Skip to content

Add patch release script #2502

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
jvdm wants to merge 12 commits into
base: master
Choose a base branch
from
Open

Add patch release script #2502

jvdm wants to merge 12 commits into from
+533 −0

Conversation

@jvdm
Copy link
Contributor

@jvdm jvdm commented Dec 10, 2025
edited
Loading

Summary

  • Adds scripts/patch-release.sh to automate the scanner patch release process
  • Auto-detects the next patch number when not provided
  • Validates that HEAD is not already a release commit
  • Verifies sequential patch numbering
  • Handles GitHub release creation with proper --latest flag based on semantic versioning

Usage

./scripts/patch-release.sh <RELEASE> [PATCH_NUMBER]

Options:

  • --dry-run - Preview what would happen without making changes
  • -y, --yes - Skip confirmations (for automation)

Examples:

./scripts/patch-release.sh 2.36           # auto-detects next patch
./scripts/patch-release.sh 2.36 9         # explicitly creates 2.36.9
./scripts/patch-release.sh --dry-run 2.36 # preview mode

Test plan

  • Run ./scripts/patch-release.sh --dry-run 2.37 to verify workflow
  • Verify auto-detection of next patch number
  • Verify detection of existing release commits at HEAD
  • Verify non-sequential patch number warning

@jvdm jvdm requested a review from a team as a code owner December 10, 2025 19:16
@BradLugo
Copy link
Contributor

BradLugo commented Dec 10, 2025

Why a slash command instead of a script? I ask because I have some trust issues with LLMs based on experience, and feel that having code we can validate is safer and easier to reason with when something goes wrong.

@jvdm jvdm requested a review from Copilot December 10, 2025 22:06
Copilot AI reviewed Dec 10, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adds a /patch-release Claude Code slash command that automates the scanner patch release process. The command streamlines creating patch releases by handling version detection, validation, git operations, and GitHub release creation.

Key changes:

  • Auto-detection of the next patch number when not explicitly provided
  • Validation checks for release commit state and sequential patch numbering
  • Automated GitHub release creation with proper semantic versioning handling

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@jvdm
Copy link
Contributor Author

jvdm commented Dec 10, 2025

Why a slash command instead of a script?

This more of an experiment rather than a suggestion on how we should manage scanner releases. These slash commands are just prompt templates, and all "judgement calls" LLM could do are scriptable here.

@BradLugo
Copy link
Contributor

BradLugo commented Dec 11, 2025
edited
Loading

Would this be better suited for one of the tooling repos?

@jvdm
Copy link
Contributor Author

jvdm commented Dec 12, 2025
edited
Loading

Would this be better suited for one of the tooling repos?

Probably. I think this is an example of AI vibe, so tooling might make more sense. I might look into converting these steps into a script, maybe using claude to do it.

@jvdm
Copy link
Contributor Author

jvdm commented Dec 15, 2025

@BradLugo Asked Claude to convert this to a script. Can you take a look to see if it makes sense?

@jvdm jvdm requested a review from Copilot December 15, 2025 21:37
@jvdm jvdm changed the title Add Claude Code slash command for patch releases Add patch release script Dec 15, 2025
Copilot AI reviewed Dec 15, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 1 out of 1 changed files in this pull request and generated 3 comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@jvdm jvdm force-pushed the jvdm/claude-based-patch-release branch from 05524ea to 588ee26 Compare December 15, 2025 23:39
jvdm and others added 9 commits January 13, 2026 11:08
@jvdm
Empty commit to diverge 2.38 from master
e163cb8
@jvdm @claude
Add Claude Code slash command for patch releases
fa31cc1 
Adds a `/patch-release` command that automates the scanner patch release
process. The command handles:

- Auto-detection of the next patch number
- Validation that HEAD is not already a release commit
- Sequential patch number verification
- Cherry-pick prompts
- GitHub release creation with proper --latest flag handling
- Release documentation generation

Usage: /patch-release <RELEASE> [PATCH_NUMBER]
Example: /patch-release 2.36 (auto-detects next patch)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <[email protected]>
@jvdm
Update .claude/commands/patch-release.md
b1ebe1a 
Co-authored-by: Copilot <[email protected]>
@jvdm
Update .claude/commands/patch-release.md
be46d55 
Co-authored-by: Copilot <[email protected]>
@jvdm @claude
Replace Claude slash command with bash script for patch releases
7fd0359 
The LLM-based slash command has been replaced with a deterministic
bash script that provides the same functionality with:

- Full testability (--dry-run mode)
- Auditability (every command visible in source)
- Reproducibility (same input → same behavior)
- Proper error handling (set -euo pipefail)

Usage: ./scripts/patch-release.sh [--dry-run] [-y] <RELEASE> [PATCH_NUMBER]

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <[email protected]>
@jvdm
Update scripts/patch-release.sh
ddbedf4 
Co-authored-by: Copilot <[email protected]>
@jvdm
Update scripts/patch-release.sh
e071b0b 
Co-authored-by: Copilot <[email protected]>
@jvdm
Update scripts/patch-release.sh
dd0820a 
Co-authored-by: Copilot <[email protected]>
@jvdm @claude
Use temporary worktree for patch releases
f723af9 
Run release operations in an isolated /tmp worktree instead of checking
out the release branch in place. This prevents issues when the script
doesn't exist on older release branches.

Changes:
- Create worktree in /tmp/scanner-release-X.Y.Z-XXXXXX
- Cleanup worktree automatically on exit via trap
- Preserve worktree when user aborts for manual operations
- Use origin/release-X.Y for dry-run checks instead of HEAD

Co-Authored-By: Claude Opus 4.5 <[email protected]>
@jvdm jvdm force-pushed the jvdm/claude-based-patch-release branch from 588ee26 to f723af9 Compare January 13, 2026 20:58
@openshift-ci
Copy link

openshift-ci bot commented Jan 13, 2026

@github-actions[bot]: The /retest command does not accept any targets.
The following commands are available to trigger optional jobs:

/test e2e-tests

/test slim-e2e-tests

Use /test all to run all jobs.

Details

In response to this:

/retest scanner-on-push

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@jvdm jvdm requested a review from Copilot January 13, 2026 22:01
Copilot AI reviewed Jan 13, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 1 out of 1 changed files in this pull request and generated 4 comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@github-actions
Copy link

github-actions bot commented Jan 14, 2026

/retest scanner-on-push

@openshift-ci
Copy link

openshift-ci bot commented Jan 14, 2026

@github-actions[bot]: The /retest command does not accept any targets.
The following commands are available to trigger optional jobs:

/test e2e-tests

/test slim-e2e-tests

Use /test all to run all jobs.

Details

In response to this:

/retest scanner-on-push

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@openshift-ci
Copy link

openshift-ci bot commented Jan 14, 2026

@jvdm: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/slim-e2e-tests 7559799 link false /test slim-e2e-tests
ci/prow/e2e-tests 7559799 link false /test e2e-tests

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jvdm @BradLugo