Caddy Server Release Process (opens in new tab)

(github.com)

3 pointsSEJeff1mo ago3 comments

3 comments

Thanks for sharing this, we like it a lot. Mohammed Al-Sahaf implemented this for us so that releases can be made by a quorum of maintainers rather than being blocked by me every time.

Here's the first release done with it: https://github.com/caddyserver/caddy/releases/tag/v2.11.0-be...

And you can see the PR flow where the action happens: https://github.com/caddyserver/caddy/pull/7383

SEJeffOP29d ago

I did some research for a large financial library we were helping maintain to improve CI and did a writeup on the best way to redo the ci for:

* pushing a container image to docker hub

* pushing a sdk to npm

* pushing a rust crate to crates.io

* publishing a cli executable and some docs to GitHub as a release

We settled on a eeeily similar approach as caddy sans the release proposal. We are also heavily focusing on trusted publishing and attestation (via cosign) for any platform that supports it.

I went through this today and it is just work of art. Mohammed Al-Sahaf Is an artisan in CI, truly.

SEJeffOP1mo ago

This is one of the cleanest and nicest "release from a tag securely" builds on github. Also their process to propose a new release is equally based:

https://github.com/caddyserver/caddy/blob/master/.github/wor...

j / k navigate · click thread line to collapse