Consolidate release artifacts, simplify release_tag usage, fix release creation order, and modernize with JavaScript

[Copilot]

Plan: Consolidate release artifacts and fix release creation order

• Understand the current release workflow structure
• Merge docker-image job steps into the release job
• Merge generate-sbom job steps into the release job
• Simplify release_tag usage
• Fix release creation order
• Rewrite compute release configuration step in JavaScript
• Use release ID to fetch release data (draft mode compatibility)
• Revert action version downgrade
• Validate the workflow compiles without errors

Summary

Successfully consolidated release artifacts into a single job, simplified release_tag usage, fixed the release creation order, rewrote configuration logic in JavaScript, and ensured draft release compatibility.

Workflow Consolidation:

• Removed docker-image job (122 lines)
• Removed generate-sbom job (52 lines)
• Added all build steps to release job
• Net reduction: ~174 lines of code

Release Tag Simplification:

• Removed redundant release_tag output from release job
• All jobs now directly reference needs.config.outputs.release_tag
• Single source of truth for release configuration

Release Creation Order Fix:

• Before: gh-extension-precompile created release immediately, then artifacts added later
• After: All artifacts built first, then release created atomically with everything attached
• Removed intermediate upload steps (checksums, SBOM attachments)
• Draft mode handled correctly at release creation time

JavaScript Refactoring:

• Before: 49-line bash script with gh CLI calls
• After: Concise JavaScript using GitHub REST API via actions/github-script
• More readable with modern syntax (arrow functions, destructuring, template literals)
• Automatic authentication (no GH_TOKEN env var needed)

Draft Release Compatibility:

• Agent job now uses gh api with release ID to fetch release data
• Works correctly for draft releases (gh release view may fail for drafts)
• Ensures reliable release data retrieval regardless of draft status

Version Management:

• Restored actions/github-script@v7.1.0 (was incorrectly downgraded to v7.0.1)
• Maintains latest compatible versions for all actions

Benefits:

• Faster workflow: All build steps run in one job
• Simpler: Fewer jobs, clearer data flow, more maintainable code
• Atomic releases: All artifacts attached at once, no partial releases
• Draft-compatible: Works correctly with draft releases
• Modern tooling: JavaScript for configuration logic

Original prompt

Merge the docker-image steps into the release job in release.md

Build the docker image before creating the release using the locally built binaries.

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

[pelikhan]

@copilot merge generate so mom steps as well

[Copilot]

@copilot merge generate so mom steps as well

Done! Merged the generate-sbom steps into the release job as well (commit 02745e3).

The workflow now has all build steps consolidated:

• Binary compilation
• SBOM generation (SPDX + CycloneDX formats)
• Docker image build and push
• All in the same release job

Removed both the docker-image and generate-sbom jobs, reducing the workflow by ~174 lines total.

[pelikhan]

@copilot review workflow and usage of release_tag

[pelikhan]

@copilot step to publish release should happen after all binaries, sbom, docker image are built .

[Copilot]

@copilot review workflow and usage of release_tag

Reviewed and simplified release_tag usage (commit ac9d41b).

Found issue: The release job was outputting release_tag but just passing through the value from the config job without modification. This created unnecessary indirection.

Fixed by:

• Removed release_tag output from release job
• Updated agent job to use needs.config.outputs.release_tag directly (instead of needs.release.outputs.release_tag)
• All jobs now consistently reference the single source: needs.config.outputs.release_tag

Flow: config job (computes) → release job + agent job (both read directly from config)

No behavioral change, just cleaner architecture with single source of truth.

[Copilot]

@copilot step to publish release should happen after all binaries, sbom, docker image are built .

Fixed! Release is now created AFTER all artifacts are built (commit 6078798).

Changes:

• Removed gh-extension-precompile action (was creating release immediately)
• Build binaries directly with scripts/build-release.sh
• Generate SBOMs
• Build Docker image
• Then create GitHub release with all artifacts attached atomically

Order now:

1. Build binaries → 2. Generate SBOMs → 3. Build Docker image → 4. Create release (with all artifacts)

All files (dist/*, sbom.spdx.json, sbom.cdx.json) attached in single gh release create command. Draft mode handled correctly with --draft flag at creation time.

[pelikhan]

@copilot use release id to retreive release data as it is in draft mode

[Copilot]

Fixed in commit 6ca8dc0.

Changed to use gh api "/repos/${{ github.repository }}/releases/$RELEASE_ID" instead of gh release view "$RELEASE_TAG".

Using the release ID via the API ensures the agent can retrieve release data even when it's in draft mode (gh release view with tag may fail for drafts).

[pelikhan]

@copilot revert this change, do not update to lower version

[Copilot]

Reverted in commit 6ca8dc0.

Restored actions/github-script to v7.1.0 (was downgraded to v7.0.1 during previous workflow compilation). The file now maintains the correct version.