Release Workflow

​

Overview

• Trigger: When a GitHub release is published (not draft)
• Build and Publish: Full build with all quality gates enabled
• Artifact Publishing: Packages and Docker images published to registries
• Quality Checks: SonarQube, Promptfoo, and Redteam tests

​

Workflow Flowchart

​

Workflow Configuration

name: Release
on:
    release:
        types:
            - published

permissions:
    contents: read

jobs:
    publish:
        name: Publish new version ${{ github.event.release.tag_name }}
        if: github.event.release.draft == false
        uses: backbase-common/gc-ai-workflows/.github/workflows/build-publish.yaml@main
        secrets: inherit
        with:
            timeout: 600
            enableSonar: true
            sourcePath: "src/"
            enablePromptfoo: true
            promptfooConfig: "promptfoo_config/*.yaml"
            enableRedteam: true
            redteamConfig: "redteam.yaml"
            redteamNumTests: "5"

​

Release Process

​

1. Release Publication

• The workflow is automatically triggered
• Only non-draft releases trigger the workflow
• The release tag name is used for versioning

​

2. Build and Publish

• Full Quality Gates: All quality checks enabled
• SonarQube: Code quality and security analysis
• Promptfoo: LLM prompt evaluation
• Redteam: Security and adversarial testing
• Docker Build: Container image building
• Security Scan: Trivy vulnerability scanning
• Publish: Artifacts published to Azure Container Registry

​

3. Artifact Publishing

• Docker Images: Tagged with release version
• Packages: Agent packages published to registry
• Quality Reports: SonarQube and test reports

​

Release Artifacts

​

Publishing a Release

​

Steps

1. Create Release Draft: Use the release draft workflow to create a draft
2. Review Release: Review the release draft and release notes
3. Edit if Needed: Update release notes or version if necessary
4. Publish Release: Click “Publish release” in GitHub
5. Workflow Triggers: Production release workflow automatically starts
6. Monitor Build: Watch the workflow execution
7. Verify Artifacts: Confirm artifacts are published successfully

​

Configuration

​

Quality Gates

• SonarQube: enableSonar: true
• Promptfoo: enablePromptfoo: true
• Redteam: enableRedteam: true

​

Timeout

​

Reusable Components Used

• build-publish.yaml: Main reusable workflow that orchestrates the entire build and publish process
• All quality check actions (SonarQube, Promptfoo, Redteam)
• Docker build and push actions
• Security scanning actions

​

Best Practices

• Review Before Publish: Always review release drafts before publishing
• Quality Checks: Ensure all quality gates pass in release draft
• Version Verification: Verify version numbers are correct
• Release Notes: Include comprehensive release notes
• Testing: Test release artifacts before deploying

​

Troubleshooting

​

Release Failures

1. Build Failures: Review build logs for compilation errors
2. Quality Gate Failures: Address SonarQube, Promptfoo, or Redteam issues
3. Security Scan Failures: Fix critical vulnerabilities
4. Docker Build Issues: Check Dockerfile and dependencies
5. Publish Errors: Verify Azure ACR credentials and permissions

​

Verification

• Check workflow logs in GitHub Actions
• Verify Docker images in Azure Container Registry
• Review SonarQube reports
• Check security scan results

​

Next Steps

• Learn about release draft creation
• Understand hotfix releases
• Review CI/CD overview