Trigger from release branch (#3100)

* run pipeline from release branch to fix provenance

* update release instructions

* check branch name at validate input step

Author: shichengripple001

.github/workflows/release.yml

@@ -9,9 +9,6 @@ on:
       package_name:
         description: 'Package folder (Name of the package directory under packages/ folder. e.g., xrpl, ripple-address-codec)'
         required: true
-      release_branch:
-        description: 'Release branch the release is generated from'
-        required: true
       npmjs_dist_tag:
         description: 'npm distribution tag(Read more https://docs.npmjs.com/adding-dist-tags-to-packages)'
         default: 'latest'
@@ -30,12 +27,21 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@v4
         with:
-          ref: ${{ github.event.inputs.release_branch }}
           fetch-depth: 0
 
       - name: Validate inputs
         run: |
           set -euo pipefail
+          RELEASE_BRANCH="$(git branch --show-current || true)"
+          if [[ -z "$RELEASE_BRANCH" ]]; then
+            RELEASE_BRANCH="${{ github.ref_name }}"
+          fi
+
+          if [[ -z "$RELEASE_BRANCH" ]]; then
+            echo "❌ Unable to determine branch name." >&2
+            exit 1
+          fi
+
           # Validate package_name
           PKG_NAME="${{ github.event.inputs.package_name }}"
           if ! [[ "$PKG_NAME" =~ ^[a-z0-9][a-z0-9-]*$ ]]; then
@@ -47,10 +53,9 @@ jobs:
             echo "❌ package_name must be a single directory under packages/." >&2
             exit 1
           fi
-          if git ls-remote --exit-code origin "refs/heads/${{ github.event.inputs.release_branch }}" > /dev/null; then
-            echo "✅ Found release branch: ${{ github.event.inputs.release_branch }}"
-          else
-            echo "❌ Release branch ${{ github.event.inputs.release_branch }} not found in remote. Failing workflow."
+
+          if [[ ! "${RELEASE_BRANCH,,}" =~ ^release[-/] ]]; then
+            echo "❌ Release branch '$RELEASE_BRANCH' must start with 'release-' or 'release/'." >&2
             exit 1
           fi
 
@@ -115,7 +120,7 @@ jobs:
     needs: [get_version]
     uses: ./.github/workflows/faucet_test.yml
     with:
-      git_ref: ${{ github.event.inputs.release_branch }}
+      git_ref: ${{ github.ref }}
     secrets: inherit
 
   run_tests:
@@ -127,7 +132,7 @@ jobs:
     needs: [get_version]
     uses: ./.github/workflows/nodejs.yml
     with:
-      git_ref: ${{ github.event.inputs.release_branch }}
+      git_ref: ${{ github.ref }}
     secrets: inherit
 
   pre_release:
@@ -143,7 +148,6 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@v4
         with:
-          ref: ${{ github.event.inputs.release_branch }}
           fetch-depth: 0
 
       - name: Set up Node.js
@@ -245,7 +249,7 @@ jobs:
           REPO: ${{ github.repository }}
           PKG_NAME: ${{ env.PACKAGE_NAME }}
           PKG_VER: ${{ env.PACKAGE_VERSION }}
-          REL_BRANCH: ${{ github.event.inputs.release_branch }}
+          REL_BRANCH: ${{ github.ref_name }}
           VULN_ART_URL: ${{ steps.vuln_art.outputs.art_url }}
           LABELS: security
         run: |
@@ -298,6 +302,7 @@ jobs:
     env:
       PACKAGE_VERSION: "${{ needs.get_version.outputs.package_version }}"
       PACKAGE_NAME: "${{ github.event.inputs.package_name }}"
+      RELEASE_BRANCH: "${{ github.ref_name }}"
     outputs:
       reviewers_dev: ${{ steps.get_reviewers.outputs.reviewers_dev }}
       reviewers_sec: ${{ steps.get_reviewers.outputs.reviewers_sec }}
@@ -306,15 +311,14 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@v4
         with:
-          ref: ${{ github.event.inputs.release_branch }}
           fetch-depth: 0
       - name: Create PR from release branch to main (skips for rc/beta)
         id: ensure_pr
         if: ${{ github.event.inputs.npmjs_dist_tag == '' || github.event.inputs.npmjs_dist_tag == 'latest' }}
         env:
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           REPO: ${{ github.repository }}
-          RELEASE_BRANCH: ${{ github.event.inputs.release_branch }}
+          RELEASE_BRANCH: ${{ github.ref_name }}
           VERSION: ${{ needs.get_version.outputs.package_version }}
         run: |
           set -euo pipefail
@@ -423,7 +427,6 @@ jobs:
         run: |
           set -euo pipefail
           ARTIFACT_NAME="vulnerability-report"
-          RELEASE_BRANCH="${{ github.event.inputs.release_branch }}"
           COMMIT_SHA="$(git rev-parse --short HEAD)"
 
           echo "Fetching artifact ID for ${ARTIFACT_NAME}..."
@@ -534,7 +537,6 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@v4
         with:
-          ref: ${{ github.event.inputs.release_branch }}
           fetch-depth: 0
 
       - name: Download artifact

RELEASE.md

@@ -10,21 +10,22 @@ You can manually trigger the release workflow from the [GitHub Actions UI](https
 
 ### **Before triggering a release**
 
-1. Create a release branch and update the **`version`** field in `packages/<package_name>/package.json` to the intended release version.
+1. Create a release branch. A qualified branch name should start with "release-" or "release/", case-insensitive. e.g: `release/xrpl@4.3.8`, `release-xrpl-4.3.8`, `Release/xrpl@4.3.8`.
+2. Update the **`version`** field in `packages/<package_name>/package.json` to the intended release version.
    ```json
    {
      "name": "<package_name>",
      "version": "x.y.z"
    }
    ```
-2. Run npm i to update the package-lock with the updated versions and commit the lock file to the releaes branch
+3. Run npm i to update the package-lock with the updated versions and commit the lock file to the release branch
 
 ### **Triggering a Release**
 
 1. Go to **GitHub → Actions → Release Pipeline → Run workflow**
-2. Fill in these fields:
+2. Choose the release branch from dropdown
+3. Fill in these fields:
    - **package_name** → The folder name under `packages/`, e.g., `xrpl` or `ripple-address-codec`.
-   - **release_branch** → The Git branch the release is generated from, e.g., `release/xrpl@4.3.8`.
    - **npmjs_dist_tag** → The npm distribution tag to publish under. Defaults to `latest`.
      - Examples:
        - `latest` → Standard production release
@@ -36,13 +37,12 @@ You can manually trigger the release workflow from the [GitHub Actions UI](https
 | Field            | Example               |
 |------------------|-----------------------|
 | package_name     | xrpl                  |
-| release_branch   | release/xrpl@4.3.8    |
 | npmjs_dist_tag   | latest                |
 
 
 ### **Reviewing the release details and scan result**
 
-1. The pipeline will pause at the "Review test and security scan result" step, at least 2 approvers are required to review and approve the release.
+1. The pipeline will pause at the "Print Test/Security scan result and invite Dev team to review" step and also before the final release step, relevant team should review the release details and scan result.
 
 
 ---