Skip to content

feat: rework release pipeline to use draft-release model (no manual tag push) #2560

New issue
New issue
Open
Open
feat: rework release pipeline to use draft-release model (no manual tag push)#2560
Labels
tektoncd-migrationTasks related to tektoncd org migration
@chmouel

Description

@chmouel
chmouel
opened on Mar 11, 2026

Problem

PAC is moving to the tektoncd GitHub org, which enforces branch protection rules. The current release process requires pushing tags directly (git push refs/tags/v1.2.3), which is blocked under these rules.

Current Flow

  1. Engineer manually runs git tag v1.2.3 && git push refs/tags/v1.2.3
  2. .tekton/release-pipeline.yaml triggers on push to refs/tags/*
  3. Pipeline reads version from git tag --points-at HEAD
  4. GoReleaser runs with prerelease: true (.goreleaser.yml:52) — creates a pre-release; tag must already exist

Problems:

  • Direct tag push is incompatible with branch protection in the tektoncd org
  • prerelease: true creates a pre-release rather than a draft, requiring an already-existing tag
  • No way to trigger the pipeline without a pre-existing tag

Proposed Flow (tektoncd upstream pattern)

This mirrors the approach used by tektoncd/pipeline:

  1. Trigger release via workflow_dispatch (or PAC push to a special branch) with a version input parameter
  2. Pipeline builds binaries, generates manifests, and creates a GitHub draft release (no tag created yet)
  3. Engineer reviews the draft, edits release notes, then publishes → GitHub automatically creates the tag on publish
  4. Branch pushes (release-v1.2.x / stable) continue as today

Files to Change

File Change
.tekton/release-pipeline.yaml Change trigger from refs/tags/* push to workflow_dispatch; accept version as input parameter
.goreleaser.yml:52 Change prerelease: true to draft: true
docs/content/docs/dev/release-process.md Update documented process to reflect draft-release flow

References

  • tektoncd/pipeline release-cheat-sheet and tekton/README for the upstream pattern
  • GitHub docs: Automatically created releases — publishing a draft auto-creates the tag

Acceptance Criteria

  • Release pipeline triggers via workflow_dispatch with a version parameter (no manual tag push required)
  • GoReleaser creates a draft release (not a pre-release)
  • Publishing the draft on GitHub creates the tag automatically
  • Release process docs updated to reflect new flow
  • Works within tektoncd org branch protection rules

Metadata

Metadata

Assignees

No one assigned

    Labels

    tektoncd-migrationTasks related to tektoncd org migration

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions