From 2de4a1d5c3b104c1459c967a16f446e839b0ba22 Mon Sep 17 00:00:00 2001
From: Andrea Bueide <abueide@twilio.com>
Date: Tue, 14 Apr 2026 13:33:49 -0500
Subject: [PATCH] fix: split release workflow into beta and production
 environments

Separate release jobs by type to use different GitHub environments:
- Beta releases: Use "Publish-Beta" (no approval required for org members)
- Production releases: Use "Publish" (requires reviewer approval)
- Dry-run: No environment (no publishing)

This allows Segment org team members to self-publish beta releases
for testing while maintaining secondary approval for production releases.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
---
 .github/workflows/release.yml | 50 ++++++++++++++++++++++++++++++-----
 1 file changed, 43 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index bd4dc3601..4dc77483f 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -37,11 +37,11 @@ jobs:
       - name: Test
         run: devbox run test
 
-  release:
-    name: Release (${{ inputs.type }})
+  release-dryrun:
+    name: Release (dry-run)
+    if: inputs.type == 'dry-run'
     needs: [ci]
     runs-on: ubuntu-latest
-    environment: Publish
     permissions:
       contents: write
       issues: write
@@ -57,25 +57,61 @@ jobs:
         uses: jetify-com/devbox-install-action@v0.14.0
 
       - name: Release (dry-run)
-        if: inputs.type == 'dry-run'
         run: devbox run release-dry-run
         env:
           GH_TOKEN: ${{ github.token }}
 
+  release-beta:
+    name: Release (beta)
+    if: inputs.type == 'beta'
+    needs: [ci]
+    runs-on: ubuntu-latest
+    environment: Publish-Beta
+    permissions:
+      contents: write
+      issues: write
+      pull-requests: write
+      id-token: write
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          token: ${{ github.token }}
+
+      - name: Install devbox
+        uses: jetify-com/devbox-install-action@v0.14.0
+
       - name: Release (beta)
-        if: inputs.type == 'beta'
         run: |
           BRANCH_NAME=$(git rev-parse --abbrev-ref HEAD)
           devbox run -e GITHUB_REF=refs/heads/$BRANCH_NAME release
         env:
           GH_TOKEN: ${{ github.token }}
 
+  release-production:
+    name: Release (production)
+    if: inputs.type == 'production'
+    needs: [ci]
+    runs-on: ubuntu-latest
+    environment: Publish
+    permissions:
+      contents: write
+      issues: write
+      pull-requests: write
+      id-token: write
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          token: ${{ github.token }}
+
+      - name: Install devbox
+        uses: jetify-com/devbox-install-action@v0.14.0
+
       - name: Release (production)
-        if: inputs.type == 'production'
         run: devbox run release
         env:
           GH_TOKEN: ${{ github.token }}
 
       - name: Update Apps
-        if: inputs.type == 'production'
         run: devbox run update-apps