Skip to content

chore: release workflow (tag-triggered, SBOM, GH Release publish) #13

Closed
Closed
chore: release workflow (tag-triggered, SBOM, GH Release publish)#13
Labels
choreMaintenance, tooling, infraciCI workflows and gatesharnessCross-cutting harness mechanics (controls, hooks, gates)releaseRelease automation, SBOM, tags
@constk

Description

@constk
constk
opened on Apr 25, 2026

Problem

Releases need reproducible artefacts (image, SBOM) and a published GitHub Release derived from the draft.

Proposed solution

Port .github/workflows/release.yml: tag pattern v*.*.*. Steps: Docker build with version tag and latest, CycloneDX SBOM via uvx --from cyclonedx-bom==7.3.0, GitHub Release publish (promote draft or create with auto-generated notes), attach sbom.json. Permissions: contents: write, packages: write. Pin all action SHAs.

Acceptance criteria

  • Pushing a v0.1.0 tag triggers the workflow.
  • Image ghcr.io/constk/harness-python-react:0.1.0 and :latest published.
  • sbom.json attached to the release.
  • Draft release promoted to published; notes match release-drafter content.

Priority rationale

Medium: only fires at release time; safe to land later. But the SBOM story is a strong portfolio detail.

Depends on

#6, #12

Metadata

Metadata

Assignees

No one assigned

    Labels

    choreMaintenance, tooling, infraciCI workflows and gatesharnessCross-cutting harness mechanics (controls, hooks, gates)releaseRelease automation, SBOM, tags

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions