example42 · alvagante · Jan 25, 2026 · Jan 25, 2026 · Copilot · Jan 25, 2026
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
@@ -13,7 +13,7 @@ jobs:
   build-and-publish:
     runs-on: ubuntu-latest
     permissions:
-      contents: read
+      contents: write
       packages: write
       id-token: write
       attestations: write
@@ -62,3 +62,41 @@ jobs:
           subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
           subject-digest: ${{ steps.build.outputs.digest }}
           push-to-registry: true
+
+  create-release:
-  create-release:
+  create-release:
+    # Intentionally depend on Docker image build/publish: only create a GitHub
+    # release if the container image was successfully built and pushed.
-  create-release:
+  create-release:
+    # Intentionally depend on Docker image build/publish: only create a GitHub
+    # release if the container image was successfully built and pushed.
+    needs: build-and-publish
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Extract version from tag
+        id: version
+        run: echo "version=${GITHUB_REF#refs/tags/}" >> $GITHUB_OUTPUT
+
+      - name: Extract changelog for version
+        id: changelog
+        run: |
+          VERSION="${{ steps.version.outputs.version }}"
+          # Extract the section for this version from CHANGELOG.md
+          awk "/^## \[${VERSION#v}\]/,/^## \[/" CHANGELOG.md | sed '$d' > release_notes.md
-          awk "/^## \[${VERSION#v}\]/,/^## \[/" CHANGELOG.md | sed '$d' > release_notes.md
+          awk -v ver="${VERSION#v}" '
+            $0 ~ "^## \\[" ver "\\]" { in_section=1; print; next }
+            in_section && /^## \[/ { exit }
+            in_section { print }
+          ' CHANGELOG.md > release_notes.md
-          awk "/^## \[${VERSION#v}\]/,/^## \[/" CHANGELOG.md | sed '$d' > release_notes.md
+          awk -v ver="${VERSION#v}" '
+            $0 ~ "^## \\[" ver "\\]" { in_section=1; print; next }
+            in_section && /^## \[/ { exit }
+            in_section { print }
+          ' CHANGELOG.md > release_notes.md
+          if [ ! -s release_notes.md ]; then
+            echo "Release notes not found in CHANGELOG.md, using default message"
+            echo "## Changes" > release_notes.md
+            echo "" >> release_notes.md
+            echo "See [CHANGELOG.md](https://github.com/${{ github.repository }}/blob/main/CHANGELOG.md) for details." >> release_notes.md
+          fi
+          cat release_notes.md
+
+      - name: Create GitHub Release
+        uses: softprops/action-gh-release@v1
+        with:
+          body_path: release_notes.md
+          draft: false
+          prerelease: ${{ contains(steps.version.outputs.version, '-') }}
+          generate_release_notes: true
-          generate_release_notes: true
-          generate_release_notes: true
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/backend/test/integrations/CodeAnalyzer.test.ts b/backend/test/integrations/CodeAnalyzer.test.ts
@@ -493,12 +493,7 @@ class profile::unused {
   fs.writeFileSync(path.join(testDir, "manifests", "profile", "unused.pp"), unusedManifest);
 
   // Create a file with trailing whitespace for lint testing
-  const lintTestManifest = `
-class profile::lint_test {
-  # This line has trailing spaces
-  notify { 'test': }
-}
-`;
+  const lintTestManifest = 'class profile::lint_test {\n  # This line has trailing spaces   \n  notify { \'test\': }\n}\n';
   fs.writeFileSync(path.join(testDir, "manifests", "profile", "lint_test.pp"), lintTestManifest);
 
   // Create profile::vhost defined type