[build] use matrix for nightly releases

[titusfortner]

Ideally this is all one run, but for visibility and redundancy putting it in a matrix makes more sense.
Nightly job failed last night for a credential thing in Ruby, so not everything was properly published. This would fix that.
Easier to fix and rerun for one thing than multiple.

💥 What does this PR do?

• Use matrix strategy for nightly releases in parallel.
• Grid always runs if there are java assets to load

🔧 Implementation Notes

Follows same pattern as release.yml publish job.

🔄 Types of changes

• Bug fix (backwards compatible)

[qodo-code-review]

User description

Ideally this is all one run, but for visibility and redundancy putting it in a matrix makes more sense.
Nightly job failed last night for a credential thing in Ruby, so not everything was properly published. This would fix that.
Easier to fix and rerun for one thing than multiple.

💥 What does this PR do?

• Use matrix strategy for nightly releases in parallel.
• Grid always runs if there are java assets to load

🔧 Implementation Notes

Follows same pattern as release.yml publish job.

🔄 Types of changes

• Bug fix (backwards compatible)

---

PR Type

Bug fix, Enhancement

---

Description

• Implement matrix strategy for parallel nightly releases

• Run release jobs for all languages simultaneously

• Improve fault isolation and independent rerun capability

• Ensure grid job runs only when Java assets available

---

Diagram Walkthrough

flowchart LR
  prepare["Prepare Job"] --> matrix["Matrix Strategy<br/>java, python, ruby<br/>dotnet, javascript"]
  matrix --> release["Nightly Release Jobs<br/>Running in Parallel"]
  release --> grid["Release Grid Job<br/>Conditional on Java Assets"]

Loading

File Walkthrough

Relevant files

Configuration changes

nightly.yml Add matrix strategy for parallel nightly releases                .github/workflows/nightly.yml Added matrix strategy to nightly-release job with five languages Changed job name from static to dynamic using matrix.language Updated conditional logic to run jobs based on matrix language selection Modified release-grid job condition to use always() and check for artifact-name Set fail-fast: false to allow independent job execution +10/-6

---

[qodo-code-review]

PR Compliance Guide 🔍

Below is a summary of compliance checks for this PR:

Security Compliance
🟢	No security concerns identified No security vulnerabilities detected by AI analysis. Human verification advised for critical code.
Ticket Compliance
⚪	🎫 No ticket provided Create ticket/issue
Codebase Duplication Compliance
⚪	Codebase context is not defined Follow the guide to enable codebase context checks.
Custom Compliance
🟢	Generic: Meaningful Naming and Self-Documenting Code Objective: Ensure all identifiers clearly express their purpose and intent, making code self-documenting Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Secure Error Handling Objective: To prevent the leakage of sensitive system information through error messages while providing sufficient detail for internal debugging. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Secure Logging Practices Objective: To ensure logs are useful for debugging and auditing without exposing sensitive information like PII, PHI, or cardholder data. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Security-First Input Validation and Data Handling Objective: Ensure all data inputs are validated, sanitized, and handled securely to prevent vulnerabilities Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
⚪	Generic: Comprehensive Audit Trails Objective: To create a detailed and reliable record of critical system actions for security analysis and compliance. Status: Release action logging: The workflow performs release-related actions but the diff does not show explicit, structured audit logging (actor/action/outcome), so it is unclear whether audit-trail requirements are met beyond default GitHub Actions logs. Referred Code nightly-release: name: Nightly ${{ matrix.language }} needs: prepare if: needs.prepare.outputs.release-in-progress != 'true' strategy: fail-fast: false matrix: language: [java, python, ruby, dotnet, javascript] uses: ./.github/workflows/bazel.yml with: name: Nightly ${{ matrix.language }} Release run: ${{ (needs.prepare.outputs.language == 'all' || needs.prepare.outputs.language == matrix.language) && format('./go {0}:release nightly', matrix.language) || 'echo skipping' }} artifact-name: ${{ matrix.language == 'java' && needs.prepare.outputs.artifact-name || '' }} artifact-path: ${{ matrix.language == 'java' && needs.prepare.outputs.artifact-path || '' }} secrets: inherit release-grid: name: Release Grid needs: [prepare, nightly-release] if: always() && needs.prepare.outputs.artifact-name Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Robust Error Handling and Edge Case Management Objective: Ensure comprehensive error handling that provides meaningful context and graceful degradation Status: Optional input handling: The matrix job passes artifact-name/artifact-path as empty strings for non-Java runs, and it is not verifiable from this diff whether the called workflow ./.github/workflows/bazel.yml robustly handles these empty values without unintended failures. Referred Code strategy: fail-fast: false matrix: language: [java, python, ruby, dotnet, javascript] uses: ./.github/workflows/bazel.yml with: name: Nightly ${{ matrix.language }} Release run: ${{ (needs.prepare.outputs.language == 'all' || needs.prepare.outputs.language == matrix.language) && format('./go {0}:release nightly', matrix.language) || 'echo skipping' }} artifact-name: ${{ matrix.language == 'java' && needs.prepare.outputs.artifact-name || '' }} artifact-path: ${{ matrix.language == 'java' && needs.prepare.outputs.artifact-path || '' }} secrets: inherit Learn more about managing compliance generic rules or creating your own custom rules

Compliance status legend

🟢 - Fully Compliant
🟡 - Partial Compliant
🔴 - Not Compliant
⚪ - Requires Further Human Verification
🏷️ - Compliance label

[qodo-code-review]

PR Code Suggestions ✨

Explore these optional code suggestions:

Category	Suggestion	Impact
General	Avoid empty artifact inputs Remove the || '' fallback for artifact-name and artifact-path to avoid passing empty strings for non-Java jobs. .github/workflows/nightly.yml [77-78] -artifact-name: ${{ matrix.language == 'java' && needs.prepare.outputs.artifact-name || '' }} -artifact-path: ${{ matrix.language == 'java' && needs.prepare.outputs.artifact-path || '' }} +artifact-name: ${{ matrix.language == 'java' && needs.prepare.outputs.artifact-name }} +artifact-path: ${{ matrix.language == 'java' && needs.prepare.outputs.artifact-path }} Apply / Chat Suggestion importance[1-10]: 8 __ Why: This correctly identifies that passing an empty string can cause issues and proposes the best solution, which is to not provide the input at all for non-Java jobs, allowing the reusable workflow to use its defaults.	Medium
	Explicit artifact-name check Add an explicit non-empty string check (!= '') to the if condition for needs.prepare.outputs.artifact-name for improved clarity. .github/workflows/nightly.yml [84] -if: always() && needs.prepare.outputs.artifact-name +if: always() && needs.prepare.outputs.artifact-name != '' Apply / Chat Suggestion importance[1-10]: 4 __ Why: The suggestion improves clarity by making the check for a non-empty string explicit, which is good practice, although the current code is functionally correct.	Low
Possible issue	Skip non-matching matrix jobs Move the language-matching logic from the run step to the job-level if condition to skip non-matching matrix jobs entirely. .github/workflows/nightly.yml [68-76] -if: needs.prepare.outputs.release-in-progress != 'true' -run: ${{ (needs.prepare.outputs.language == 'all' || needs.prepare.outputs.language == matrix.language) && format('./go {0}:release nightly', matrix.language) || 'echo skipping' }} +if: needs.prepare.outputs.release-in-progress != 'true' && (needs.prepare.outputs.language == 'all' || needs.prepare.outputs.language == matrix.language) +run: ./go ${{ matrix.language }}:release nightly [To ensure code accuracy, apply this suggestion manually] Suggestion importance[1-10]: 7 __ Why: This is a good suggestion for improving the workflow's efficiency and readability by skipping unnecessary matrix jobs instead of running a no-op command.	Medium
More

[Copilot]

Pull request overview

This PR refactors the nightly release workflow to use a matrix strategy for publishing language-specific releases in parallel, improving resilience and visibility when individual language releases fail.

Changes:

• Introduced matrix strategy for nightly releases with fail-fast disabled to ensure all languages are attempted independently
• Modified release-grid job to use always() condition, ensuring Grid artifacts are published even if non-Java language releases fail
• Aligned implementation with the existing release.yml workflow pattern