Skip to content
Omniglass Omniglass Omniglass

Release Strategy

Releases are manual, immutable, and never mutate main.

How it works

Section titled “How it works”

Every merge to main runs the CI pipeline: build, test, scan, push. Images are pushed with immutable sha-<gitsha> tags. No release is created automatically.

When you are ready to cut a release, preview it first:

Terminal window
make release-plan

This shows all commits since the last tag, the proposed version bump, and which PR titles will appear in the changelog. When it looks right:

Terminal window
make release-apply

This triggers the Create Release workflow on GitHub Actions, which runs semantic-release. It reads all squash-merge commit messages (PR titles) since the last release tag to decide the version bump:

  • feat: — minor bump
  • fix: / perf: / revert: — patch bump
  • BREAKING CHANGE: — major bump
  • If only ci:, docs:, chore:, etc. commits exist — no release is created

When a GitHub Release is created, release.yml fires and:

  1. Promotes existing sha- tagged images to version tags on GHCR and DockerHub (no rebuild)
  2. Generates standalone compose files and uploads them as release assets
  3. Appends an image table and quick start to the release notes

This batched approach lets multiple PRs accumulate before cutting a release, producing coherent changelogs and fewer upgrades for operators.

Image tags

Section titled “Image tags”
TagPurpose
sha-<gitsha>CI artifact, 1:1 with source
v0.1.0Pinned release (recommended for operators)
latestLatest main build

Zabbix version is not part of the image tag. It is recorded as an OCI label (dev.omniglass.zabbix-version) and noted in the release notes. Zabbix is compiled from source via zabbix-docker bake with Omniglass patches applied; the ZABBIX_VERSION file pins the source tag used for all components.

Manual release (specific commit)

Section titled “Manual release (specific commit)”

To release from a specific commit rather than HEAD:

Terminal window
gh release create v0.1.0 --target <commit-sha> --generate-notes

Required secrets

Section titled “Required secrets”
NameTypePurpose
DOCKERHUB_USERNAMEVariableDockerHub push
DOCKERHUB_TOKENSecretDockerHub push
RELEASE_APP_IDVariableGitHub App token for release events
RELEASE_APP_PRIVATE_KEYSecretGitHub App token for release events