.0,early-stable' if version.nil? || version.empty? Rake::Task['update_browsers'].invoke(arguments[:channel]) Rake::Task['update_cdp'].invoke(arguments[:channel]) Rake::Task['update_manager'].invoke Rake::Task['update_multitool'].invoke Learn more about managing compliance generic rules or creating your own custom rules
Update

Compliance status legend

🟢 - Fully Compliant
🟡 - Partial Compliant
🔴 - Not Compliant
⚪ - Requires Further Human Verification
🏷️ - Compliance label

[qodo-code-review]

PR Code Suggestions ✨

Latest suggestions up to bc19baf

Category	Suggestion	Impact
Learned best practice	Quote interpolated shell inputs Quote the interpolated version when passing it into shell commands to avoid word-splitting or unexpected shell interpretation if the value ever contains spaces or special characters. .github/workflows/pre-release.yml [123-126] - name: binding-versions - run: ./go all:version ${{ needs.normalize-version.outputs.version }} && ./go all:update + run: ./go all:version "${{ needs.normalize-version.outputs.version }}" && ./go all:update - name: rust-versions - run: ./go rust:version ${{ needs.normalize-version.outputs.version }} && ./go rust:update + run: ./go rust:version "${{ needs.normalize-version.outputs.version }}" && ./go rust:update Apply / Chat Suggestion importance[1-10]: 6 __ Why: Relevant best practice - Add validation/guards at integration boundaries by sanitizing and safely handling external inputs before use (e.g., quote/escape values in shell commands).	Low
	Validate and normalize task arguments Strip and validate version (and ensure channel is present) before invoking tasks to prevent nil/blank values or malformed versions from propagating into multiple update steps. Rakefile [104-119] task :release_updates, [:version, :channel] do |_task, arguments| - version = arguments[:version] + version = arguments[:version]&.strip + channel = arguments[:channel]&.strip + raise 'Missing required version: ./go release_updates 4.31.0 early-stable' if version.nil? || version.empty? + raise "Invalid version format: #{version}" unless version.match?(/^\d+\.\d+\.\d+$/) + raise 'Missing required channel: ./go release_updates 4.31.0 early-stable' if channel.nil? || channel.empty? - Rake::Task['update_browsers'].invoke(arguments[:channel]) - Rake::Task['update_cdp'].invoke(arguments[:channel]) + Rake::Task['update_browsers'].invoke(channel) + Rake::Task['update_cdp'].invoke(channel) Rake::Task['update_manager'].invoke Rake::Task['update_multitool'].invoke Rake::Task['authors'].invoke Rake::Task['all:version'].invoke(version) Rake::Task['all:update'].invoke Rake::Task['rust:version'].invoke(version) Rake::Task['rust:update'].invoke Rake::Task['all:changelogs'].invoke Rake::Task['rust:changelogs'].invoke end Apply / Chat Suggestion importance[1-10]: 5 __ Why: Relevant best practice - Add explicit validation and trimming at integration boundaries (CLI/task arguments) before using them.	Low
More

---

Previous suggestions

✅ Suggestions up to commit 37c5f75

Category	Suggestion	Impact
Possible issue	Fix output access with hyphens Use bracket notation to access GitHub Actions step outputs that contain hyphens, such as binding-versions and rust-versions. Accessing them with dot notation will cause the workflow to fail. .github/workflows/pre-release.yml [248-249] -| Bindings Version & Dependencies | ${{ steps.apply.outputs.binding-versions == 'true' && '✅ Updated' || '⏭️ Skipped (no changes)' }} | -| Rust Version & Dependencies | ${{ steps.apply.outputs.rust-versions == 'true' && '✅ Updated' || '⏭️ Skipped (no changes)' }} | +| Bindings Version & Dependencies | ${{ steps.apply.outputs['binding-versions'] == 'true' && '✅ Updated' || '⏭️ Skipped (no changes)' }} | +| Rust Version & Dependencies | ${{ steps.apply.outputs['rust-versions'] == 'true' && '✅ Updated' || '⏭️ Skipped (no changes)' }} | Suggestion importance[1-10]: 9 __ Why: The suggestion correctly identifies a bug where accessing GitHub Actions outputs with hyphens via dot notation will cause an expression parsing error, and provides the correct bracket notation syntax to fix it.	High

Suggestions up to commit 4a8ba9d

Category	Suggestion	Impact
Incremental [*]	Validate required channel argument Add a validation check to ensure the :channel argument is provided to the release_updates Rake task, similar to the existing check for the :version argument. Rakefile [104-119] task :release_updates, [:version, :channel] do |_task, arguments| version = arguments[:version] raise 'Missing required version: ./go release_updates 4.31.0,early-stable' if version.nil? || version.empty? - Rake::Task['update_browsers'].invoke(arguments[:channel]) - Rake::Task['update_cdp'].invoke(arguments[:channel]) + channel = arguments[:channel] + raise 'Missing required channel: ./go release_updates 4.31.0,early-stable' if channel.nil? || channel.empty? + + Rake::Task['update_browsers'].invoke(channel) + Rake::Task['update_cdp'].invoke(channel) Rake::Task['update_manager'].invoke Rake::Task['update_multitool'].invoke Rake::Task['authors'].invoke Rake::Task['all:version'].invoke(version) Rake::Task['all:update'].invoke Rake::Task['rust:version'].invoke(version) Rake::Task['rust:update'].invoke Rake::Task['all:changelogs'].invoke Rake::Task['rust:changelogs'].invoke end Suggestion importance[1-10]: 6 __ Why: The suggestion correctly identifies that the :channel argument is not validated, which could lead to errors in downstream tasks, and proposes a reasonable fix to improve the task's robustness.	Low

✅ Suggestions up to commit aba59de

Category	Suggestion	Impact
Learned best practice	Fix hyphenated output access GitHub Actions treats steps.apply.outputs.binding-versions as an expression with subtraction; use bracket notation (or rename outputs to use _) so the workflow reliably reads these outputs. .github/workflows/pre-release.yml [200-201] -| Bindings Version & Dependencies | ${{ steps.apply.outputs.binding-versions == 'true' && '✅ Updated' || '⏭️ Skipped (no changes)' }} | -| Rust Version & Dependencies | ${{ steps.apply.outputs.rust-versions == 'true' && '✅ Updated' || '⏭️ Skipped (no changes)' }} | +| Bindings Version & Dependencies | ${{ steps.apply.outputs['binding-versions'] == 'true' && '✅ Updated' || '⏭️ Skipped (no changes)' }} | +| Rust Version & Dependencies | ${{ steps.apply.outputs['rust-versions'] == 'true' && '✅ Updated' || '⏭️ Skipped (no changes)' }} | Suggestion importance[1-10]: 6 __ Why: Relevant best practice - Avoid unsafe identifiers at integration boundaries; GitHub Actions output names with - must be accessed with bracket notation (or renamed) to prevent expression parsing errors.	Low
	Trim and validate task inputs Normalize and validate version by trimming whitespace (and optionally checking format) so callers can’t accidentally pass blank/whitespace values that bypass intent. Rakefile [105-106] -version = arguments[:version] -raise 'Missing required version: ./go release_updates 4.31.0,early-stable' if version.nil? || version.empty? +version = arguments[:version].to_s.strip +raise 'Missing required version: ./go release_updates 4.31.0,early-stable' if version.empty? Suggestion importance[1-10]: 5 __ Why: Relevant best practice - Add explicit validation and trimming at integration boundaries (task arguments) before using them.	Low

[Copilot]

Pull request overview

This PR consolidates the pre-release workflow by decoupling version bumps from dependency updates for Ruby and Rust, and explicitly managing these steps in the workflow and Rakefile.

Changes:

• Removed automatic invocation of update tasks from Ruby and Rust version tasks to prevent inconsistent lockfile updates
• Consolidated pre-release workflow from three separate jobs (generate-updates, generate-versions, generate-changelogs) into a single matrix job (release-updates)
• Added explicit version + update task pairing in both the workflow and Rakefile for proper sequencing

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 2 comments.

File	Description
rake_tasks/rust.rake	Removed auto-invocation of rust:update from rust:version task
rake_tasks/ruby.rake	Removed auto-invocation of rb:update from rb:version task
Rakefile	Renamed prep_release to release_updates, added explicit all:update and rust:update calls, renamed task references from release_update to update_multitool
.github/workflows/pre-release.yml	Consolidated three jobs into one matrix job with separate binding-versions and rust-versions items that explicitly call version and update tasks together

[Copilot]

Pull request overview

Copilot reviewed 4 out of 4 changed files in this pull request and generated 2 comments.

[Copilot]

Pull request overview

Copilot reviewed 4 out of 4 changed files in this pull request and generated no new comments.

[Copilot]

Pull request overview

Copilot reviewed 4 out of 4 changed files in this pull request and generated no new comments.