feat: auto trigger binary release

[DanielHougaard]

Description 📣

Automatically trigger Infisical Binary releases when a new standalone docker image is released. This works for both nighly and stable.

Type ✨

• Bug fix
• New feature
• Improvement
• Breaking change
• Documentation

---

• I have read the contributing guide, agreed and acknowledged the code of conduct. 📝

[maidul98]

🎉 Snyk checks have passed. No issues have been found so far.

✅ security/snyk check is complete. No issues have been found. (View Details)

[greptile-apps]

Greptile Overview

Summary

This PR adds an auto-trigger mechanism for binary releases but introduces critical issues. The changes include commenting out all Docker build steps in existing jobs and adding a new trigger-binary-release job that creates tags in the infisical-omnibus repository. However, the implementation has several problems that prevent it from working correctly.

Major issues found:

• Hardcoded tag version instead of using dynamic ${{ github.ref_name }}
• Missing required GITHUB_TOKEN environment variable for GitHub API calls
• Job dependencies pointing to jobs that no longer perform actual work
• Development branch trigger that should be removed before merging
• Syntax issues with commented-out code mixed with active code

The workflow will fail in its current state due to missing authentication and incorrect tag reference.

Confidence Score: 1/5

• This PR has critical issues that prevent it from working and should not be merged in its current state
• Score reflects multiple critical logical errors including missing authentication, hardcoded values, broken job dependencies, and syntax issues that will cause workflow failures
• The workflow file requires significant fixes before it can function properly - particularly the authentication, tag reference, and job dependency issues

Important Files Changed

File Analysis

Filename	Score	Overview
.github/workflows/release-standalone-docker-img-postgres-offical.yml	1/5	Added auto trigger binary release job with multiple critical issues: hardcoded tag version, missing GITHUB_TOKEN, dependency on empty jobs, commented out all Docker build steps

Sequence Diagram

sequenceDiagram
    participant GHA as GitHub Actions
    participant Tests as infisical-tests
    participant Standalone as infisical-standalone  
    participant FIPS as infisical-fips-standalone
    participant Trigger as trigger-binary-release
    participant OmnibusRepo as infisical-omnibus

    Note over GHA: Triggered by tag push or branch push
    
    GHA->>Tests: Start backend tests
    Tests-->>GHA: ✓ Tests complete
    
    par Parallel Docker Jobs
        GHA->>Standalone: Start standalone job
        Note over Standalone: ⚠️ Only extracts version (Docker build commented out)
        Standalone-->>GHA: ✓ Version extracted only
    and
        GHA->>FIPS: Start FIPS standalone job  
        Note over FIPS: ⚠️ Only extracts version (Docker build commented out)
        FIPS-->>GHA: ✓ Version extracted only
    end
    
    Note over Trigger: Depends on both Docker jobs
    GHA->>Trigger: Start trigger job
    
    Note over Trigger: ❌ Missing GITHUB_TOKEN
    Trigger->>OmnibusRepo: Check if tag exists (fails without auth)
    Trigger->>OmnibusRepo: Get latest main SHA (fails without auth)
    Note over Trigger: ❌ Uses hardcoded tag instead of github.ref_name
    Trigger->>OmnibusRepo: Create tag with wrong version (fails)
    
    Trigger-->>GHA: ❌ Job fails

Loading

_{1 file reviewed, 5 comments}

_{Edit Code Review Agent Settings | Greptile}