ORCH-559 Migration from v6 to v7 for gh-action_release

[emma44-m]

---

Summary by Gitar

• Workflow Configuration:
  • Upgraded gh-action_release from @v6 to @v7.
  • Replaced release trigger with workflow_dispatch to allow manual version input.
• Job Control:
  • Added a guard job to restrict release execution to master and branch-* branches.
  • Configured concurrency settings to prevent multiple simultaneous workflows on the same ref.

_{This will update automatically on new commits.}

[sonar-review-alpha]

Summary

This PR updates the release workflow from automatic event-driven triggering to manual invocation via workflow_dispatch. Key changes:

• Trigger mechanism: Changed from auto-triggering on GitHub release publication to manual workflow dispatch with an explicit version input
• gh-action_release upgrade: Updated the reusable workflow action from v6 to v7
• Safety guard: Added a new job that validates releases can only be triggered from master or branch-* branches
• Explicit versioning: Release version is now passed as a workflow input rather than derived from the GitHub release event
• Draft release behavior: Explicitly disabled draft release creation in v7

What reviewers should know

For reviewers:

1. Workflow behavior change: This fundamentally changes when releases happen. Previously automatic on release publication, now requires manual dispatch. Verify this aligns with team workflow.

2. Branch protection: The guard job prevents releases from arbitrary branches — only master or semantic branch-* patterns allowed. Check if this covers all legitimate release branches.

3. Version input: The workflow now requires explicit version input (format: "1.2.3.456"). Ensure callers understand this requirement and the version format expectations.

4. Breaking action upgrade: The v7 migration may have breaking changes. Focus on:

   • Whether the new action API still supports all the input parameters being passed (publishToBinaries, mavenCentralSync, mavenCentralSyncExclusions, slackChannel)
   • The effect of createDraftRelease: false in v7
   • Any behavior changes between v6 and v7 that affect the release process

5. Manual vs. automatic: Confirm the team has processes in place to trigger this manually when needed, since it no longer auto-releases.

---

• Generate Walkthrough
• Generate Diagram

🗣️ Give feedback

[sonar-review-alpha]

The guard job and workflow_dispatch migration are well-structured. One operational concern worth resolving before merge: the release workflow has no concurrency: group, while build.yml uses one consistently.

🗣️ Give feedback

[sonarqube-next]

Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
0 Dependency risks
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarQube

[gitar-bot]

Code Review ✅ Approved 1 resolved / 1 findings

Migration to gh-action_release v7 adds necessary guard rails and concurrency control. Add format validation for the new manual version input to prevent malformed release triggers.

✅ 1 resolved

✅ Edge Case: Manual version input is not format-validated

📄 .github/workflows/release.yml:5-9 📄 .github/workflows/release.yml:16-22 📄 .github/workflows/release.yml:35
The new workflow_dispatch input version (described as 'Full version including build number, e.g. 1.2.3.456') is passed directly to the v7 reusable workflow (version: ${{ inputs.version }}) without any validation in the guard job. Since the version is now entered manually rather than derived from a GitHub release tag, a typo or malformed value (e.g. missing the build number) would propagate into the release/publish steps. Consider adding a regex check in the guard job, e.g. [[ "${{ inputs.version }}" =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]] || { echo 'ERROR: invalid version'; exit 1; }, unless the v7 reusable workflow already validates this downstream.

Options

Auto-apply is off → Gitar will not commit updates to this branch.
Display: compact → Showing less information.

Comment with these commands to change:

Auto-apply	Compact
gitar auto-apply:on	gitar display:verbose

_{Was this helpful? React with 👍 / 👎 | Gitar}

[sonarqube-next]

Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
0 Dependency risks
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarQube

[matteo-mara-sonarsource]

I think this is the only repository where we are enforcing this.