UID2-7340: publish operator release as pre-release instead of draft#2617
Merged
Conversation
publish-all-operators.yaml created the GitHub Release (private-operator deployment zips + enclave-ID manifests) as a draft, which requires a manual publish click that is usually skipped — silently losing release notes and 404ing on get-by-tag. Publish it as a pre-release instead: durable and fetchable by tag without claiming GA. The Major-release approval gate (check_major job) is unchanged, and promoting the release to Latest in the UI stays the deliberate manual GA checkpoint. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
softprops defaults tag_name to github.ref_name (the dispatch branch, e.g. main) — not the version tag. The draft masked this; a published release needs the tag now or get-by-tag would still 404. The v<version> tag already exists, pushed by the start job's commit_pr_and_merge. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
jon8787
approved these changes
Jun 23, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
publish-all-operators.yamlcuts the GitHub Release carrying the private-operator deployment zips (AWS/Azure/GCP) and enclave-ID manifests as a draft. Publishing a draft is a manual click most people skip, so release notes are silently lost andGET /releases/tags/{tag}404s even though the git tag exists.This PR publishes that release as a pre-release (
draft:false, prerelease:true) instead — durable and fetchable by tag without claiming GA.What is unchanged
check_majorjob (publish-majorenvironment).Latest— still the deliberate GA checkpoint, done in the UI. Nothing here auto-marks the release asLatest.This is the companion to IABTechLab/uid2-shared-actions#242, which makes the same draft→pre-release change for services going through the shared publish workflows. The operator's public docker image already flows through that shared
java-dockerworkflow; this PR covers the private operator artifacts cut inline here.Validation
The full pipeline can't run off a fork (enclave builds, AMIs, attestation need cloud creds + signing), so the changed
createReleasestep was replicated faithfully — including thefiles:deployment-zip asset uploads — in a throwaway repo (UnifiedID2/bmz-prerelease-smoke):draft:false+prerelease:truetag_namev<version>;GET /releases/tags/v<version>→ 200 (was 404 on drafts)files:asset uploadaws-uid2,azure-cc,gcp-oidc) attached to the published pre-releaseThe added
tag_namematters: softprops defaults it togithub.ref_name(the dispatch branch), which the draft masked (a draft carries no tag until manually published). Without it the published release would attach tomainand get-by-tag would still 404 — the tag already exists from thestartjob'scommit_pr_and_merge.🤖 Generated with Claude Code