Skip to content
Release

build(deps-dev): bump ruff from 0.15.13 to 0.15.14 in the ruff group … #16

Sign in to view logs

build(deps-dev): bump ruff from 0.15.13 to 0.15.14 in the ruff group …

build(deps-dev): bump ruff from 0.15.13 to 0.15.14 in the ruff group … #16

Workflow file for this run

.github/workflows/release.yml at c59f13a
# Unless explicitly stated otherwise all files in this repository are licensed
# under the Apache 2.0 License.
#
# This product includes software developed at Datadog (https://www.datadoghq.com/).
# Copyright 2026-Present Datadog, Inc.
name: Release
on:
push:
branches: [main]
workflow_dispatch:
permissions:
contents: read
concurrency:
group: release-${{ github.ref }}
cancel-in-progress: false
jobs:
release-please:
name: Release please
runs-on: ubuntu-latest
permissions:
id-token: write # required for dd-octo-sts OIDC exchange
outputs:
release_created: ${{ steps.release.outputs.release_created }}
tag_name: ${{ steps.release.outputs.tag_name }}
steps:
# Mint a short-lived token via Datadog's dd-octo-sts. The default
# GITHUB_TOKEN can't be used here: GitHub does not trigger downstream
# workflows for events authored by GITHUB_TOKEN, so the release PR
# would land with no `pull_request` checks. The policy lives at
# `.github/chainguard/self.github.release.main.sts.yaml`.
- uses: DataDog/dd-octo-sts-action@96a25462dbcb10ebf0bfd6e2ccc917d2ab235b9a # v1.0.4
id: octo-sts
with:
scope: DataDog/ai-guard-coding-agents
policy: self.github.release.main
- uses: googleapis/release-please-action@45996ed1f6d02564a971a2fa1b5860e934307cf7 # v5.0.0
id: release
with:
token: ${{ steps.octo-sts.outputs.token }}
config-file: release-please-config.json
manifest-file: .release-please-manifest.json
publish:
name: Publish release artifacts
needs: release-please
if: needs.release-please.outputs.release_created == 'true'
uses: ./.github/workflows/build.yml
with:
release_tag: ${{ needs.release-please.outputs.tag_name }}
permissions:
contents: write
secrets: inherit