Automating upstream releases with release-bot

All you need to do is file an issue into your upstream repository and release-bot takes care of the rest.
214 readers like this.
Three giant robots and a person

If you own or maintain a GitHub repo and have ever pushed a package from it into PyPI and/or Fedora, you know it requires some additional work using the Fedora infrastructure.

Good news: We have developed a tool called release-bot that automates the process. All you need to do is file an issue into your upstream repository and release-bot takes care of the rest. But let’s not get ahead of ourselves. First, let’s look at what needs to be set up for this automation to happen. I’ve chosen the meta-test-family upstream repository as an example.

Configuration files for release-bot

There are two configuration files for release-bot: conf.yaml and release-conf.yaml.


conf.yaml must be accessible during bot initialization; it specifies how to access the GitHub repository. To show that, I have created a new git repository named mtf-release-bot, which contains conf.yaml and the other secret files.

repository_name: name
repository_owner: owner
github_token: xxxxxxxxxxxxxxxxxxxxxxxxx
# time in seconds during checks for new releases
refresh_interval: 180

For the meta-test-family case, the configuration file looks like this:

repository_name: meta-test-family
repository_owner: fedora-modularity
github_token: xxxxxxxxxxxxxxxxxxxxx
refresh_interval: 180


release-conf.yaml must be stored in the repository itself; it specifies how to do GitHub/PyPI/Fedora releases.

# list of major python versions that bot will build separate wheels for
  - 2
  - 3
# optional:
  - Example changelog entry
  - Another changelog entry
# this is info for the authorship of the changelog
# if this is not set, person who merged the release PR will be used as an author
author_name: John Doe
# whether to release on fedora. False by default
fedora: false
# list of fedora branches bot should release on. Master is always implied
  - f27

For the meta-test-family case, the configuration file looks like this:

-	2
fedora: true
-	f29
-	f28
trigger_on_issue: true

PyPI configuration file

The file .pypirc, stored in your mtf-release-bot private repository, is needed for uploading the new package version into PyPI:

username = phracek
password = xxxxxxxx

Private SSH key, id_rsa, that you configured in FAS

The final structure of the git repository, with conf.yaml and the others, looks like this:

$ ls -la
total 24
drwxrwxr-x   3 phracek phracek 4096 Sep 24 12:38 .
drwxrwxr-x. 20 phracek phracek 4096 Sep 24 12:37 ..
-rw-rw-r--   1 phracek phracek  199 Sep 24 12:26 conf.yaml
drwxrwxr-x   8 phracek phracek 4096 Sep 24 12:38 .git
-rw-rw-r--   1 phracek phracek 3243 Sep 24 12:38 id_rsa
-rw-------   1 phracek phracek   78 Sep 24 12:28 .pypirc


Releasing to PyPI requires the wheel package for both Python 2 and Python 3, so install requirements.txt with both versions of pip. You must also set up your PyPI login details in $HOME/.pypirc, as described in the PyPI documentation. If you are releasing to Fedora, you must have an active Kerberos ticket while the bot runs, or specify the path to the Kerberos keytab file with -k/–keytab. Also, fedpkg requires that you have an SSH key in your keyring that you uploaded to FAS.

How to deploy release-bot

There are two ways to use release-bot: as a Docker image or as an OpenShift template.

Docker image

Let’s build the image using the s2i command:

$ s2i build $CONFIGURATION_REPOSITORY_URL usercont/release-bot app-name

where $CONFIGURATION_REPOSITORY_URL is a reference to the GitHub repository, like https://<GIT_LAB_PATH>/mtf-release-conf.

Let’s look at Docker images:

$ docker images
REPOSITORY                               	TAG             	IMAGE ID        	CREATED         	SIZE
mtf-release-bot                     	latest          	08897871e65e    	6 minutes ago   	705 MB           	latest          	5b34aa670639    	9 days ago      	705 MB

Now let’s try to run the mtf-release-bot image with this command:

$ docker run mtf-release-bot
---> Setting up ssh key...
Agent pid 12
Identity added: ./.ssh/id_rsa (./.ssh/id_rsa)
12:21:18.982  DEBUG  Loaded configuration for fedora-modularity/meta-test-family
12:21:18.982 	INFO   release-bot v0.4.1 reporting for duty!
12:21:18.982     	DEBUG  Fetching release-conf.yaml
12:21:37.611 	DEBUG  No merged release PR found
12:21:38.282 	INFO   Found new release issue with version: 0.8.5
12:21:42.565 	DEBUG  No more open issues found
12:21:43.190 	INFO   Making a new PR for release of version 0.8.5 based on an issue.
12:21:46.709      	DEBUG  ['git', 'clone', '', '.']

12:21:47.401     	DEBUG  {"message":"Branch not found","documentation_url":""}
12:21:47.994      	DEBUG  ['git', 'config', '', '']

12:21:47.996      	DEBUG  ['git', 'config', '', 'Release bot']

12:21:48.009      	DEBUG  ['git', 'checkout', '-b', '0.8.5-release']

12:21:48.014      	ERROR  No version files found. Aborting version update.
12:21:48.014      	WARNING No present in repository
[Errno 2] No such file or directory: '/tmp/tmpmbvb05jq/'
12:21:48.020      	DEBUG  ['git', 'commit', '--allow-empty', '-m', '0.8.5 release']
[0.8.5-release 7ee62c6] 0.8.5 release

12:21:51.342      	DEBUG  ['git', 'push', 'origin', '0.8.5-release']

12:21:51.905     	DEBUG  No open PR's found
12:21:51.905     	DEBUG  Attempting a PR for 0.8.5-release branch
12:21:53.215     	INFO   Created PR:
12:21:53.216 	INFO   I just made a PR request for a release version 0.8.5
12:21:54.154     	DEBUG  Comment added to PR: I just made a PR request for a release version 0.8.5
 Here's a [link to the PR](
12:21:54.154     	DEBUG  Attempting to close issue #242
12:21:54.992     	DEBUG  Closed issue #242

As you can see, release-bot automatically closed the following issue, requesting a new upstream release of the meta-test-family:

In addition, release-bot created a new PR with changelog. You can update the PR—for example, squash changelog—and once you merge it, it will automatically release to GitHub, and PyPI and Fedora will start.

You now have a working solution to easily release upstream versions of your package into PyPi and Fedora.

OpenShift template

Another option to deliver automated releases using release-bot is to deploy it in OpenShift.

The OpenShift template looks as follows:

kind: Template
apiVersion: v1
  name: release-bot
    description: S2I Relase-bot image builder
    tags: release-bot s2i
    iconClass: icon-python
  template: release-bot
  role: releasebot_application_builder
  - kind : ImageStream
    apiVersion : v1
    metadata :
        name : ${APP_NAME}
        labels :
          appid : release-bot-${APP_NAME}
  - kind : ImageStream
    apiVersion : v1
    metadata :
      name : ${APP_NAME}-s2i
      labels :
        appid : release-bot-${APP_NAME}
    spec :
      tags :
        - name : latest
          from :
            kind : DockerImage
            name : usercont/release-bot:latest
         #  scheduled: true
  - kind : BuildConfig
    apiVersion : v1
    metadata :
      name : ${APP_NAME}
      labels :
        appid : release-bot-${APP_NAME}
    spec :
      triggers :
        - type : ConfigChange
        - type : ImageChange
      source :
        type : Git
        git :
          contextDir : ${CONFIGURATION_REPOSITORY}
        sourceSecret :
          name : release-bot-secret
      strategy :
        type : Source
        sourceStrategy :
          from :
            kind : ImageStreamTag
            name : ${APP_NAME}-s2i:latest
      output :
        to :
          kind : ImageStreamTag
          name : ${APP_NAME}:latest
  - kind : DeploymentConfig
    apiVersion : v1
    metadata :
      name: ${APP_NAME}
      labels :
        appid : release-bot-${APP_NAME}
    spec :
      strategy :
        type : Rolling
      triggers :
         - type : ConfigChange
         - type : ImageChange
           imageChangeParams :
             automatic : true
             containerNames :
               - ${APP_NAME}
             from :
               kind : ImageStreamTag
               name : ${APP_NAME}:latest
      replicas : 1
      selector :
        deploymentconfig : ${APP_NAME}
      template :
        metadata :
          labels :
            appid: release-bot-${APP_NAME}
            deploymentconfig : ${APP_NAME}
        spec :
          containers :
            - name : ${APP_NAME}
              image : ${APP_NAME}:latest
                  memory: "64Mi"
                  cpu: "50m"
                  memory: "128Mi"
                  cpu: "100m"

parameters :
  - name : APP_NAME
    description : Name of application
    value :
    required : true
    description : Git repository with configuration
    value :
    required : true

The easiest way to deploy the mtf-release-bot repository with secret files into OpenShift is to use the following two commands:

$ curl -sLO

In your OpenShift instance, deploy the template by running the following command:

oc process -p APP_NAME="mtf-release-bot" -p CONFIGURATION_REPOSITORY="git@<git_lab_path>/mtf-release-conf.git" -f openshift-template.yml | oc apply


See the example pull request in the meta-test-family upstream repository, where you'll find information about what release-bot released. Once you get to this point, you can see that release-bot is able to push new upstream versions into GitHub, PyPI, and Fedora without heavy user intervention. It automates all the steps so you don’t need to manually upload and build new upstream versions of your package.

User profile image.
Senior Software Engineer at Red Hat. He is a contributor to various project that focus on containers. He is member of Userspace Containerization team, Python developer. He is working on Continous Delivery Pipeline for containers. Let's tests containers as soon as possible.

Comments are closed.

Creative Commons LicenseThis work is licensed under a Creative Commons Attribution-Share Alike 4.0 International License.