From 63235a428cbf704daa740f471bd019ba3f2374d3 Mon Sep 17 00:00:00 2001 From: Neha Oudin Date: Thu, 23 Apr 2026 17:41:18 +0200 Subject: [PATCH 1/7] feat(DPE-9769): Add tag workflow This workflow gets the revisions from the release, and binds it to the pip package version and pushes that to an orphan branch (named releases). This will then be read by Airflow to trigger the release workflow. --- .github/workflows/release.yaml | 71 ++++++++++++++++++++++++++++++++++ 1 file changed, 71 insertions(+) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 908be6f8..227778a1 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -38,3 +38,74 @@ jobs: permissions: actions: read # Needed for GitHub API call to get workflow version contents: write # Needed to create git tags + + push-revision-files: + name: Create revision file + needs: + - ci-tests + - tag + - release + runs-on: ubuntu-latest + permissions: + contents: write # Needed to commit and push + env: + RELEASES_BRANCH: releases + steps: + - name: Checkout + uses: actions/checkout@v6 + with: + persist-credentials: false + + - name: Install deps + run: | + sudo snap install jq + pipx install poetry + sudo apt update + sudo apt install -y build-essential python3-dev libldap-dev libsasl2-dev + + - name: Get pip package version + id: package-version + run: | + VERSION=$(poetry show mongo-charms-single-kernel -f json | jq -r '.version') + echo "version=$VERSION" >> $GITHUB_OUTPUT + + - name: Checkout releases + uses: actions/checkout@v6 + with: + persist-credentials: false + ref: ${{ env.RELEASES_BRANCH }} + + - name: Configure git signing + run: | + mkdir -p ~/.ssh + echo "${{ secrets.CI_COMMITS_SSH_SIGNING_KEY }}" > ~/.ssh/ssh-key + chmod 600 ~/.ssh/ssh-key + + git config --global user.name "canonical-data-platform-bot" + git config --global user.email "canonical-data-platform-bot@canonical.com" + + git config --global gpg.format ssh + git config --global user.signingkey ~/.ssh/ssh-key + git config --global commit.gpgsign true + + - name: Write new file + shell: python + run: | + import json + import os + + pip_version = os.environ["PIP_VERSION"] + releases = json.loads(os.environ["REVISIONS"]) + + print(f"{pip_version=} |"{releases=}) + with open(f"revisions_v{pip_version}.json", mode="w") as fd: + fd.write(releases) + env: + PIP_VERSION: ${{ steps.package-version.outputs.version }} + REVISIONS: ${{ needs.release.outputs.charm-revisions }} + + - name: Commit and push changes + run: | + git add revisions_v${PIP_VERSION}.json + git commit -m "New revisions for ${PIP_VERSION}" + git push -u origin ${RELEASES_BRANCH} -f From 4e6fadf51387ca8b22474fe3ba8b17eb1dd0f55f Mon Sep 17 00:00:00 2001 From: Neha Oudin Date: Thu, 23 Apr 2026 17:53:53 +0200 Subject: [PATCH 2/7] fix: linting --- .github/workflows/release.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 227778a1..61578a7b 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -67,7 +67,7 @@ jobs: id: package-version run: | VERSION=$(poetry show mongo-charms-single-kernel -f json | jq -r '.version') - echo "version=$VERSION" >> $GITHUB_OUTPUT + echo "version=${VERSION}" >> "${GITHUB_OUTPUT}" - name: Checkout releases uses: actions/checkout@v6 @@ -106,6 +106,6 @@ jobs: - name: Commit and push changes run: | - git add revisions_v${PIP_VERSION}.json + git add "revisions_v${PIP_VERSION}.json" git commit -m "New revisions for ${PIP_VERSION}" - git push -u origin ${RELEASES_BRANCH} -f + git push -u origin "${RELEASES_BRANCH}" -f From 58e851eb2b31a363fea0cbf710529466de0ec85f Mon Sep 17 00:00:00 2001 From: Neha Oudin Date: Fri, 24 Apr 2026 09:42:42 +0200 Subject: [PATCH 3/7] fix: tested workflow --- .github/workflows/release.yaml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 61578a7b..abab6ed8 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -62,11 +62,12 @@ jobs: pipx install poetry sudo apt update sudo apt install -y build-essential python3-dev libldap-dev libsasl2-dev + echo $(pipx environment --value PIPX_BIN_DIR) >> ${GITHUB_PATH} - name: Get pip package version id: package-version run: | - VERSION=$(poetry show mongo-charms-single-kernel -f json | jq -r '.version') + export VERSION=$(poetry show mongo-charms-single-kernel -f json | jq -r '.version') echo "version=${VERSION}" >> "${GITHUB_OUTPUT}" - name: Checkout releases @@ -97,9 +98,9 @@ jobs: pip_version = os.environ["PIP_VERSION"] releases = json.loads(os.environ["REVISIONS"]) - print(f"{pip_version=} |"{releases=}) + print(f"{pip_version=} |{releases=}") with open(f"revisions_v{pip_version}.json", mode="w") as fd: - fd.write(releases) + fd.write(json.dumps(releases)) env: PIP_VERSION: ${{ steps.package-version.outputs.version }} REVISIONS: ${{ needs.release.outputs.charm-revisions }} @@ -109,3 +110,5 @@ jobs: git add "revisions_v${PIP_VERSION}.json" git commit -m "New revisions for ${PIP_VERSION}" git push -u origin "${RELEASES_BRANCH}" -f + env: + PIP_VERSION: ${{ steps.package-version.outputs.version }} From 22312a128e97c64e40e96929583029e793e38594 Mon Sep 17 00:00:00 2001 From: Neha Oudin Date: Fri, 24 Apr 2026 09:45:38 +0200 Subject: [PATCH 4/7] fix: tested workflow --- .github/workflows/release.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index abab6ed8..283dfc3b 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -62,12 +62,12 @@ jobs: pipx install poetry sudo apt update sudo apt install -y build-essential python3-dev libldap-dev libsasl2-dev - echo $(pipx environment --value PIPX_BIN_DIR) >> ${GITHUB_PATH} + pipx environment --value PIPX_BIN_DIR >> "${GITHUB_PATH}" - name: Get pip package version id: package-version run: | - export VERSION=$(poetry show mongo-charms-single-kernel -f json | jq -r '.version') + VERSION=$(poetry show mongo-charms-single-kernel -f json | jq -r '.version') echo "version=${VERSION}" >> "${GITHUB_OUTPUT}" - name: Checkout releases From 81f784f6332d1296abe185228f1e140597206b8d Mon Sep 17 00:00:00 2001 From: Neha Oudin Date: Fri, 24 Apr 2026 10:24:36 +0200 Subject: [PATCH 5/7] fix: working summary --- .github/workflows/release.yaml | 56 ++++++++++++++++++++++++++++++++-- 1 file changed, 53 insertions(+), 3 deletions(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 283dfc3b..4c5677fa 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -48,6 +48,8 @@ jobs: runs-on: ubuntu-latest permissions: contents: write # Needed to commit and push + outputs: + pip-version: ${{ steps.package-version.outputs.pip-version }} env: RELEASES_BRANCH: releases steps: @@ -68,7 +70,7 @@ jobs: id: package-version run: | VERSION=$(poetry show mongo-charms-single-kernel -f json | jq -r '.version') - echo "version=${VERSION}" >> "${GITHUB_OUTPUT}" + echo "pip-version=${VERSION}" >> "${GITHUB_OUTPUT}" - name: Checkout releases uses: actions/checkout@v6 @@ -102,7 +104,7 @@ jobs: with open(f"revisions_v{pip_version}.json", mode="w") as fd: fd.write(json.dumps(releases)) env: - PIP_VERSION: ${{ steps.package-version.outputs.version }} + PIP_VERSION: ${{ steps.package-version.outputs.pip-version }} REVISIONS: ${{ needs.release.outputs.charm-revisions }} - name: Commit and push changes @@ -111,4 +113,52 @@ jobs: git commit -m "New revisions for ${PIP_VERSION}" git push -u origin "${RELEASES_BRANCH}" -f env: - PIP_VERSION: ${{ steps.package-version.outputs.version }} + PIP_VERSION: ${{ steps.package-version.outputs.pip-version }} + + generate-summary: + name: Generate summary + needs: + - ci-tests + - tag + - release + - push-revision-files + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v6 + with: + persist-credentials: false + - name: Get charm name + id: charm-name + run: | + NAME=$(grep "^name: " metadata.yaml | cut -d":" -f2 | xargs) + echo "charm-name=${NAME}" >> "${GITHUB_OUTPUT}" + - name: summary + shell: python + run: | + import json + import os + + revisions = json.loads(os.environ["REVISIONS"]) + pip_version = os.environ["PIP_VERSION"] + charm_name = os.environ["CHARM_NAME"] + channel = os.environ["CHANNEL"] + + revisions = "\n".join([f"* {architecture}: {revision}" for architecture, revision in revisions.items()]) + + summary = f""" + Charm {charm_name} has been released to channel {channel} + + Revisions published: + {revisions} + + Congratulations! + """ + + with open(os.environ["GITHUB_STEP_SUMMARY"], mode="a") as fd: + fd.write(summary) + env: + PIP_VERSION: ${{ needs.push-revision-files.outputs.pip-version }} + REVISIONS: ${{ needs.release.outputs.charm-revisions }} + CHARM_NAME: ${{ steps.charm-name.outputs.charm-name }} + CHANNEL: ${{ github.ref_name }} From 585465f576646397f90961390fbc94e911ac3443 Mon Sep 17 00:00:00 2001 From: Neha Oudin Date: Fri, 24 Apr 2026 10:27:05 +0200 Subject: [PATCH 6/7] fix: permissions --- .github/workflows/release.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 4c5677fa..070dbc79 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -123,6 +123,8 @@ jobs: - release - push-revision-files runs-on: ubuntu-latest + permissions: + contents: read steps: - name: Checkout uses: actions/checkout@v6 From 223a8572e3b10e9d94f4f860b90dac897822a619 Mon Sep 17 00:00:00 2001 From: Neha Oudin Date: Fri, 24 Apr 2026 16:23:45 +0200 Subject: [PATCH 7/7] fix: Use PAT (persist credentials) --- .github/workflows/release.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 070dbc79..ea01a142 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -75,8 +75,9 @@ jobs: - name: Checkout releases uses: actions/checkout@v6 with: - persist-credentials: false + persist-credentials: true ref: ${{ env.RELEASES_BRANCH }} + token: ${{ secrets.PAT }} - name: Configure git signing run: |