Release Flow#
Open AD Kit releases are promotions of existing validated builds, not new builds. This ensures that every released image has passed the full build-and-scan pipeline.
Release Process#
flowchart LR
A[Build all images] --> B[Full image scan]
B --> C{Scan passed?}
C -->|Yes| D[Promote build to release]
C -->|No| E[Fix & rebuild]
D --> F[Tag stable aliases]
Step-by-Step#
-
Build
Run the
build-all-imagesworkflow from themainbranch.- Stable Open AD Kit releases must be built from an Autoware
X.Y.Ztag. - Pre-releases may use an Autoware
X.Y.Ztag or a full 40-character SHA.
- Stable Open AD Kit releases must be built from an Autoware
-
Capture the build tag
Keep the
build_tagfrom the workflow summary. It is formatted asRUN_ID-RUN_ATTEMPT(e.g.,123456789-1). -
Scan
Ensure
scan-imagescompletes successfully for thatbuild_tag.- Scheduled builds request scans automatically.
- Otherwise, run
scan-imagesmanually and setbuild_tag.
-
Release
Run the
releaseworkflow with:- Open AD Kit
version(e.g.,v1.0.0orv1.0.0-rc.1) - Validated
build_tag
- Open AD Kit
Validation#
The release workflow validates:
- The source build succeeded and is from
main. - The full scan passed.
- Build metadata, scan metadata, and
.github/image-inventory.jsonare consistent. - Registry digests match between build and scan artifacts.
Only after all checks pass are the stable aliases updated.