This document describes how modules publish new versions to the shared
bazel_registry via GitHub Actions. It uses three workflows:
- A reusable workflow in the registry/cicd-workflows repo
- An automatic workflow in each module repo. Especially for repos that do not perform any post PR testing.
- A manual / recovery workflow in each module repo
- One way for modules to request a registry update.
- As much logic as possible in the reusable workflow.
- Secure handling of tokens
File:
reusable-bazel-registry-publish.yml
Called from: module repos (workflow_call).
- Determine and validate the tag:
pushevent: tag fromgithub.ref(refs/tags/v*).releaseevent: tag fromgithub.event.release.tag_name.workflow_dispatch: tag from inputversion→v<version>.
- Validate version:
- Strip leading
v, enforce PEP 440 viapackaging.version.Version(TODO: whichsemvervariant do we use?). - On
releaseevents: ensure release name starts with the tag.
- Strip leading
- Determine Bazel module name:
- Checkout caller repo.
- Parse
MODULE.bazelformodule(name = "…").
- Create / update PR in
bazel_registry:-
Checkout
BAZEL_REGISTRY_REPOSITORY(org var, default:eclipse-score/bazel_registry). -
Install and run
registry_manager, e.g.:python registry_manager add "<module>" "<tag>" "<source_repo>" "<source_sha>"
-
Use
peter-evans/create-pull-request@v7to:- create/update branch
update/<module>/<tag> - commit changes
- open/update PR with title
Add <module> @ <tag>.
- create/update branch
-
- Inputs
version(optional): PEP 440 version withoutv, only used for manual runs.
- Secrets
registry-token(required): PAT with write access tobazel_registry(used for checkout + PR creation).
File:
.bazel-registry-auto.yml
Purpose:
Publish module to registry automatically on tag pushes and releases.
pushwithtags: v*releasewithtypes: [published]
- Should modules create a PR or trigger a workflow? Triggering the workflow is a clearer API, but creating a PR creates a true end-to-end experience. The created PR can be linked.
- Should we even support on tag / on release?