Prototype: symmetric per-branch self-release with amd64-only develop builds#125
Merged
Conversation
Bumps the actions-deps group with 4 updates: [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action), [docker/login-action](https://github.com/docker/login-action), [actions/upload-artifact](https://github.com/actions/upload-artifact) and [actions/download-artifact](https://github.com/actions/download-artifact). Updates `docker/setup-qemu-action` from 3 to 4 - [Release notes](https://github.com/docker/setup-qemu-action/releases) - [Commits](docker/setup-qemu-action@v3...v4) Updates `docker/login-action` from 3 to 4 - [Release notes](https://github.com/docker/login-action/releases) - [Commits](docker/login-action@v3...v4) Updates `actions/upload-artifact` from 4 to 7 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@v4...v7) Updates `actions/download-artifact` from 5 to 8 - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](actions/download-artifact@v5...v8) --- updated-dependencies: - dependency-name: docker/setup-qemu-action dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-deps - dependency-name: docker/login-action dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-deps - dependency-name: actions/upload-artifact dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-deps - dependency-name: actions/download-artifact dependency-version: '8' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-deps ... Signed-off-by: dependabot[bot] <support@github.com>
chore: update timezone format, improve Dockerfile and workflow config…
…ions-deps-400bdc52d6 Bump the actions-deps group with 4 updates
Bumps the actions-deps group with 2 updates: [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) and [docker/build-push-action](https://github.com/docker/build-push-action). Updates `docker/setup-buildx-action` from 3 to 4 - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](docker/setup-buildx-action@v3...v4) Updates `docker/build-push-action` from 6 to 7 - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](docker/build-push-action@v6...v7) --- updated-dependencies: - dependency-name: docker/setup-buildx-action dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-deps - dependency-name: docker/build-push-action dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-deps ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps the docker-deps group in /Docker with 1 update: python. Updates `python` from 3.13-slim to 3.14-slim --- updated-dependencies: - dependency-name: python dependency-version: 3.14-slim dependency-type: direct:production dependency-group: docker-deps ... Signed-off-by: dependabot[bot] <support@github.com>
…er-deps-6dafb4a59b Bump python from 3.13-slim to 3.14-slim in /Docker in the docker-deps group
Update upstream versions: device_builder to 1.0.14
Promote develop to main: PR184 resync, device-builder 1.0.14, Docker python bump
Update upstream versions: device_builder to 1.0.15
Update upstream versions: device_builder to 1.0.17
Update upstream versions: device_builder to 1.0.19
Update upstream versions: device_builder to 1.0.20
Bumps the actions-deps group with 1 update: [actions/setup-dotnet](https://github.com/actions/setup-dotnet). Updates `actions/setup-dotnet` from 5.3.0 to 5.4.0 - [Release notes](https://github.com/actions/setup-dotnet/releases) - [Commits](actions/setup-dotnet@9a946fd...26b0ec1) --- updated-dependencies: - dependency-name: actions/setup-dotnet dependency-version: 5.4.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-deps ... Signed-off-by: dependabot[bot] <support@github.com>
…ions-deps-026f379d1f Bump actions/setup-dotnet from 5.3.0 to 5.4.0 in the actions-deps group
Update upstream versions: device_builder to 1.0.21
main accumulated tracker/dependabot bumps (device_builder -> 1.0.21, setup-dotnet 5.4, python, ...) while develop carried the CI/CD migration. Resolve the two conflicts: get-version-task.yml takes the migrated version (nbgv@master, setup-dotnet 5.4, threaded NBGV); upstream-version.json takes main's newer pin (device_builder 1.0.21). All other main stragglers (e.g. the Dockerfile python bump) merge cleanly. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Promote: branch-scoped triggered-Docker CI/CD migration (1.8)
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Update upstream versions: device_builder to 1.0.28
Update upstream versions: device_builder to 1.0.29
Forward-flow promotion from develop.
Bumps the actions-deps group with 2 updates: [docker/login-action](https://github.com/docker/login-action) and [DavidAnson/markdownlint-cli2-action](https://github.com/davidanson/markdownlint-cli2-action). Updates `docker/login-action` from 4.3.0 to 4.4.0 - [Release notes](https://github.com/docker/login-action/releases) - [Commits](docker/login-action@c99871d...af1e73f) Updates `DavidAnson/markdownlint-cli2-action` from 23.2.0 to 24.0.0 - [Release notes](https://github.com/davidanson/markdownlint-cli2-action/releases) - [Commits](DavidAnson/markdownlint-cli2-action@ded1f94...8de2aa0) --- updated-dependencies: - dependency-name: docker/login-action dependency-version: 4.4.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-deps - dependency-name: DavidAnson/markdownlint-cli2-action dependency-version: 24.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-deps ... Signed-off-by: dependabot[bot] <support@github.com>
…tions-deps-7abcd22c56 chore(deps): bump the actions-deps group with 2 updates
Update upstream versions: device_builder to 1.1.0
…uilds Reference implementation of the simplified release model: the pin-change push now publishes main OR develop (branches: [main, develop]), so develop self-releases a prerelease and the release path can be validated on develop without reaching main first. Each push runs on its own ref (no matrix, no IGNORE_GITHUB_REF). To contain Docker build minutes (~99% of the fleet's Actions time), develop builds linux/amd64 only and skips QEMU; only a main publish builds multi-arch. The weekly schedule stays main-only. Held for maintainer review. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
There was a problem hiding this comment.
Pull request overview
Implements a prototype of a symmetric, per-branch self-release model: pin changes to upstream-version.json trigger a release on the branch they land on (main as a full release, develop as a prerelease), and develop publishes are optimized to build linux/amd64 only to reduce CI minutes.
Changes:
- Bump
device_builderinupstream-version.jsonto1.1.0. - Expand the publish workflow push trigger from
maintomain+developforupstream-version.jsonchanges. - Make branch-conditional Docker build behavior: only
mainpublishes build multi-arch (amd64,arm64);develop(and smoke) buildsamd64only and skips QEMU.
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| upstream-version.json | Updates the pinned upstream device_builder version. |
| .github/workflows/validate-task.yml | Updates the pinned markdownlint action SHA/version used in validation. |
| .github/workflows/publish-release.yml | Extends push-based publish triggers to develop and updates documentation comments to match the per-branch publish model. |
| .github/workflows/build-docker-task.yml | Adds branch-conditional QEMU and platform selection so develop builds are amd64-only while main remains multi-arch. |
QEMU emulates non-native targets; the runner is amd64, so only arm64 needs registering. The step now runs only for the multi-arch main publish, making the redundant linux/amd64 registration clearer to drop. Addresses Copilot review. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
The 'multi-arch iff full main publish' condition was repeated across the QEMU if and both platforms inputs. Compute it once as a job-level env.PLATFORMS and reference it: both build steps use ${{ env.PLATFORMS }}, and QEMU installs iff contains(env.PLATFORMS, 'arm64') - which is also the more correct condition (install the emulator exactly when arm64 is being built). No extra job (avoids a runner and skip-report handling for a trivial computation); stays declarative.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Describe only the current behavior; drop the multi-line growth and the change-from-prior 'no matrix' phrasing (and the platform detail that lives in build-docker-task). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
docker/setup-qemu-action takes architecture names, so register arm64 (not the os/arch form). Reword the comment to state the reason (arm64 is non-native on the amd64 runner) without the inaccurate 'QEMU only emulates arm64' absolute. Addresses Copilot review. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Reference implementation of the simplified release model (for review - do not merge yet).
What changes
on.push.branches: [main]->[main, develop](paths still[upstream-version.json]). A pin change now self-releases the branch it lands on: main => release, develop => prerelease. This lets the release path be validated on develop without reaching main first, and each push runs on its own ref (no matrix, no IGNORE_GITHUB_REF).linux/amd64only and skips QEMU; only a main publish builds multi-arch (linux/amd64,linux/arm64). Since Docker builds are ~99% of the fleet Actions minutes, this keeps the symmetric-release testability without paying arm64 emulation on every develop pin change.Unchanged: weekly schedule stays main-only (base-image CVE refresh); the
pathsfilter still gates out non-pin pushes (a Dependabot GitHub Actions bump never touchesupstream-version.json, so it never builds).Note:
build-docker-task.ymlstill carries 1 stray LF line from a post-#119 Dependabotuses:bump - left untouched here (separate EOL convergence; root cause is.gitattributes: * -textnot renormalizing).Held for your review as the model reference before generalizing to the template + WORKFLOW.md.