automate semantic version tagging and GitHub Releases

.github/workflows/release-on-master-merge.yml

@@ -0,0 +1,69 @@
+name: Release on merged master PR
+
+on:
+  pull_request:
+    types: [closed]
+    branches: [master]
+
+permissions:
+  contents: write
+
+jobs:
+  create-semver-tag:
+    if: github.event.pull_request.merged == true
+    runs-on: ubuntu-latest
+    outputs:
+      release_tag: ${{ steps.tag_version.outputs.new_tag }}
+
+    steps:
+      - name: Checkout merged master commit
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ github.event.pull_request.merge_commit_sha }}
+          fetch-depth: 0
+
+      - name: Create semantic version tag
+        id: tag_version
+        uses: anothrNick/github-tag-action@1.75.0
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          DEFAULT_BRANCH: master
+          RELEASE_BRANCHES: master
+          DEFAULT_BUMP: patch
+          BRANCH_HISTORY: compare
+          TAG_PREFIX: v
+          INITIAL_VERSION: 2.3.0
+
+  publish-github-release:
+    needs: create-semver-tag
+    if: needs.create-semver-tag.outputs.release_tag != ''
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+
+    steps:
+      - name: Generate release asset
+        id: asset
+        env:
+          RELEASE_TAG: ${{ needs.create-semver-tag.outputs.release_tag }}
+        run: |
+          release_asset="$RUNNER_TEMP/${RELEASE_TAG}.txt"
+          {
+            echo "Release: ${RELEASE_TAG}"
+            echo "Commit: ${{ github.event.pull_request.merge_commit_sha }}"
+            echo "Merged PR: #${{ github.event.pull_request.number }}"
+            echo "Merged by: ${{ github.event.pull_request.merged_by.login }}"
+          } > "$release_asset"
+          echo "release_asset=$release_asset" >> "$GITHUB_OUTPUT"
+
+      - name: Publish GitHub Release
+        uses: softprops/action-gh-release@v2
+        with:
+          tag_name: ${{ needs.create-semver-tag.outputs.release_tag }}
+          name: ${{ needs.create-semver-tag.outputs.release_tag }}
+          generate_release_notes: true
+          files: |
+            ${{ steps.asset.outputs.release_asset }}
+          fail_on_unmatched_files: true
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

docs/BUILD_AND_PUSH.md

@@ -1,18 +1,28 @@
 # Build & Push images using GitHub Actions
 
-This repository contains a GitHub Actions workflow that builds and pushes Docker images to Docker Hub when commits are pushed to the `master` branch.
+This repository contains GitHub Actions workflows that:
+
+- build and push Docker images to Docker Hub when commits are pushed to the `master` branch
+- create a semantic version tag and publish a GitHub Release when a pull request is merged into `master`
 
 ## What the workflow does
 - On push to `master`, it builds two images:
   - `Dockerfile.postgres-walg` → `DOCKERHUB_USERNAME/pg-with-backup` (tags: `latest`, `commit-sha`)
   - `Dockerfile.backup` → `DOCKERHUB_USERNAME/pg-backup-walg` (tags: `latest`, `commit-sha`)
 - Pushes the images to Docker Hub using the provided credentials.
+- On merged pull requests to `master`, it:
+  - calculates the next semantic version tag from the latest repository tag (current baseline: `v2.3.0`)
+  - defaults to a patch bump, unless the merge commit message includes `#major`, `#minor`, `#patch`, or `#none`
+  - creates the new Git tag with `anothrNick/github-tag-action`
+  - publishes a GitHub Release with autogenerated release notes and a small metadata asset
 
 ## Required GitHub repository secrets
 Add the following secrets in your repository settings -> Secrets -> Actions:
 - `DOCKERHUB_USERNAME` — your Docker Hub username (or organization)
 - `DOCKERHUB_TOKEN` — a Docker Hub access token or password
 
+No extra secret is required for releases; the release workflow uses the default `GITHUB_TOKEN`.
+
 ## How to use the pushed images (start with only `.env` and `docker-compose.yml`)
 1. Option A (recommended): modify `docker-compose.yml` to use the pushed images instead of building locally. Example change:
 
@@ -45,8 +55,10 @@ Notes:
 
 ## Customizing image names/tags
 - The workflow uses `${{ secrets.DOCKERHUB_USERNAME }}` as the user/org for image tags. If you prefer different names, update `.github/workflows/build-and-push.yml`.
+- The release workflow lives in `.github/workflows/release-on-master-merge.yml`.
+- To change default semantic bump behavior, update `DEFAULT_BUMP` in the release workflow.
+- To start release numbering from a different baseline when there are no tags yet, update `INITIAL_VERSION` in the release workflow.
 
 ## Troubleshooting
 - Build may fail if GitHub runners cannot reach the wal-g binary release or if the pgvector build step fails; check Actions logs for the failing step.
 - If you want multi-arch images, extend the action with `platforms` in the `docker/build-push-action` steps.
-