-
Notifications
You must be signed in to change notification settings - Fork 4
Publishing
C2C CI utils is built to be able to publish a project with the following structure:
Have stabilization branches named by default <major>.<minor>
.
Have tag for the release named by default <major>.<minor>.<patch>
.
With C2C CI utils, you can publish a python package and a Docker image from the same repository.
The default publishing is:
- Push on the
<major>.<minor>
branch will publish Docker images. - Create the tag
<major>.<minor>.<patch>
will publish the Docker images, and the Python package. - Push on a pull request will publish the Docker images with the pull request ID ad tag.
- Close a pull request will delete the related Docker images.
- Push on the
master
branch will publish the Docker images with the master tag (Publishing a python package is also possible). - The version at the last line of the
SECURITY.md
of themaster
branch will also be published using thelatest
tag, this will respect thetags
present in the configuration. - In the
SECURITY.md
file of themaster
branch, we can also add a columnAlternate Tag
to publish the Docker images with another tag, this will respect thetags
present in the configuration (only for Docker).
The Docker images are published on Docker Hub and GitHub Container Registry.
See also the publishing part of the Configuration.
Add your project to the Geo GHCI GitHub application to manage the security:
- Trigger rebuild, then a dpkg version is updated.
- Update the dependency against the CVE.
Get the workflow pull-request-automation.yaml to review automatically the CVE, dpkg and Renovate updates.
c2cciutils
should be added in ci/requirements.txt
.
You should create a ci/dpkg-versions.yaml
file with {}
:
echo {} > ci/dpkg-versions.yaml
git add ci/dpkg-versions.yaml
Add your Docker images in ci/config.yaml
like:
publish:
docker:
images:
- name: camptocamp/project
You can use this workflow to integrate it in the CI
env:
HAS_SECRETS: ${{ secrets.HAS_SECRETS }}
jobs:
main:
...
steps:
# Chechout
- uses: actions/checkout@v4
with:
fetch-depth: 0
# Get the secrets
- uses: camptocamp/initialise-gopass-summon-action@v2
with:
ci-gpg-private-key: ${{secrets.CI_GPG_PRIVATE_KEY}}
github-gopass-ci-token: ${{secrets.GOPASS_CI_GITHUB_TOKEN}}
patterns: pypi docker
if: env.HAS_SECRETS == 'HAS_SECRETS'
# Install c2cciutils
- run: echo "${HOME}/.local/bin" >> ${GITHUB_PATH}
- run: python3 -m pip install --user --requirement=ci/requirements.txt
...
# Publish
- name: Publish
run: c2cciutils-publish
if: env.HAS_SECRETS == 'HAS_SECRETS'
You can run the publishing locally in dry-run mode:
GITHUB_REF=... c2cciutils-publish --dry-run ...
When we create a new version branch, we should:
- Add a
backport <version>
label. - Update the Renovate base branch.
- Update the
SECURITY.md
. - Create the branch :-P
To create all of that, you can also run: c2cciutils-version --version=<version> [--force]
Note that didn't create a release
Just create a tag:
git tag <release>
git pus origin <tag>