Skip to content

fix: only push images and charts on releases with proper package asso… #217

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jul 7, 2025
Merged

fix: only push images and charts on releases with proper package asso… #217

merged 1 commit into from
Jul 7, 2025

Conversation

casibbald
Copy link
Collaborator

Fix: Only Push Images and Charts on Releases with Proper Package Association

Overview

This PR fixes critical issues preventing container images and Helm charts from appearing in GitHub packages. The main problem was that images were being pushed on every commit/PR instead of only on releases, and lacked proper OCI labels for GitHub package association.

Problems Solved

1. Images Not Appearing in GitHub Packages

  • Problem: Container images were being pushed but not showing up on the weaveworks packages page
  • Root Cause: Missing OCI labels for repository association and pushing on every commit instead of releases
  • Solution: Added comprehensive OCI labels and restricted pushing to releases only

2. Workflow Job Dependencies

  • Problem: The release job was depending on build-docs which only runs on PRs, causing release jobs to hang
  • Problem: Jobs were running concurrently instead of sequentially (test → build → release)
  • Solution: Fixed job dependencies to create proper sequential flow

3. Unnecessary Image Pushes

  • Problem: Images were being pushed on every PR and commit to main, cluttering the registry
  • Solution: Build job now only tests Docker builds, release job pushes images only when releases are created

Key Changes Made

1. Release-Only Publishing

# Build job - test only (no pushing)
build:
  steps:
    - name: Build Docker image (test only)
      with:
        push: false
        tags: gitopssets-controller:test

# Release job - push only on releases
release:
  if: needs.release-please.outputs.release_created == 'true'
  steps:
    - name: Build and push release Docker image
      with:
        push: true
        tags: |
          ghcr.io/weaveworks/gitopssets-controller:${{ steps.get_version.outputs.VERSION }}
          ghcr.io/weaveworks/gitopssets-controller:latest

2. Proper OCI Labels for Package Association

labels: |
  org.opencontainers.image.title=GitOpsSet Controller
  org.opencontainers.image.description=A controller for managing GitOpsSet resources
  org.opencontainers.image.source=https://github.com/weaveworks/gitopssets-controller
  org.opencontainers.image.url=https://github.com/weaveworks/gitopssets-controller
  org.opencontainers.image.documentation=https://github.com/weaveworks/gitopssets-controller
  org.opencontainers.image.version=${{ steps.get_version.outputs.VERSION }}
  org.opencontainers.image.revision=${{ github.sha }}
  org.opencontainers.image.licenses=Apache-2.0

3. Sequential Workflow Dependencies

test: # runs first
build:
  needs: [test]  # runs after test passes
release:
  needs: [build, test, release-please]  # runs after build/test, only when release created

Expected Behavior After Fix

GitHub Packages Visibility

  • ✅ Container images will appear in weaveworks packages
  • ✅ Images will be properly linked to the repository with metadata
  • ✅ Helm charts will appear in the packages list
  • ✅ Only release versions will be published (no development/PR images)

Release Process

  1. Merge conventional commit to main → release-please creates release
  2. Release created → workflow runs: test → build → release
  3. Release job publishes:
    • Container image: ghcr.io/weaveworks/gitopssets-controller:v0.x.x and :latest
    • Helm chart: ghcr.io/weaveworks/charts/gitopssets-controller
    • Release manifests attached to GitHub release

Clean Registry

  • No more development/PR images cluttering the registry
  • Only tagged releases and latest images
  • Proper semantic versioning

Testing

  • Workflow syntax is valid
  • Job dependencies are correctly structured
  • OCI labels include all required fields for GitHub package association
  • Build job tests without pushing
  • Release job only runs when release-please creates releases

Impact

  • Fixes missing packages: Images and charts will now appear in GitHub packages
  • Cleaner registry: Only release images, no development clutter
  • Proper metadata: Full OCI label compliance for package association
  • Sequential execution: No wasted resources on concurrent jobs
  • Release automation: Complete hands-off release process

Related Issues

This addresses the core issue where container images were being pushed but not appearing in the GitHub packages interface, making them hard to discover and use.

@casibbald
fix: only push images and charts on releases with proper package asso…
32f72bd 
…ciation

- Build job now only tests Docker builds (no pushing)
- Release job pushes images only when release-please creates a release
- Added comprehensive OCI labels for proper GitHub package association
- Images will be properly linked to repository in GitHub packages
- Helm charts published to ghcr.io/weaveworks/charts only on releases
@casibbald casibbald merged commit ca62f34 into main Jul 7, 2025
3 checks passed
@casibbald casibbald deleted the fix/packages branch July 7, 2025 19:23
@github-actions github-actions bot mentioned this pull request Jul 7, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@casibbald