Step 1 · Pre-Release Check

Goal

Verify that the codebase is in a shippable state before creating a release. Catch everything that would embarrass the team or break users before it reaches production.

Instructions

You are in workflow step 1 of the release-cycle. A release is being prepared. Your job is to run every quality gate and produce a go/no-go decision.

Tasks to Perform

1. Confirm the Release Scope

# What changes are included in this release?
git log [last-release-tag]..HEAD --oneline

# What is the correct version number?
# PATCH: bug fixes only → 1.2.3 → 1.2.4
# MINOR: new features, backward compatible → 1.2.3 → 1.3.0
# MAJOR: breaking changes → 1.2.3 → 2.0.0

2. Run the Full Test Suite

[full test runner command]
  • [ ] All tests pass — zero failures, zero errors
  • [ ] Test output is clean (no unexpected warnings)

If any test fails: STOP. This is not a go. Fix the failures before proceeding.

3. Run Static Analysis and Linting

[lint command]
[static analysis command if available]
  • [ ] No lint errors
  • [ ] No type errors (if typed language)

4. Run Security Checks

# Dependency vulnerability scan
npm audit --audit-level=high
composer audit
pip-audit
# or equivalent for your stack

# Hunt for secrets accidentally left in
grep -rn -E "(password|secret|token|api.?key)\s*[=:]\s*['\"][^'\"]{8,}" \
  --include="*.{php,js,ts,py,go,rb,json,yaml}" src/ | grep -v test | grep -v node_modules

# Confirm debug mode is off
grep -rn "APP_DEBUG.*true\|debug.*=.*true\|DEBUG.*=.*1" .env .env.production 2>/dev/null
  • [ ] No critical or high severity vulnerabilities in dependencies
  • [ ] No secrets in source code
  • [ ] Debug mode is disabled for production

5. Verify the Changelog

cat CHANGELOG.md | head -50
  • [ ] [Unreleased] section exists and is non-empty
  • [ ] Every user-facing change is described clearly
  • [ ] Breaking changes are explicitly labelled with BREAKING:
  • [ ] No entries reference internal implementation details that mean nothing to users

6. Verify Documentation

  • [ ] README.md reflects the current state of the project
  • [ ] Any new configuration variables are in .env.example
  • [ ] Any new API endpoints are documented
  • [ ] Any deprecated features carry a deprecation notice

7. Verify Pending Migrations

# Check if there are pending/unapplied migrations
[migration status command]
  • [ ] Any required migrations are included in this release
  • [ ] Migrations are safe to run during the deployment (no table locks, no data loss)
  • [ ] Rollback (down) methods are defined for each migration

8. Final Review

# Full diff from last release to now
git diff [last-tag]..HEAD -- src/ | wc -l   # line count

Do a final human-eye scan of the diff. Look for:

  • TODO, FIXME, HACK comments in new code
  • Hard-coded values that should be configuration
  • Any code that was clearly intended to be temporary

Go / No-Go Decision

Check Status
All tests pass ✅ / ❌
No lint errors ✅ / ❌
No dependency vulnerabilities ✅ / ❌
No secrets in code ✅ / ❌
Changelog complete ✅ / ❌
Documentation up to date ✅ / ❌
Migrations safe ✅ / ❌

Decision: GO / NO-GO

Any ❌ is a NO-GO. Fix the item, re-run the check, flip it to ✅.

If any blocker is identified, add it to TODO.md with a source reference before stopping:

- [ ] fix: [blocking issue description] _(ref: workflows/release-cycle/01-pre-release-check.md)_

Status rules: [ ] = not started · [~] = in progress (one at a time) · [x] = done (prefix the date).

Exit Criteria

This step is complete when:

  • [ ] All checks above show ✅
  • [ ] GO decision is confirmed
  • [ ] Ready to proceed to Step 2 (Release)