Improve release scripts reliability and UX#436
Conversation
There was a problem hiding this comment.
Pull request overview
This PR introduces a top-level scripts/release flow to streamline publishing vector-store releases, while refreshing the supporting release scripts and documentation. It fits into the repo’s release tooling by combining tag creation, artifact building, GitHub release upload, and Docker publishing into a single operator-facing workflow.
Changes:
- Added a new
scripts/releaseorchestrator for dependency checks, tag push, build, and publish steps. - Updated
build-release,upload-release, andrun-with-release-toolchainfor explicit version passing, improved terminal UX, and Docker runtime behavior. - Expanded
docs/releasing.mdto document the new workflow and standalone build/upload usage.
Reviewed changes
Copilot reviewed 5 out of 6 changed files in this pull request and generated 6 comments.
Show a summary per file
| File | Description |
|---|---|
scripts/upload-release |
Adds colored step output, optional version override, GitHub release creation/upload, and Docker image/manifest publishing. |
scripts/run-with-release-toolchain |
Updates Docker invocation to use --init and conditionally allocate a TTY. |
scripts/release |
New end-to-end release entrypoint that validates tooling, tags the repo, builds artifacts, and uploads the release. |
scripts/build-release |
Adds colored step output, optional version override, cleanup traps, artifact summaries, and Docker/SBOM generation flow changes. |
docs/releasing.md |
Documents the new single-command release workflow and revised build/upload behavior. |
Cargo.lock |
Updates workspace package versions in the lockfile to a transient release-derived value. |
swasik
force-pushed
the
update-release-scripts
branch
from
5dee842 to
f649ed4
Compare
swasik
force-pushed
the
update-release-scripts
branch
2 times, most recently
from
0ff55b7 to
fe99bf2
Compare
swasik
force-pushed
the
update-release-scripts
branch
8 times, most recently
from
2b1e260 to
2656177
Compare
swasik
force-pushed
the
update-release-scripts
branch
from
2656177 to
062105b
Compare
swasik
changed the title
| Optionally, you can pass a version explicitly to override automatic detection | ||
| from git tags: |
There was a problem hiding this comment.
Why do we need this override? We shouldn't allow creating same versions from different commits or build setup. Providing annotate tag before is a way to provide this. We should rather check if scylladb/vector-store has the same annotated tag as locally created.
There was a problem hiding this comment.
The override exists because scripts/release orchestrator resolves the version from the annotated tag and passes it down to _build-release and _upload-release. This avoids each sub-script re-resolving it independently. The build-release script is not intended to be called manually in normal workflows — the entry point is scripts/release. Clarified this in docs/releasing.md and added underscores as the prefix of internal scripts to make it easier to spot.
There was a problem hiding this comment.
The override exists because
scripts/releaseorchestrator resolves the version from the annotated tag and passes it down to_build-releaseand_upload-release.
It seems not true. scripts/release has mandatory version arguments. It creates annotated tag, if it doesn't exist. If the tag exists it skip creating annotated tag, but it doesn't check if annotated tag is created in current commit. It seems error prone to me.
There was a problem hiding this comment.
I think that annotated tag should be created by hand, manually. At first release script could resolve current version, resolve it, show to the user. Then version can be read by every script. It could be double check for correctness that the user want to build that version. In the future creating tag in CI should trigger all releasing process - so the version taken from annotated-tag should be de-factor a parameter to the scripts.
| echo "" | ||
| echo "${bold}${green}========================================" | ||
| echo " BUILD COMPLETE: vector-store $vector_store_version" | ||
| echo "========================================${reset}" | ||
| echo "" |
There was a problem hiding this comment.
Do we really need this fancy stuff in release script?
There was a problem hiding this comment.
As above - we do not need them but the summary provides immediate visibility of all produced artifacts and their paths, which is useful when debugging or verifying a release build.
| step_header "Creating and pushing annotated tag $version" | ||
|
|
||
| github_repo=$(git remote get-url origin | sed 's|.*github.com[:/]||;s|\.git$||') | ||
| [[ -n $github_repo ]] || { echo "${red}error: could not determine GitHub repo from origin remote${reset}"; exit 1; } | ||
| echo " Releasing to: $github_repo" | ||
|
|
||
| if git rev-parse "$version" > /dev/null 2>&1; then | ||
| echo " Tag $version already exists, skipping creation." | ||
| else | ||
| git tag -a "$version" -m "Release version $version" | ||
| echo " ${green}Created annotated tag: $version${reset}" | ||
| fi | ||
|
|
||
| git push origin "$version" | ||
| echo " ${green}Pushed tag $version to origin ($github_repo).${reset}" |
There was a problem hiding this comment.
I wouldn't allow pushing anything to repository from release script. I prefer for developer to create a tag on specific commit, push manually this specific annotated tag and release script should read it only without writing anything to repo. It is less error prone in the future if someone run this script on the wrong commit. Doing this manually we can check if tag is on the correct commit without pushing it to the repository.
There was a problem hiding this comment.
I'd prefer to keep tag creation and push in the script for these reasons:
- The script validates semver format before creating the tag, preventing typos.
- It skips creation if the tag already exists (so manual pre-creation works too).
- Having it in one place reduces the chance of pushing a tag from the wrong commit — the script runs on the current HEAD which you can verify with
git log. - The push is to
origin(fork) — pushing toupstreamfor the official release is a separate manual step documented inreleasing.md.
If the tag already exists on remote, the push is a no-op. If you still feel strongly, I could add a --no-tag flag to skip tag creation/push for workflows where tags are pre-created or the direct acknowledgement question.
There was a problem hiding this comment.
I don't agree with providing version by hand. The clue with annotated tag is that it provides a more robust way to label version - it is in the git version history so it will stay. We shouldn't have easy way to build version not connected to the specific git commit.
I'd prefer to keep tag creation and push in the script for these reasons:
1. The script validates semver format before creating the tag, preventing typos.
You can still validate semver format of version taken from annotated tag - you can check if the tag in remote repository points to the same commit as in local repository, you can check if tag points to the HEAD, etc...
2. It skips creation if the tag already exists (so manual pre-creation works too).
The manual pre-creation should be the only way - it will restrict creation of release, but it will remove all maintenance problem with version provided by hand in the script. I think we should at first point the version in git history, then build release for this point - in other case we could end up with few releases with the same version (ie. concurrent release of the version by two developers).
3. Having it in one place reduces the chance of pushing a tag from the wrong commit — the script runs on the current HEAD which you can verify with `git log`.
And I think this could be error prone. Do you now that your HEAD points to the correct git commit? Without pre-creating annotated-tag you can mixed commits on local repo. The sync point is pushing annotated-tag to the git repo - after this operation you are sure, that only one tag exists and you can check if it points to the correct commit.
4. The push is to `origin` (fork) — pushing to `upstream` for the official release is a separate manual step documented in `releasing.md`.
It depends how you setup your local git repositry. I can have different remotes, origin could be scylldb, my fork could be named differently. Our scripts shouldn't restrict local git repository layout.
If the tag already exists on remote, the push is a no-op. If you still feel strongly, I could add a
--no-tagflag to skip tag creation/push for workflows where tags are pre-created or the direct acknowledgement question.
There are problems with concurrently running release, creating tag, etc. We should limit possible combinations - one way is to restrict that we are building version taken from git history and annotated-tag ought to be created before releasing process, manually.
swasik
force-pushed
the
update-release-scripts
branch
from
062105b to
eccf05c
Compare
- Add unified release script that orchestrates tag, build, and upload - Always pass version explicitly to build-release and upload-release - Add --init to docker run for proper signal forwarding (Ctrl+C works) - Add -t flag to docker run when stdout is a terminal - Derive release target repo from origin remote - Set gh repo default before upload to support fork workflows - Add colored output to all release scripts (disabled in non-TTY) - Print Copilot prompt for generating release notes after completion - Update releasing.md documentation
swasik
force-pushed
the
update-release-scripts
branch
from
eccf05c to
6844854
Compare
| # Override step_header for top-level release orchestrator style. | ||
| step_header() { | ||
| _step=$((_step + 1)) | ||
| echo "" | ||
| echo "${bold}${cyan}==> [${_step}/${total_steps}] $1${reset}" | ||
| echo "" | ||
| } |
There was a problem hiding this comment.
Do we really need additional override?
| docker_args+=(-v "$user_cargo_home/registry:$docker_cargo_home/registry") | ||
| fi | ||
|
|
||
| [[ -t 1 ]] && docker_args+=(-t) |
Changes
This PR covers release scripts reliability and UX improvements only. Cross-compilation changes have been moved to #448.
scripts/releaseorchestrator: validates deps, QEMU setup, tag create/push, build, upload, summaryGH_REPOenv var forghCLI scoping (avoids.gh-resolutionfile side effects fromgh repo set-default)SBOM/directoryEXITtrap +INT/TERMtrap inrun-with-release-toolchain--initflag ondocker runfor proper signal forwarding-tflag ondocker runwhen stdout is a terminal$repo/$repo_dirinrealpathandcdto handle paths with spacesscylladb/vector-store)docs/releasing.mddocumentationTests
Known issues
The
build-cloud-imagesscript that is triggered when the version is created fails due to lack of authentication in GCP (RELENG-77).Fixes: VECTOR-665