Skip to content

remove internal build type, require approval/verification for releasing all production platforms#8525

Merged
atavism merged 14 commits intomainfrom
jay/release-types
Mar 16, 2026
Merged

remove internal build type, require approval/verification for releasing all production platforms#8525
atavism merged 14 commits intomainfrom
jay/release-types

Conversation

@jay-418
Copy link
Copy Markdown
Contributor

@jay-418 jay-418 commented Mar 13, 2026
edited
Loading

  • solves getlantern/engineering#3072
    • removes internal build types
    • requires confirmation/approval of production releases (self-approval is allowed)

rationale

We want to be 100% sure we intend to release to the platforms for which we've pushed a tag. To make this require more than a single push, and allow opportunity for double check, we'll setup an environment for each deploy target, and require that target name to be clicked by someone (anyone) for the production build to proceed. (video below)

Screen.Recording.2026-03-12.at.18.34.16.mov

github-advanced-security[bot]
github-advanced-security bot found potential problems Mar 13, 2026
View reviewed changes
@jay-418 jay-418 deployed to production March 13, 2026 00:17 — with GitHub Actions Active
github-advanced-security[bot]
github-advanced-security bot found potential problems Mar 13, 2026
View reviewed changes
@jay-418 jay-418 temporarily deployed to production-all March 13, 2026 00:34 — with GitHub Actions Inactive
github-advanced-security[bot]
github-advanced-security bot found potential problems Mar 13, 2026
View reviewed changes
@jay-418 jay-418 marked this pull request as ready for review March 13, 2026 00:39
@jay-418 jay-418 requested review from Derekf5, atavism and jigar-f March 14, 2026 01:50
@jay-418
Copy link
Copy Markdown
Contributor Author

jay-418 commented Mar 14, 2026

We may want to deploy only the build type simplification, but not the approval step, or vice versa, but this addresses both concerns from https://github.com/getlantern/engineering/issues/3072

@jay-418 jay-418 self-assigned this Mar 14, 2026
@jay-418 jay-418 changed the title remove internal build type, require approval/verification for production platforms remove internal build type, require approval/verification for releasing all production platforms Mar 14, 2026
jigar-f
jigar-f approved these changes Mar 16, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@jigar-f jigar-f left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@atavism atavism merged commit 9347126 into main Mar 16, 2026
7 checks passed
@atavism atavism deleted the jay/release-types branch March 16, 2026 17:38
@myleshorton myleshorton requested a review from Copilot March 17, 2026 14:58
Copilot AI reviewed Mar 17, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Removes the deprecated internal build type from CI versioning/release tooling and introduces an approval gate (via a GitHub Environment) before running an “all platforms” production release, with a Slack notification to prompt reviewers.

Changes:

  • Remove internal build handling from scripts/ci/version.sh and align nightly/beta version generation to use production/beta tags only.
  • Update CI helper scripts’ documented build types and release-notes formatting to drop internal.
  • Update the release workflow to (a) remove internal as an option and (b) add Slack notification + environment-based approval before production “all platforms” builds proceed.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 2 comments.

File Description
scripts/ci/version.sh Drops internal tag handling and updates version generation/validation to consider production+beta only.
scripts/ci/publish-to-s3.sh Updates usage/docs to remove internal build type.
scripts/ci/format.sh Removes internal release-notes formatting and updates documented build types.
.github/workflows/release.yml Removes internal paths and adds Slack notify + environment approval gate for production releases targeting all platforms.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

You can also share your feedback on Copilot code review. Take the survey.

.github/workflows/release.yml
Comment on lines 216 to +222
build-macos:
needs: [set-metadata, release-create]
needs: [set-metadata, release-create, release-approval]
uses: ./.github/workflows/build-macos.yml
secrets: inherit
if: ${{ needs.set-metadata.outputs.platform == 'all' || contains(needs.set-metadata.outputs.platform, 'macos') }}
if: |
(needs.release-approval.result == 'success' || needs.release-approval.result == 'skipped') &&
(needs.set-metadata.outputs.platform == 'all' || contains(needs.set-metadata.outputs.platform, 'macos'))
.github/workflows/release.yml
Comment on lines +206 to +212
release-approval:
needs: [set-metadata, release-notify]
if: |
needs.set-metadata.outputs.build_type == 'production' &&
needs.set-metadata.outputs.platform == 'all'
runs-on: ubuntu-latest
environment: production
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@jigar-f jigar-f jigar-f approved these changes

@Derekf5 Derekf5 Awaiting requested review from Derekf5

@atavism atavism Awaiting requested review from atavism

Assignees

@jay-418 jay-418

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@jay-418 @github-advanced-security @jigar-f @atavism