Add release workflows#4583
Conversation
Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize the Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counterproductive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here. |
|
Claude finished @ss-es's task in 3m 32s —— View job Code Review: Add Release Workflows (PR #4583)
SummaryThis PR introduces a comprehensive release management system: issue-based tracker automation, FindingsBug (high):
Minor:
What looks good
|
|
Claude finished @ss-es's task in 6m 13s —— View job Code Review: Add Release Workflows (PR #4583)
SummarySince the last review, I resolved the open New FindingsBug:
Security (medium):
Minor:
What looks good
|
| tracker issue. The tracker issue is where you'll do everything that | ||
| follows. | ||
|
|
||
| 2. **Run an initial tag.** Comment `/tag` on the tracker issue. This creates |
There was a problem hiding this comment.
I think 2. can be fully automated after 1.? So can we just make this part of a workflow dispatch run or have at least a CLI convenience command? I think it's easier if everything happens in one place instead of having to run CLI commands and perform comments on github.
|
|
||
| refresh() { | ||
| local issue="$1" | ||
| local body; body=$(gh issue view "$issue" --json body -q .body) |
There was a problem hiding this comment.
This code is difficult to review, or even just figure out what i does exactly and there's currently no way to run anything locally, or any tests because it's inlined into the workflow. I think it could be extracted into a python script for better readability and testability.
I think there may be some concurrency issues and the workflow has many triggers.
| @@ -0,0 +1,43 @@ | |||
| --- | |||
There was a problem hiding this comment.
Currently the issue is used as a kind of database and it's just a string. There's no real schema, versioning, migration etc. so I'm afraid if we need to change or fix anything it may get very messy. I think there must be a better way to do this.
I haven't thought about it much but for example the state could be kept as json (or similar) in the issue body (commented) and managed by a python script.
There was a problem hiding this comment.
I think this should be resolved now -- the issue page itself no longer maintains any state
| jobs: | ||
| on-create: | ||
| if: | | ||
| github.event_name == 'create' && |
There was a problem hiding this comment.
How about adding workflow dispatch for this instead of pushing a branch and then name matching on the branch? The workflow could take any rev / branch / tag as input, plus the version and then create the branch on gihub
|
|
||
| YYYYMMDD_TAG_PATTERN = "20[0-9][0-9][0-1][0-9][0-3][0-9]" | ||
| RELEASE_TAG_GLOB = "[0-9]*.[0-9]*.[0-9]*.[0-9]*" | ||
| RELEASE_TAG_RE = re.compile(r"^\d+\.\d+\.\d+\.\d+$") |
There was a problem hiding this comment.
Fallback to YYYYMMDD if it doesn't find new tags?
Not part of this PR but we should rewrite it a bit anyway to pick up the versions that are deployed instead of tagged on github. Currently it moves the base version up too early.
sveitser
left a comment
There was a problem hiding this comment.
I think the overall ideas are great and a significant improvement. I like the sticky github issue and interaction via slash commands.
I left some comments with suggestions and concerns.
I think my biggest concern is that this adds a lot of bash-in-yaml CI code that is almost untestable so I would prefer not to do that. Whenever a workflow runs it can use all the code in the repo so I see no reason not to script the complicated parts outside github yaml files. This also allows to add some tests for it to document important behaviors that are currently implicit and difficult to determine from looking at the code. We could for example add a python script that inputs and outputs the issue body (potentially containing a more structured artifact, as suggested).
| The tracker issue is the durable, branch-scoped surface for everything | ||
| release-related. It is the place where you run release commands, see status, | ||
| and discuss the release with the team. Its body is maintained automatically; | ||
| the bot edits sections between `<!-- BEGIN ... -->` / `<!-- END ... -->` |
There was a problem hiding this comment.
I think there are no such markers now?
| run: | | ||
| set -euo pipefail | ||
| git tag -a "$TAG" -m "Release $TAG" | ||
| git push origin "refs/tags/$TAG" |
There was a problem hiding this comment.
I think this workflow is missing the step to create a github release.
There was a problem hiding this comment.
I'm not sure we want to create a github release on every tag, since we likely will use tags for triggering builds for devnet as well now
|
Since almost nothing on the workflow is specific to this repo why don't we first put it into a separate repo build some trivial docker images then we can test the whole workflow very quickly, including promotion, docker tag protection etc. and avoid polluting this repo and waiting for long builds. |
|
@claude I've rearchitectured some of this, can you take another look? |
|
Claude encountered an error after 59s —— View job Code Review: Add Release Workflows (PR #4583) — Re-review
|

Adds CI workflows for a release process.
In summary, we will now have an issue tracker for each release, with workflows that automatically track the divergence from main (so it is easier to see which commits have been backported or not). There is also some UX improvements for the tagging process, with a
/tag(and in the same vein,/promote) command that can be used on the issue page.Release branches are now
release-X.Y.Z, whereX.Yshould correspond to the protocol version intended to run from this release. Tags now take the form ofX.Y.PHASE.PATCH, wherePATCHis automatically incremented via the/tagcommand.The full process is described in
RELEASES.md