feat: add GitHub Actions workflows for release management and Docker … #2
Conversation
…ionally push Docker images
Autopilot PR Check IssuesThe following potential issues were detected in this PR:
|
|
🎉 This PR is included in version 1.0.0 🎉 The release is available on GitHub release Your semantic-release bot 📦🚀 |
There was a problem hiding this comment.
Pull request overview
This pull request adds GitHub Actions workflows for automated release management and Docker deployment to the markitdown-server project. It renames the Kubernetes namespace from "mcp-router" to "markitdown-server" and updates the Docker image reference to use GitHub Container Registry.
Changes:
- Added semantic-release configuration and GitHub Actions workflows for automated release creation and Docker image publishing
- Updated Kubernetes namespace from "mcp-router" to "markitdown-server"
- Changed Docker image reference to use GitHub Container Registry (ghcr.io)
Reviewed changes
Copilot reviewed 6 out of 6 changed files in this pull request and generated 10 comments.
Show a summary per file
| File | Description |
|---|---|
| .releaserc | Configures semantic-release plugins for automated release management |
| .github/workflows/create-release.yaml | Workflow for creating releases via semantic-release on manual trigger |
| .github/workflows/release.yaml | Workflow for building/pushing Docker images and deploying to Kubernetes on release creation |
| k8s/namespace.yaml | Updates namespace from "mcp-router" to "markitdown-server" |
| k8s/kustomization.yaml | Updates namespace reference to match new namespace name |
| k8s/deployment.yaml | Updates Docker image to use GitHub Container Registry |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| type=ref,event=branch | ||
| type=ref,event=pr |
There was a problem hiding this comment.
The metadata extraction includes tag types for branch and PR events (lines 38-39), but this workflow only triggers on release creation events. These tag type configurations will never be used and should be removed to avoid confusion.
| type=ref,event=branch | |
| type=ref,event=pr |
| type=semver,pattern=v{{major}}.{{minor}} | ||
| type=semver,pattern=v{{major}} | ||
| type=raw,value=latest,enable={{is_default_branch}} | ||
| type=sha,prefix=sha- |
There was a problem hiding this comment.
The SHA-based tag (line 44) will be generated for every release, potentially creating confusion since the release is already versioned. Consider whether this tag is necessary for this workflow, as it's more commonly used in CI workflows that build on every commit.
| type=sha,prefix=sha- |
| uses: azure/setup-kubectl@v4 | ||
| with: | ||
| version: "latest" | ||
|
|
||
| - name: Configure kubectl |
There was a problem hiding this comment.
The kubeconfig file is written to disk with sensitive credentials. While the file permissions are set to 600, consider adding cleanup logic to remove the kubeconfig file after the workflow completes, even if subsequent steps fail. This can be done by adding a post-action step or using a try-finally pattern.
| - name: Semantic Release | ||
| uses: cycjimmy/semantic-release-action@v6 | ||
| env: | ||
| GITHUB_TOKEN: ${{ secrets.RELEASE_TOKEN }} |
There was a problem hiding this comment.
The workflow uses a custom RELEASE_TOKEN secret instead of the default GITHUB_TOKEN. Ensure this token has the necessary permissions to create releases. Alternatively, consider using secrets.GITHUB_TOKEN if the job's permissions (contents: write) are sufficient, which would simplify secret management.
| GITHUB_TOKEN: ${{ secrets.RELEASE_TOKEN }} | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |
| tags: ${{ steps.meta.outputs.tags }} | ||
| labels: ${{ steps.meta.outputs.labels }} | ||
| build-args: | | ||
| VERSION=${{ github.ref_name}} |
There was a problem hiding this comment.
Missing space before the closing braces in the template expression. Should be ${{ github.ref_name }} instead of ${{ github.ref_name}}.
| VERSION=${{ github.ref_name}} | |
| VERSION=${{ github.ref_name }} |
| type=semver,pattern=v{{version}} | ||
| type=semver,pattern=v{{major}}.{{minor}} | ||
| type=semver,pattern=v{{major}} | ||
| type=raw,value=latest,enable={{is_default_branch}} |
There was a problem hiding this comment.
The latest tag is configured to be enabled only on the default branch (line 43), but this workflow triggers on release creation events, not branch pushes. The is_default_branch condition will not work as expected here. Consider using enable=${{ github.event.release.prerelease == false }} to tag stable releases as latest, or remove this condition entirely if all releases should be tagged as latest.
| type=raw,value=latest,enable={{is_default_branch}} | |
| type=raw,value=latest,enable=${{ github.event.release.prerelease == false }} |
| # Update kustomization with new image tag | ||
| cd k8s | ||
| kubectl kustomize . | kubectl apply -f - | ||
|
|
||
| # Update the deployment with the specific release tag | ||
| kubectl set image deployment/markitdown-server markitdown-server=ghcr.io/${{ github.repository_owner }}/markitdown-server:${VERSION} -n markitdown-server | ||
|
|
There was a problem hiding this comment.
The deployment update step first applies the kustomization (line 96), then updates the image using kubectl set image (line 99). This could cause a brief moment where the deployment uses the default image from the kustomization before being updated to the release version. Consider using kustomize's image transformation features to set the correct image tag before applying, or use only the kubectl set image command without the prior apply.
| # Update kustomization with new image tag | |
| cd k8s | |
| kubectl kustomize . | kubectl apply -f - | |
| # Update the deployment with the specific release tag | |
| kubectl set image deployment/markitdown-server markitdown-server=ghcr.io/${{ github.repository_owner }}/markitdown-server:${VERSION} -n markitdown-server | |
| # Navigate to kustomization directory | |
| cd k8s | |
| # Ensure kustomize CLI is available (required for 'kustomize edit set image') | |
| if ! command -v kustomize >/dev/null 2>&1; then | |
| curl -s "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh" | bash | |
| export PATH="$PATH:$(pwd)" | |
| fi | |
| # Update kustomization with the specific release image tag | |
| kustomize edit set image markitdown-server=ghcr.io/${{ github.repository_owner }}/markitdown-server:${VERSION} | |
| # Build and apply manifests with the correct image already set | |
| kustomize build . | kubectl apply -f - |
| build-args: | | ||
| VERSION=${{ github.ref_name}} | ||
| COMMIT_HASH=${{ github.sha }} | ||
| BUILD_TIME=${{ steps.build_time.outputs.BUILD_TIME }} |
There was a problem hiding this comment.
The workflow passes build arguments VERSION, COMMIT_HASH, and BUILD_TIME to the Docker build, but the Dockerfile does not define or use these ARG values. Either add ARG declarations in the Dockerfile to use these values (e.g., for metadata labels or environment variables), or remove these build-args from the workflow configuration.
| build-args: | | |
| VERSION=${{ github.ref_name}} | |
| COMMIT_HASH=${{ github.sha }} | |
| BUILD_TIME=${{ steps.build_time.outputs.BUILD_TIME }} |
| @@ -0,0 +1,3 @@ | |||
| { | |||
| plugins: ['@semantic-release/commit-analyzer', '@semantic-release/release-notes-generator', '@semantic-release/github'] | |||
There was a problem hiding this comment.
The .releaserc file uses JavaScript object notation with unquoted property keys, but semantic-release expects valid JSON format. The plugins key should be quoted.
| plugins: ['@semantic-release/commit-analyzer', '@semantic-release/release-notes-generator', '@semantic-release/github'] | |
| "plugins": ["@semantic-release/commit-analyzer", "@semantic-release/release-notes-generator", "@semantic-release/github"] |
| runs-on: ubuntu-latest | ||
| permissions: | ||
| contents: write | ||
| if: ${{ (github.event.pusher.name != 'github action') && (github.ref == 'refs/heads/main') }} |
There was a problem hiding this comment.
The condition references github.event.pusher.name which is not available for workflow_dispatch events. This field is only present in push events. For workflow_dispatch events, consider using github.actor or github.triggering_actor instead, or remove this condition entirely since manual workflows are already intentional actions.
| if: ${{ (github.event.pusher.name != 'github action') && (github.ref == 'refs/heads/main') }} | |
| if: ${{ (github.actor != 'github action') && (github.ref == 'refs/heads/main') }} |
…deployment