Files
releaser/docs/content/ci-integration.md
T
k3nny 37db8e97ca
ci / vet, staticcheck, test, build (push) Successful in 3m46s
docs / Build and deploy docs (push) Failing after 11s
release / Build and publish release (push) Successful in 4m34s
feat(cmd): release v1.10.0 — shallow clone guard and --check preflight
- refuse to release when the clone is shallow and no previous release tag
  is found: tags beyond the fetch depth would silently restart versioning
  at X.Y.0; --allow-shallow bypasses the guard for a true first release
- new --check preflight validates the release environment without
  releasing: branch resolution + pattern, working tree, tag discovery,
  shallow clone, remote origin URL parse (same parse the push performs),
  push auth method, version files, release target — all problems reported
  at once, non-zero exit on failure
- .releaser.gitlab-ci.yml gains an optional .releaser:check MR-pipeline
  job; CI examples now set GIT_DEPTH: 0

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
2026-07-16 22:12:17 +02:00

4.7 KiB

title, weight
title weight
CI Integration 40

GitLab CI

The simplest setup uses the reusable job template shipped alongside releaser:

# .gitlab-ci.yml
include:
  - project: releaser/releaser
    file: .releaser.gitlab-ci.yml

release:
  extends: .releaser
  variables:
    GITLAB_TOKEN: $RELEASE_TOKEN   # project/group variable with api + write_repository scope

Or write it inline:

release:
  stage: release
  image: registry.example.com/releaser:latest
  rules:
    - if: $CI_COMMIT_BRANCH =~ /^release\/.+$/
  variables:
    GITLAB_TOKEN: $RELEASE_TOKEN
    GIT_DEPTH: 0                   # full history — shallow clones hide previous release tags
  script:
    - releaser
  artifacts:
    reports:
      dotenv: release.env          # exposes NEXT_VERSION to downstream jobs

Consuming NEXT_VERSION downstream

The release.env dotenv artifact exports NEXT_VERSION=<tag> automatically. Downstream jobs can use it:

deploy:
  stage: deploy
  needs:
    - job: release
      artifacts: true
  script:
    - echo "Deploying version $NEXT_VERSION"

Disable the dotenv artifact (e.g. for local runs):

releaser --release-env-file ""

Write it to a custom path:

releaser --release-env-file deploy/version.env

GitHub Actions / Gitea Actions

name: release
on:
  push:
    branches:
      - 'release/**'

jobs:
  release:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0          # full history needed for tag discovery

      - name: Run releaser
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: |
          curl -sSL https://git.k3nny.fr/k3nny/releaser/releases/latest/download/releaser-linux-amd64 \
            -o /usr/local/bin/releaser
          chmod +x /usr/local/bin/releaser
          releaser

{{< hint warning >}} fetch-depth: 0 is required. A shallow clone (--depth 1) hides the previous tag, causing releaser to treat every commit as the first release. {{< /hint >}}

Preflight checks

releaser --check validates the release environment without releasing anything: branch resolution and pattern match, working tree state, shallow clone, remote URL parseability (the same parse the push performs — it catches shell-quoting accidents in set-url lines), which push auth would be used, configured version files, and the release target. All problems are reported at once, and the exit code is non-zero if any check fails.

Note the split with --dry-run: dry-run answers "what version would be released?" (it analyzes commits and computes the bump); --check answers "will the release plumbing work?" (everything dry-run never touches). Run --check in merge-request pipelines to catch broken CI configuration before it blocks a real release:

release:check:
  stage: test
  image: registry.example.com/releaser:latest
  rules:
    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
  variables:
    GIT_DEPTH: 0
  script:
    - releaser --check --branch "release/0.0"   # any pattern-matching name works for validation

Shallow clones

GitLab CI checks out a shallow clone by default (GIT_DEPTH: 20), and shallow clones hide any release tag beyond the fetch depth — tag discovery would silently restart versioning at X.Y.0. releaser detects this: when the clone is shallow and no previous release tag is found, it refuses to release and asks for full history.

Fix it by fetching full history (GIT_DEPTH: 0 in GitLab CI, fetch-depth: 0 in GitHub Actions, or git fetch --unshallow). If the project genuinely has no release tag yet, pass --allow-shallow to release anyway.

A shallow clone whose history does include the latest release tag is fine — the version calculation is unaffected, and releaser proceeds normally.

Detached HEAD

CI runners check out a commit SHA, leaving the repository in detached HEAD state. releaser detects this and falls back to the branch name from the CI environment, in order:

  1. CI_COMMIT_BRANCH (GitLab CI, branch pipelines)
  2. CI_COMMIT_REF_NAME (GitLab CI)
  3. GITHUB_REF_NAME (GitHub Actions)

So on branch pipelines no extra configuration is needed. To override the detected name (or on runners that set none of these variables), pass it explicitly:

script:
  - releaser --branch "$CI_COMMIT_BRANCH"

SSH push

When pushing over SSH (git@host:... or ssh://... remotes), releaser attempts go-git SSH agent auth automatically — no extra configuration needed as long as the CI runner has an SSH agent socket available.

For HTTPS remotes without a token, releaser delegates to the system git binary so credential helpers and netrc work as expected.