feat(release): include container images and deployment artifacts in release#4219
Open
bobbai00 wants to merge 11 commits intoapache:mainfrom
Open
feat(release): include container images and deployment artifacts in release#4219bobbai00 wants to merge 11 commits intoapache:mainfrom
bobbai00 wants to merge 11 commits intoapache:mainfrom
Conversation
github-actions
bot
added
feature
ci
parshimers
approved these changes
Feb 19, 2026
Member
parshimers
left a comment
parshimers
left a comment
There was a problem hiding this comment.
This looks great. Something I wish we had for AsterixDB!
| - name: Set up Docker Buildx | ||
| uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 | ||
|
|
||
| - name: Log in to GitHub Container Registry |
Member
There was a problem hiding this comment.
This is the safe way to do this, right? So the build can't see these secrets?
- Parameterize Docker Compose and Helm chart image references with configurable registry and tag (defaults to ghcr.io/apache:latest) - Update build-and-push-images workflow to support both ghcr.io and Docker Hub via conditional login - Extend release candidate workflow to produce three signed artifacts: source tarball, Docker Compose bundle, and Helm chart package - Docker Compose bundle includes pinned .env with release version - Helm chart package includes release-versioned Chart.yaml and values - Update vote email template to list container images and new checklist items for deployment verification This follows the Apache Flink Kubernetes Operator release model where deployment descriptors are voted-on binary artifacts alongside source. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
When the image_tag input is left empty in the build-and-push-images workflow, it now resolves to the short commit hash (7 chars) of the selected branch via the GitHub API. This provides traceability without requiring manual tag entry. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The gh API call to resolve commit hash needs GH_TOKEN set in the step environment to authenticate in GitHub Actions. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…bundle The git archive pipe to tar needs the target directory to exist. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The Helm chart files/ directory has symlinks to ../../../sql/ which break when extracted in isolation. Now extract sql/ alongside the chart and resolve symlinks to real files before helm package. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The chart dependency tarballs (postgresql, minio, etc.) are gitignored, so they're missing from git archive output. Run helm dependency build to download them before helm package. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
When the tagged source predates the parameterization changes, the .env file won't have IMAGE_REGISTRY or IMAGE_TAG lines. Now appends them instead of silently matching nothing with sed. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Check the remote SVN URL (not local working copy) to determine if the RC directory already exists. If it does, check it out instead of trying to create and add it, which would fail with E160020. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The Docker Compose .env and Helm values.yaml now use the short commit hash (e.g., 77aeddb) as the image tag instead of the version string, matching the convention used by the build-and-push-images workflow. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
bobbai00
force-pushed
the
feat/improve-release-compliance
branch
from
39ce936 to
cc469a0
Compare
Remove unused top-level env var and redundant latest tag logic in build-and-push-images.yml. Remove unused ARCHIVE_DIR variable in create-release-candidate.yml. Fix heredoc indentation to avoid breaking GitHub's YAML parser. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What changes were proposed in this PR?
This PR adds Docker Compose and Helm chart as signed binary release artifacts alongside the source tarball, following the Apache Flink Kubernetes Operator release model. This ensures the release contains everything a new user needs to get started.
After this change, the release directory will contain:
Container images are published to
ghcr.io/apache/texera-*as convenience binaries built from the voted-on source. The Docker Compose bundle and Helm chart reference these images with pinned version tags, so a new user can download one artifact and rundocker compose up -dto get Texera running.Key changes:
docker-compose.ymland Helmvalues.yamlwithIMAGE_REGISTRY/IMAGE_TAGvariables (defaults toghcr.io/apache/latest)build-and-push-imagesworkflow to support both ghcr.io (viaGITHUB_TOKEN) and Docker Hubcreate-release-candidateworkflow to produce three signed artifacts:Any related issues, documentation, discussions?
Closes #4218
How was this PR tested?
Was this PR authored or co-authored using generative AI tooling?
Yes, co-authored with Claude Code (Claude Opus 4.6).