Fix Release Drafter

[a5chin]

User description

Type of Change

• Hotfix
• Bug Fix
• Dependency Update
• Feature
• Refactor
• CI/CD
• Documentation

Related Issues

Breaking Changes

• No breaking changes
• API signature changed
• Configuration changed
• Behavior changed
• Dependencies changed
• Features removed

Checklist

• Dependencies added/updated
• New environment variables
• Performance impact assessed
• Security implications reviewed
• Deployment notes

Additional Context

---

PR Type

Bug fix, Enhancement

---

Description

• Introduce a dedicated workflow for drafting releases.

• Add a new workflow to publish application images to GHCR.

• Enhance existing workflows for devcontainer and final release publishing.

• Standardize image metadata and release naming conventions.

---

Diagram Walkthrough

flowchart LR
  PR_Closed["Pull Request Closed (main)"] --> DraftRelease["Draft Release Workflow"]
  Push_Main_Tags["Push (main branch or v* tags)"] --> PublishApp["Publish App Image Workflow"]
  Push_Main_Tags --> PublishDevcontainer["Publish Devcontainer Image Workflow"]
  PR_Merged_Release["Pull Request Merged (release/ branch)"] --> PublishRelease["Release Workflow"]

  DraftRelease -- "Updates draft release" --> GitHubReleases(GitHub Releases)
  PublishApp -- "Builds & Pushes" --> GHCR_App(GHCR App Image)
  PublishDevcontainer -- "Builds & Pushes" --> GHCR_Devcontainer(GHCR Devcontainer Image)
  PublishRelease -- "Creates final release" --> GitHubReleases

Loading

File Walkthrough

Relevant files

Ci/cd

draft.yml Add workflow for drafting releases on PR merge.                    .github/workflows/draft.yml Added a new GitHub Actions workflow named Draft Release. This workflow is triggered when a pull request to main is closed and merged. It uses release-drafter/release-drafter@v6 to update a draft release. +22/-0    publish-app.yml Implement workflow to publish application images to GHCR. .github/workflows/publish-app.yml Introduced a new GitHub Actions workflow named Publish App to GHCR. This workflow is triggered on push to main or v* tags, or manually via workflow_dispatch. It builds and pushes a Docker image for the application to GitHub Container Registry (GHCR). Utilizes docker/metadata-action@v5 to extract image tags and labels, including OCI annotations. +72/-0    publish-devcontainer.yml Update devcontainer image publishing workflow.                      .github/workflows/publish-devcontainer.yml Added tags: - "v*" as an additional trigger for the workflow. Renamed the main job from publish-devcontainer to publish. Updated org.opencontainers.image.url and org.opencontainers.image.source labels to use github.repository variable. Standardized step names for consistency (e.g., Login to Container Registry). +10/-8    release.yml Refine release creation workflow.                                                .github/workflows/release.yml Renamed the workflow from Create Release 🚀 to Release. Renamed the job from create-release to publish. Modified the name parameter for the release-drafter action to use only ${{ env.VERSION }}. Explicitly set publish: true for the release-drafter action to ensure the release is published. +5/-5

---

[a5chin]

/review

[github-actions]

PR Reviewer Guide 🔍

Here are some key observations to aid the review process:

⏱️ Estimated effort to review: 3 🔵🔵🔵⚪⚪

🧪 No relevant tests

🔒 No security concerns identified

⚡ Recommended focus areas for review Supply Chain Security The docker/build-push-action explicitly sets provenance: false. While this might be intentional, enabling provenance (provenance: true) is generally recommended for enhanced software supply chain security, as it provides verifiable build information. Consider if this setting aligns with the project's security requirements. provenance: false Release Logic The condition !contains(github.head_ref, 'release/') in the update job ensures that draft releases are not created from release/ branches. This logic is crucial for the overall release strategy. Ensure this condition correctly complements the release.yml workflow, which specifically targets release/ branches for publishing. if: github.event.pull_request.merged == true && !contains(github.head_ref, 'release/')

[a5chin]

/improve