Summary
Release Please currently appends full SBOM diff content into the GitHub release body, which can exceed GitHub's 125000 character release body limit and fail release creation or updates.
Proposed fix
- Keep Release Please-generated notes intact.
- Replace the appended verification section with an idempotent bounded marker block.
- Preserve the full SBOM diff as workflow/release evidence instead of inlining it in release notes.
- Add a preflight release body size guard before updating release notes.
Validation
- npm run yaml
- npm run lint
Summary
Release Please currently appends full SBOM diff content into the GitHub release body, which can exceed GitHub's 125000 character release body limit and fail release creation or updates.
Proposed fix
Validation