Deckhand uses a tag-driven release flow. Pushing a semver tag to main triggers the release workflow, which builds the binary, pushes a Docker image to GHCR, and creates a GitHub Release.
- All CI checks pass on
main(make test,go vet, TypeScript type-check, Docker build) - You have push access to the repository
Check the latest CI run on the Actions tab or run locally:
make test
go vet ./...
make docker-buildFollow semver:
| Change | Bump |
|---|---|
| Breaking API or Helm changes | major (v2.0.0) |
| New feature, backward-compatible | minor (v0.2.0) |
| Bug fix or docs-only | patch (v0.1.1) |
git tag v0.1.0
git push origin v0.1.0This triggers the Release workflow.
| Artifact | Location |
|---|---|
| GitHub Release | github.com/<owner>/deckhand/releases/tag/v0.1.0 |
| Release notes | Auto-generated from commits since the last tag |
deckhand binary |
Attached to the GitHub Release |
| Docker image | ghcr.io/<owner>/deckhand:0.1.0 |
| Docker image (minor) | ghcr.io/<owner>/deckhand:0.1 |
| Docker image (sha) | ghcr.io/<owner>/deckhand:sha-<commit> |
# Check the GitHub Release page
gh release view v0.1.0
# Pull and inspect the image
docker pull ghcr.io/<owner>/deckhand:0.1.0
docker run --rm ghcr.io/<owner>/deckhand:0.1.0 --helpIf a release has a critical issue:
-
Delete the tag and release:
git tag -d v0.1.0 git push origin :refs/tags/v0.1.0 gh release delete v0.1.0 --yes
-
Fix the issue on
main. -
Re-tag with the same version or bump to a patch release, then push the tag again.
The release workflow uses docker/metadata-action to produce three tags per release:
{{version}}— full semver, e.g.0.1.0{{major}}.{{minor}}— minor track, e.g.0.1sha-{{sha}}— commit SHA for traceability
There is no latest tag. Users should pin to a specific version.