CloudNebulaProject/barycenter
1
0
Fork 0
mirror of https://github.com/CloudNebulaProject/barycenter.git synced 2026-04-10 21:20:41 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
barycenter/book/src/development/release-process.md

149 lines
4.8 KiB
Markdown
Raw Normal View History

docs: Add comprehensive mdbook documentation Complete documentation site covering all aspects of Barycenter: Getting Started, Authentication, OAuth 2.0/OIDC, Authorization Policy Engine, Administration, Deployment, Security, Development, and Reference sections (96 markdown files). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-14 17:59:55 +01:00
# Release Process
Barycenter uses tag-triggered releases. Pushing a Git tag matching the `v*.*.*` pattern triggers the CI pipeline to build artifacts, publish container images, and create a GitHub release.
## Triggering a Release
### 1. Prepare the Release
Ensure all changes for the release are merged into `main`. Update version numbers in `Cargo.toml` and finalize the changelog.
```bash
git checkout main
git pull origin main
```
### 2. Create and Push the Tag
```bash
git tag v1.2.0
git push origin v1.2.0
```
The tag name must match the `v*.*.*` pattern (e.g., `v1.0.0`, `v1.2.3`, `v2.0.0-rc.1`). The CI pipeline triggers automatically on tag push.
### 3. Monitor the Pipeline
The release pipeline performs several steps in sequence. Monitor it through the GitHub Actions UI or the CLI:
```bash
gh run list --workflow=release
gh run watch
```
## Release Pipeline Steps
### Step 1: Build Multi-Platform Docker Images
The pipeline builds Docker images for two architectures:
| Platform | Architecture | Use Case |
|----------|-------------|----------|
| `linux/amd64` | x86_64 | Standard servers, cloud instances |
| `linux/arm64` | AArch64 | ARM servers, AWS Graviton, Apple Silicon |
Both images are built from the same Dockerfile using Docker's `--platform` build argument. Platform-specific build caches are used to optimize parallel builds and avoid cache conflicts between architectures.
The images are tagged with:
- The version tag (e.g., `v1.2.0`)
- `latest` (for the most recent stable release)
### Step 2: Publish to GitHub Container Registry
Built images are published to GitHub Container Registry (GHCR):
```
ghcr.io/your-org/barycenter:v1.2.0
ghcr.io/your-org/barycenter:latest
```
A multi-architecture manifest is created so that `docker pull ghcr.io/your-org/barycenter:v1.2.0` automatically selects the correct image for the host platform.
### Step 3: Create GitHub Release
The pipeline creates a GitHub release with:
- **Release title**: The tag name (e.g., `v1.2.0`)
- **Changelog**: Auto-generated from commits since the previous release tag, organized by conventional commit type
- **Binary artifacts**: The compiled `barycenter` binary for each platform (if configured)
The changelog groups commits by type:
```markdown
## What's Changed
### Features
- feat: add refresh token rotation (#42)
- feat: add device code flow support (#45)
### Bug Fixes
- fix: prevent double consumption of authorization codes (#43)
### Other Changes
- chore: update sea-orm to 1.1.0 (#44)
- docs: add PKCE security documentation (#46)
```
### Step 4: Generate Artifact Attestation
The pipeline generates [artifact attestation](https://docs.github.com/en/actions/security-guides/using-artifact-attestations-and-reusable-workflows-to-verify-builds) for the published container images. Attestation provides a cryptographic proof that the container image was built by the CI pipeline from a specific commit in the repository.
This allows consumers to verify the provenance of the image:
```bash
gh attestation verify oci://ghcr.io/your-org/barycenter:v1.2.0 \
--owner your-org
```
## Version Numbering
Barycenter follows [Semantic Versioning](https://semver.org/):
| Component | When to Increment | Example |
|-----------|-------------------|---------|
| **Major** (X.0.0) | Breaking changes to the public API, configuration format, or database schema that requires manual migration | `v1.0.0` to `v2.0.0` |
| **Minor** (0.X.0) | New features, non-breaking additions to the API or configuration | `v1.0.0` to `v1.1.0` |
| **Patch** (0.0.X) | Bug fixes, security patches, documentation updates | `v1.0.0` to `v1.0.1` |
Pre-release versions use a suffix: `v1.2.0-rc.1`, `v1.2.0-beta.1`.
## Hotfix Releases
For urgent production fixes:
1. Create a hotfix branch from the latest release tag:
```bash
git checkout -b hotfix/1.2.1 v1.2.0
```
2. Apply the fix and commit with conventional commit format.
3. Merge into `main` and tag:
```bash
git checkout main
git merge hotfix/1.2.1
git tag v1.2.1
git push origin main --tags
```
4. Merge back into `develop`:
```bash
git checkout develop
git merge hotfix/1.2.1
git push origin develop
```
The tag push triggers the same release pipeline.
## Post-Release Checklist
After a release is published:
- [ ] Verify the GitHub release page has the correct changelog and artifacts
- [ ] Verify the Docker image is pullable from GHCR: `docker pull ghcr.io/your-org/barycenter:vX.Y.Z`
- [ ] Verify the multi-arch manifest works on both amd64 and arm64
- [ ] Verify artifact attestation: `gh attestation verify oci://ghcr.io/your-org/barycenter:vX.Y.Z --owner your-org`
- [ ] Update deployment configurations to reference the new version
- [ ] Announce the release to stakeholders if it contains user-facing changes
- [ ] Merge the release branch (or `main`) back into `develop` if not already done
Reference in a new issue Copy permalink