From 5bc2a00b6c5760555a1f0632bc8290f8978d719a Mon Sep 17 00:00:00 2001 From: Behnam Mozafari Date: Tue, 23 Jun 2026 11:39:15 +1000 Subject: [PATCH 1/2] UID2-7340: publish operator release as pre-release instead of draft MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit publish-all-operators.yaml created the GitHub Release (private-operator deployment zips + enclave-ID manifests) as a draft, which requires a manual publish click that is usually skipped — silently losing release notes and 404ing on get-by-tag. Publish it as a pre-release instead: durable and fetchable by tag without claiming GA. The Major-release approval gate (check_major job) is unchanged, and promoting the release to Latest in the UI stays the deliberate manual GA checkpoint. Co-Authored-By: Claude Opus 4.8 --- .github/workflows/publish-all-operators.yaml | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/.github/workflows/publish-all-operators.yaml b/.github/workflows/publish-all-operators.yaml index c70a71bab..2d18a0aa2 100644 --- a/.github/workflows/publish-all-operators.yaml +++ b/.github/workflows/publish-all-operators.yaml @@ -229,12 +229,17 @@ jobs: (cd ./deployment/gcp-oidc-deployment-files-${{ needs.start.outputs.new_version }} && zip -r ../../gcp-oidc-deployment-files-${{ needs.start.outputs.new_version }}.zip . ) (cd manifests && zip -r ../uid2-operator-release-manifests-${{ needs.start.outputs.new_version }}.zip .) - - name: Create draft release + # Publish as a pre-release (not a draft): durable + fetchable by tag + # without claiming GA. The Major-release approval gate stays the + # check_major job above, and promoting this to Latest in the UI remains + # the deliberate manual GA checkpoint. See UID2-7340. + - name: Create pre-release uses: softprops/action-gh-release@b4309332981a82ec1c5618f44dd2e27cc8bfbfda # v3.0.0 with: name: v${{ needs.start.outputs.new_version }} body: ${{ steps.changelog.outputs.changelog }} - draft: true + draft: false + prerelease: true files: | ./aws-euid-deployment-files-${{ needs.start.outputs.new_version }}.zip ./aws-uid2-deployment-files-${{ needs.start.outputs.new_version }}.zip From 12409348a5b628aec8683c5c9492ffac22423350 Mon Sep 17 00:00:00 2001 From: Behnam Mozafari Date: Tue, 23 Jun 2026 13:21:37 +1000 Subject: [PATCH 2/2] UID2-7340: set explicit tag_name on the operator pre-release MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit softprops defaults tag_name to github.ref_name (the dispatch branch, e.g. main) — not the version tag. The draft masked this; a published release needs the tag now or get-by-tag would still 404. The v tag already exists, pushed by the start job's commit_pr_and_merge. Co-Authored-By: Claude Opus 4.8 --- .github/workflows/publish-all-operators.yaml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/publish-all-operators.yaml b/.github/workflows/publish-all-operators.yaml index 2d18a0aa2..4cd826b23 100644 --- a/.github/workflows/publish-all-operators.yaml +++ b/.github/workflows/publish-all-operators.yaml @@ -236,6 +236,12 @@ jobs: - name: Create pre-release uses: softprops/action-gh-release@b4309332981a82ec1c5618f44dd2e27cc8bfbfda # v3.0.0 with: + # tag_name must be explicit. softprops defaults it to github.ref_name + # (the dispatch branch, e.g. main) — not the version tag. The draft + # masked this (a draft carries no tag until manually published); a + # published release needs the tag now or get-by-tag would still 404. + # The v tag already exists (pushed by the start job). UID2-7340. + tag_name: v${{ needs.start.outputs.new_version }} name: v${{ needs.start.outputs.new_version }} body: ${{ steps.changelog.outputs.changelog }} draft: false