Skip to content

feat: Add release workflows to publish plugin binaries and image.#24

Merged
davemarco merged 17 commits into
y-scope:mainfrom
davemarco:workflow
Jul 17, 2026
Merged

feat: Add release workflows to publish plugin binaries and image.#24
davemarco merged 17 commits into
y-scope:mainfrom
davemarco:workflow

Conversation

@davemarco

@davemarco davemarco commented Jun 8, 2026

Copy link
Copy Markdown
Contributor

Description

Adds GitHub Actions to build and publish the out_clp_s3 plugin:

  • binaries.yml — builds the plugin .so in a manylinux container and uploads a linux/amd64 tarball to
    releases.
  • image.yml — builds and pushes the Docker image to ghcr.io. Image builds its own binary separate from the manylinux binary above.
  • release.yml — on a published release, runs both of the above.
  • README — restructured around the three ways to run the plugin (prebuilt image, Docker Compose,
    local build) plus minor cleanups.

Checklist

  • The PR satisfies the contribution guidelines.
  • This is a breaking change and that has been indicated in the PR title, OR this isn't a
    breaking change.
  • Necessary docs have been updated, OR no docs need to be updated.

Validation

Testing binary and image workflows worked. but will need to wait to release to test release workflow that publishes images

Summary by CodeRabbit

  • New Features

    • Added automated release workflows for building downloadable plugin binaries and publishing container images.
    • Added options to run binary builds manually or reuse them in other workflows.
    • Added support for optionally publishing images to the container registry.
  • Bug Fixes

    • Improved plugin container builds by enabling required C integration.
  • Documentation

    • Restructured setup instructions with clearer options for prebuilt images, Docker Compose, and local builds.
    • Clarified disk buffering and S3 object upload behaviour.

marco added 3 commits February 19, 2026 11:17
# Conflicts:
#	plugins/out_clp_s3/Dockerfile
@davemarco
davemarco requested review from a team and hoophalab as code owners June 8, 2026 13:49
@coderabbitai

coderabbitai Bot commented Jun 8, 2026

Copy link
Copy Markdown

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: d4de5019-5e4d-4460-a42f-91c65d87067f

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Title check ✅ Passed The title accurately summarizes the main objective of the PR: adding GitHub Actions release workflows to automate publishing of plugin binaries and Docker images.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 5

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/binaries.yml:
- Around line 35-39: The workflow currently pipes downloads directly into tar/sh
(the commands "curl -fsSL \"https://go.dev/dl/go1.24.linux-${{ matrix.arch
}}.tar.gz\" | tar -C /usr/local -xz" and "curl -fsSL
https://taskfile.dev/install.sh | sh -s -- -d -b /usr/local/bin"), which is
unauthenticated; change these steps to first download the files to disk, fetch
the corresponding checksum/signature files (and GPG keys if available), verify
the downloaded artifacts (e.g., sha256sum or gpg --verify) and fail the job on
mismatch, then extract/install from the verified local copy; ensure commands and
step names reflect the verification (download Go tarball + checksum/signature,
verify, then tar -C /usr/local -xz on the verified file; download Task installer
+ checksum/signature, verify, then run sh on the verified installer).
- Around line 50-55: The "Upload to release" step uses the gh CLI command gh
release upload which errors if the asset already exists; update the step that
runs gh release upload in the workflow to include the --clobber flag so the
command replaces any existing asset on reruns (locate the step named "Upload to
release" and modify the gh release upload invocation to add --clobber).
- Line 23: Replace the mutable tag "actions/checkout@v6" with a pinned commit
SHA for actions/checkout and add the checkout input persist-credentials: false;
specifically update the checkout step that currently uses "actions/checkout@v6"
to use "actions/checkout@<commit-sha>" and include persist-credentials: false in
that step to prevent persisted Git credentials being mounted into the build
container.

In @.github/workflows/image.yml:
- Line 23: Replace mutable action tags with exact commit SHAs for each
third-party action referenced (actions/checkout, docker/setup-buildx-action,
docker/login-action, docker/metadata-action, docker/build-push-action) so they
are pinned to immutable revisions, and add persist-credentials: false to the
actions/checkout step to disable credential persistence; update the workflow
entries that currently use actions/checkout@v6, docker/setup-buildx-action@v3,
docker/login-action@v3, docker/metadata-action@v5, and
docker/build-push-action@v6 to their corresponding commit SHAs and ensure the
checkout step includes persist-credentials: false.

In `@plugins/out_clp_s3/README.md`:
- Around line 18-20: The fenced code blocks in README.md (the triple-backtick
blocks shown in the diff) are missing required blank lines before and after each
fence which triggers MD031 lint warnings; edit the README.md to add one empty
line immediately before each opening ``` and one empty line immediately after
each closing ``` for all occurrences (the blocks shown around the curl example
and the other fenced blocks referenced) so every fenced code block is surrounded
by a blank line.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 636ec32f-8f40-417a-a0f6-fbfd63e6f6e6

📥 Commits

Reviewing files that changed from the base of the PR and between 0a68852 and 500f348.

📒 Files selected for processing (5)
  • .github/workflows/binaries.yml
  • .github/workflows/image.yml
  • .github/workflows/release.yml
  • plugins/out_clp_s3/Dockerfile
  • plugins/out_clp_s3/README.md

Comment thread .github/workflows/binaries.yml Outdated
Comment thread .github/workflows/binaries.yml Outdated
Comment thread .github/workflows/binaries.yml Outdated
Comment thread .github/workflows/image.yml Outdated
Comment thread plugins/out_clp_s3/README.md

@hoophalab hoophalab left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM in general. Some comments

Comment thread .github/workflows/binaries.yml
Comment thread .github/workflows/binaries.yml Outdated
Comment thread .github/workflows/binaries.yml Outdated
Comment thread .github/workflows/binaries.yml Outdated
@davemarco
davemarco requested a review from hoophalab July 13, 2026 15:04

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)
.github/workflows/image.yml (1)

22-27: 🩺 Stability & Availability | 🔵 Trivial | ⚡ Quick win

Serialise image publishing runs.

When push is enabled, concurrent runs can race while updating shared tags such as latest, leaving the registry with an unintended image. Add a concurrency group keyed by the ref or image and retain completed release runs.

Suggested change
+concurrency:
+  group: image-${{ github.ref }}
+  cancel-in-progress: false
+
 jobs:
   build:
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/image.yml around lines 22 - 27, Add a concurrency
configuration to the image publishing workflow’s build job, keyed by the
relevant ref or image identifier so concurrent pushes serialize while preserving
completed release runs. Keep the existing permissions and build steps unchanged.

Source: Linters/SAST tools

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/binaries.yml:
- Around line 55-60: Update the “Upload to release” step to pass
inputs.release_tag through a dedicated environment variable, then reference that
variable in the gh release upload command instead of directly expanding the
input in run. Preserve the existing release condition, repository, archive name,
and clobber behavior.

---

Outside diff comments:
In @.github/workflows/image.yml:
- Around line 22-27: Add a concurrency configuration to the image publishing
workflow’s build job, keyed by the relevant ref or image identifier so
concurrent pushes serialize while preserving completed release runs. Keep the
existing permissions and build steps unchanged.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 129a5257-7313-4327-b958-918854179da1

📥 Commits

Reviewing files that changed from the base of the PR and between 500f348 and fa79d2b.

📒 Files selected for processing (4)
  • .github/workflows/binaries.yml
  • .github/workflows/image.yml
  • .gitmodules
  • tools/yscope-dev-utils

Comment thread .github/workflows/binaries.yml Outdated

@hoophalab hoophalab left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

gh release doesn't work

Comment thread .github/workflows/binaries.yml Outdated
Comment thread .github/workflows/binaries.yml
@davemarco
davemarco requested a review from hoophalab July 15, 2026 18:23
Comment thread .github/workflows/binaries.yml Outdated
@davemarco
davemarco merged commit 7bb5ea7 into y-scope:main Jul 17, 2026
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants