diff --git a/.github/workflows/release.lock.yml b/.github/workflows/release.lock.yml index c9659322..f1534d01 100644 --- a/.github/workflows/release.lock.yml +++ b/.github/workflows/release.lock.yml @@ -79,8 +79,8 @@ jobs: - activation - create-tag - docker + - draft_release - generate-sbom - - release runs-on: ubuntu-latest permissions: actions: read @@ -110,10 +110,10 @@ jobs: run: bash /opt/gh-aw/actions/create_gh_aw_tmp_dir.sh - env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - RELEASE_ID: ${{ needs.release.outputs.release_id }} - RELEASE_TAG: ${{ needs.release.outputs.release_tag }} + RELEASE_ID: ${{ needs.draft_release.outputs.release_id }} + RELEASE_TAG: ${{ needs.draft_release.outputs.release_tag }} name: Setup environment and fetch release data - run: "set -e\nmkdir -p /tmp/gh-aw-mcpg/release-data\n\n# Use the release ID and tag from the release job\necho \"Release ID from release job: $RELEASE_ID\"\necho \"Release tag from release job: $RELEASE_TAG\"\n\necho \"Processing release: $RELEASE_TAG\"\n\necho \"RELEASE_TAG=$RELEASE_TAG\" >> \"$GITHUB_ENV\"\n\n# Get the current release information\ngh release view \"$RELEASE_TAG\" --json name,tagName,createdAt,publishedAt,url,body > /tmp/gh-aw-mcpg/release-data/current_release.json\necho \"✓ Fetched current release information\"\n\n# Get the previous release to determine the range\nPREV_RELEASE_TAG=$(gh release list --limit 2 --json tagName --jq '.[1].tagName // empty')\n\nif [ -z \"$PREV_RELEASE_TAG\" ]; then\n echo \"No previous release found. This appears to be the first release.\"\n echo \"PREV_RELEASE_TAG=\" >> \"$GITHUB_ENV\"\n touch /tmp/gh-aw-mcpg/release-data/pull_requests.json\n echo \"[]\" > /tmp/gh-aw-mcpg/release-data/pull_requests.json\nelse\n echo \"Previous release: $PREV_RELEASE_TAG\"\n echo \"PREV_RELEASE_TAG=$PREV_RELEASE_TAG\" >> \"$GITHUB_ENV\"\n \n # Get commits between releases\n echo \"Fetching commits between $PREV_RELEASE_TAG and $RELEASE_TAG...\"\n git fetch --unshallow 2>/dev/null || git fetch --depth=1000\n \n # Get all merged PRs between the two releases\n echo \"Fetching pull requests merged between releases...\"\n PREV_PUBLISHED_AT=$(gh release view \"$PREV_RELEASE_TAG\" --json publishedAt --jq .publishedAt)\n CURR_PUBLISHED_AT=$(gh release view \"$RELEASE_TAG\" --json publishedAt --jq .publishedAt)\n gh pr list \\\n --state merged \\\n --limit 1000 \\\n --json number,title,author,labels,mergedAt,url,body \\\n --jq \"[.[] | select(.mergedAt >= \\\"$PREV_PUBLISHED_AT\\\" and .mergedAt <= \\\"$CURR_PUBLISHED_AT\\\")]\" \\\n > /tmp/gh-aw-mcpg/release-data/pull_requests.json\n \n PR_COUNT=$(jq length \"/tmp/gh-aw-mcpg/release-data/pull_requests.json\")\n echo \"✓ Fetched $PR_COUNT pull requests\"\nfi\n\n# Get the README.md content for context about the project\nif [ -f \"README.md\" ]; then\n cp README.md /tmp/gh-aw-mcpg/release-data/README.md\n echo \"✓ Copied README.md for reference\"\nfi\n\n# List documentation files for linking\nfind docs -type f -name \"*.md\" 2>/dev/null > /tmp/gh-aw-mcpg/release-data/docs_files.txt || echo \"No docs directory found\"\n\necho \"✓ Setup complete. Data available in /tmp/gh-aw-mcpg/release-data/\"" + run: "set -e\nmkdir -p /tmp/gh-aw-mcpg/release-data\n\n# Use the release ID and tag from the draft_release job\necho \"Release ID from release job: $RELEASE_ID\"\necho \"Release tag from release job: $RELEASE_TAG\"\n\necho \"Processing release: $RELEASE_TAG\"\n\necho \"RELEASE_TAG=$RELEASE_TAG\" >> \"$GITHUB_ENV\"\n\n# Get the current release information\ngh release view \"$RELEASE_TAG\" --json name,tagName,createdAt,publishedAt,url,body > /tmp/gh-aw-mcpg/release-data/current_release.json\necho \"✓ Fetched current release information\"\n\n# Get the previous release to determine the range\nPREV_RELEASE_TAG=$(gh release list --limit 2 --json tagName --jq '.[1].tagName // empty')\n\nif [ -z \"$PREV_RELEASE_TAG\" ]; then\n echo \"No previous release found. This appears to be the first release.\"\n echo \"PREV_RELEASE_TAG=\" >> \"$GITHUB_ENV\"\n touch /tmp/gh-aw-mcpg/release-data/pull_requests.json\n echo \"[]\" > /tmp/gh-aw-mcpg/release-data/pull_requests.json\nelse\n echo \"Previous release: $PREV_RELEASE_TAG\"\n echo \"PREV_RELEASE_TAG=$PREV_RELEASE_TAG\" >> \"$GITHUB_ENV\"\n \n # Get commits between releases\n echo \"Fetching commits between $PREV_RELEASE_TAG and $RELEASE_TAG...\"\n git fetch --unshallow 2>/dev/null || git fetch --depth=1000\n \n # Get all merged PRs between the two releases\n echo \"Fetching pull requests merged between releases...\"\n PREV_PUBLISHED_AT=$(gh release view \"$PREV_RELEASE_TAG\" --json publishedAt --jq .publishedAt)\n CURR_PUBLISHED_AT=$(gh release view \"$RELEASE_TAG\" --json publishedAt --jq .publishedAt)\n gh pr list \\\n --state merged \\\n --limit 1000 \\\n --json number,title,author,labels,mergedAt,url,body \\\n --jq \"[.[] | select(.mergedAt >= \\\"$PREV_PUBLISHED_AT\\\" and .mergedAt <= \\\"$CURR_PUBLISHED_AT\\\")]\" \\\n > /tmp/gh-aw-mcpg/release-data/pull_requests.json\n \n PR_COUNT=$(jq length \"/tmp/gh-aw-mcpg/release-data/pull_requests.json\")\n echo \"✓ Fetched $PR_COUNT pull requests\"\nfi\n\n# Get the README.md content for context about the project\nif [ -f \"README.md\" ]; then\n cp README.md /tmp/gh-aw-mcpg/release-data/README.md\n echo \"✓ Copied README.md for reference\"\nfi\n\n# List documentation files for linking\nfind docs -type f -name \"*.md\" 2>/dev/null > /tmp/gh-aw-mcpg/release-data/docs_files.txt || echo \"No docs directory found\"\n\necho \"✓ Setup complete. Data available in /tmp/gh-aw-mcpg/release-data/\"" - name: Configure Git credentials env: @@ -180,7 +180,7 @@ jobs: mkdir -p /tmp/gh-aw/safeoutputs mkdir -p /tmp/gh-aw/mcp-logs/safeoutputs cat > /opt/gh-aw/safeoutputs/config.json << 'EOF' - {"missing_data":{},"missing_tool":{},"noop":{"max":1},"update_release":{"max":1}} + {"missing_data":{},"missing_tool":{},"noop":{"max":1},"publish-release":{"description":"Publish the draft release","output":"Release published successfully!"},"update_release":{"max":1}} EOF cat > /opt/gh-aw/safeoutputs/tools.json << 'EOF' [ @@ -258,6 +258,15 @@ jobs: "type": "object" }, "name": "noop" + }, + { + "description": "Publish the draft release", + "inputSchema": { + "additionalProperties": false, + "properties": {}, + "type": "object" + }, + "name": "publish_release" } ] EOF @@ -443,7 +452,7 @@ jobs: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} GH_AW_GITHUB_SERVER_URL: ${{ github.server_url }} - GH_AW_NEEDS_RELEASE_OUTPUTS_RELEASE_ID: ${{ needs.release.outputs.release_id }} + GH_AW_NEEDS_DRAFT_RELEASE_OUTPUTS_RELEASE_ID: ${{ needs.draft_release.outputs.release_id }} run: | bash /opt/gh-aw/actions/create_prompt_first.sh cat << 'PROMPT_EOF' > "$GH_AW_PROMPT" @@ -451,7 +460,7 @@ jobs: Generate an engaging release highlights summary for **__GH_AW_GITHUB_REPOSITORY__** (MCP Gateway) release `${RELEASE_TAG}`. - **Release ID**: __GH_AW_NEEDS_RELEASE_OUTPUTS_RELEASE_ID__ + **Release ID**: __GH_AW_NEEDS_DRAFT_RELEASE_OUTPUTS_RELEASE_ID__ ## Data Available @@ -622,7 +631,7 @@ jobs: - `operation` - Must be `"prepend"` to add before existing notes - `body` - Complete markdown content (include all formatting, emojis, links) - **WARNING**: If you don't call the `update_release` tool, the release notes will NOT be updated! + **Note**: The release will be automatically published after the highlights are added. **Documentation Base URL:** - Repository docs: `https://github.com/githubnext/gh-aw-mcpg/blob/main/docs/` @@ -637,7 +646,7 @@ jobs: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} GH_AW_GITHUB_SERVER_URL: ${{ github.server_url }} - GH_AW_NEEDS_RELEASE_OUTPUTS_RELEASE_ID: ${{ needs.release.outputs.release_id }} + GH_AW_NEEDS_DRAFT_RELEASE_OUTPUTS_RELEASE_ID: ${{ needs.draft_release.outputs.release_id }} with: script: | const substitutePlaceholders = require('/opt/gh-aw/actions/substitute_placeholders.cjs'); @@ -648,7 +657,7 @@ jobs: substitutions: { GH_AW_GITHUB_REPOSITORY: process.env.GH_AW_GITHUB_REPOSITORY, GH_AW_GITHUB_SERVER_URL: process.env.GH_AW_GITHUB_SERVER_URL, - GH_AW_NEEDS_RELEASE_OUTPUTS_RELEASE_ID: process.env.GH_AW_NEEDS_RELEASE_OUTPUTS_RELEASE_ID + GH_AW_NEEDS_DRAFT_RELEASE_OUTPUTS_RELEASE_ID: process.env.GH_AW_NEEDS_DRAFT_RELEASE_OUTPUTS_RELEASE_ID } }); - name: Append XPIA security instructions to prompt @@ -674,7 +683,7 @@ jobs: To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls. - **Available tools**: missing_tool, noop, update_release + **Available tools**: missing_tool, noop, publish-release, update_release **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped. @@ -758,7 +767,7 @@ jobs: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} GH_AW_GITHUB_SERVER_URL: ${{ github.server_url }} - GH_AW_NEEDS_RELEASE_OUTPUTS_RELEASE_ID: ${{ needs.release.outputs.release_id }} + GH_AW_NEEDS_DRAFT_RELEASE_OUTPUTS_RELEASE_ID: ${{ needs.draft_release.outputs.release_id }} with: script: | const { setupGlobals } = require('/opt/gh-aw/actions/setup_globals.cjs'); @@ -895,6 +904,7 @@ jobs: - activation - agent - detection + - publish_release - safe_outputs if: (always()) && (needs.agent.result != 'skipped') runs-on: ubuntu-slim @@ -1192,7 +1202,7 @@ jobs: if-no-files-found: ignore docker: - needs: release + needs: draft_release runs-on: ubuntu-latest permissions: contents: read @@ -1214,7 +1224,7 @@ jobs: - name: Extract tag version id: tag_version run: | - RELEASE_TAG="${{ needs.release.outputs.release_tag }}" + RELEASE_TAG="${{ needs.draft_release.outputs.release_tag }}" echo "version=$RELEASE_TAG" >> "$GITHUB_OUTPUT" echo "✓ Version: $RELEASE_TAG" - name: Build and push (multi-arch) @@ -1232,82 +1242,7 @@ jobs: ghcr.io/${{ github.repository }}:${{ steps.tag_version.outputs.version }} ghcr.io/${{ github.repository }}:${{ github.sha }} - generate-sbom: - needs: release - runs-on: ubuntu-latest - permissions: - contents: write - - steps: - - name: Checkout repository - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 - - name: Set up Go - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6 - with: - cache: false - go-version-file: go.mod - - name: Download Go modules - run: go mod download - - name: Generate SBOM (SPDX format) - uses: anchore/sbom-action@fbfd9c6c189226748411491745178e0c2017392d # v0.20.10 - with: - artifact-name: sbom.spdx.json - format: spdx-json - output-file: sbom.spdx.json - - name: Generate SBOM (CycloneDX format) - uses: anchore/sbom-action@fbfd9c6c189226748411491745178e0c2017392d # v0.20.10 - with: - artifact-name: sbom.cdx.json - format: cyclonedx-json - output-file: sbom.cdx.json - - name: Audit SBOM files for secrets - run: | - echo "Auditing SBOM files for potential secrets..." - if grep -rE "GITHUB_TOKEN|SECRET|PASSWORD|API_KEY|PRIVATE_KEY" sbom.*.json; then - echo "Error: Potential secrets found in SBOM files" - exit 1 - fi - echo "✓ No secrets detected in SBOM files" - - name: Upload SBOM artifacts - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5 - with: - name: sbom-artifacts - path: | - sbom.spdx.json - sbom.cdx.json - retention-days: 7 - - name: Attach SBOM to release - run: | - echo "Attaching SBOM files to release: $RELEASE_TAG" - gh release upload "$RELEASE_TAG" sbom.spdx.json sbom.cdx.json --clobber - echo "✓ SBOM files attached to release" - env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - RELEASE_TAG: ${{ needs.release.outputs.release_tag }} - - pre_activation: - runs-on: ubuntu-slim - outputs: - activated: ${{ steps.check_membership.outputs.is_team_member == 'true' }} - steps: - - name: Setup Scripts - uses: githubnext/gh-aw/actions/setup@v0.36.0 - with: - destination: /opt/gh-aw/actions - - name: Check team membership for workflow - id: check_membership - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 - env: - GH_AW_REQUIRED_ROLES: admin,maintainer - with: - github-token: ${{ secrets.GITHUB_TOKEN }} - script: | - const { setupGlobals } = require('/opt/gh-aw/actions/setup_globals.cjs'); - setupGlobals(core, github, context, exec, io); - const { main } = require('/opt/gh-aw/actions/check_membership.cjs'); - await main(); - - release: + draft_release: needs: - activation - create-tag @@ -1385,15 +1320,16 @@ jobs: ./scripts/build-release.sh "$RELEASE_TAG" - name: Upload binaries to release run: | - echo "Creating release for tag: $RELEASE_TAG" + echo "Creating draft release for tag: $RELEASE_TAG" - # Create release with all binaries and checksums + # Create draft release with all binaries and checksums gh release create "$RELEASE_TAG" \ + --draft \ --title "$RELEASE_TAG" \ --generate-notes \ dist/* - echo "✓ Release created with all platform binaries and checksums" + echo "✓ Draft release created with all platform binaries and checksums" env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Get release ID @@ -1408,6 +1344,121 @@ jobs: env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + generate-sbom: + needs: draft_release + runs-on: ubuntu-latest + permissions: + contents: write + + steps: + - name: Checkout repository + uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 + - name: Set up Go + uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6 + with: + cache: false + go-version-file: go.mod + - name: Download Go modules + run: go mod download + - name: Generate SBOM (SPDX format) + uses: anchore/sbom-action@fbfd9c6c189226748411491745178e0c2017392d # v0.20.10 + with: + artifact-name: sbom.spdx.json + format: spdx-json + output-file: sbom.spdx.json + - name: Generate SBOM (CycloneDX format) + uses: anchore/sbom-action@fbfd9c6c189226748411491745178e0c2017392d # v0.20.10 + with: + artifact-name: sbom.cdx.json + format: cyclonedx-json + output-file: sbom.cdx.json + - name: Audit SBOM files for secrets + run: | + echo "Auditing SBOM files for potential secrets..." + if grep -rE "GITHUB_TOKEN|SECRET|PASSWORD|API_KEY|PRIVATE_KEY" sbom.*.json; then + echo "Error: Potential secrets found in SBOM files" + exit 1 + fi + echo "✓ No secrets detected in SBOM files" + - name: Upload SBOM artifacts + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5 + with: + name: sbom-artifacts + path: | + sbom.spdx.json + sbom.cdx.json + retention-days: 7 + - name: Attach SBOM to release + run: | + echo "Attaching SBOM files to release: $RELEASE_TAG" + gh release upload "$RELEASE_TAG" sbom.spdx.json sbom.cdx.json --clobber + echo "✓ SBOM files attached to release" + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + RELEASE_TAG: ${{ needs.draft_release.outputs.release_tag }} + + pre_activation: + runs-on: ubuntu-slim + outputs: + activated: ${{ steps.check_membership.outputs.is_team_member == 'true' }} + steps: + - name: Setup Scripts + uses: githubnext/gh-aw/actions/setup@v0.36.0 + with: + destination: /opt/gh-aw/actions + - name: Check team membership for workflow + id: check_membership + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 + env: + GH_AW_REQUIRED_ROLES: admin,maintainer + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + script: | + const { setupGlobals } = require('/opt/gh-aw/actions/setup_globals.cjs'); + setupGlobals(core, github, context, exec, io); + const { main } = require('/opt/gh-aw/actions/check_membership.cjs'); + await main(); + + publish_release: + needs: + - agent + - detection + - draft_release + - safe_outputs + if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'publish_release')) + runs-on: ubuntu-latest + permissions: + contents: write + steps: + - name: Download agent output artifact + continue-on-error: true + uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 + with: + name: agent-output + path: /opt/gh-aw/safe-jobs/ + - name: Setup Safe Job Environment Variables + run: | + find "/opt/gh-aw/safe-jobs/" -type f -print + echo "GH_AW_AGENT_OUTPUT=/opt/gh-aw/safe-jobs/agent-output" >> "$GITHUB_ENV" + - name: Publish release + run: | + # Get the release tag from the draft_release job output + RELEASE_TAG="${{ needs.draft_release.outputs.release_tag }}" + + if [ -z "$RELEASE_TAG" ]; then + echo "Error: Release tag not available from release job output" + exit 1 + fi + + echo "Publishing release: $RELEASE_TAG" + + # Remove draft status from release + gh release edit "$RELEASE_TAG" --draft=false + + echo "✓ Release $RELEASE_TAG published successfully" + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + safe_outputs: needs: - agent diff --git a/.github/workflows/release.md b/.github/workflows/release.md index b0f7db94..0698f022 100644 --- a/.github/workflows/release.md +++ b/.github/workflows/release.md @@ -38,6 +38,33 @@ tools: edit: safe-outputs: update-release: + jobs: + publish-release: + description: "Publish the draft release" + runs-on: ubuntu-latest + output: "Release published successfully!" + needs: ["draft_release", "safe_outputs"] + permissions: + contents: write + steps: + - name: Publish release + run: | + # Get the release tag from the draft_release job output + RELEASE_TAG="${{ needs.draft_release.outputs.release_tag }}" + + if [ -z "$RELEASE_TAG" ]; then + echo "Error: Release tag not available from release job output" + exit 1 + fi + + echo "Publishing release: $RELEASE_TAG" + + # Remove draft status from release + gh release edit "$RELEASE_TAG" --draft=false + + echo "✓ Release $RELEASE_TAG published successfully" + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} jobs: create-tag: if: github.event_name == 'workflow_dispatch' @@ -99,7 +126,7 @@ jobs: echo "new_tag=$NEW_TAG" >> "$GITHUB_OUTPUT" echo "✓ Tag $NEW_TAG created and pushed" - release: + draft_release: needs: ["activation", "create-tag"] if: always() && needs.activation.result == 'success' && (needs.create-tag.result == 'success' || needs.create-tag.result == 'skipped') runs-on: ubuntu-latest @@ -183,15 +210,16 @@ jobs: env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | - echo "Creating release for tag: $RELEASE_TAG" + echo "Creating draft release for tag: $RELEASE_TAG" - # Create release with all binaries and checksums + # Create draft release with all binaries and checksums gh release create "$RELEASE_TAG" \ + --draft \ --title "$RELEASE_TAG" \ --generate-notes \ dist/* - echo "✓ Release created with all platform binaries and checksums" + echo "✓ Draft release created with all platform binaries and checksums" - name: Get release ID id: get_release @@ -206,7 +234,7 @@ jobs: echo "✓ Release Tag: $RELEASE_TAG" docker: - needs: ["release"] + needs: ["draft_release"] runs-on: ubuntu-latest permissions: contents: read @@ -232,7 +260,7 @@ jobs: - name: Extract tag version id: tag_version run: | - RELEASE_TAG="${{ needs.release.outputs.release_tag }}" + RELEASE_TAG="${{ needs.draft_release.outputs.release_tag }}" echo "version=$RELEASE_TAG" >> "$GITHUB_OUTPUT" echo "✓ Version: $RELEASE_TAG" @@ -252,7 +280,7 @@ jobs: cache-to: type=gha,mode=max generate-sbom: - needs: ["release"] + needs: ["draft_release"] runs-on: ubuntu-latest permissions: contents: write @@ -304,7 +332,7 @@ jobs: - name: Attach SBOM to release env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - RELEASE_TAG: ${{ needs.release.outputs.release_tag }} + RELEASE_TAG: ${{ needs.draft_release.outputs.release_tag }} run: | echo "Attaching SBOM files to release: $RELEASE_TAG" gh release upload "$RELEASE_TAG" sbom.spdx.json sbom.cdx.json --clobber @@ -312,14 +340,14 @@ jobs: steps: - name: Setup environment and fetch release data env: - RELEASE_ID: ${{ needs.release.outputs.release_id }} - RELEASE_TAG: ${{ needs.release.outputs.release_tag }} + RELEASE_ID: ${{ needs.draft_release.outputs.release_id }} + RELEASE_TAG: ${{ needs.draft_release.outputs.release_tag }} GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | set -e mkdir -p /tmp/gh-aw-mcpg/release-data - # Use the release ID and tag from the release job + # Use the release ID and tag from the draft_release job echo "Release ID from release job: $RELEASE_ID" echo "Release tag from release job: $RELEASE_TAG" @@ -378,7 +406,7 @@ steps: Generate an engaging release highlights summary for **${{ github.repository }}** (MCP Gateway) release `${RELEASE_TAG}`. -**Release ID**: ${{ needs.release.outputs.release_id }} +**Release ID**: ${{ needs.draft_release.outputs.release_id }} ## Data Available @@ -549,7 +577,7 @@ update_release({ - `operation` - Must be `"prepend"` to add before existing notes - `body` - Complete markdown content (include all formatting, emojis, links) -**WARNING**: If you don't call the `update_release` tool, the release notes will NOT be updated! +**Note**: The release will be automatically published after the highlights are added. **Documentation Base URL:** - Repository docs: `https://github.com/githubnext/gh-aw-mcpg/blob/main/docs/`