GHA-173 Add releasability check to automated release workflow

The releasability check now runs immediately after code freeze and before
creating the REL ticket. This prevents unnecessary work if the build is
not releasable.

Changes:
- Add check-releasability job to automated-release.yml
- Add check-releasability and with-optional-releasability-checks inputs
- Update AUTOMATED_RELEASE.md with new inputs and workflow steps
- Update SETUP_AUTOMATED_RELEASE.md with prerequisites and customization
- Update CLAUDE.md with Jira project info and documentation guidelines

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Author: nils-werner-sonarsource

.github/workflows/automated-release.yml

@@ -116,6 +116,16 @@ on:
         required: false
         type: boolean
         default: true
+      check-releasability:
+        description: "Check the releasability status after freezing the branch"
+        required: false
+        type: boolean
+        default: true
+      with-optional-releasability-checks:
+        description: "When checking releasability, also verify that no optional checks have failed"
+        required: false
+        type: boolean
+        default: true
       slack-channel:
         description: "Slack channel for notifications"
         required: false
@@ -170,12 +180,45 @@ jobs:
           echo "- Locked branch pattern \`$BRANCH\` to prevent changes during the release." >> $GITHUB_STEP_SUMMARY
           echo "- Notifications sent to Slack channel: \`$SLACK_CHANNEL\`." >> $GITHUB_STEP_SUMMARY
 
+  # This job verifies that the releasability status on the branch is successful.
+  # Running this check early prevents unnecessary work (like creating REL tickets) if the release cannot proceed.
+  check-releasability:
+    name: Check Releasability
+    if: ${{ inputs.check-releasability && !cancelled() }}
+    needs: [ freeze-branch ]
+    runs-on: ${{ inputs.runner-environment }}
+    permissions:
+      statuses: read
+    steps:
+      - name: Check Releasability Status
+        uses: SonarSource/release-github-actions/check-releasability-status@v1
+        with:
+          branch: ${{ inputs.branch }}
+          with-optional-checks: ${{ inputs.with-optional-releasability-checks }}
+
+      - name: Summary
+        if: ${{ inputs.verbose }}
+        shell: bash
+        env:
+          BRANCH: ${{ inputs.branch }}
+          WITH_OPTIONAL_CHECKS: ${{ inputs.with-optional-releasability-checks == true && 'true' || 'false' }}
+        run: |
+          echo "## ✅ Releasability Check" >> $GITHUB_STEP_SUMMARY
+          echo "" >> $GITHUB_STEP_SUMMARY
+          echo "### What happened" >> $GITHUB_STEP_SUMMARY
+          echo "- Verified releasability status on branch \`$BRANCH\`." >> $GITHUB_STEP_SUMMARY
+          echo "- Optional checks included: \`$WITH_OPTIONAL_CHECKS\`." >> $GITHUB_STEP_SUMMARY
+
   # This step determines the release version, Jira version name, and gathers release notes.
   # It sets up the necessary outputs for subsequent steps.
   # These outputs include the release version, Jira version name, release notes, Jira release notes, and Jira release URL.
   prepare-release:
     name: Prepare Release
-    needs: [ freeze-branch ]
+    needs: [ freeze-branch, check-releasability ]
+    if: |
+      !cancelled() &&
+      (needs.freeze-branch.result == 'success' || needs.freeze-branch.result == 'skipped') &&
+      (needs.check-releasability.result == 'success' || needs.check-releasability.result == 'skipped')
     runs-on: ${{ inputs.runner-environment }}
     permissions:
       statuses: read
@@ -563,7 +606,7 @@ jobs:
     name: Release Results
     runs-on: ${{ inputs.runner-environment }}
     if: always()
-    needs: [ prepare-release, publish-github-release, create-release-ticket, release-in-jira, create-integration-tickets, update-analyzers ]
+    needs: [ check-releasability, prepare-release, publish-github-release, create-release-ticket, release-in-jira, create-integration-tickets, update-analyzers ]
     env:
         RELEASE_PROCESS: ${{ inputs.release-process != '' && inputs.release-process || 'https://xtranet-sonarsource.atlassian.net/wiki/spaces/CSD/pages/4325048388/Release+Instructions+-+Cloud+Security' }}
     steps:
@@ -580,7 +623,7 @@ jobs:
           SQS_PR_URL: ${{ needs.update-analyzers.outputs.sqs-pull-request-url || 'not created' }}
           SQC_PR_URL: ${{ needs.update-analyzers.outputs.sqc-pull-request-url || 'not created' }}
         run: |
-          ALL_SUCCESS=$(echo '${{ toJson(needs) }}' | jq -r 'to_entries | all(.value.result == "success")')
+          ALL_SUCCESS=$(echo '${{ toJson(needs) }}' | jq -r 'to_entries | all(.value.result == "success" or .value.result == "skipped")')
           
           if [[ "$ALL_SUCCESS" == "true" ]]; then
             echo "# 🎉 Release Successful" >> $GITHUB_STEP_SUMMARY

CLAUDE.md

@@ -6,6 +6,10 @@ This file provides guidance to Claude Code (claude.ai/code) when working with co
 
 This is a collection of reusable GitHub Actions for automating SonarSource analyzer releases. Actions handle Jira integration (tickets, versions, release notes), GitHub releases, cross-repository updates, and Slack notifications.
 
+## Jira Project
+
+Related Jira tickets for this project are tracked in the **GHA** (GitHub Automation) project. When available, use the Jira MCP to access ticket details (e.g., `GHA-123`).
+
 ## Branching
 
 **Important:** Changes must always be made on a feature branch, never directly on `master`.
@@ -14,6 +18,14 @@ This is a collection of reusable GitHub Actions for automating SonarSource analy
 - Adapt `<feature-name>` based on the task/prompt (use lowercase, hyphen-separated)
 - If already on a feature branch, do not create a new branch—continue working on the current branch
 
+## Documentation
+
+**Important:** When making any code changes, check if the related README or documentation needs to be updated. Each action has its own `README.md`, and workflow documentation is in `docs/`. Keep documentation in sync with code changes.
+
+When creating a new action:
+- Add a `README.md` to the action's directory documenting inputs, outputs, and usage
+- Update the main `README.md` at the repository root to link to the new action
+
 ## Testing
 
 **Important:** When making any code changes, always check if there are related tests that need to be updated. Always run the tests after making changes to ensure nothing is broken.

docs/AUTOMATED_RELEASE.md

@@ -7,19 +7,21 @@ This reusable GitHub Actions workflow automates the end-to-end release process a
 The workflow orchestrates these steps:
 
 1. Optionally freeze (lock) the target branch at the start of the release
-2. Determine the release version and Jira version name
-3. Optionally generate Jira release notes if not provided
-4. Create a Jira release ticket
-5. Publish a GitHub release (draft or final)
-6. Release the current Jira version and create the next version in Jira
-7. Optionally create integration tickets (SLVS, SLVSCODE, SLE, SLI, SQC, SQS)
-8. Optionally open analyzer update PRs in SQS and SQC
-9. Optionally post per-job and final workflow summaries when `verbose` is enabled
+2. Check releasability status on the branch (enabled by default)
+3. Determine the release version and Jira version name
+4. Optionally generate Jira release notes if not provided
+5. Create a Jira release ticket
+6. Publish a GitHub release (draft or final)
+7. Release the current Jira version and create the next version in Jira
+8. Optionally create integration tickets (SLVS, SLVSCODE, SLE, SLI, SQC, SQS)
+9. Optionally open analyzer update PRs in SQS and SQC
+10. Optionally post per-job and final workflow summaries when `verbose` is enabled
 
 ## Dependencies
 
 This workflow composes several actions from this repository:
 
+- `SonarSource/release-github-actions/check-releasability-status`
 - `SonarSource/release-github-actions/get-release-version`
 - `SonarSource/release-github-actions/get-jira-version`
 - `SonarSource/release-github-actions/get-jira-release-notes`
@@ -60,6 +62,8 @@ This workflow composes several actions from this repository:
 | `release-process`            | Release process documentation URL                                                                               | No       | General page |
 | `verbose`                    | When `true`, posts per-job summaries and a final run summary                                                    | No       | `false`      |
 | `freeze-branch`              | When `true`, locks the target branch during the release and unlocks it after publishing                         | No       | `true`       |
+| `check-releasability`        | When `true`, verifies the releasability status on the branch before proceeding                                  | No       | `true`       |
+| `with-optional-releasability-checks` | When checking releasability, also verify that no optional checks have failed                            | No       | `true`       |
 | `slack-channel`              | Slack channel to notify when locking/unlocking the branch                                                       | No       | -            |
 
 ## Outputs
@@ -121,6 +125,10 @@ jobs:
 
 ## Notes
 
+- When `check-releasability: true` (default), the workflow will:
+  - Check the releasability status on the specified branch immediately after freezing
+  - Fail early if the releasability check does not pass, preventing unnecessary work (like creating REL tickets)
+  - Optionally check for failed optional checks when `with-optional-releasability-checks: true`
 - When `freeze-branch: true`, the workflow will:
   - Lock the specified branch at the start of the release
   - Proceed with the release steps

docs/SETUP_AUTOMATED_RELEASE.md

@@ -8,6 +8,10 @@ For detailed workflow documentation (inputs, outputs, behavior), see [AUTOMATED_
 
 Before the workflow will work, complete these steps:
 
+### Releasability Status
+
+- [ ] **Ensure releasability checks are configured** for your repository. The workflow verifies releasability status on the branch before proceeding with the release. This prevents creating REL tickets and other artifacts if the build is not releasable.
+
 ### Jira Configuration
 
 - [ ] **Add `Jira Tech User GitHub` as Administrator** on your Jira project (required to create/release versions)
@@ -296,3 +300,15 @@ Specify a different runner:
 ```yaml
 runner-environment: "sonar-s"
 ```
+
+### Releasability Check
+
+The workflow checks releasability status by default. To disable or customize:
+```yaml
+# Disable releasability check entirely
+check-releasability: false
+
+# Check releasability but allow failed optional checks
+check-releasability: true
+with-optional-releasability-checks: false
+```