paritytech · paritytech-release-backport-bot · Apr 7, 2026
@@ -0,0 +1,129 @@
+name: Release - Combined Builds Flow
+
+on:
+  workflow_dispatch:
+    inputs:
+      chain:
+        description: The chain to use for runtime builds
+        default: all
+        required: true
+        type: choice
+        options:
+          - all
+          - westend
+          - asset-hub-westend
+          - bridge-hub-westend
+          - collectives-westend
+          - coretime-westend
+          - glutton-westend
+          - people-westend
+      runtime_dir:
+        description: The runtime dir to be used (⚠️ this parameter is optional and needed only in case of the single runtime build, set it accordingly to the runtime you want to build)
+        default: polkadot/runtime/westend
+        type: choice
+        options:
+          - polkadot/runtime/westend
+          - cumulus/parachains/runtimes/assets/asset-hub-westend
+          - cumulus/parachains/runtimes/bridge-hubs/bridge-hub-westend
+          - cumulus/parachains/runtimes/collectives/collectives-westend
+          - cumulus/parachains/runtimes/coretime/coretime-westend
+          - cumulus/parachains/runtimes/people/people-westend
+          - cumulus/parachains/runtimes/glutton/glutton-westend
+      binary:
+        description: Binary to be built for the release candidate
+        default: all
+        type: choice
+        options:
+          - polkadot
+          - polkadot-parachain
+          - polkadot-omni-node
+          - frame-omni-bencher
+          - chain-spec-builder
+          - substrate-node
+          - eth-rpc
+          - subkey
+          - all
+      release_tag:
+        description: Tag matching the actual release candidate with the format polkadot-stableYYMM(-X)-rcY or polkadot-stableYYMM(-X)
+        type: string
+        required: true
+      no_runtimes:
+        description: If true, no runtime build will be triggered and release draft will be published without runtimes (⚠️ use it for the patch releases of the latest stable)
+        required: true
+        type: boolean
+        default: false
+
+jobs:
+  check-synchronization:
+    uses: paritytech-release/sync-workflows/.github/workflows/check-synchronization.yml@main
+    secrets:
+      fork_writer_app_key: ${{ secrets.UPSTREAM_CONTENT_SYNC_APP_KEY }}
+
+  validate-inputs:
+    needs: [check-synchronization]
+    if: ${{ needs.check-synchronization.outputs.checks_passed == 'true' }}
+    runs-on: ubuntu-latest
+    outputs:
+      release_tag: ${{ steps.validate_inputs.outputs.release_tag }}
+    steps:
+      - name: Checkout sources
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+
+      - name: Validate inputs
+        id: validate_inputs
+        env:
+          INPUT_RELEASE_TAG: ${{ inputs.release_tag }}
+        run: |
+          . ./.github/scripts/common/lib.sh
+
+          RELEASE_TAG=$(validate_stable_tag "$INPUT_RELEASE_TAG")
+          echo "release_tag=${RELEASE_TAG}" >> $GITHUB_OUTPUT
+
+  build-runtimes-flow:
+    if: ${{ inputs.no_runtimes == false }}
+    needs: [validate-inputs]
+    uses: "./.github/workflows/release-21_build-runtimes.yml"
+    with:
+      chain: ${{ inputs.chain }}
+      runtime_dir: ${{ inputs.runtime_dir }}
+      release_tag: ${{ needs.validate-inputs.outputs.release_tag }}
+    secrets: inherit
+    permissions:
+      id-token: write
+      attestations: write
+      contents: read
+
+  build-rc-flow:
+    needs: [validate-inputs]
+    uses: "./.github/workflows/release-20_build-rc.yml"
+    with:
+      binary: ${{ inputs.binary }}
+      release_tag: ${{ needs.validate-inputs.outputs.release_tag }}
+    secrets: inherit
+    permissions:
+      id-token: write
+      attestations: write
+      contents: read
+
+  trigger-release-draft-with-runtimes:
+    if: ${{ inputs.no_runtimes == false }}
+    needs: [build-runtimes-flow, build-rc-flow, validate-inputs]
+    uses: "./.github/workflows/release-30_publish_release_draft.yml"
+    with:
+      release_tag: ${{ needs.validate-inputs.outputs.release_tag }}
+      build_run_id: ${{ github.run_id }}
+      runtimes: '${{ needs.build-runtimes-flow.outputs.published_runtimes }}'
+      no_runtimes: ${{ inputs.no_runtimes }}
+      crates_only: false
+    secrets: inherit
+
+  trigger-release-draft-without-runtimes:
+    if: ${{ inputs.no_runtimes == true }}
+    needs: [build-rc-flow, validate-inputs]
+    uses: "./.github/workflows/release-30_publish_release_draft.yml"
+    with:
+      release_tag: ${{ needs.validate-inputs.outputs.release_tag }}
+      build_run_id: ${{ github.run_id }}
+      no_runtimes: ${{ inputs.no_runtimes }}
+      crates_only: false
+    secrets: inherit
@@ -0,0 +1,161 @@
+name: Release - Combined Publish Release
+
+# This workflow orchestrates the final release steps by calling workflows in sequence:
+# 1. Promote RC to final on S3
+# 2. Publish Debian and RPM packages (in parallel)
+# 3. Publish Docker images
+
+on:
+  workflow_dispatch:
+    inputs:
+      release_tag:
+        description: Release RC tag in the format polkadot-stableYYMM(-X)-rcX
+        type: string
+        required: true
+
+      binary:
+        description: Binary to be released
+        default: all
+        type: choice
+        required: true
+        options:
+          - all
+          - polkadot
+          - polkadot-parachain
+          - polkadot-omni-node
+          - frame-omni-bencher
+          - chain-spec-builder
+
+      registry:
+        description: Container registry for Docker images
+        required: true
+        type: string
+        default: docker.io
+
+      owner:
+        description: Owner of the container image repo
+        required: true
+        type: string
+        default: parity
+
+      version:
+        description: Version for Docker tags in format v1.16.0
+        required: true
+        type: string
+
+      distribution:
+        description: Distribution where to publish rpm package (release, staging)
+        default: release
+        required: true
+        type: string
+
+jobs:
+
+  check-synchronization:
+    uses: paritytech-release/sync-workflows/.github/workflows/check-synchronization.yml@main
+    secrets:
+      fork_writer_app_key: ${{ secrets.UPSTREAM_CONTENT_SYNC_APP_KEY }}
+
+  # ==============================================
+  # PHASE 1: Promote RC to Final on S3
+  # ==============================================
+  promote-rc-to-final:
+    name: Promote RC to final on S3
+    needs: [check-synchronization]
+    if: ${{ needs.check-synchronization.outputs.checks_passed == 'true' }}
+    uses: ./.github/workflows/release-31_promote-rc-to-final.yml
+    with:
+      binary: ${{ inputs.binary }}
+      release_tag: ${{ inputs.release_tag }}
+    secrets: inherit
+
+  # ==============================================
+  # PHASE 2: Publish Packages (Debian and RPM)
+  # ==============================================
+  publish-deb-package:
+    name: Publish Debian package
+    needs: [promote-rc-to-final]
+    uses: ./.github/workflows/release-40_publish-deb-package.yml
+    with:
+      tag: ${{ needs.promote-rc-to-final.outputs.final_tag }}
+      distribution: release
+    secrets: inherit
+
+  publish-rpm-package:
+    name: Publish RPM package
+    needs: [promote-rc-to-final]
+    uses: ./.github/workflows/release-41_publish-rpm-package.yml
+    with:
+      tag: ${{ needs.promote-rc-to-final.outputs.final_tag }}
+      distribution: ${{ inputs.distribution }}
+    secrets: inherit
+
+  # ==============================================
+  # PHASE 3: Publish Docker Images
+  # ==============================================
+  publish-docker-polkadot:
+    name: Publish Docker image - polkadot
+    needs: [promote-rc-to-final, publish-deb-package]
+    if: ${{ inputs.binary == 'polkadot' || inputs.binary == 'all' }}
+    uses: ./.github/workflows/release-50_publish-docker.yml
+    with:
+      image_type: release
+      binary: polkadot
+      registry: ${{ inputs.registry }}
+      owner: ${{ inputs.owner }}
+      version: ${{ inputs.version }}
+      stable_tag: ${{ needs.promote-rc-to-final.outputs.final_tag }}
+    secrets: inherit
+    permissions:
+      contents: write
+
+  publish-docker-polkadot-parachain:
+    name: Publish Docker image - polkadot-parachain
+    # needs: [publish-deb-package, publish-rpm-package]
+    needs: [promote-rc-to-final]
+    if: ${{ inputs.binary == 'polkadot-parachain' || inputs.binary == 'all' }}
+    uses: ./.github/workflows/release-50_publish-docker.yml
+    with:
+      image_type: release
+      binary: polkadot-parachain
+      registry: ${{ inputs.registry }}
+      owner: ${{ inputs.owner }}
+      version: ${{ inputs.version }}
+      stable_tag: ${{ needs.promote-rc-to-final.outputs.final_tag }}
+    secrets: inherit
+    permissions:
+      contents: write
+
+  publish-docker-polkadot-omni-node:
+    name: Publish Docker image - polkadot-omni-node
+    # needs: [publish-deb-package, publish-rpm-package]
+    needs: [promote-rc-to-final]
+    if: ${{ inputs.binary == 'polkadot-omni-node' || inputs.binary == 'all' }}
+    uses: ./.github/workflows/release-50_publish-docker.yml
+    with:
+      image_type: release
+      binary: polkadot-omni-node
+      registry: ${{ inputs.registry }}
+      owner: ${{ inputs.owner }}
+      version: ${{ inputs.version }}
+      stable_tag: ${{ needs.promote-rc-to-final.outputs.final_tag }}
+    secrets: inherit
+    permissions:
+      contents: write
+
+  publish-docker-chain-spec-builder:
+    name: Publish Docker image - chain-spec-builder
+    # needs: [publish-deb-package, publish-rpm-package]
+    needs: [promote-rc-to-final]
+    if: ${{ inputs.binary == 'chain-spec-builder' || inputs.binary == 'all' }}
+    uses: ./.github/workflows/release-50_publish-docker.yml
+    with:
+      image_type: release
+      binary: chain-spec-builder
+      registry: ${{ inputs.registry }}
+      owner: ${{ inputs.owner }}
+      version: ${{ inputs.version }}
+      stable_tag: ${{ needs.promote-rc-to-final.outputs.final_tag }}
+    secrets: inherit
+    permissions:
+      contents: write