Keep release tooling separate from source refs

[dkirov-dd]

What does this PR do?

Splits the release dispatch prepare job into two checkouts:

• tooling/ checks out current integrations-core workflow tooling under .github/.
• source/ checks out the requested source-repo-ref, which is where ddev release tag and validation run.

This keeps release pipeline tooling current while still tagging and validating the requested source ref.

This also adds a manual source-repo-branch input to release-trigger.yml, passes it to release-dispatch.yml, and verifies that the checked-out source ref is contained in that branch before tagging. The branch also drives stable (master/X.Y.x) versus pre-release (alpha/*, beta/*, rc/*) validation.

Motivation

PR #23836 made actions/checkout honor source-repo-ref, but that also made workflow-local tooling come from the older source ref. Manual releases from refs that predate .github/actions/setup-ddev then fail because the composite action is not present in the workspace.

The prepare job needs current workflow tooling but must run ddev against the requested source tree. Separate checkouts preserve both requirements.

For stable/pre-release validation, using GITHUB_REF is incorrect for manual dispatches because it describes the branch that launched the workflow, not necessarily the branch containing source-repo-ref. The new source-repo-branch input makes that context explicit and the dispatch workflow checks that the ref is actually contained in the provided branch.

Review checklist (to be filled by reviewers)

• Feature or bugfix MUST have appropriate tests (unit, integration, e2e)
• Add qa/required if this PR needs QA validation, or qa/skip-qa if it does not. Exactly one of the two is required.
• If you need to backport this PR to another branch, you can add the backport/<branch-name> label to the PR and it will automatically open a backport PR once this one is merged

[dd-octo-sts]

Validation Report

All 21 validations passed.

Show details

Validation	Description	Status
agent-reqs	Verify check versions match the Agent requirements file	✅
ci	Validate CI configuration and Codecov settings	✅
codeowners	Validate every integration has a CODEOWNERS entry	✅
config	Validate default configuration files against spec.yaml	✅
dep	Verify dependency pins are consistent and Agent-compatible	✅
http	Validate integrations use the HTTP wrapper correctly	✅
imports	Validate check imports do not use deprecated modules	✅
integration-style	Validate check code style conventions	✅
jmx-metrics	Validate JMX metrics definition files and config	✅
labeler	Validate PR labeler config matches integration directories	✅
legacy-signature	Validate no integration uses the legacy Agent check signature	✅
license-headers	Validate Python files have proper license headers	✅
licenses	Validate third-party license attribution list	✅
metadata	Validate metadata.csv metric definitions	✅
models	Validate configuration data models match spec.yaml	✅
openmetrics	Validate OpenMetrics integrations disable the metric limit	✅
package	Validate Python package metadata and naming	✅
qa-label	Validate the pull request declares whether it needs QA for the next Agent release	✅
readmes	Validate README files have required sections	✅
saved-views	Validate saved view JSON file structure and fields	✅
version	Validate version consistency between package and changelog	✅

View full run