feat: skip per-package monorepo release tags in container builds

[Copilot]

In monorepos using per-package releases (e.g., @scope/pkg@1.0.0), the container workflow fires for every package release — not just the root/unified release — causing redundant builds, broken image tags, and wasted CI minutes.

Changes

New input: release-tag-pattern

• Added to action.yml under a new Monorepo Configuration section
• Default: ^v?[0-9]+\.[0-9]+\.[0-9]+(-[a-zA-Z0-9.-]+)?(\+[a-zA-Z0-9.-]+)?$ (full semver)
• Set to empty string ('') to allow all release tags unconditionally

- uses: wgtechlabs/container-build-flow-action@v1
  with:
    release-tag-pattern: '^v?[0-9]+\.[0-9]+\.[0-9]+(-[a-zA-Z0-9.-]+)?(\+[a-zA-Z0-9.-]+)?$'
    # or '' to disable filtering

detect-build-flow.sh

• Reads RELEASE_TAG_PATTERN env var (uses - not :- so empty string correctly disables filtering)
• On mismatch, sets flow_type=skip, logs the reason, writes minimal outputs, and returns early — no tag generation, no Docker operations

action.yml step conditions

• All 20 post-detect steps now gate on steps.detect.outputs.build-flow-type != 'skip': Buildx setup, registry logins, metadata extraction, build/push, all Trivy scans, SARIF uploads, and PR comments

build-flow-type output

• Source changed from steps.output (which is skipped) to steps.detect so callers always get the actual value, including skip
• Description updated to include skip as a valid flow type

Original prompt

---

This section details on the original issue you should resolve

<issue_title>Skip per-package monorepo release tags in container builds</issue_title>
<issue_description>## Summary

When used in a monorepo that generates per-package releases (e.g., via release-build-flow-action in monorepo mode), the container build flow fires once for every package release — not just the root/unified release. This results in multiple redundant container builds, broken image tags, and wasted CI minutes.

Current Behavior

1. A monorepo release workflow creates per-package GitHub Releases with tags like @tinyclaw/core@0.1.0, @tinyclaw/shell@0.1.0, etc.
2. A container workflow with on: release: types: [published] triggers for each of those releases.
3. detect-build-flow.sh sees GITHUB_EVENT_NAME=release and processes the per-package tag as if it's a standard semver release tag.
4. The @scope/name@version format doesn't match the expected semver pattern (v1.2.3), causing:
   • Failed semver parsing
   • Broken/invalid container image tags
   • Multiple redundant build attempts (one per package)

Expected Behavior

The action should be able to distinguish between:

• Root/unified release tags (e.g., v1.0.0) → build the container image
• Per-package monorepo tags (e.g., @scope/package@1.0.0, package@1.0.0) → skip the container build

Suggested Solution

Add a new input to control which release tags trigger a container build:

inputs:
  release-tag-pattern:
    description: 'Regex pattern to match release tags that should trigger container builds (default: matches semver with optional v prefix)'
    required: false
    default: '^v?[0-9]+\.[0-9]+\.[0-9]+'

In detect-build-flow.sh, add a check at the release detection stage:

elif [ "$GITHUB_EVENT_NAME" = "release" ]; then
    # Check if release tag matches the expected pattern
    if [[ -n "${RELEASE_TAG_PATTERN}" ]] && ! [[ "${RELEASE_TAG}" =~ ${RELEASE_TAG_PATTERN} ]]; then
        log_warning "Release tag '${RELEASE_TAG}' does not match pattern '${RELEASE_TAG_PATTERN}' - skipping build"
        flow_type="skip"
        # ... set outputs and exit early
    fi
    # ... existing release detection logic
fi

Alternatively (or additionally), the action could auto-detect monorepo-style tags by checking for @ in the tag name:

# Auto-skip per-package monorepo tags (e.g., @scope/pkg@1.0.0 or pkg@1.0.0)
if [[ "${RELEASE_TAG}" == *"@"* ]]; then
    log_info "Detected monorepo per-package tag, skipping container build"
    # ... exit gracefully
fi

Workaround

Currently, users must add a manual job condition in their workflow:

jobs:
  build:
    if: github.event_name != 'release' || startsWith(github.event.release.tag_name, 'v')

This works but is fragile and pushes the responsibility to consumers of the action.

Context

Discovered while using this action alongside release-build-flow-action (monorepo mode) in the tinyclaw project. The release action creates 20+ per-package releases, each triggering a container build workflow.

Related

• Skip private packages in monorepo release workflow release-build-flow-action#25 — Skip private packages in monorepo release workflow (source of the spurious releases)</issue_description>

Comments on the Issue (you are @copilot in this section)

• Fixes Skip per-package monorepo release tags in container builds #19

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

[Copilot]

Pull request overview

This PR adds the ability to skip container builds for monorepo per-package release tags by introducing a configurable release tag pattern filter. When a release tag doesn't match the expected pattern (e.g., @scope/pkg@1.0.0 vs v1.0.0), the workflow exits early with a new "skip" flow type, preventing redundant builds and wasted CI resources.

Changes:

• Adds release-tag-pattern input with a default semver regex pattern
• Implements early-exit skip logic in the build flow detection script
• Updates all post-detect workflow steps with skip conditions

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File	Description
action.yml	Adds new release-tag-pattern input under Monorepo Configuration section, updates build-flow-type output to include "skip" and source from detect step, adds skip conditions to 19 workflow steps
scripts/detect-build-flow.sh	Adds pattern matching logic for release tags, implements early-exit skip flow with minimal outputs when tags don't match pattern

Comments suppressed due to low confidence (2)

scripts/detect-build-flow.sh:49

• The Flow Types documentation in the header should include the new 'skip' flow type that was added in this PR. Add a line like: " - skip : Release tag doesn't match pattern (monorepo per-package tags)"

RELEASE_TAG_PATTERN="${RELEASE_TAG_PATTERN-^v?[0-9]+\.[0-9]+\.[0-9]+(-[a-zA-Z0-9.-]+)?(\+[a-zA-Z0-9.-]+)?$}"

action.yml:245

• The short-sha output still references steps.output.outputs.short-sha but should reference steps.detect.outputs.short-sha for consistency. When the build flow is 'skip', the output step (id: output) doesn't run, but short-sha is still set by the detect step and should be accessible.

    description: 'Detected build flow type (pr, dev, patch, staging, wip, release, skip)'
    value: ${{ steps.detect.outputs.build-flow-type }}