Adin Hodovic
Home Uses Projects Blog RSS Contact
Resume

Promoting Environments in GitOps Using GitHub Releases and SemVer

Published on June 13, 2025, 10:00 UTC 6 minutes New!

In modern DevOps workflows, GitOps has emerged as a powerful model for managing infrastructure and application deployments using Git as the single source of truth. One common challenge in GitOps is how to promote changes across environments - from staging to production - while maintaining traceability, automation, and control. In this post, we’ll explore how to implement environment promotions using GitHub Releases and Semantic Versioning (SemVer) to streamline delivery and improve reliability.

This approach is tailored for small and mid-sized teams that want to implement reliable, controlled GitOps promotions without the overhead of enterprise-scale CI/CD systems.

In large organizations, promotions between environments are often deeply integrated into complex pipelines, backed by dedicated infrastructure teams and custom tooling. But for smaller teams, that level of complexity can become a burden - slowing things down and increasing cognitive load.

Instead, by using GitHub Releases and Semantic Versioning, teams can:

  • Promote changes to production in a clear, auditable, and low-friction way,
  • Keep promotion logic declarative and Git-based,
  • Avoid over-engineering while maintaining good operational hygiene.

If your team manages infrastructure via Git and wants a clean, scalable way to promote versions to production, this lightweight pattern can help you move fast without breaking things—and without building custom tooling from scratch.

Enforcing Conventional Commits

To make Semantic Versioning meaningful in your GitOps workflow, you need consistent commit messages. That’s where Conventional Commits come in.

Conventional Commits define a simple, human- and machine-readable convention for commit messages. By enforcing them, you can automate version bumps and changelogs based on the intent behind each change—feature, fix, or breaking change.

You can enforce Conventional Commits using tools like:

  • Commitlint: Lints commit messages during development.
  • Husky: Runs Commitlint as a pre-commit or pre-push Git hook.
  • CI Checks: Set up GitHub Actions to block merges that don’t follow the standard.

You might be thinking: “Our product doesn’t have a public API or versioned library - do we really need to follow Semantic Commits?”

Fair question. In many internal tools, infrastructure repos, or platform codebases, the idea of breaking changes or backward compatibility might feel irrelevant. And that’s fine - you don’t need perfect semantic accuracy to benefit from a structured commit format.

Here’s why structure still matters:

  • Team alignment: Even simple rules like feat/ fix/ chore/ docs create consistency across contributors.
  • Better automation: Release tools can still auto-bump versions based on commit type - even if you’re just tracking internal deployments.
  • Audit clarity: When something breaks in production, clear commit intent helps you debug and trace changes faster.

Using GitHub Actions to Enforce Conventional Commits

Here are several effective GitHub Actions to enforce Conventional Commits - on PR titles and commit messages—with configuration examples:

Validates every commit message in a PR against the Conventional Commits spec.

on:
  pull_request:
    branches: [main]

jobs:
  lint:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - uses: webiny/[email protected]

Validates the PR title against the Conventional Commits spec.

on:
  pull_request_target:
    types: [opened,edited,synchronize]

jobs:
  lint_pr_title:
    runs-on: ubuntu-latest
    permissions:
      pull-requests: read
    steps:
      - uses: amannn/[email protected]
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

Automatically Drafting Releases with Release Drafter

Once your team is using Conventional Commits, the next step is automating release notes. That’s where Release Drafter comes in.

Release Drafter automatically creates a draft GitHub Release every time new commits are merged into a branch (usually main), grouping them by type (feat, fix, chore, etc.) based on commit messages or PR labels.

Configuring the Release Drafter Template

Create a .github/release-drafter.yml config file in your repo:

---
name-template: '$RESOLVED_VERSION'
tag-template: '$RESOLVED_VERSION'
categories:
  - title: 'Features'
    labels:
      - 'feat'
  - title: 'Bug Fixes'
    labels:
      - 'fix'
      - 'revert'
  - title: 'Maintenance'
    labels:
      - 'build'
      - 'chore'
      - 'ci'
      - 'docs'
      - 'style'
      - 'refactor'
      - 'perf'
      - 'test'
change-template: '- $TITLE @$AUTHOR (#$NUMBER)'
change-title-escapes: '\<*_&' # You can add # and @ to disable mentions, and add ` to disable code blocks.
version-resolver:
  major:
    labels:
      - 'major'
  minor:
    labels:
      - 'feat'
  patch:
    labels:
      - 'fix'
      - 'build'
      - 'chore'
      - 'ci'
      - 'docs'
      - 'style'
      - 'refactor'
      - 'perf'
      - 'test'
      - 'revert'
  default: patch
template: |
  ## Changes

  $CHANGES

autolabeler:
  - label: 'major'
    body:
      - '/BREAKING CHANGE.*/'
  - label: 'feat'
    title:
      - '/^feat.*: .*/'
  - label: 'fix'
    title:
      - '/^fix.*: .*/'
  - label: 'chore'
    title:
      - '/^chore.*:.*/'
  - label: 'ci'
    title:
      - '/^ci.*:.*/'
  - label: 'build'
    title:
      - '/^build.*:.*/'
  - label: 'style'
    title:
      - '/^style.*:.*/'
  - label: 'refactor'
    title:
      - '/^refactor.*:.*/'
  - label: 'perf'
    title:
      - '/^perf.*:.*/'
  - label: 'test'
    title:
      - '/^test.*:.*/'
  - label: 'docs'
    title:
      - '/^docs.*:.*/'
  - label: 'revert'
    title:
      - '/^revert.*:.*/'

By default, Release Drafter groups changes based on PR labels, not the raw commit messages. To make this work seamlessly with Conventional Commits:

Use a GitHub Action to apply labels automatically based on commit types in the PR title (e.g. feat, fix, chore).

Labeling PRs with Automatically

The following GitHub Action automatically labels PRs based on Conventional Commit prefixes:

# yamllint disable rule:line-length rule:truthy
---
name: Release Drafter

on:
  push:
    branches:
      - main
  pull_request:
    branches:
      - main
    types:
      - opened
      - reopened
      - synchronize
      - edited
  pull_request_target:
    types: [opened, reopened, synchronize]

permissions:
  contents: write # for release-drafter/release-drafter to create a github release
  pull-requests: write # for release-drafter/release-drafter to add label to PR

jobs:
  update_pr_labels:
    name: Update PR Labels
    if: github.event_name == 'pull_request' || github.event_name == 'pull_request_target'
    runs-on: ubuntu-latest
    steps:
      - uses: release-drafter/release-drafter@v5
        with:
          disable-autolabeler: false
          disable-releaser: true
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

The above action will automatically label PRs based on the Conventional Commit prefixes in the title. For example, a PR with the title feat: add new feature will be labeled as feat, and a PR with the title fix: fix bug will be labeled as fix.

Drafting Releases on every Push to Main

Once that you have the auto labeling set up, you can configure Release Drafter to create a draft release every time a commit is pushed to the main branch. This will allow you to review and publish releases easily.

Extend the previous GitHub Action to include the Release Drafter step:

  update_release_draft:
    name: Update Release Draft
    if: github.event_name == 'push'
    runs-on: ubuntu-latest
    env:
      PUBLISH_DRAFT: false
    steps:
      - name: Check if a version is cut
        if: "contains(github.event.head_commit.message, 'chore(prerelease): Cut Version')"
        run: |
          echo "PUBLISH_DRAFT=true" >> $GITHUB_ENV

      # Drafts your next Release notes
      - uses: release-drafter/release-drafter@v5
        with:
          disable-autolabeler: true
          disable-releaser: false
          publish: ${{ env.PUBLISH_DRAFT }}
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

Full Workflow

With Conventional Commits, PR labeling, and Release Drafter in place, you can now structure a clean, reliable deployment pipeline that supports both continuous integration to staging/dev and manual, auditable promotions to production.

Here’s how the full workflow looks:

Every time a pull request is merged into main:

  • The changes are automatically deployed to a staging or dev environment.
  • The Release Drafter GitHub Action runs, updating the draft release with any new PRs based on their labels (e.g., feat, fix, chore).
  • The draft release grows, automatically reflecting the current state of main.
  • The changelog remains clear, categorized, and ready to go - no manual work required.

When you’re confident that the current state of staging/dev is stable and ready:

  • A team member manually publishes the GitHub Release from the draft.
  • This triggers a GitHub Actions workflow (or another automation mechanism) that:
    • Tags the release (e.g. 1.4.2),
    • Updates any GitOps repositories or manifests (e.g., Helm charts or Kustomize files),
    • Triggers a release where the tagged version to production.

✅ This step acts as an explicit promotion gate, making production deploys deliberate, auditable, and rollback-friendly.

PR Merged → main
    ↓
Deploy to Staging/Dev
    ↓
Update Draft Release (Release Drafter)
    ↓
🧑‍💻 Team Reviews / Tests
    ↓
✅ Publish GitHub Release
    ↓
🚀 Promote to Production (via GitOps)

This model gives small and mid-sized teams a practical middle ground between full CI/CD automation and manual deployment chaos. It’s structured, visible, and still flexible enough to handle real-world change management.

The Benefits of Versioned Release

Using GitHub Releases and Semantic Versioning isn’t just about process - it brings real operational benefits that help teams stay sane as systems grow.

Here’s what you gain:

  • Clear traceability: Every deployment is tied to a version like 1.4.2, which links back to specific code changes, PRs, and commits.
  • Predictable rollbacks: Rolling back is as simple as re-deploying an older release tag - no guesswork.
  • Readable logs and metrics: Every pod, container, or service instance can include the version in its logs or environment (e.g., APP_VERSION=1.4.2), making it easy to debug and correlate issues.
  • Better incident response: When something breaks in production, you can ask “What version is running?” and actually have a clear answer.
  • Improved changelogs: Release notes are auto-generated and well-structured, which helps engineering, QA, and even non-technical stakeholders understand what changed.

In short: you always know what’s running, when, and why.

One of the biggest advantages of using Semantic Versioning and GitHub Releases is that external tools can hook into your release lifecycle - giving you better traceability and observability beyond your own system.

An example of using Sentry.

# .github/workflows/sentry-release.yml
name: Notify Sentry of Release

on:
  release:
    types: [published]

jobs:
  sentry:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
        uses: actions/checkout@v3

      - name: Create Sentry release
        uses: getsentry/action-release@v1
        with:
          environment: production
        env:
          SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
          SENTRY_ORG: your-org
          SENTRY_PROJECT: your-project
          SENTRY_RELEASE: ${{ github.event.release.tag_name }}

This versioned, GitOps-friendly release model gives your team clarity, confidence, and control - without building a custom platform from scratch.

ci/cd devops github-actions gitops kubernetes monitoring semver

Related Posts

September 27, 2019 4 minutes

Creating templates for Gitlab CI Jobs

Writing Gitlab CI templates becomes repetitive when you have similar applications running the same jobs. If a change to a job is needed it will be most likely needed to do the same change in every repository. On top of this there is a vast amount of excess YAML code which is a headache to maintain. Gitlab CI has many built-in templating features that helps bypass these issues and in addition helps automating the process of setting up CI for various applications.

automation ci/cd devops gitlab-ci kaniko
January 27, 2021 10 minutes

GitOps with ArgoCD and Tanka

GitOps is becoming the standard of doing continuous delivery. Define your state in Git, automatically update and change the state when pull requests are merged. Within the Kubernetes ecosystem two tools have become very popular for doing this FluxCD and ArgoCD. Different in their own way, but both have the same goal - managing your continuous delivery life cycle.

argo-cd ci/cd devops jsonnet tanka
December 17, 2020 5 minutes

Correlating Continuous Deployments with Application Metrics using Grafana's Github Plugin

GitOps is becoming the standard of doing continuous deployments. Define your application state in Git, automatically update and change the state when pull requests are merged. This means that deployments happens continuously, usually multiple times a day. There’s a good CI and CD pipeline that ensures that the changes are ready to be shipped. However, if the system would malfunction you might want to annotate your dashboards using Github commits. This makes it easy to track which changes were made, when they were made and what impact they had. Grafana 7.0 introduces a simple Github integration that creates annotations for your charts. Let’s take a look how we can use these annotations combined with RAM/CPU and request success rates dashboards to monitor your CD for an application.

ci/cd github grafana monitoring
Adin Hodovic | honeylogic-logo-and-text.png
Shynet