Skip to content

Publishing

Stéphane Brunner edited this page May 31, 2024 · 14 revisions

Introduction

C2C CI utils is built to be able to publish a project with the following structure:

Have stabilization branches named by default <major>.<minor>. Have tag for the release named by default <major>.<minor>.<patch>.

With C2C CI utils, you can publish a python package and a Docker image from the same repository.

The default publishing is:

  • Push on the <major>.<minor> branch will publish Docker images.
  • Create the tag <major>.<minor>.<patch> will publish the Docker images, and the Python package.
  • Push on a pull request will publish the Docker images with the pull request ID ad tag.
  • Close a pull request will delete the related Docker images.
  • Push on the master branch will publish the Docker images with the master tag (Publishing a python package is also possible).
  • The version at the last line of the SECURITY.md of the master branch will also be published using the latest tag, this will respect the tags present in the configuration.
  • In the SECURITY.md file of the master branch, we can also add a column Alternate Tag to publish the Docker images with another tag, this will respect the tags present in the configuration (only for Docker).

The Docker images are published on Docker Hub and GitHub Container Registry.

See also the publishing part of the Configuration.

CI integration

Add your project to the Geo GHCI GitHub application to manage the security:

  • Trigger rebuild, then a dpkg version is updated.
  • Update the dependency against the CVE.

c2cciutils should be added in ci/requirements.txt.

You should create a ci/dpkg-versions.yaml file with {}:

echo {} > ci/dpkg-versions.yaml
git add ci/dpkg-versions.yaml

Add your Docker images in ci/config.yaml like:

publish:
  docker:
    images:
      - name: camptocamp/project

You can use this workflow to integrate it in the CI

env:
  HAS_SECRETS: ${{ secrets.HAS_SECRETS }}

jobs:
  main:
    ...
    steps:
      # Chechout
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0

      # Get the secrets
      - uses: camptocamp/initialise-gopass-summon-action@v2
        with:
          ci-gpg-private-key: ${{secrets.CI_GPG_PRIVATE_KEY}}
          github-gopass-ci-token: ${{secrets.GOPASS_CI_GITHUB_TOKEN}}
          patterns: pypi docker
        if: env.HAS_SECRETS == 'HAS_SECRETS'

      # Install c2cciutils
      - run: echo "${HOME}/.local/bin" >> ${GITHUB_PATH}
      - run: python3 -m pip install --user --requirement=ci/requirements.txt

      ...

      # Publish
      - name: Publish
        run: c2cciutils-publish
        if: env.HAS_SECRETS == 'HAS_SECRETS'

Run locally

You can run the publishing locally in dry-run mode:

GITHUB_REF=... c2cciutils-publish --dry-run ...
Clone this wiki locally