privilegedescalation/headlamp-sealed-secrets-plugin
12
0
Fork 0
Code Issues 2 Pull Requests 2 Actions Packages Projects Releases 27 Wiki Activity
Files
604fe06f9cc7949a415b265e80f9cbe07fd6b646
headlamp-sealed-secrets-plugin/RELEASE_QUICK_REFERENCE.md
T
Chris Farhood 78f5074818 chore: optimize Git workflow and CI/CD for Headlamp plugin releases 
Implements comprehensive workflow redesign addressing:
- Non-deterministic builds → Fixed with consistent Node version and npm ci
- Manual checksum management → Automated in publish workflow
- Multiple artifact locations → Single source of truth (GitHub releases)
- Individual file releases → Single tarball artifact
- Artifact Hub mismatches → No rebuild risk, use released tarball

Key improvements:
- CI workflow: faster builds with npm cache, artifact verification
- Publish workflow: deterministic builds, automatic checksum calculation,
  auto-commit of metadata updates, single tarball release
- Branch protection: require PR review and passing CI before merge
- Release process: simplified from manual to 5-minute automated workflow

Documentation:
- GIT_WORKFLOW.md: branching strategy, commit conventions, release process
- RELEASE_GUIDE.md: detailed step-by-step release instructions
- RELEASE_QUICK_REFERENCE.md: copy-paste commands for quick releases
- CI_CD_DESIGN.md: technical architecture and design decisions
- GITHUB_SETUP_CHECKLIST.md: repository configuration guide
- WORKFLOW_OPTIMIZATION_SUMMARY.md: executive summary of changes

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-02-12 13:43:39 -05:00

142 lines
3.9 KiB
Markdown
Raw Blame History

# Release Quick Reference
## One-Minute Release (Copy & Paste)
```bash
# 1. Bump version
cd headlamp-sealed-secrets
npm version patch # or minor/major
cd ..
# 2. Update metadata (edit artifacthub-pkg.yml manually)
# Change: version: 0.2.5 and appVersion: 0.2.5
# 3. Commit and tag
NEWVER=$(grep '"version"' headlamp-sealed-secrets/package.json | grep -oE '[0-9]+\.[0-9]+\.[0-9]+')
git add headlamp-sealed-secrets/package.json artifacthub-pkg.yml CHANGELOG.md
git commit -m "chore(release): bump version to $NEWVER"
git push origin main
git tag -a v$NEWVER -m "Release version $NEWVER"
git push origin v$NEWVER
# Done! Publish workflow runs automatically.
```
## Version Bump Levels
| Command | Before | After | Use Case |
|---------|--------|-------|----------|
| `npm version patch` | 0.2.4 | 0.2.5 | Bug fixes |
| `npm version minor` | 0.2.4 | 0.3.0 | New features |
| `npm version major` | 0.2.4 | 1.0.0 | Breaking changes |
## Three Files to Update
1. **headlamp-sealed-secrets/package.json**
- `npm version patch` does this automatically
2. **artifacthub-pkg.yml** (root)
```yaml
version: 0.2.5
appVersion: 0.2.5
```
3. **CHANGELOG.md** (optional but recommended)
```markdown
## [0.2.5] - 2026-02-12
### Fixed
- Description of fix
```
## Verification Steps
After pushing tag:
1. GitHub Actions: https://github.com/privilegedescalation/headlamp-sealed-secrets-plugin/actions
- Watch for "Publish Release" workflow
- Should complete in 3-5 minutes
2. GitHub Releases: https://github.com/privilegedescalation/headlamp-sealed-secrets-plugin/releases
- New release should appear
- Should contain tarball artifact
3. Artifact Hub: https://artifacthub.io/packages/headlamp-sealed-secrets
- Wait 5-10 minutes for sync
- Verify new version appears
## Git Commands Cheat Sheet
```bash
# See current version
grep '"version"' headlamp-sealed-secrets/package.json
# See all tags
git tag -l | sort -V
# See recent commits
git log --oneline -10
# See if anything is uncommitted
git status
# Update main from remote
git pull origin main
# Create annotated tag
git tag -a v0.2.5 -m "Release version 0.2.5"
# Push tag (triggers workflow)
git push origin v0.2.5
# Delete tag if you made mistake
git tag -d v0.2.5
git push origin -d v0.2.5
```
## Common Issues & Fixes
| Issue | Fix |
|-------|-----|
| "tag already exists" | `git tag -d v0.2.5 && git push origin -d v0.2.5` |
| "workflow failed" | Check Actions tab for error, fix locally, delete tag, retry |
| "checksum mismatch" | Use tarball from GitHub release, never rebuild locally |
| "Artifact Hub out of sync" | Force sync from ArtifactHub UI or wait 10 minutes |
| "version doesn't match" | Ensure package.json, artifacthub-pkg.yml, and tag all match |
## File Locations
```
headlamp-sealed-secrets-plugin/
├── headlamp-sealed-secrets/package.json ← Version source of truth
├── artifacthub-pkg.yml ← Must match above
├── CHANGELOG.md ← Release notes
├── .github/workflows/publish.yml ← Automation
└── .github/workflows/ci.yml ← CI checks
```
## Pre-Release Checklist
```
- [ ] All tests green on main branch
- [ ] Code merged and CI passing
- [ ] CHANGELOG updated (optional)
- [ ] No uncommitted changes: git status
```
## After Release
```
- [ ] Verify GitHub Actions succeeded
- [ ] Verify GitHub Release created with tarball
- [ ] Wait 5-10 min, verify Artifact Hub updated
- [ ] Download tarball and verify it works locally (optional)
- [ ] Close related GitHub issues (optional)
```
## Documentation Links
- Full Guide: [RELEASE_GUIDE.md](/Users/cpfarhood/Documents/Repositories/headlamp-sealed-secrets-plugin/RELEASE_GUIDE.md)
- Git Workflow: [GIT_WORKFLOW.md](/Users/cpfarhood/Documents/Repositories/headlamp-sealed-secrets-plugin/GIT_WORKFLOW.md)
- Development: [DEVELOPMENT.md](/Users/cpfarhood/Documents/Repositories/headlamp-sealed-secrets-plugin/DEVELOPMENT.md)
Reference in New Issue View Git Blame Copy Permalink