Skip to content

[Backport 2.29-maintenance] ci: GitHub releng for release automation #14898

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
internal-nix-ci merged 6 commits into from
Jan 1, 2026
Merged

[Backport 2.29-maintenance] ci: GitHub releng for release automation #14898

internal-nix-ci merged 6 commits into from
Jan 1, 2026

Conversation

@internal-nix-ci
Copy link

@internal-nix-ci internal-nix-ci bot commented Jan 1, 2026

Automatic backport to 2.29-maintenance, triggered by a label in #14888.

@xokdvium @github-actions
maintainers/upload-release.pl: Make more configurable
d79461a 
This allows for testing with a local minio deployment like:

./upload-release.pl --skip-docker --skip-git --s3-endpoint http://localhost:9000 --s3-host localhost:9000 1821360

(cherry picked from commit d19b8d5)
@xokdvium @github-actions
maintainers: Document git tag signing
184bcfb 
Previously it was only Eeclo doing releases that were signed with
B541D55301270E0BCF15CA5D8170B4726D7198DE. Other linux distributions
have the expectation (rightfully so) that our tags are signed. Let's
document this.

We could do cross-signing to make tracing the chain of trust easier
for all Nix team members [1].

[1]: https://nixos.org/community/teams/nix/

(cherry picked from commit 6cb8b58)
@xokdvium @github-actions
ci: Add upload-release.yml
ef0ea60 
This workflow is supposed to automate release uploads by using OIDC
for AWS setup. DockerHub still uses long-lived credentials, but that's
not fixable. In a follow-up we could set up release uploads to GHCR too.

(cherry picked from commit 4599daa)
@xokdvium @github-actions
upload-release: Also push to GHCR as part of the release process
c3c0c35 
(cherry picked from commit a156945)
@xokdvium @github-actions
upload-release: Only upload the newly created tag
a814901 
(cherry picked from commit 3933e45)
@xokdvium @github-actions
release-process: Document usage of upload-release.yml workflow
eee30e8 
(cherry picked from commit 84ff2ef)
@internal-nix-ci internal-nix-ci bot requested a review from edolstra as a code owner January 1, 2026 14:45
@internal-nix-ci internal-nix-ci bot enabled auto-merge January 1, 2026 14:45
@internal-nix-ci internal-nix-ci bot mentioned this pull request Jan 1, 2026
Merged
3 tasks
@internal-nix-ci internal-nix-ci bot merged commit b36b22e into 2.29-maintenance Jan 1, 2026
14 checks passed
@internal-nix-ci internal-nix-ci bot deleted the backport-14888-to-2.29-maintenance branch January 1, 2026 15:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@edolstra edolstra Awaiting requested review from edolstra edolstra is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@xokdvium