RFC: SDK Release Automation#33
Conversation
There was a problem hiding this comment.
Pull request overview
Adds an RFC documenting a proposed standard release automation approach for OpenFGA SDKs (and related repos) using Release Please and a GitHub App-based workflow to generate release PRs, bump versions (including cross-language markers), and publish tags/releases in a consistent way.
Changes:
- Introduces an RFC describing a two-phase “Release PR → tag/publish” release model powered by Release Please.
- Specifies conventions for version bumping (
x-release-please-versionmarkers) and standardized GitHub-style changelogs. - Proposes enforcement of Conventional Commits via PR title validation and outlines migration/rollout steps.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
You can also share your feedback on Copilot code review. Take the survey.
Co-authored-by: Copilot <[email protected]>
rhamzeh
left a comment
rhamzeh
left a comment
There was a problem hiding this comment.
Please add a section on security:
- Bot commits and tags MUST be GPG signed with our GPG public key
- Maintainers must not be able to push tags
- Both the bot and maintainers must not be able to push directly to main without a codeowner review
Co-authored-by: Raghd Hamzeh <[email protected]>
SoulPancake
left a comment
SoulPancake
left a comment
There was a problem hiding this comment.
TODO: Add a note mentioning that when we want to make a release that doesn't have user facing changes we should use any bump rule other than Auto
Because auto decides commits like chore, docs etc. do not require a release
There was a problem hiding this comment.
TODO:
add a note for
Another thing we figured out after using release please for a bit
If we accurately update the PR description, it captures that for the release-notes
so along with the changelog make sure to modify the PR description of the release PR as you'd like in the release notes ( ideally same as changelog )
Edit:
Update: We are now parsing changelog from the repo instead of relying on the PR description so it has a nice consensus without needing us to update both of them
Description
RFC proposing the adoption of Release Please to automate the release process for all OpenFGA SDKs, CLI, and extensions.
What problem is being solved?
Releasing a new SDK version is currently a manual process — updating changelogs, bumping version constants, creating signed tags, and pushing them. This overhead discourages frequent releases and leads to large, batched shipments.
How is it being solved?
A
workflow_dispatch-triggered GitHub Actions workflow powered by Release Please. A maintainer selects a bump type from the UI, Release Please opens a Release PR with all version bumps and changelog updates, and merging the PR finalizes the release (tag + GitHub Release). Authentication uses a dedicated GitHub App for short-lived, least-privilege tokens.What changes are made to solve it?
This RFC covers the full design: workflow configuration,
x-release-please-versionmarkers for cross-language version bumping, changelog format standardization (GitHub format), Conventional Commits enforcement via PR title validation, GitHub App identity/signing, migration steps, and a phased rollout plan.Relevant issue: openfga/sdk-generator#679
References
Review Checklist
main