SCANNPM-133 feat: Automatically create Update Center PR on release#400
Merged
SCANNPM-133 feat: Automatically create Update Center PR on release#400
Conversation
- Add validation for required `Description:` line in release body - Add `release_description` input for manual workflow dispatch - Create PR in sonar-update-center-properties after publish - Request review from @SonarSource/quality-web-squad - Update docs with new release process Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
hashicorp-vault-sonar-prod
bot
changed the title
zglicz
requested changes
Jan 26, 2026
Contributor
zglicz
left a comment
zglicz
left a comment
There was a problem hiding this comment.
Please add a release template so that the Description: field exists in the notes of the release.
Address review feedback to ensure Description: field is pre-populated when creating releases. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The vault secret was configured in re-terraform-aws-vault#8403 with the suffix 'release-automation', not 'update-center'. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The GitHub token doesn't have permission to access organization teams, which is required for the --reviewer flag. CODEOWNERS should handle review assignment automatically. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Notify squad-analysis-experience channel when a new version is released with links to the release, npm package, and Update Center PR. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Split notify into separate job for better separation of concerns - Add slack_channel input parameter with default value - Fetch Slack webhook in dedicated job - Include Update Center PR link in notification Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Incoming webhooks have a fixed channel, so the channel parameter was ignored. Switch to using the Slack bot token with chat.postMessage method which allows specifying the target channel. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Set errors: true so failed Slack API calls will fail the step and show the actual error message. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Private channels require using the channel ID (C03DLUN6GR3) instead of the channel name. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Move the sed/awk logic for updating scannernpm.properties to a dedicated script at scripts/update-update-center.sh. This makes the logic easier to understand, maintain, and test locally. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
zglicz
approved these changes
Jan 27, 2026
The qa-deployer token does not have read access to download the SonarQube application zip from repox. This caused CI failures when SonarQube 26.2.0 was released and the tests tried to download it. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Artifactory now serves 302 redirects instead of direct file streams. Node.js https.get doesn't follow redirects by default, causing the redirect HTML/JSON to be saved as the zip file. This fix: - Follows HTTP 3xx redirects automatically - Validates HTTP status codes before saving the response - Provides clear error messages for authentication failures Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Document the manual steps required after the release workflow: 1. Merge the Update Center PR 2. Run the deploy workflow to publish the JSON 3. Run the generate-release-notes workflow and merge the docs PR Also update the Slack notification to include these steps as a checklist. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
SonarQube reviewer guideImportant We are currently testing different models for AI Summary. Model A:Summary: Automates Update Center registration and adds Slack notifications to the release workflow. Review Focus:
Start review at: Model B:Summary: Automate the Sonar Update Center release process with release description validation, update-center PR creation, and Slack notifications. Review Focus:
Start review at:
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Description:line in release body (fails fast if missing)release_descriptioninput for manual workflow dispatchChanges
Release workflow
Description:from release bodyupdate-centerjob that creates PR in sonar-update-center-propertiesrelease_descriptioninput for manual dry runsDocumentation
Description:requirementTest plan
🤖 Generated with Claude Code