Skip to content

feat(ci): add automatic terraform tagging on charm release #438

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
lucabello wants to merge 7 commits into
base: main
Choose a base branch
from
+105 −0
Open

feat(ci): add automatic terraform tagging on charm release #438

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
54f1ff0
feat(ci): add automatic terraform tagging on charm release
lucabello Apr 21, 2026
65165ef
refactor(ci): make terraform release workflow public
lucabello Apr 23, 2026
849c7b4
Merge branch 'main' into feat/tf-tagging
lucabello Apr 23, 2026
3753956
Merge branch 'feat/tf-tagging' of github.com:canonical/observability …
lucabello Apr 23, 2026
d6fafcf
refactor(ci): rename root-path input to terraform-path
lucabello Apr 23, 2026
2db59fb
feat(ci): restrict terraform tagging to track/<major>.<minor> branches
lucabello Apr 27, 2026
a867c38
Merge branch 'main' into feat/tf-tagging
lucabello Apr 28, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
23 changes: 23 additions & 0 deletions .github/workflows/charm-release.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -64,6 +64,16 @@ on:
default: false
required: false
type: boolean
terraform-tag-prefix:
description: "Tag prefix to use for the Terraform release tag."
default: 'tf-'
required: false
type: string
terraform-tag-suffix:
description: "Tag suffix to append to the Terraform release tag."
default: ''
required: false
type: string
secrets:
CHARMHUB_TOKEN:
required: true
Expand Down Expand Up @@ -233,3 +243,16 @@ jobs:
fi
done
fi

release-terraform:
name: Release the Terraform module
needs:
- release-charm
if: github.ref_name != 'main' && startsWith(github.ref_name, 'track/')
uses: ./.github/workflows/terraform-release.yaml
permissions:
contents: write
with:
terraform-tag-prefix: "${{ inputs.terraform-tag-prefix }}"
terraform-tag-suffix: "${{ inputs.terraform-tag-suffix }}"
terraform-path: "${{ inputs.charm-path }}/terraform"
82 changes: 82 additions & 0 deletions .github/workflows/terraform-release.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,82 @@
name: Release Terraform module

on:
workflow_call:
inputs:
terraform-tag-prefix:
description: "Tag prefix to use for the Terraform release tag."
default: 'tf-'
required: false
type: string
terraform-tag-suffix:
description: "Tag suffix to append to the Terraform release tag."
default: ''
required: false
type: string
terraform-path:
description: "Path to the terraform directory, relative to the repository root."
default: 'terraform'
required: false
type: string

permissions:
contents: write

jobs:
release:
name: Release the Terraform module
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Validate branch format
id: validate-branch
env:
GIT_BRANCH: ${{ github.ref_name }}
run: |
# Only allow tagging on branches matching track/<major>.<minor>
if [[ "$GIT_BRANCH" =~ ^track/[0-9]+\.[0-9]+$ ]]; then
echo "valid=true" >> "$GITHUB_OUTPUT"
else
echo "Branch '$GIT_BRANCH' does not match track/<major>.<minor> format. Skipping."
echo "valid=false" >> "$GITHUB_OUTPUT"
fi
- name: Check for terraform changes
if: steps.validate-branch.outputs.valid == 'true'
id: check-changes
env:
TERRAFORM_PATH: ${{ inputs.terraform-path }}
run: |
# Check if the push includes changes to the terraform directory
if git diff --name-only HEAD~1..HEAD | grep -q "^${TERRAFORM_PATH}/"; then
echo "changed=true" >> "$GITHUB_OUTPUT"
else
echo "changed=false" >> "$GITHUB_OUTPUT"
fi
- name: Create Terraform tag
if: steps.validate-branch.outputs.valid == 'true' && steps.check-changes.outputs.changed == 'true'
env:
TERRAFORM_PATH: ${{ inputs.terraform-path }}
TAG_PREFIX: ${{ inputs.terraform-tag-prefix }}
TAG_SUFFIX: ${{ inputs.terraform-tag-suffix }}
GIT_BRANCH: ${{ github.ref_name }}
run: |
# Extract semantic version from the track branch name
track_version="${GIT_BRANCH#track/}"
# Calculate patch version: number of commits touching terraform dir since diverging from main
git fetch origin main
merge_base=$(git merge-base HEAD origin/main)
patch=$(git rev-list --count "$merge_base"..HEAD -- "$TERRAFORM_PATH/")
# Build the tag
tag="${TAG_PREFIX}${track_version}.${patch}${TAG_SUFFIX}"
echo "Creating tag: $tag"
# Configure git with noctua bot identity
git config --global user.email "webops+observability-noctua-bot@canonical.com"
git config --global user.name "Noctua"
# Create and push the annotated tag
git log -1 --pretty=%B > tag-message
git tag --annotate "$tag" --file=tag-message
rm -f tag-message
git push origin "$tag"
Loading