Create release_generation.yml

[FortiShield]

User description

Description

This PR fixes #

Notes for Reviewers

Signed commits

• [*] Yes, I signed my commits.

---

PR Type

enhancement, configuration changes

---

Description

• Added a new GitHub Actions workflow named release_generation.yml to automate the release generation process.
• Configured the workflow to trigger upon the successful completion of the "Release" workflow.
• Implemented steps to check out the repository, extract the latest tag, and use ncipollo/release-action for generating release notes and tagging.

---

Changes walkthrough 📝

Relevant files

Configuration changes

release_generation.yml Add GitHub Actions workflow for automated release generation .github/workflows/release_generation.yml Added a new GitHub Actions workflow for release generation. Configured the workflow to trigger on completion of the "Release" workflow. Included steps for checking out the repository and extracting the latest tag. Integrated ncipollo/release-action to automate release note generation and tagging. +29/-0

---

💡 PR-Agent usage:
Comment /help on the PR to get a list of all available PR-Agent tools and their descriptions

[codiumai-pr-agent-free]

PR Reviewer Guide 🔍

⏱️ Estimated effort to review [1-5]	2
🧪 Relevant tests	No
🔒 Security concerns	No
⚡ Key issues to review	None

[codiumai-pr-agent-free]

PR Code Suggestions ✨

Category	Suggestion	Score
Enhancement	Implement error handling for tag extraction to manage failures effectively Add error handling for the step where the latest tag is extracted to ensure the workflow handles potential failures gracefully. .github/workflows/release_generation.yml [23] -- run: echo "latest_tag=$(git describe --tags --abbrev=0)" >> "$GITHUB_OUTPUT" +- run: | + latest_tag=$(git describe --tags --abbrev=0) + if [ -z "$latest_tag" ]; then + echo "Error: No tags found." + exit 1 + fi + echo "latest_tag=$latest_tag" >> "$GITHUB_OUTPUT" Suggestion importance[1-10]: 10 Why: Implementing error handling for tag extraction is crucial for managing potential failures effectively, ensuring the workflow does not proceed with incorrect or missing data.	10
Security	Restrict workflow permissions to adhere to the principle of least privilege It's recommended to specify the permissions more granarily to follow the principle of least privilege. Currently, the workflow has broad write permissions to repository contents, which might not be necessary for all steps. .github/workflows/release_generation.yml [9-10] permissions: - contents: write + contents: read + pull-requests: write Suggestion importance[1-10]: 9 Why: This suggestion improves security by adhering to the principle of least privilege, reducing the risk of unintended actions by limiting permissions to what is necessary.	9
Best practice	Ensure the workflow condition accurately checks for successful workflow completion To ensure that the workflow only triggers on successful completion of the 'Release' workflow, add a condition to check the conclusion of the workflow_run. .github/workflows/release_generation.yml [15] -if: ${{ github.event.workflow_run.conclusion == 'success' }} +if: ${{ github.event.workflow_run.conclusion == 'success' && github.event.workflow_run.event == 'workflow_run' }} Suggestion importance[1-10]: 8 Why: This suggestion enhances the accuracy of the workflow trigger condition, ensuring it only runs when the 'Release' workflow completes successfully, which is a best practice.	8
	Pin GitHub Actions to a specific commit SHA to ensure stability Consider pinning the action ncipollo/release-action@v1 to a specific commit SHA to avoid potential issues from automatic updates that could break your workflow. .github/workflows/release_generation.yml [25] -- uses: ncipollo/release-action@v1 +- uses: ncipollo/release-action@v1 # Replace 'v1' with the specific commit SHA, e.g., 'abc1234' Suggestion importance[1-10]: 7 Why: Pinning actions to a specific commit SHA ensures stability and prevents unexpected issues from automatic updates, which is a good practice for maintaining workflow reliability.	7