Updating CI/CD workflows for version release

Signed-off-by: S3B4SZ17 <sebastian.zumbado@sysdig.com>

Author: S3B4SZ17

.github/workflows/publish.yaml

@@ -6,17 +6,33 @@ on:
       - main
     paths:
       - pyproject.toml
+      - Dockerfile
+      - *.py
+      - tests/**
+      - tools/**
+      - utils/**
   workflow_dispatch:
 
 
 jobs:
+  tests:
+    permissions:
+      checks: write
+      pull-requests: write
+      contents: write
+    uses: ./.github/workflows/test.yaml
+    secrets: inherit
   push_to_registry:
     name: Push Docker image to GitHub Packages
     runs-on: ubuntu-latest
+    needs: tests
     permissions:
       contents: read # required for actions/checkout
       packages: write # required for pushing to ghcr.io
       id-token: write # required for signing with cosign
+    outputs:
+      version: ${{ steps.extract_version.outputs.VERSION }}
+      tag: ${{ steps.extract_version.outputs.TAG }}
     steps:
       - name: Check out the repo
         uses: actions/checkout@v4
@@ -26,6 +42,8 @@ jobs:
         run: |
           VERSION=$(grep 'version =' pyproject.toml | sed -e 's/version = "\(.*\)"/\1/')-$(echo $GITHUB_SHA | cut -c1-7)
           echo "VERSION=$VERSION" >> "$GITHUB_OUTPUT"
+          TAG=v$(grep 'version =' pyproject.toml | sed -e 's/version = "\(.*\)"/\1/')
+          echo "TAG=$TAG" >> "$GITHUB_OUTPUT"
 
       - name: Log in to GitHub Container Registry
         uses: docker/login-action@v3
@@ -56,3 +74,29 @@ jobs:
             ghcr.io/sysdiglabs/sysdig-mcp-server:v${{ steps.extract_version.outputs.VERSION }}
           DIGEST: ${{ steps.build-and-push.outputs.digest }}
         run: echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST}
+
+  tag_release:
+    name: Tag Release
+    runs-on: ubuntu-latest
+    needs: push_to_registry
+    steps:
+      - name: Check out the repo
+        uses: actions/checkout@v4
+
+      - name: Get tag version
+        id: semantic_release
+        uses: anothrNick/github-tag-action@1.73.0
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          DEFAULT_BUMP: "patch"
+          TAG_CONTEXT: ${{ (github.base_ref != 'main') && 'branch' || 'repo' }}
+          PRERELEASE_SUFFIX: "beta"
+          PRERELEASE: ${{ (github.base_ref != 'main') && 'true' || 'false' }}
+          DRY_RUN: false
+          INITIAL_VERSION: ${{ needs.push_to_registry.outputs.tag }}
+
+      - name: Summary
+        run: |
+          echo "## Release Summary
+          - Tag: ${{ steps.semantic_release.outputs.tag }}
+          - Docker Image: ghcr.io/sysdiglabs/sysdig-mcp-server:v${{ needs.push_to_registry.outputs.version }}" >> $GITHUB_STEP_SUMMARY

.github/workflows/test.yaml

@@ -4,7 +4,26 @@ on:
   push:
     branches:
       - main
+      - develop
+      - feature/**
+      - release/**
+      - hotfix/**
+    paths:
+      - pyproject.toml
+      - Dockerfile
+      - *.py
+      - tests/**
+      - tools/**
+      - utils/**
   pull_request:
+    paths:
+      - pyproject.toml
+      - Dockerfile
+      - *.py
+      - tests/**
+      - tools/**
+      - utils/**
+  workflow_call:
 
 jobs:
   test:
@@ -34,3 +53,52 @@ jobs:
 
       - name: Run Unit Tests
         run: make test
+
+  pre_release:
+    name: Tag Release
+    runs-on: ubuntu-latest
+    needs: test
+    permissions:
+      contents: write # required for creating a tag
+    steps:
+      - name: Check out the repo
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ github.head_ref }}   # checkout the correct branch name
+          fetch-depth: 0   
+
+      - name: Extract current version
+        id: pyproject_version
+        run: |
+          TAG=v$(grep 'version =' pyproject.toml | sed -e 's/version = "\(.*\)"/\1/')
+          echo "TAG=$TAG" >> "$GITHUB_OUTPUT"
+
+      - name: Get tag version
+        id: semantic_release
+        uses: anothrNick/github-tag-action@1.73.0
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          DEFAULT_BUMP: "patch"
+          TAG_CONTEXT: ${{ (github.base_ref != 'main') && 'branch' || 'repo' }}
+          PRERELEASE_SUFFIX: "beta"
+          PRERELEASE: ${{ (github.base_ref != 'main') && 'true' || 'false' }}
+          DRY_RUN: true
+          INITIAL_VERSION: ${{ steps.pyproject_version.outputs.TAG }}
+
+      - name: Compare versions
+        run: |
+          echo "Current version: ${{ steps.pyproject_version.outputs.TAG }}"
+          echo "New version: ${{ steps.semantic_release.outputs.tag }}"
+          if [ "${{ steps.pyproject_version.outputs.TAG }}" != "${{ steps.semantic_release.outputs.tag }}" ]; then
+            echo "### Version mismatch detected! :warning:
+            Current pyproject version: ${{ steps.pyproject_version.outputs.TAG }}
+            New Tag version: **${{ steps.semantic_release.outputs.tag }}**
+            Current Tag: ${{ steps.semantic_release.outputs.old_tag }}
+            Please update the version in pyproject.toml." >> $GITHUB_STEP_SUMMARY
+            exit 1
+          else
+            echo "### Version match confirmed! :rocket:
+            Current pyproject version: ${{ steps.pyproject_version.outputs.TAG }}
+            New Tag version: **${{ steps.semantic_release.outputs.tag }}**
+            The version is up-to-date." >> $GITHUB_STEP_SUMMARY
+          fi

charts/sysdig-mcp/values.yaml

@@ -8,7 +8,7 @@ image:
   repository: ghcr.io/sysdiglabs/sysdig-mcp-server
   pullPolicy: IfNotPresent
   # Overrides the image tag whose default is the chart appVersion.
-  tag: "latest"
+  tag: "v0.1.1-e789d6e"
 
 imagePullSecrets: []
 nameOverride: ""