Skip to content

v1.3.27.1 -- Release publishing automation

A tooling-only patch on top of v1.3.27. Adds the .github/workflows/release.yml workflow that auto-publishes a GitHub release on every tag push, sourced from the matching docs/release-notes/<tag>.md file.

Why

Through v1.3.27 every tag was pushed to GitHub but the matching release object on the Releases page had to be created manually via the web UI or gh release create. That step was easy to skip -- the Releases page on argos-edge stayed stuck on an old version more than once. The workflow closes the loop: tag push becomes the human action; the release object becomes automation's responsibility.

Why a four-component version (and not a panel rebuild)

v1.3.28 is reserved for the per-host true_detect_mode feature deferred from v1.3.27 (planning at docs/planning/v1.3.28-true-detect-mode.md). Bumping to v1.3.28 for a release-tooling change would orphan that planning doc.

v1.3.27.1 is a one-time precedent that argos-edge will use sparingly: tooling-only patches that ship CI/CD glue without a panel binary change. The panel runtime is identical to v1.3.27 -- backend/cmd/argos/main.go argosVersion and frontend/package.json version deliberately stay at 1.3.27 in this release. The argos image you ran for v1.3.27 is the argos image you run for v1.3.27.1; no rebuild needed.

What ships

.github/workflows/release.yml

Triggered by tag pushes matching v[0-9]+.*. Steps:

  1. actions/checkout@v4 at the tag ref.
  2. Resolve the release-notes path:
  3. Pre-release tags (containing a - like v1.4.0-alpha) read from docs/release-notes/prereleases/<tag>.md and get prerelease=true.
  4. Stable tags read from docs/release-notes/<tag>.md and get prerelease=false.
  5. If the file is missing the workflow fails with a clear ::error:: line so a malformed release stops at the workflow rather than producing an empty release object.
  6. softprops/action-gh-release@v2 POSTs the release with the resolved body, tag_name = github.ref_name, draft=false.

permissions: contents: write is set at the workflow level -- same pattern as the existing docs.yml workflow uses to push to gh-pages. The default GITHUB_TOKEN ships with contents: read on repos created post-2023, so the bump is explicit.

docs/operations/release-process.md

New ops page covering the pre-tag checklist, the tag-push command shape, pre-release flag handling, the workflow's limitations (no retroactive trigger; no artefact uploads), how to backfill a pre-existing untagged release with gh release create, and the three most-likely failure modes (empty body, permissions error, action version pin).

Verification

Smoke for this release IS the workflow run itself:

  1. Commit the workflow + docs to main. Push.
  2. Tag v1.3.27.1 and push the tag.
  3. Watch GitHub Actions: a new "Publish GitHub release" run appears on the tag push.
  4. On success the release at /releases/tag/v1.3.27.1 carries the body of this file.

If step 3 fails, the typical causes (in priority order) are:

  • permissions: contents: write was dropped / mistyped.
  • The release-notes file path is wrong (typo in tag vs filename).
  • softprops/action-gh-release@v2 major-version float resolved to a yanked release; pin to a specific tag if so.

There is no separate scripts/smoke/release.sh because the verification is the workflow run itself; running it locally would just re-execute softprops/action-gh-release against GitHub's API which is the same code path.

Files added

  • .github/workflows/release.yml (new)
  • docs/operations/release-process.md (new)
  • docs/release-notes/v1.3.27.1.md (this file)
  • CHANGELOG.md, mkdocs.yml updated

Files NOT changed

  • backend/cmd/argos/main.go -- argosVersion = "1.3.27" intentionally preserved.
  • frontend/package.json -- version: "1.3.27" intentionally preserved.
  • All v1.3.27 backend / frontend / migration code unchanged.
  • No new docker image build needed; v1.3.27 image continues to run argos-prod-panel.

Upgrade

cd ~/argos-edge
git pull
make sync-prod          # picks up the workflow file + ops page;
                        # crowdsec / Caddy bind mounts unchanged

make deploy-prod is not required for this release. The panel image does not change.

Future maintenance

This release locks in three conventions for future tags:

  1. Release notes file is mandatory. release.yml fails the publish step when docs/release-notes/<tag>.md is missing. This forces every release to have a written body before tagging.
  2. Pre-release tags use - suffix. The workflow's prerelease detection is *-* and reads from a different directory. Don't tag a stable release as v1.4.0-final -- the workflow will route it to prereleases/.
  3. mkdocs.yml nav must list the new file. Documented in the pre-tag checklist; mkdocs --strict catches missing entries before push.

The four-component v1.3.27.1 precedent is reserved for tooling-only patches with no panel runtime change. Anything that touches Go or TypeScript code bumps the standard three-component version.