Trigger from release branch

[shichengripple001]

High Level Overview of Change

Trigger deployment from release branch to fix the wrong provenance issue. Fixes #3099

Context of Change

Type of Change

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• Refactor (non-breaking change that only restructures code)
• Tests (You added tests for code that already exists, or your new feature included in this PR)
• Documentation Updates
• Release

Did you update HISTORY.md?

• Yes
• No, this change does not impact library users

Test Plan

[coderabbitai]

Walkthrough

Removed the required release_branch workflow_dispatch input from .github/workflows/release.yml; replaced usages with GitHub context (github.ref / github.ref_name), derived a local RELEASE_BRANCH for validations and propagation, and updated release guidance in RELEASE.md.

Changes

Cohort / File(s)	Summary
Release workflow ref/context migration .github/workflows/release.yml	Removed workflow_dispatch input release_branch; replaced direct input references with github.ref / github.ref_name and a locally derived RELEASE_BRANCH; updated checks to validate branch name prefix (release- / release/); propagated RELEASE_BRANCH and adjusted steps (checkout/git_ref, PR creation, vulnerability reporting, Dev/Sec review notifications, artifacts).
Release guidance update RELEASE.md	Updated pre-release steps to require/validate qualified branch names (examples: release- / release/), added UI guidance/dropdown examples for selecting release branch and npm dist tags, renumbered steps and clarified review messaging.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• Release with trusted publisher #3085 — Modifies the repository's release workflow and overlaps with changes to release branch input/validation.
• Release pipeline #3039 — Alters release workflow handling of git refs/checkout and is related to introducing/removing RELEASE_BRANCH usage.

Suggested reviewers

• achowdhry-ripple
• pdp2121
• mvadari
• Patel-Raj11

Poem

I nibble on branches, follow github.ref’s song,
Inputs trimmed away — the context leads along.
RELEASE_BRANCH snug, validations in view,
Hop, tag, and publish — CI carrots anew. 🐇✨

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description Check	⚠️ Warning	The description includes the required template headings but leaves the Context of Change, Type of Change, Did you update HISTORY.md, and Test Plan sections empty, providing no details or checkbox selections and failing to explain the rationale or testing for the change. As a result, the description is largely incomplete and does not meet the repository’s template requirements.	Please populate the Context of Change with background and reasons for switching the trigger, select the appropriate checkbox under Type of Change and indicate if HISTORY.md was updated, and add a Test Plan detailing how the change was verified; adding these details will align the PR description with the template and give reviewers the necessary context.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title Check	✅ Passed	The title “Trigger from release branch” succinctly captures the primary change of switching the workflow trigger to use the release branch rather than a user input, and it directly relates to the deployment behavior described in the PR. It is concise, specific, and avoids unnecessary detail or noise. A teammate reviewing history can understand that the key update involves triggering from the release branch.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

📜 Recent review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between eb341d6 and 57e60be.

📒 Files selected for processing (1)

• .github/workflows/release.yml (7 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (8)

• GitHub Check: integration (20.x)
• GitHub Check: browser (22.x)
• GitHub Check: integration (22.x)
• GitHub Check: build-and-lint (22.x)
• GitHub Check: unit (22.x)
• GitHub Check: unit (20.x)
• GitHub Check: semgrep-cloud-platform/scan
• GitHub Check: semgrep-cloud-platform/scan

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 0e84248 and 9f056ff.

📒 Files selected for processing (1)

• RELEASE.md (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (8)

• GitHub Check: browser (22.x)
• GitHub Check: integration (22.x)
• GitHub Check: unit (22.x)
• GitHub Check: integration (20.x)
• GitHub Check: unit (20.x)
• GitHub Check: build-and-lint (22.x)
• GitHub Check: semgrep-cloud-platform/scan
• GitHub Check: semgrep-cloud-platform/scan

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 9f056ff and 69e1179.

📒 Files selected for processing (1)

• RELEASE.md (2 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (8)

• GitHub Check: integration (20.x)
• GitHub Check: unit (22.x)
• GitHub Check: integration (22.x)
• GitHub Check: build-and-lint (22.x)
• GitHub Check: unit (20.x)
• GitHub Check: browser (22.x)
• GitHub Check: semgrep-cloud-platform/scan
• GitHub Check: semgrep-cloud-platform/scan

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 69e1179 and 75a7d2f.

📒 Files selected for processing (1)

• RELEASE.md (2 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (8)

• GitHub Check: unit (22.x)
• GitHub Check: build-and-lint (22.x)
• GitHub Check: unit (20.x)
• GitHub Check: browser (22.x)
• GitHub Check: integration (22.x)
• GitHub Check: integration (20.x)
• GitHub Check: semgrep-cloud-platform/scan
• GitHub Check: semgrep-cloud-platform/scan

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

RELEASE.md (1)

45-45: Clarify the review-step wording.

Please split the run-on sentence so it clearly states when the pipeline pauses and who needs to act during each pause.

-1. The pipeline will pause at the "Print Test/Security scan result and invite Dev team to review" step and also before the final release step, relevant team should review the release details and scan result.
+1. The pipeline pauses at the "Print Test/Security scan result and invite Dev team to review" step and again before the final release step. During each pause, the relevant team should review the release details and scan results.

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 75a7d2f and eb341d6.

📒 Files selected for processing (1)

• RELEASE.md (2 hunks)

[Patel-Raj11]

LGTM!

[ckeshava]

Hello,

1. Is the updated version name copied into the main branch as well? All the new features are developed and merged into the main branch of the xrpl.js repository. The version info needs to be updated on both main and release/<> branches.

2. Suppose there is a critical bug in one of the releases. Can I look at the procedure for handling that scenario? Is it documented in any README file? "

Do we need to patch the hotfix to both the release branch and the main branch ? (or) Should we delete the current release branch and cut a rectified-released branch?

[shichengripple001]

#1. A pr is automatically generated for non beta release. for example #3093
#2. I think a new branch should be used, since it is gonna to be a new version. @Patel-Raj11 what do you think?

[Patel-Raj11]

I think a new branch should be used, since it is gonna to be a new version. @Patel-Raj11 what do you think?

Yes

[ckeshava]

env.RELEASE_BRANCH value is not used in this step. What is the need to define this env variable?

[shichengripple001]

thanks for identifying this, i have removed it.

[ckeshava]

Similar to the previous point, I don't see any usages of env.RELEASE_BRANCH in the pre_release job. Why did you define this variable?

[shichengripple001]

thanks for identifying this, i have removed it.

[ckeshava]

I was able to trigger a release workflow from a tag-name here: https://github.com/XRPLF/xrpl.js/actions/runs/18320084793

In this case, the github.ref/$RELEASE_BRANCH value points to the tag name, rather than the branch name. The workflow eventually failed in the final step.

For the purposes of debugging, it could be more useful to differentiate between the two cases.

[shichengripple001]

added check at valid input step to make the branch name has to start with release- or release/ regardless of casing. the environment protection rule only allow review and release step to run when the branch name qualifies.