feat: separated CI workflow and added GoReleaser configuration to add release tags automated#98
Open
atharvamhaske wants to merge 9 commits intosugar-org:mainfrom
Open
feat: separated CI workflow and added GoReleaser configuration to add release tags automated#98atharvamhaske wants to merge 9 commits intosugar-org:mainfrom
atharvamhaske wants to merge 9 commits intosugar-org:mainfrom
Conversation
- Introduced CI workflow for building, testing, and releasing the plugin. - Added GoReleaser configuration for automated builds and releases. - Created tagging workflow to manage versioning based on successful smoke tests. - Updated release workflow to streamline Docker plugin publishing to GitHub Container Registry and Docker Hub.
- Changed SPDX and CycloneDX document names to include the .json extension for clarity.
Contributor
Author
|
@sanjay7178 review this once via copilot all good from my side by this new workflow we can release our first release version as v0.1.0 or v1.0.0 |
Contributor
There was a problem hiding this comment.
Pull request overview
This PR refactors GitHub Actions pipelines to separate CI from release automation and introduces GoReleaser configuration to generate multi-arch artifacts, SBOMs, checksums, and provenance attestations, with an automated tag-on-success flow after smoke tests (Issue #18).
Changes:
- Added
.goreleaser.yamlfor multi-arch builds, checksums, SBOM generation, and structured changelog/release notes. - Added a new CI workflow (
ci.yml) and a tag automation workflow (tag-release.yml) driven by the existing “Smoke Tests” workflow. - Updated
release.ymlto run on version tags, run GoReleaser, attest checksums provenance, and publish the Docker managed plugin to GHCR/Docker Hub.
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 7 comments.
| File | Description |
|---|---|
.goreleaser.yaml |
New GoReleaser configuration for artifacts, SBOMs, checksums, and changelog grouping. |
.github/workflows/ci.yml |
New CI workflow to build/test, run a GoReleaser snapshot, and validate Docker plugin creation. |
.github/workflows/tag-release.yml |
New workflow to automatically create a semver tag after successful smoke tests. |
.github/workflows/release.yml |
Release workflow now triggers on tags, runs GoReleaser, creates provenance attestations, and publishes Docker plugins. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
.goreleaser.yaml
Outdated
Comment on lines
+61
to
+76
| regexp: '^.*?feat(\([[:word:]]+\))??!?:.+$' | ||
| order: 0 | ||
| - title: "Bug Fixes" | ||
| regexp: '^.*?fix(\([[:word:]]+\))??!?:.+$' | ||
| order: 1 | ||
| - title: "Documentation" | ||
| regexp: '^.*?docs(\([[:word:]]+\))??!?:.+$' | ||
| order: 2 | ||
| - title: "Performance" | ||
| regexp: '^.*?perf(\([[:word:]]+\))??!?:.+$' | ||
| order: 3 | ||
| - title: "Refactor" | ||
| regexp: '^.*?refactor(\([[:word:]]+\))??!?:.+$' | ||
| order: 4 | ||
| - title: "CI/Build" | ||
| regexp: '^.*?(ci|build)(\([[:word:]]+\))??!?:.+$' |
.github/workflows/tag-release.yml
Outdated
|
|
||
| - uses: mathieudutour/github-tag-action@d28fa2ccfbd16e871a4bdf35e11b3ad1bd56c0c1 # v6.2 | ||
| with: | ||
| github_token: ${{ secrets.GITHUB_TOKEN }} |
Comment on lines
75
to
100
| @@ -75,43 +95,24 @@ jobs: | |||
| - name: Log in to Docker Hub | |||
| uses: docker/login-action@v3 | |||
| with: | |||
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |||
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |||
| username: ${{ env.DOCKERHUB_USERNAME }} | |||
| password: ${{ env.DOCKERHUB_TOKEN }} | |||
|
|
|||
.github/workflows/release.yml
Outdated
Comment on lines
+101
to
+118
| - name: Build and push plugin | ||
| env: | ||
| PLUGIN_NAME: ghcr.io/${{ github.repository_owner }}/swarm-external-secrets | ||
| DOCKERHUB_PLUGIN_NAME: ${{ secrets.DOCKERHUB_USERNAME }}/swarm-external-secrets | ||
| PLUGIN_VERSION: ${{ github.event.inputs.version }} | ||
| VERSION: ${{ github.ref_name }} | ||
| GHCR: ghcr.io/${{ github.repository_owner }}/swarm-external-secrets | ||
| DHR: ${{ env.DOCKERHUB_USERNAME }}/swarm-external-secrets | ||
| run: | | ||
| # The build logic is based on your deploy.sh and build.sh scripts | ||
| docker build -t swarm-external-secrets:temp . | ||
| docker build -t plugin:temp . | ||
| mkdir -p ./plugin/rootfs | ||
| docker create --name temp-container swarm-external-secrets:temp | ||
| docker export temp-container | tar -x -C ./plugin/rootfs | ||
| docker rm temp-container | ||
| docker rmi swarm-external-secrets:temp | ||
| docker create --name plugin-rootfs plugin:temp | ||
| docker export plugin-rootfs | tar -x -C ./plugin/rootfs | ||
| docker rm plugin-rootfs && docker rmi plugin:temp | ||
| cp config.json ./plugin/ | ||
|
|
||
| # Create and push to GitHub Container Registry | ||
| docker plugin create ${{ env.PLUGIN_NAME }}:${{ env.PLUGIN_VERSION }} ./plugin | ||
| docker plugin push ${{ env.PLUGIN_NAME }}:${{ env.PLUGIN_VERSION }} | ||
|
|
||
| docker plugin create ${{ env.PLUGIN_NAME }}:latest ./plugin | ||
| docker plugin push ${{ env.PLUGIN_NAME }}:latest | ||
|
|
||
| # Create and push to Docker Hub | ||
| docker plugin create ${{ env.DOCKERHUB_PLUGIN_NAME }}:${{ env.PLUGIN_VERSION }} ./plugin | ||
| docker plugin push ${{ env.DOCKERHUB_PLUGIN_NAME }}:${{ env.PLUGIN_VERSION }} | ||
|
|
||
| docker plugin create ${{ env.DOCKERHUB_PLUGIN_NAME }}:latest ./plugin | ||
| docker plugin push ${{ env.DOCKERHUB_PLUGIN_NAME }}:latest | ||
|
|
||
| - name: Create GitHub Release | ||
| uses: softprops/action-gh-release@v2 | ||
| with: | ||
| tag_name: ${{ github.event.inputs.version }} | ||
| name: Release ${{ github.event.inputs.version }} | ||
| body: "Official release for version ${{ github.event.inputs.version }}." | ||
| draft: false | ||
| prerelease: false | ||
| for IMAGE in "${GHCR}" "${DHR}"; do | ||
| docker plugin create ${IMAGE}:${VERSION} ./plugin | ||
| docker plugin push ${IMAGE}:${VERSION} | ||
| docker plugin create ${IMAGE}:latest ./plugin | ||
| docker plugin push ${IMAGE}:latest | ||
| done No newline at end of file |
.goreleaser.yaml
Outdated
Comment on lines
+21
to
+24
| - -s -w | ||
| - -X main.version={{.Version}} | ||
| - -X main.commit={{.Commit}} | ||
| - -X main.date={{.Date}} |
.goreleaser.yaml
Outdated
Comment on lines
+21
to
+24
| - -s -w | ||
| - -X main.version={{.Version}} | ||
| - -X main.commit={{.Commit}} | ||
| - -X main.date={{.Date}} |
Contributor
Author
There was a problem hiding this comment.
@sanjay7178 here we have to edit main.go file we are just hardcoding rn
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
…ng in release workflow - Added conditional check for Docker Hub credentials before login. - Refactored image handling logic to include Docker Hub images only if credentials are provided.
…nally to Docker Hub
Contributor
Author
|
all suggestions by copilot are solved please review once again and lmk |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Type of change
Mention the secrets provider
Description
In this PR separated the CI logic in new file
CI.ymland now ourrelease.ymlis pure release pipeline which builds multi-platform binaries also goreleaser generates SPDX and CylconeDX SBOMs, produceschecksum.txtfor safe rollbacks and attests thechecksums.txtwith Sigstore via actions/attest-build-provenance, enabling users to verify the build chain with gh attestation verify.Also docker-plugin builds and pushes docker managed plugin to both of GHCR and DockerHub tagged with exact versions.
Now the release notes includes a structured changelog grouped by commit conventions(bug fixs, docs) as well as github's auto generated "What's Changed" and "New Contributors" sections
Note: We have to now add PAT of Github with write access as normal GITHUB_TOKEN doesn't have access to handle downstream workflows
This was big issue to work on and had great experience in learning and im open for any feedback, suggestions for improvements.
Commands & Configuration to test
NA
Screenshots & Logs
Related Tickets & Documents
Was this PR authored or co-authored using generative AI tooling?
Nope, I have used AI for some learning purposes and i have mostly took help of other popular open source projects which has CI workflows along with go-release.
References:
https://github.com/safedep/pmg/blob/main/.github/workflows/ci.yml
https://github.com/safedep/pmg/blob/main/.github/workflows/goreleaser.yml
https://github.com/gohugoio/hugo/blob/master/hugoreleaser.yaml