ci(release): implement named releases with tag-based deployment (#252)

[nanotaboada]

Closes #252

---

This change is 

Summary by CodeRabbit

• New Features

  • Automated CD: pushing version tags now builds and publishes multi-arch Docker images, generates a changelog, and creates a GitHub Release.

• Documentation

  • Updated README with release process and Docker image pull instructions.
  • Added CHANGELOG.md documenting versioning conventions and release notes structure.

• Chores

  • CI updated to run Maven via the project wrapper and removed the previous container build job.

[coderabbitai]

Warning

Rate limit exceeded

@nanotaboada has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 17 minutes and 8 seconds before requesting another review.

Your organization is not enrolled in usage-based pricing. Contact your admin to enable usage-based pricing to continue reviews beyond the rate limit, or try again in 17 minutes and 8 seconds.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: f52b7544-dee7-43a2-ac3f-b327d2dc0826

📥 Commits

Reviewing files that changed from the base of the PR and between e1d3848 and ba641ac.

📒 Files selected for processing (1)

• .github/workflows/maven-cd.yml

Walkthrough

Adds a tag-triggered CD workflow .github/workflows/maven-cd.yml for releases using v{SEMVER}-{CLUB} tags, separates CI (.github/workflows/maven-ci.yml) from release publishing, updates Maven invocation to use the wrapper, and adds CHANGELOG.md plus README release documentation.

Changes

Cohort / File(s)	Summary
CD Workflow .github/workflows/maven-cd.yml	New GitHub Actions workflow triggered on tag pushes v*.*.*-*: extracts semver and club, validates formats/allowlist, runs ./mvnw clean verify, builds multi-arch Docker images (linux/amd64,linux/arm64), pushes tags (semver, club, latest) to GHCR, generates changelog and creates a GitHub Release.
CI Workflow .github/workflows/maven-ci.yml	Removed the previous container/publish job; changed verify step to use Maven Wrapper (./mvnw clean verify) and removed Docker publish-on-master steps.
Documentation CHANGELOG.md, README.md	Adds CHANGELOG.md template with historic-club tag mapping and an "Unreleased" section; updates README.md badge and adds "Releases" docs describing tag format, release workflow, and Docker pull instructions.

Sequence Diagram(s)

sequenceDiagram
    actor Developer
    participant Repo as "Git Repository"
    participant Actions as "GitHub Actions"
    participant Maven as "Maven Wrapper"
    participant Buildx as "Docker Buildx"
    participant GHCR as "ghcr.io"
    participant Releases as "GitHub Release API"

    Developer->>Repo: Push annotated tag v1.0.0-arsenal
    Repo->>Actions: Trigger CD workflow (tag push)
    Actions->>Actions: Parse tag -> semver (1.0.0), club (arsenal)
    Actions->>Maven: Run ./mvnw clean verify
    Maven-->>Actions: Build succeeds
    Actions->>Buildx: Build multi-arch image (amd64, arm64)
    Buildx->>GHCR: Push tags: 1.0.0, arsenal, latest
    GHCR-->>Buildx: Push success
    Actions->>Actions: Generate changelog (git diff / commit subjects)
    Actions->>Releases: Create GitHub Release with changelog & pull instructions
    Releases-->>Actions: Release created
    Actions-->>Developer: Workflow complete

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~22 minutes

Assessment against linked issues

Objective	Addressed	Explanation
Separate CI from CD with two distinct workflows [#252]	✅
Remove Docker package publishing from CI/master merges [#252]	✅
Create CD workflow triggering on version tags v*.*.*-* [#252]	✅
Publish three Docker tags (semver, club name, latest) [#252]	✅
Generate GitHub Releases with changelog and pull instructions [#252]	✅

Possibly related issues

• Implement Named Releases with Tag-Based Deployment rust-samples-rocket-restful#26 — Similar tag-triggered CD workflow that parses v{SEMVER}-{codename}, builds/pushes multi-arch images to GHCR, generates changelogs, and creates GitHub Releases; could be linked due to shared release pattern.

🚥 Pre-merge checks | ✅ 2

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The PR title follows Conventional Commits format (ci(release):), is concise at 70 characters (under 80 limit), and accurately describes the main change: implementing named releases with tag-based deployment as tracked by issue #252.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch ci/named-releases-tag-based-deployment

• 🛠️ sync documentation: Commit on current branch
• 🛠️ sync documentation: Create PR
• 🛠️ enforce http error handling: Commit on current branch
• 🛠️ enforce http error handling: Create PR
• 🛠️ idiomatic review: Commit on current branch
• 🛠️ idiomatic review: Create PR
• 🛠️ verify api contract: Commit on current branch
• 🛠️ verify api contract: Create PR

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 100.00%. Comparing base (925f137) to head (ba641ac).
⚠️ Report is 4 commits behind head on master.

Additional details and impacted files

@@             Coverage Diff             @@
##              master      #287   +/-   ##
===========================================
  Coverage     100.00%   100.00%           
  Complexity        28        28           
===========================================
  Files              2         2           
  Lines             77        77           
  Branches           8         8           
===========================================
  Hits              77        77           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

.github/workflows/maven-cd.yml (1)

96-109: Changelog generation may produce unexpected results for edge cases.

The --sort=-version:refname sort may not correctly order semantic versions in all cases (e.g., v10.0.0 may sort before v2.0.0 due to lexicographic comparison). Additionally, if the current tag is the first release, PREVIOUS_TAG will be empty and the full commit history will be included.

For a first release, the behavior is acceptable. For future robustness, consider using --sort=-v:refname which is the abbreviated form and should handle semver better in recent Git versions.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/maven-cd.yml around lines 96 - 109, The changelog
generation uses git tag sorting with "--sort=-version:refname" which can
misorder semantic versions; update the invocation that sets PREVIOUS_TAG to use
"--sort=-v:refname" instead to get proper semver-aware ordering, i.e., change
the argument in the git tag command that assigns PREVIOUS_TAG; keep the existing
fallback when PREVIOUS_TAG is empty so first-release behavior remains unchanged
(refer to the PREVIOUS_TAG variable and the block that computes CHANGELOG).

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/maven-cd.yml:
- Around line 91-94: The image tag lines use ${{ github.repository }} which can
contain uppercase characters; change each occurrence to use the toLower()
expression (e.g., ${{ toLower(github.repository) }}) so the three tags (the
multiline keys referencing ghcr.io/${{ github.repository }}:latest, ghcr.io/${{
github.repository }}:${{ steps.tag.outputs.semver }}, and ghcr.io/${{
github.repository }}:${{ steps.tag.outputs.club }}) are converted to lowercase
before composing the image names.

---

Nitpick comments:
In @.github/workflows/maven-cd.yml:
- Around line 96-109: The changelog generation uses git tag sorting with
"--sort=-version:refname" which can misorder semantic versions; update the
invocation that sets PREVIOUS_TAG to use "--sort=-v:refname" instead to get
proper semver-aware ordering, i.e., change the argument in the git tag command
that assigns PREVIOUS_TAG; keep the existing fallback when PREVIOUS_TAG is empty
so first-release behavior remains unchanged (refer to the PREVIOUS_TAG variable
and the block that computes CHANGELOG).

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 0442ee5e-2401-449d-8caa-e9c15ab95c15

📥 Commits

Reviewing files that changed from the base of the PR and between 925f137 and dcfbc30.

📒 Files selected for processing (4)

• .github/workflows/maven-cd.yml
• .github/workflows/maven-ci.yml
• CHANGELOG.md
• README.md

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

.github/workflows/maven-cd.yml (1)

109-113: Prefer a unique delimiter for $GITHUB_OUTPUT multiline values.

Using a fixed EOF delimiter can break parsing if commit subjects contain that exact token.

Suggested hardening

-                  {
-                    echo "content<<EOF"
-                    echo "$CHANGELOG"
-                    echo "EOF"
-                  } >> "$GITHUB_OUTPUT"
+                  DELIM="CHANGELOG_$(date +%s%N)"
+                  {
+                    echo "content<<$DELIM"
+                    echo "$CHANGELOG"
+                    echo "$DELIM"
+                  } >> "$GITHUB_OUTPUT"

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/maven-cd.yml around lines 109 - 113, The current block
appends a multiline value to GITHUB_OUTPUT using a fixed "EOF" delimiter which
can break if the CHANGELOG contains that token; update the step that writes to
GITHUB_OUTPUT to use a unique delimiter (e.g., build one from run-specific data
or a hard-to-collide token) and use that same unique marker for both the start
and end of the heredoc when emitting CHANGELOG, ensuring the variable name
CHANGELOG and the GITHUB_OUTPUT append remain unchanged but the delimiter is
collision-resistant.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/maven-cd.yml:
- Line 103: The current PREVIOUS_TAG assignment uses a regex exclusion (grep -v
"^${GITHUB_REF#refs/tags/}$") which can mis-match tags with dots; replace the
grep call to use fixed-string whole-line matching (e.g., change grep -v
"^${GITHUB_REF#refs/tags/}$" to grep -xv "${GITHUB_REF#refs/tags/}") so git tag
--sort=-version:refname | grep -xv "${GITHUB_REF#refs/tags/}" | head -n 1
reliably returns the previous tag.

---

Nitpick comments:
In @.github/workflows/maven-cd.yml:
- Around line 109-113: The current block appends a multiline value to
GITHUB_OUTPUT using a fixed "EOF" delimiter which can break if the CHANGELOG
contains that token; update the step that writes to GITHUB_OUTPUT to use a
unique delimiter (e.g., build one from run-specific data or a hard-to-collide
token) and use that same unique marker for both the start and end of the heredoc
when emitting CHANGELOG, ensuring the variable name CHANGELOG and the
GITHUB_OUTPUT append remain unchanged but the delimiter is collision-resistant.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 4cc7f7cd-23ad-4b8e-ba07-0f8ed23931e5

📥 Commits

Reviewing files that changed from the base of the PR and between dcfbc30 and e1d3848.

📒 Files selected for processing (1)

• .github/workflows/maven-cd.yml

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud