Skip to content
This repository was archived by the owner on Jun 22, 2026. It is now read-only.
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
60 changes: 59 additions & 1 deletion .github/workflows/cd.yml
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ on:
- "v*.*.*"

permissions:
contents: read
contents: write
packages: write

env:
Expand Down Expand Up @@ -58,3 +58,61 @@ jobs:
cache-to: type=gha,mode=max
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}

update-release-notes:
runs-on: ubuntu-latest
needs: build-and-push

steps:
- name: Ensure GitHub release exists
env:
GH_TOKEN: ${{ github.token }}
run: |
tag="${GITHUB_REF_NAME}"
if ! gh release view "$tag" >/dev/null 2>&1; then
gh release create "$tag" --title "$tag" --generate-notes
fi

- name: Append container image instructions to release body
env:
GH_TOKEN: ${{ github.token }}
IMAGE_REF: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
run: |
# GITHUB_REF_NAME comes from the trusted maintainer-created tag ref that triggered this workflow.
python3 <<'PY'
import os
import subprocess
import textwrap

tag = os.environ["GITHUB_REF_NAME"]
image_ref = os.environ["IMAGE_REF"]
marker = "## Container image"

body = subprocess.check_output(
["gh", "release", "view", tag, "--json", "body", "-q", ".body"],
text=True,
)

container_section = textwrap.dedent(
f"""
## Container image

Pull the published container from GHCR:

```bash
docker pull {image_ref}:{tag.lstrip('v')}
docker pull {image_ref}:latest
```
"""
).strip()

if marker in body:
body = body.split(marker, 1)[0].rstrip()

body = f"{body}\n\n{container_section}\n" if body.strip() else f"{container_section}\n"

with open("RELEASE_NOTES.md", "w", encoding="utf-8") as fh:
fh.write(body)
PY

gh release edit "$GITHUB_REF_NAME" --notes-file RELEASE_NOTES.md
35 changes: 35 additions & 0 deletions .github/workflows/release-please.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
name: Release Please

on:
push:
branches:
- main

permissions:
contents: write
issues: write
pull-requests: write

concurrency:
group: release-please-${{ github.ref }}
cancel-in-progress: true

jobs:
release-please:
runs-on: ubuntu-latest

steps:
- name: Validate release-please token is configured
env:
RELEASE_PLEASE_TOKEN: ${{ secrets.RELEASE_PLEASE_TOKEN }}
run: |
if [ -z "$RELEASE_PLEASE_TOKEN" ]; then
echo "::error::Missing RELEASE_PLEASE_TOKEN secret. Configure a PAT or GitHub App token with repository write access before enabling this workflow."
exit 1
fi

- name: Run release-please
uses: googleapis/release-please-action@v4
with:
token: ${{ secrets.RELEASE_PLEASE_TOKEN }}
release-type: go
Loading