From 3570240c69578aad9602341ded8aec4caea8b0eb Mon Sep 17 00:00:00 2001
From: Haitao Pan <manbuzhe2009@qq.com>
Date: Sun, 12 Apr 2026 18:45:19 +0800
Subject: [PATCH] Fix release traceability workflow chain

---
 .github/workflows/release-traceability.yml    |  7 +++-
 .../test-release-traceability-workflow.sh     | 35 +++++++++++++++++++
 2 files changed, 41 insertions(+), 1 deletion(-)
 create mode 100644 scripts/github-actions/test-release-traceability-workflow.sh

diff --git a/.github/workflows/release-traceability.yml b/.github/workflows/release-traceability.yml
index 67218c6..054b05a 100644
--- a/.github/workflows/release-traceability.yml
+++ b/.github/workflows/release-traceability.yml
@@ -45,10 +45,15 @@ jobs:
 
   validate:
     runs-on: ubuntu-latest
-    needs: deploy
+    needs:
+      - build
+      - deploy
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
+      - name: Verify workflow dependency chain
+        run: bash ./scripts/github-actions/test-release-traceability-workflow.sh
+
       - name: Verify traceability script cases
         run: bash ./scripts/github-actions/test-validate-release-traceability.sh
 
diff --git a/scripts/github-actions/test-release-traceability-workflow.sh b/scripts/github-actions/test-release-traceability-workflow.sh
new file mode 100644
index 0000000..200c195
--- /dev/null
+++ b/scripts/github-actions/test-release-traceability-workflow.sh
@@ -0,0 +1,35 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+repo_root="$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd)"
+workflow_path="${repo_root}/.github/workflows/release-traceability.yml"
+
+python3 - "${workflow_path}" <<'PY'
+import sys
+from pathlib import Path
+
+workflow_path = Path(sys.argv[1])
+lines = workflow_path.read_text().splitlines()
+
+validate_start = None
+validate_end = len(lines)
+for index, line in enumerate(lines):
+    if line.startswith("  validate:"):
+        validate_start = index
+        continue
+    if validate_start is not None and index > validate_start and line.startswith("  ") and not line.startswith("    "):
+        validate_end = index
+        break
+
+if validate_start is None:
+    raise SystemExit("validate job not found")
+
+validate_block = lines[validate_start:validate_end]
+if not any(line.strip() == "- build" for line in validate_block):
+    raise SystemExit("validate job must depend on build")
+if not any(line.strip() == "- deploy" for line in validate_block):
+    raise SystemExit("validate job must depend on deploy")
+
+if not any("SERVICE_IMAGE_REF: ${{ needs.build.outputs.service_image_ref }}" in line for line in validate_block):
+    raise SystemExit("validate job must consume needs.build.outputs.service_image_ref")
+PY