feat(ci): add Breaking Changes category#134
Merged
Merged
Conversation
## What Add a new "💥 Breaking Changes" category to the release-drafter template, ordered first so it sits above Features. The category collects PRs labeled `breaking`. ## Why The `breaking` label already drives a major version bump via version-resolver, but breaking changes were silently bucketed under whatever other label the PR carried (feature, fix, etc.). Surfacing them as their own top-of-release section makes upgrade impact visible to consumers reading the changelog. ## Notes - The `breaking` label is not in the autolabeler — it must still be applied manually or via another automation. - A PR carrying both `breaking` and `feature` labels will appear under Breaking Changes only (release-drafter places each PR in the first matching category). Signed-off-by: jmeridth <jmeridth@gmail.com>
This was referenced May 10, 2026
Merged
jmeridth
added a commit
to github-community-projects/cleanowners
that referenced
this pull request
May 10, 2026
* ci: adopt consolidated ospo-reusable-workflows release.yaml ## What Collapse the three legacy `release` / `release_image` / `release_discussion` job calls into a single call to the consolidated `release.yaml` reusable workflow at v1.0.0 (`592067a6...`). Pass `image-name`, `create-attestation: true`, and `create-discussion: true` so the workflow handles GitHub release, container image build/push to GHCR, build provenance attestation, and announcement discussion in one draft-first pipeline. Also add a "💥 Breaking Changes" category to `release-drafter.yml`. ## Why The legacy three-workflow setup forced callers to wire up the same job chain by hand in every repo and made it easy for permissions, secrets, and ordering to drift. v1.0.0 of ospo-reusable-workflows owns the chain internally and exposes a single entry point. The "Breaking Changes" category matches the upstream release-drafter template (github-community-projects/ospo-reusable-workflows#134); the `breaking` label already maps to a major bump in `version-resolver`, so this just surfaces those PRs in their own changelog section. ## Notes - The job-level permission block now lists the union of what the called workflow's internal jobs need (contents/pull-requests/packages/id-token/attestations/discussions). A `uses:` caller can only grant — never expand — what the reusable workflow requests, so missing perms here silently disable features instead of erroring. - `image-registry` and `image-registry-username` moved from `secrets:` to inputs in v1.0.0 (defaults to `ghcr.io` and `github.actor`). Both defaults match the previous explicit values, so they're omitted. - `image-registry-password` stays a secret and continues to use `GITHUB_TOKEN` for ghcr.io pushes. - The reusable workflow's `release_discussion` job validates the discussion secrets at the step level and skips with a notice if they're unset, so the workflow keeps working even if the discussion secrets aren't configured. Signed-off-by: jmeridth <jmeridth@gmail.com> * style: align release.yml comments to prettier formatting Single-space before `#` so prettier (via super-linter) accepts the workflow file. No behavior change. Signed-off-by: jmeridth <jmeridth@gmail.com> --------- Signed-off-by: jmeridth <jmeridth@gmail.com>
jmeridth
added a commit
to github-community-projects/contributors
that referenced
this pull request
May 10, 2026
* ci: adopt consolidated ospo-reusable-workflows release.yaml ## What Collapse the three legacy `release` / `release_image` / `release_discussion` job calls into a single call to the consolidated `release.yaml` reusable workflow at v1.0.0 (`592067a6...`). Pass `image-name`, `create-attestation: true`, and `create-discussion: true` so the workflow handles GitHub release, container image build/push to GHCR, build provenance attestation, and announcement discussion in one draft-first pipeline. Also add a "💥 Breaking Changes" category to `release-drafter.yml`. ## Why The legacy three-workflow setup forced callers to wire up the same job chain by hand in every repo and made it easy for permissions, secrets, and ordering to drift. v1.0.0 of ospo-reusable-workflows owns the chain internally and exposes a single entry point. The "Breaking Changes" category matches the upstream release-drafter template (github-community-projects/ospo-reusable-workflows#134); the `breaking` label already maps to a major bump in `version-resolver`, so this just surfaces those PRs in their own changelog section. ## Notes - The job-level permission block now lists the union of what the called workflow's internal jobs need (contents/pull-requests/packages/id-token/attestations/discussions). A `uses:` caller can only grant — never expand — what the reusable workflow requests, so missing perms here silently disable features instead of erroring. - `image-registry` and `image-registry-username` moved from `secrets:` to inputs in v1.0.0 (defaults to `ghcr.io` and `github.actor`). Both defaults match the previous explicit values, so they're omitted. - `image-registry-password` stays a secret and continues to use `GITHUB_TOKEN` for ghcr.io pushes. - The reusable workflow's `release_discussion` job validates the discussion secrets at the step level and skips with a notice if they're unset, so the workflow keeps working even if the discussion secrets aren't configured. Signed-off-by: jmeridth <jmeridth@gmail.com> * style: align release.yml comments to prettier formatting Single-space before `#` so prettier (via super-linter) accepts the workflow file. No behavior change. Signed-off-by: jmeridth <jmeridth@gmail.com> --------- Signed-off-by: jmeridth <jmeridth@gmail.com>
jmeridth
added a commit
to github-community-projects/measure-innersource
that referenced
this pull request
May 10, 2026
* ci: adopt consolidated ospo-reusable-workflows release.yaml ## What Collapse the three legacy `release` / `release_image` / `release_discussion` job calls into a single call to the consolidated `release.yaml` reusable workflow at v1.0.0 (`592067a6...`). Pass `image-name`, `create-attestation: true`, and `create-discussion: true` so the workflow handles GitHub release, container image build/push to GHCR (preserving the underscore form `measure_innersource`), build provenance attestation, and announcement discussion in one draft-first pipeline. Also add a "💥 Breaking Changes" category to `release-drafter.yml`. ## Why The legacy three-workflow setup forced callers to wire up the same job chain by hand in every repo and made it easy for permissions, secrets, and ordering to drift. v1.0.0 of ospo-reusable-workflows owns the chain internally and exposes a single entry point. The "Breaking Changes" category matches the upstream release-drafter template (github-community-projects/ospo-reusable-workflows#134); the `breaking` label already maps to a major bump in `version-resolver`, so this just surfaces those PRs in their own changelog section. ## Notes - `image-name` keeps the existing underscore form `${{ github.repository_owner }}/measure_innersource` so the published image at `ghcr.io/github-community-projects/measure_innersource` stays at the same path. - The job-level permission block now lists the union of what the called workflow's internal jobs need (contents/pull-requests/packages/id-token/attestations/discussions). A `uses:` caller can only grant — never expand — what the reusable workflow requests, so missing perms here silently disable features instead of erroring. - `image-registry` and `image-registry-username` moved from `secrets:` to inputs in v1.0.0 (defaults to `ghcr.io` and `github.actor`). Both defaults match the previous explicit values, so they're omitted. - `image-registry-password` stays a secret and continues to use `GITHUB_TOKEN` for ghcr.io pushes. Signed-off-by: jmeridth <jmeridth@gmail.com> * style: align release.yml comments to prettier formatting Single-space before `#` so prettier (via super-linter) accepts the workflow file. No behavior change. Signed-off-by: jmeridth <jmeridth@gmail.com> --------- Signed-off-by: jmeridth <jmeridth@gmail.com>
jmeridth
added a commit
to github-community-projects/issue-metrics
that referenced
this pull request
May 10, 2026
* ci: adopt consolidated ospo-reusable-workflows release.yaml ## What Collapse the three legacy `release` / `release_image` / `release_discussion` job calls into a single call to the consolidated `release.yaml` reusable workflow at v1.0.0 (`592067a6...`). Pass `image-name`, `create-attestation: true`, and `create-discussion: true` so the workflow handles GitHub release, container image build/push to GHCR (preserving the underscore form `issue_metrics`), build provenance attestation, and announcement discussion in one draft-first pipeline. Also add a "💥 Breaking Changes" category to `release-drafter.yml`. ## Why The legacy three-workflow setup forced callers to wire up the same job chain by hand in every repo and made it easy for permissions, secrets, and ordering to drift. v1.0.0 of ospo-reusable-workflows owns the chain internally and exposes a single entry point. The "Breaking Changes" category matches the upstream release-drafter template (github-community-projects/ospo-reusable-workflows#134); the `breaking` label already maps to a major bump in `version-resolver`, so this just surfaces those PRs in their own changelog section. ## Notes - `image-name` keeps the existing underscore form `${{ github.repository_owner }}/issue_metrics` so the published image at `ghcr.io/github-community-projects/issue_metrics` stays at the same path. - The job-level permission block now lists the union of what the called workflow's internal jobs need (contents/pull-requests/packages/id-token/attestations/discussions). A `uses:` caller can only grant — never expand — what the reusable workflow requests, so missing perms here silently disable features instead of erroring. - `image-registry` and `image-registry-username` moved from `secrets:` to inputs in v1.0.0 (defaults to `ghcr.io` and `github.actor`). Both defaults match the previous explicit values, so they're omitted. - `image-registry-password` stays a secret and continues to use `GITHUB_TOKEN` for ghcr.io pushes. Signed-off-by: jmeridth <jmeridth@gmail.com> * style: align release.yml comments to prettier formatting Single-space before `#` so prettier (via super-linter) accepts the workflow file. No behavior change. Signed-off-by: jmeridth <jmeridth@gmail.com> --------- Signed-off-by: jmeridth <jmeridth@gmail.com>
jmeridth
added a commit
to github-community-projects/evergreen
that referenced
this pull request
May 10, 2026
* ci: adopt consolidated ospo-reusable-workflows release.yaml ## What Collapse the three legacy `release` / `release_image` / `release_discussion` job calls into a single call to the consolidated `release.yaml` reusable workflow at v1.0.0 (`592067a6...`). Pass `image-name`, `create-attestation: true`, and `create-discussion: true` so the workflow handles GitHub release, container image build/push to GHCR, build provenance attestation, and announcement discussion in one draft-first pipeline. Also add a "💥 Breaking Changes" category to `release-drafter.yml`. ## Why The legacy three-workflow setup forced callers to wire up the same job chain by hand in every repo and made it easy for permissions, secrets, and ordering to drift. v1.0.0 of ospo-reusable-workflows owns the chain internally and exposes a single entry point. The "Breaking Changes" category matches the upstream release-drafter template (github-community-projects/ospo-reusable-workflows#134); the `breaking` label already maps to a major bump in `version-resolver`, so this just surfaces those PRs in their own changelog section. ## Notes - The job-level permission block now lists the union of what the called workflow's internal jobs need (contents/pull-requests/packages/id-token/attestations/discussions). A `uses:` caller can only grant — never expand — what the reusable workflow requests, so missing perms here silently disable features instead of erroring. - `image-registry` and `image-registry-username` moved from `secrets:` to inputs in v1.0.0 (defaults to `ghcr.io` and `github.actor`). Both defaults match the previous explicit values, so they're omitted. - `image-registry-password` stays a secret and continues to use `GITHUB_TOKEN` for ghcr.io pushes. - The reusable workflow's `release_discussion` job validates the discussion secrets at the step level and skips with a notice if they're unset, so the workflow keeps working even if the discussion secrets aren't configured. Signed-off-by: jmeridth <jmeridth@gmail.com> * style: align release.yml comments to prettier formatting Single-space before `#` so prettier (via super-linter) accepts the workflow file. No behavior change. Signed-off-by: jmeridth <jmeridth@gmail.com> --------- Signed-off-by: jmeridth <jmeridth@gmail.com>
jmeridth
added a commit
to github-community-projects/stale-repos
that referenced
this pull request
May 10, 2026
## What Collapse the three legacy `release` / `release_image` / `release_discussion` job calls plus the bespoke `update_major_tag` job into a single call to the consolidated `release.yaml` reusable workflow at v1.0.0 (`592067a6...`). Pass `image-name`, `create-attestation: true`, and `create-discussion: true` so the workflow handles GitHub release, container image build/push to GHCR (preserving the underscore form `stale_repos`), build provenance attestation, announcement discussion, and major-tag pushing in one draft-first pipeline. Also add a "💥 Breaking Changes" category to `release-drafter.yml`. ## Why The legacy three-workflow setup forced callers to wire up the same job chain by hand in every repo and made it easy for permissions, secrets, and ordering to drift. v1.0.0 of ospo-reusable-workflows owns the chain internally (including pushing the major-version moving tag in `create_release`, so the standalone `update_major_tag` job is now redundant) and exposes a single entry point. The "Breaking Changes" category matches the upstream release-drafter template (github-community-projects/ospo-reusable-workflows#134); the `breaking` label already maps to a major bump in `version-resolver`, so this just surfaces those PRs in their own changelog section. ## Notes - The reusable workflow's `create_release` job tags both the full version (e.g. `v1.2.3`) and the short/major moving tag (e.g. `v1`) and force-pushes both. The deleted `update_major_tag` job did exactly that for the major tag, so behavior is preserved. - `image-name` keeps the existing underscore form `${{ github.repository_owner }}/stale_repos` so the published image at `ghcr.io/github-community-projects/stale_repos` stays at the same path. - The job-level permission block now lists the union of what the called workflow's internal jobs need (contents/pull-requests/packages/id-token/attestations/discussions). A `uses:` caller can only grant — never expand — what the reusable workflow requests, so missing perms here silently disable features instead of erroring. - `image-registry` and `image-registry-username` moved from `secrets:` to inputs in v1.0.0 (defaults to `ghcr.io` and `github.actor`). Both defaults match the previous explicit values, so they're omitted. - Comment alignment uses single-space-before-`#` to satisfy prettier (the repo's super-linter runs prettier on YAML). Signed-off-by: jmeridth <jmeridth@gmail.com>
jmeridth
added a commit
to privateerproj/privateer-sdk
that referenced
this pull request
May 11, 2026
* ci: adopt consolidated ospo-reusable-workflows release.yaml ## What Bump the `release.yaml` reusable workflow pin to v1.0.0 (`592067a6...`), which collapses the previous three-workflow release/release-image/release-discussion pipeline into a single draft-first workflow. Also add a "Breaking Changes" category to release-drafter so PRs labeled `breaking` get their own section in the generated changelog. ## Why The pinned SHA was the pre-consolidation version. Moving to v1.0.0 puts this repo on the supported release flow and aligns it with the pvtr CLI's release workflow. Because pvtr-sdk ships no binaries or container images, only the `create_release` / `publish_release` portion of the consolidated workflow runs; the existing `contents: write` + `pull-requests: read` permissions are still all that's needed. The "Breaking Changes" category matches the upstream release-drafter template (github-community-projects/ospo-reusable-workflows#134); the `breaking` label was already wired up under `version-resolver.major`, so this just surfaces those PRs in their own changelog section. ## Notes - No `goreleaser-config-path` or `image-name` inputs are passed, so the optional `release_goreleaser` and `release_image` jobs in the reusable workflow are skipped at the job-level `if:` and never spin up runners. - Likewise, no `id-token: write` / `attestations: write` permissions are needed here since there are no artifacts to attest. - `create-discussion` is intentionally not enabled; flip on later with the input plus `discussion-repository-id` / `discussion-category-id` secrets if we want auto-announcements. Signed-off-by: jmeridth <jmeridth@gmail.com> * chore: bump ospo-reusable-workflows from v1.0.0 to v1.0.1 ## What Bump the pin on ospo-reusable-workflows/release.yaml from v1.0.0 to v1.0.1 (SHA e92cb6053ace495fe40a5f185988557afcdcecbc). ## Why v1.0.1 lands two fixes from upstream PR github-community-projects/ospo-reusable-workflows#138: 1. release_discussion runs only after publish_release succeeds (no announcing releases that never published). 2. release_goreleaser auto-installs syft when GoReleaser config declares an sboms: block. ## Notes - No caller-side configuration changes are required; v1.0.1 is backward-compatible with v1.0.0 inputs and secrets. Signed-off-by: jmeridth <jmeridth@gmail.com> --------- Signed-off-by: jmeridth <jmeridth@gmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Pull Request
Proposed Changes
What
Add a new "💥 Breaking Changes" category to
.github/release-drafter.yaml, ordered first so it sits above Features. The category collects PRs labeledbreaking.Why
The
breakinglabel already drives a major version bump viaversion-resolver, but breaking changes were silently bucketed under whatever other label the PR carried (feature, fix, etc.). Surfacing them as their own top-of-release section makes upgrade impact visible to consumers reading the changelog.Notes
breakinglabel is not in theautolabelerblock — it must still be applied manually or via another automation.breakingandfeaturelabels will appear under Breaking Changes only (release-drafter places each PR in the first matching category).Testing
breakinglabel is merged.Readiness Checklist
Author/Contributor