Our release process is automated by several Prow jobs.
The process publishes two types of artifacts:
- dev builds: the process is fully automated, and it is triggered when changes are merged into
masterbranch - stable builds: the process is automated, but it needs to be manually triggered by tagging a plugin with a release version (see the section below)
Artifacts will be published at https://download.falco.org/?prefix=plugins/.
Since the plugins repository is a monorepo, we introduced a special convention for tagging release versions, so that we can differentiate among plugins. Git tag MUST respect the following format:
name-version
Where name is the plugin name (must match a folder under ./plugins) and version is the plugin version to be released (must match the version string declared by the plugin).
When we release, we do the following process:
- When changes are introduced to a plugin (i.e. a PR gets merged) and its version has been bumped, we choose the git tag based on the above convention
- A person with repository rights creates a new release from the GitHub UI
- Once the CI has done its job, the tag is live on Github, and the plugin package is published at download.falco.org