GitHub Workflows#

All workflows are stored in .github/workflows/.

Creation of a Release Branch#

A release branch is any branch whose name matches the following regex:

[0-9]\.[0-9]\.[0-9]

When working on a release branch, version files are automatically synchronized to match the branch name. This happens via a pre-commit hook (.precommit/sync_version_files.py) that updates the following files on your first commit:

  • readme.md

  • src/lib/version

  • pyproject.toml

The version sync happens automatically when you commit, so no additional steps are required:

git checkout -B 3.0.0
# Make changes
git commit -m "Your changes"
# Version files are automatically synced and staged by the pre-commit hook
git push --set-upstream origin 3.0.0

Additionally, the update-version-files.yaml workflow runs as a fallback when a release branch is pushed to the remote repository, ensuring version files remain synchronized even if the pre-commit hook did not run.

PR from Release Branch#

When a PR is created from a release branch and targets master, the ci.yaml workflow is triggered, which includes the following automated jobs:

  • Change detection - Determines which components changed (CLI, library, or image)

  • Test release creation - Creates a draft release and tag (0.0.0) with the release branch as its target, allowing the testing suite to access an updated Minitrino library reflective of the current state of the release branch

  • CLI tests - Unit and integration tests for the CLI (runs if CLI files changed)

  • Library tests - Tests modules with both Trino and Starburst distributions (runs if library files changed)

  • Image build tests - Builds and tests the container image (runs if image files changed)

All tests are described in detail in the testing overview.

Merging a PR into master#

Upon completion of the code tests and the merging of a release branch PR into master, the release.yaml workflow is triggered. This workflow:

  • Creates a release whose name matches the name of the merged PR branch (e.g., 3.0.0)

  • Publishes the release and marks it as latest

  • Builds the CLI package and publishes it to PyPI

Automated Dependency Updates#

Dependabot is configured to automatically monitor and update dependencies across the project. Updates are proposed via pull requests on a weekly schedule (Mondays).

Monitored Ecosystems#

  • Python packages (pyproject.toml): Groups type stubs, documentation deps, and dev tools together. Security-critical dependencies (docker, click, requests, PyYAML) create individual PRs for visibility.

  • GitHub Actions (workflow files): Groups Docker actions and GitHub official actions separately.

  • Docker images (Dockerfiles): Monitors base images in src/lib/image/Dockerfile and install/docs/Dockerfile.

Manual Updates Required#

Docker image versions in src/lib/minitrino.env (e.g., POSTGRES_VER, MINIO_VER) are not auto-detected by Dependabot and require periodic manual review and updates.

Reviewing Dependabot PRs#

When reviewing Dependabot PRs:

  1. Verify CI tests pass

  2. Review changelog and breaking changes

  3. For grouped updates (dev tools, docs deps), quick review is sufficient

  4. For security-critical deps, perform thorough testing with affected CLI commands