Skip to content

feat: add GitHub Actions workflows for release management and Docker … #2

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
sirily11 merged 2 commits into from
Jan 19, 2026
Merged

feat: add GitHub Actions workflows for release management and Docker … #2

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
1aa45da
feat: add GitHub Actions workflows for release management and Docker …
sirily11 Jan 19, 2026
ebc4f03
chore: update release workflow to trigger on pull requests and condit…
sirily11 Jan 19, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 18 additions & 0 deletions .github/workflows/create-release.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
on: workflow_dispatch
name: Create a new release

jobs:
create-release:
runs-on: ubuntu-latest
permissions:
contents: write
if: ${{ (github.event.pusher.name != 'github action') && (github.ref == 'refs/heads/main') }}
Copy link

Copilot AI Jan 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The condition references github.event.pusher.name which is not available for workflow_dispatch events. This field is only present in push events. For workflow_dispatch events, consider using github.actor or github.triggering_actor instead, or remove this condition entirely since manual workflows are already intentional actions.

Suggested change
if: ${{ (github.event.pusher.name != 'github action') && (github.ref == 'refs/heads/main') }}
if: ${{ (github.actor != 'github action') && (github.ref == 'refs/heads/main') }}

Copilot uses AI. Check for mistakes.
steps:
- name: Checkout
uses: actions/checkout@v6
- name: Semantic Release
uses: cycjimmy/semantic-release-action@v6
env:
GITHUB_TOKEN: ${{ secrets.RELEASE_TOKEN }}
Copy link

Copilot AI Jan 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The workflow uses a custom RELEASE_TOKEN secret instead of the default GITHUB_TOKEN. Ensure this token has the necessary permissions to create releases. Alternatively, consider using secrets.GITHUB_TOKEN if the job's permissions (contents: write) are sufficient, which would simplify secret management.

Suggested change
GITHUB_TOKEN: ${{ secrets.RELEASE_TOKEN }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

Copilot uses AI. Check for mistakes.
with:
branch: main
111 changes: 111 additions & 0 deletions .github/workflows/release.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,111 @@
name: Release

on:
pull_request:
branches:
- main
release:
types:
- created

jobs:
docker-release:
name: Build and Push Docker Images
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- name: Checkout repository
uses: actions/checkout@v6

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3

- name: Set up QEMU
uses: docker/setup-qemu-action@v3

- name: Log in to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Extract metadata
id: meta
uses: docker/metadata-action@v5
with:
images: ghcr.io/${{ github.repository_owner }}/markitdown-server
tags: |
type=ref,event=branch
type=ref,event=pr
Comment on lines +41 to +42
Copy link

Copilot AI Jan 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The metadata extraction includes tag types for branch and PR events (lines 38-39), but this workflow only triggers on release creation events. These tag type configurations will never be used and should be removed to avoid confusion.

Suggested change
type=ref,event=branch
type=ref,event=pr

Copilot uses AI. Check for mistakes.
type=semver,pattern=v{{version}}
type=semver,pattern=v{{major}}.{{minor}}
type=semver,pattern=v{{major}}
type=raw,value=latest,enable={{is_default_branch}}
Copy link

Copilot AI Jan 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The latest tag is configured to be enabled only on the default branch (line 43), but this workflow triggers on release creation events, not branch pushes. The is_default_branch condition will not work as expected here. Consider using enable=${{ github.event.release.prerelease == false }} to tag stable releases as latest, or remove this condition entirely if all releases should be tagged as latest.

Suggested change
type=raw,value=latest,enable={{is_default_branch}}
type=raw,value=latest,enable=${{ github.event.release.prerelease == false }}

Copilot uses AI. Check for mistakes.
type=sha,prefix=sha-
Copy link

Copilot AI Jan 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The SHA-based tag (line 44) will be generated for every release, potentially creating confusion since the release is already versioned. Consider whether this tag is necessary for this workflow, as it's more commonly used in CI workflows that build on every commit.

Suggested change
type=sha,prefix=sha-

Copilot uses AI. Check for mistakes.

- name: Set build time
id: build_time
run: echo "BUILD_TIME=$(date -u '+%Y-%m-%d_%H:%M:%S')" >> $GITHUB_OUTPUT

- name: Build and push Docker image
uses: docker/build-push-action@v6
with:
context: .
platforms: linux/amd64
push: ${{ github.event_name == 'release' }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
build-args: |
VERSION=${{ github.ref_name}}
Copy link

Copilot AI Jan 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Missing space before the closing braces in the template expression. Should be ${{ github.ref_name }} instead of ${{ github.ref_name}}.

Suggested change
VERSION=${{ github.ref_name}}
VERSION=${{ github.ref_name }}

Copilot uses AI. Check for mistakes.
COMMIT_HASH=${{ github.sha }}
BUILD_TIME=${{ steps.build_time.outputs.BUILD_TIME }}
Comment on lines +61 to +64
Copy link

Copilot AI Jan 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The workflow passes build arguments VERSION, COMMIT_HASH, and BUILD_TIME to the Docker build, but the Dockerfile does not define or use these ARG values. Either add ARG declarations in the Dockerfile to use these values (e.g., for metadata labels or environment variables), or remove these build-args from the workflow configuration.

Suggested change
build-args: |
VERSION=${{ github.ref_name}}
COMMIT_HASH=${{ github.sha }}
BUILD_TIME=${{ steps.build_time.outputs.BUILD_TIME }}

Copilot uses AI. Check for mistakes.
cache-from: type=gha
cache-to: type=gha,mode=max

k8s-deploy:
name: Deploy to Kubernetes
needs: docker-release
runs-on: ubuntu-latest
if: github.event_name == 'release'
permissions:
contents: read
steps:
- name: Checkout repository
uses: actions/checkout@v6

- name: Set up kubectl
uses: azure/setup-kubectl@v4
with:
version: "latest"

- name: Configure kubectl
Comment on lines +80 to +84
Copy link

Copilot AI Jan 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The kubeconfig file is written to disk with sensitive credentials. While the file permissions are set to 600, consider adding cleanup logic to remove the kubeconfig file after the workflow completes, even if subsequent steps fail. This can be done by adding a post-action step or using a try-finally pattern.

Copilot uses AI. Check for mistakes.
run: |
mkdir -p ~/.kube
echo "${{ secrets.K8S_CONFIG_FILE_B64 }}" | base64 -d > ~/.kube/config
chmod 600 ~/.kube/config

- name: Verify kubectl connection
run: kubectl cluster-info

- name: Update deployment image
run: |
# Extract version from release tag
VERSION="${{ github.ref_name }}"

# Update kustomization with new image tag
cd k8s
kubectl kustomize . | kubectl apply -f -

# Update the deployment with the specific release tag
kubectl set image deployment/markitdown-server markitdown-server=ghcr.io/${{ github.repository_owner }}/markitdown-server:${VERSION} -n markitdown-server

Comment on lines +98 to +104
Copy link

Copilot AI Jan 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The deployment update step first applies the kustomization (line 96), then updates the image using kubectl set image (line 99). This could cause a brief moment where the deployment uses the default image from the kustomization before being updated to the release version. Consider using kustomize's image transformation features to set the correct image tag before applying, or use only the kubectl set image command without the prior apply.

Suggested change
# Update kustomization with new image tag
cd k8s
kubectl kustomize . | kubectl apply -f -
# Update the deployment with the specific release tag
kubectl set image deployment/markitdown-server markitdown-server=ghcr.io/${{ github.repository_owner }}/markitdown-server:${VERSION} -n markitdown-server
# Navigate to kustomization directory
cd k8s
# Ensure kustomize CLI is available (required for 'kustomize edit set image')
if ! command -v kustomize >/dev/null 2>&1; then
curl -s "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh" | bash
export PATH="$PATH:$(pwd)"
fi
# Update kustomization with the specific release image tag
kustomize edit set image markitdown-server=ghcr.io/${{ github.repository_owner }}/markitdown-server:${VERSION}
# Build and apply manifests with the correct image already set
kustomize build . | kubectl apply -f -

Copilot uses AI. Check for mistakes.
# Wait for rollout to complete
kubectl rollout status deployment/markitdown-server -n markitdown-server --timeout=300s

- name: Verify deployment
run: |
kubectl get pods -n markitdown-server -l app=markitdown-server
kubectl get service -n markitdown-server markitdown-server
3 changes: 3 additions & 0 deletions .releaserc
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
{
plugins: ['@semantic-release/commit-analyzer', '@semantic-release/release-notes-generator', '@semantic-release/github']
Copy link

Copilot AI Jan 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The .releaserc file uses JavaScript object notation with unquoted property keys, but semantic-release expects valid JSON format. The plugins key should be quoted.

Suggested change
plugins: ['@semantic-release/commit-analyzer', '@semantic-release/release-notes-generator', '@semantic-release/github']
"plugins": ["@semantic-release/commit-analyzer", "@semantic-release/release-notes-generator", "@semantic-release/github"]

Copilot uses AI. Check for mistakes.
}
2 changes: 1 addition & 1 deletion k8s/deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@
volumes:
containers:
- name: markitdown-server
image: sirily11/markitdown-server:latest
image: ghcr.io/sirily11/markitdown-server:latest

Check notice on line 21 in k8s/deployment.yaml

View check run for this annotation

Autopilot Project manager / Autopilot PR Check

Hardcoded Value 

Hardcoded image owner 'sirily11' likely mismatches the repository owner ('rxtech-lab') used in the build workflow, causing deployment failures.
resources:
limits:
memory: "1024Mi"
Expand Down
2 changes: 1 addition & 1 deletion k8s/kustomization.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization

namespace: mcp-router
namespace: markitdown-server

resources:
- namespace.yaml
Expand Down
2 changes: 1 addition & 1 deletion k8s/namespace.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: mcp-router
name: markitdown-server