stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 1 Releases Wiki Activity
Files
b51037a9b8c142ca0750f1c8b9b0ce6fe819294c
git.stella-ops.org/ops/devops
History
master 17d861e4ab
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details
up
2025-10-24 09:15:37 +03:00
..
release
up
2025-10-24 09:15:37 +03:00
AGENTS.md
Resolve Concelier/Excititor merge conflicts
2025-10-20 14:19:25 +03:00
nuget-preview-packages.csv
up
2025-10-24 09:15:37 +03:00
README.md
up
2025-10-24 09:15:37 +03:00
sync-preview-nuget.sh
up
2025-10-24 09:15:37 +03:00
TASKS.md
up
2025-10-24 09:15:37 +03:00

README.md

DevOps Release Automation

The release workflow builds and signs the StellaOps service containers, generates SBOM + provenance attestations, and emits a canonical release.yaml. The logic lives under ops/devops/release/ and is invoked by the new .gitea/workflows/release.yml pipeline.

Local dry run

./ops/devops/release/build_release.py \
  --version 2025.10.0-edge \
  --channel edge \
  --dry-run

Outputs land under out/release/. Use --no-push to run full builds without pushing to the registry.

Required tooling

  • Docker 25+ with Buildx
  • .NET 10 preview SDK (builds container stages and the SBOM generator)
  • Node.js 20 (Angular UI build)
  • Helm 3.16+
  • Cosign 2.2+

Supply signing material via environment variables:

  • COSIGN_KEY_REF e.g. file:./keys/cosign.key or azurekms://…
  • COSIGN_PASSWORD password protecting the above key

The workflow defaults to multi-arch (linux/amd64,linux/arm64), SBOM in CycloneDX, and SLSA provenance (https://slsa.dev/provenance/v1).

UI auth smoke (Playwright)

As part of DEVOPS-UI-13-006 the pipelines will execute the UI auth smoke tests (npm run test:e2e) after building the Angular bundle. See docs/ops/ui-auth-smoke.md for the job design, environment stubs, and offline runner considerations.