canonical
diff --git a/‎.github/actions/setup-k8s/action.yml‎
Lines changed: 10 additions & 1 deletion b/‎.github/actions/setup-k8s/action.yml‎
Lines changed: 10 additions & 1 deletion
diff --git a/‎.github/actions/setup-k8s/k8s.sh‎
Lines changed: 55 additions & 27 deletions b/‎.github/actions/setup-k8s/k8s.sh‎
Lines changed: 55 additions & 27 deletions
diff --git a/‎.github/workflows/e2e-tests.yml‎
Lines changed: 9 additions & 2 deletions b/‎.github/workflows/e2e-tests.yml‎
Lines changed: 9 additions & 2 deletions
diff --git a/‎.github/workflows/publish.yml‎
Lines changed: 105 additions & 35 deletions b/‎.github/workflows/publish.yml‎
Lines changed: 105 additions & 35 deletions
diff --git a/‎Makefile‎
Lines changed: 1 addition & 2 deletions b/‎Makefile‎
Lines changed: 1 addition & 2 deletions
@@ -18,6 +18,14 @@ inputs:
     description: Path where Kubeconfig file will be stored
     default: "/home/runner/.kube/config"
     type: string
+  k8s-csi-image-tag:
+    description: Tag of the LXD CSI driver image to deploy to the cluster
+    default: ""
+    type: string
+  k8s-csi-image-path:
+    description: Path to the LXD CSI driver image tarball to import to cluster nodes (empty to skip)
+    default: ""
+    type: string
 
 runs:
   using: composite
@@ -29,6 +37,7 @@ runs:
         K8S_NODE_COUNT: ${{ inputs.k8s-node-count }}
         K8S_SNAP_CHANNEL: ${{ inputs.k8s-snap-channel }}
         K8S_KUBECONFIG_PATH: ${{ inputs.k8s-kubeconfig-path }}
-        K8S_CSI_IMAGE_PATH: lxd-csi-driver.tar
+        K8S_CSI_IMAGE_PATH: ${{ inputs.k8s-csi-image-path }}
+        K8S_CSI_IMAGE_TAG: ${{ inputs.k8s-csi-image-tag }}
       run: |
         ${{ github.action_path }}/k8s.sh deploy
@@ -30,17 +30,13 @@ cleanup() {
 trap cleanup EXIT INT TERM
 
 setEnv() {
-    # Precheck kubectl is installed.
-    if ! command -v kubectl &> /dev/null; then
-        echo "Error: kubectl is not installed. Use 'snap install kubectl --classic' to install it."
-        exit 1
-    fi
-
-    # Precheck lxc is installed.
-    if ! command -v lxc &> /dev/null; then
-        echo "Error: lxc is not installed"
-        exit 1
-    fi
+    # Precheck required binaries are installed.
+    for cmd in kubectl helm lxc; do
+        if ! command -v "${cmd}" &> /dev/null; then
+            echo "Error: ${cmd} is not installed."
+            exit 1
+        fi
+    done
 
     # Precheck that LXD is accessible and trusts us.
     if [ $(lxc query /1.0 | jq -r .auth) != "trusted" ]; then
@@ -59,7 +55,8 @@ setEnv() {
     : "${K8S_NODE_COUNT:=1}"
     : "${K8S_SNAP_CHANNEL:=latest/edge}"
     : "${K8S_KUBECONFIG_PATH:=${ROOT_DIR}/.kube/${K8S_CLUSTER_NAME}.yml}" # Do not use "${HOME}/..." by default to avoid overwriting user's kubeconfig.
-    # K8S_CSI_IMAGE_PATH - Used to import locally built CSI image tarball to all cluster nodes.
+    : "${K8S_CSI_IMAGE_PATH:=}" # Path to the custom LXD CSI driver image to import to cluster nodes.
+    : "${K8S_CSI_IMAGE_TAG:=latest-edge}"
 
     # LXD instance, storage, and network configuration.
     : "${LXD_INSTANCE_IMAGE:=ubuntu-minimal-daily:24.04}"
@@ -323,11 +320,25 @@ k8sWaitReady() {
         echo "Error: Kubernetes cluster is not ready after ${timeout} seconds!" >&2
     ' ERR
 
-    echo "===> Waiting for Kubernetes nodes to become ready ..."
-    kubectl --kubeconfig "${kubeconfigPath}" wait --for=condition=Ready nodes --all --timeout="${timeout}s"
+    local deadline=$((SECONDS + timeout))
+    local nodesReady=0
+    local podsReady=0
+
+    echo "===> Waiting for all Kubernetes nodes and pods to be ready ..."
+    while (( SECONDS < deadline )); do
+        [ "${nodesReady}" -eq 0 ] && kubectl --kubeconfig "${kubeconfigPath}" wait --for=condition=Ready nodes --all --timeout=30s && nodesReady=1
+        [ "${podsReady}" -eq 0 ] && kubectl --kubeconfig "${kubeconfigPath}" wait --for=condition=Ready pods  --all -A --timeout=30s && podsReady=1
+
+        if [ "${nodesReady}" -eq 1 ] && [ "${podsReady}" -eq 1 ]; then
+            break
+        fi
 
-    echo "===> Waiting for all system pods to become ready ..."
-    kubectl --kubeconfig "${kubeconfigPath}" wait --for=condition=Ready pods --all --all-namespaces --timeout="${timeout}s"
+        sleep 2
+    done
+
+    if (( SECONDS >= deadline )); then
+        return 1
+    fi
 
     trap - ERR
 }
@@ -371,6 +382,7 @@ k8sImportImageTarball() {
         return 1
     fi
 
+    # Import the image tarball to all cluster nodes.
     for i in $(seq 1 "${K8S_NODE_COUNT}"); do
         instance="${K8S_CLUSTER_NAME}-node-${i}"
         echo "Importing image ${imagePath} to node ${instance} ..."
@@ -385,7 +397,8 @@ k8sImportImageTarball() {
 # It creates the necessary namespace and applies the deployment manifests.
 installLXDCSIDriver() {
     local kubeconfigPath="${K8S_KUBECONFIG_PATH}"
-    local csiDeployPath="${ROOT_DIR}/deploy"
+    local imagePath="${K8S_CSI_IMAGE_PATH}"
+    local chartRepo="oci://ghcr.io/canonical/charts/lxd-csi-driver"
     local project="${LXD_PROJECT_NAME}"
     local name="${K8S_CLUSTER_NAME}-lxd-csi"
     local group="${name}-group"
@@ -410,7 +423,24 @@ installLXDCSIDriver() {
     echo "===> Installing LXD CSI driver ..."
     kubectl --kubeconfig "${kubeconfigPath}" create namespace lxd-csi --save-config
     kubectl --kubeconfig "${kubeconfigPath}" create secret generic lxd-csi-secret --namespace lxd-csi --from-literal=token="${token}"
-    kubectl --kubeconfig "${kubeconfigPath}" apply -f "${csiDeployPath}"
+
+    if [ "${K8S_CSI_IMAGE_PATH}" != "" ]; then
+        # Build image from source and import it to cluster nodes.
+        k8sImportImageTarball "${imagePath}"
+    fi
+
+    if [ "${K8S_CSI_IMAGE_TAG}" = "dev" ]; then
+        # Use local chart from repository.
+        chartRepo="${ROOT_DIR}/charts"
+    fi
+
+    helm install lxd-csi "${chartRepo}" \
+        --kubeconfig "${kubeconfigPath}" \
+        --namespace lxd-csi \
+        --timeout 120s \
+        --atomic \
+        --wait \
+        --set driver.image.tag="${K8S_CSI_IMAGE_TAG}"
 }
 
 # help prints the usage information for this script.
@@ -468,18 +498,16 @@ case "${cmd}" in
         # Copy kubeconfig to host and adjust the server address.
         k8sCopyKubeconfig "${firstNode}" "${K8S_KUBECONFIG_PATH}"
 
-        if [ "${K8S_CSI_IMAGE_PATH:-}" != "" ]; then
-            k8sImportImageTarball "${K8S_CSI_IMAGE_PATH}"
-        fi
-
-        # Ensure cluster is ready before installing the CSI driver.
+        # Ensure cluster is ready.
         k8sWaitReady
 
-        # Install the LXD CSI driver.
-        installLXDCSIDriver
+        if [ "${K8S_CSI_IMAGE_TAG}" != "" ]; then
+            # Install the LXD CSI driver.
+            installLXDCSIDriver
 
-        # Wait for the CSI to become ready.
-        k8sWaitReady
+            # Wait for the CSI to become ready.
+            k8sWaitReady
+        fi
 
         echo "==> Done"
         echo -e "\nKubernetes cluster:"
 
@@ -40,10 +40,13 @@ jobs:
         with:
           go-version-file: 'go.mod'
 
+      # Build the image before disabling Docker.
       - name: Build CSI driver image
+        id: image
         run: |
           set -e
           make image-export
+          echo "path=lxd-csi-driver.tar" >> "$GITHUB_OUTPUT"
 
       # Disable Docker to avoid conflicts with LXD.
       - name: Disable Docker
@@ -61,16 +64,19 @@ jobs:
           channel: latest/edge
 
       - name: Set Kubeconfig path
+        id: kubeconfig
         run: |
-          echo "K8S_KUBECONFIG_PATH=${HOME}/.kube/config" >> $GITHUB_ENV
+          echo "path=${HOME}/.kube/config" >> "$GITHUB_OUTPUT"
 
       - name: Deploy Kubernetes cluster
         uses: ./.github/actions/setup-k8s
         with:
           k8s-cluster-name: ${{ env.K8S_CLUSTER_NAME }}
           k8s-node-count: 2
           k8s-snap-channel: latest/edge
-          k8s-kubeconfig-path: ${{ env.K8S_KUBECONFIG_PATH }}
+          k8s-kubeconfig-path: ${{ steps.kubeconfig.outputs.path }}
+          k8s-csi-image-path: ${{ steps.image.outputs.path }}
+          k8s-csi-image-tag: dev
 
       - name: Print cluster info
         run: |
@@ -84,6 +90,7 @@ jobs:
       - name: Run E2E tests
         env:
           TEST_LXD_STORAGE_DRIVERS: "${{ matrix.storage_driver }}"
+          K8S_KUBECONFIG_PATH: ${{ steps.kubeconfig.outputs.path }}
         run: |
           set -e
           cd test/e2e
 
@@ -1,10 +1,8 @@
-name: Publish CSI image
+name: Release CSI image
 on:
   push:
     branches:
       - main
-    tags:
-      - "v*"
 
 permissions:
   contents: read
@@ -22,38 +20,89 @@ env:
   VERSION: ${{ github.ref_name == 'main' && 'latest-edge' || github.ref_name }}
 
 jobs:
-  tests:
-    uses: ./.github/workflows/tests.yml
-
-  e2e-tests:
-    needs: tests
-    uses: ./.github/workflows/e2e-tests.yml
-
-  # Publish container image to GHCR if tests passed and we are on main branch.
-  publish:
+  # Precheck job checks whether the CSI image (and Helm chart) publishing is required, and
+  # whether a new GitHub release should be created.
+  # The image/chart are published as "latest-edge" on each push to main branch.
+  # If the GitHub release matching the version in "VERSION" file does not exist yet,
+  # a new release is created.
+  precheck:
     runs-on: ubuntu-24.04
-    needs: e2e-tests
-    if: ${{ github.repository == 'canonical/lxd-csi-driver' }}
-    permissions:
-      contents: read
-      packages: write
+    outputs:
+      versions: ${{ steps.read.outputs.versions }}
+      release: ${{ steps.read.outputs.release }}
     steps:
-      - name: Validate release version
+      - name: Checkout
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+
+      - name: Determine versions to be published
+        id: read
         shell: bash
+        env:
+          # Set GH_TOKEN to authenticate "gh" CLI.
+          GH_TOKEN: ${{ github.token }}
         run: |
           set -e
-          isSemver=false
-          if [[ "${VERSION}" =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
-            isSemver=true
+          release=""   # GitHub release name.
+          versions=""  # CSI image and chart tags.
+
+          # Latest release only on the main branch.
+          if [ "${{ github.ref_name }}" = "main" ]; then
+            versions="${versions} latest-edge"
           fi
 
-          if [[ "${VERSION}" != "latest-edge" && "${isSemver}" != "true" ]]; then
-            echo "Error: Invalid version '${VERSION}'. It must be either 'latest-edge' or a semantic version prefixed with 'v' (e.g., v1.2.3)."
+          # Read and validate current version.
+          version=$(cat VERSION)
+          if [[ ! "${version}" =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
+            echo "Error: Invalid version '${version}' in VERSION file. It must be a semantic version prefixed with 'v'."
             exit 1
           fi
 
-          echo "IS_SEMVER=${isSemver}" >> "$GITHUB_ENV"
+          # Check if the version already exists.
+          # If it does not exist, add versions that need to be published to the list.
+          foundRelease=$(gh release list -R ${{ github.repository }} --json tagName --jq ".[] | select(.tagName == \"${version}\").tagName")
+          if [ "${foundRelease}" = "" ]; then
+            release="${version}"
+            versions="${versions} ${version}"      # Example: v1.2.3
+            versions="${versions} ${version%.*}"   # Example: v1.2
+            versions="${versions} ${version%%.*}"  # Example: v1
+          fi
+
+          # Trim potential surrounding whitespace.
+          versions=$(echo "$versions" | xargs)
+
+          # Output versions for publishing.
+          echo "versions=${versions}" >> "$GITHUB_OUTPUT"
+          echo "release=${release}" >> "$GITHUB_OUTPUT"
+
+      - name: Output versions
+        run: |
+          echo "Versions to be published: ${{ steps.read.outputs.versions }}"
+          echo "Release version: ${{ steps.read.outputs.release }}"
+
+  tests:
+    needs:
+      - precheck
+    permissions:
+      contents: read
+    uses: ./.github/workflows/tests.yml
+
+  e2e-tests:
+    uses: ./.github/workflows/e2e-tests.yml
+    needs:
+      - precheck
+      - tests
 
+  # Publish container image to GHCR if tests passed and we are on main branch.
+  publish:
+    if: ${{ github.repository == 'canonical/lxd-csi-driver' && needs.precheck.outputs.versions != '' }}
+    needs:
+      - precheck
+      - e2e-tests
+    runs-on: ubuntu-24.04
+    permissions:
+      contents: write # Required for creating releases.
+      packages: write # Required for publishing to GHCR.
+    steps:
       - name: Checkout
         uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
 
@@ -62,11 +111,20 @@ jobs:
         with:
           go-version-file: 'go.mod'
 
-      - name: Build image
+      - name: Build image and create image tags
+        id: image
         run: |
           set -e
           make build
 
+          tags=""
+          for version in ${{ needs.precheck.outputs.versions }}; do
+            tags=${tags},${{ env.CONTAINER_REGISTRY }}/${{ github.repository }}:${version}
+          done
+
+          # Output tags with leading comma removed.
+          echo "tags=${tags#,}" >> "$GITHUB_OUTPUT"
+
       - name: Log in to the container registry
         uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
         with:
@@ -80,7 +138,7 @@ jobs:
         with:
           context: .
           push: true
-          tags: ${{ env.CONTAINER_REGISTRY }}/${{ github.repository }}:${{ env.VERSION }}
+          tags: ${{ steps.image.outputs.tags }}
 
       - name: Log in to the Helm registry
         run: |
@@ -93,12 +151,24 @@ jobs:
       - name: Publish new Chart
         run: |
           set -e
-          chartVersion="${{ env.VERSION }}"
-
-          if [ "${{ env.IS_SEMVER }}" != "true" ]; then
-            # Prepend "v0.0.0-" to the version to satisfy Helm versioning requirements.
-            chartVersion="v0.0.0-${chartVersion}"
-          fi
-
-          helm package charts --version "${chartVersion}" --app-version "${{ env.VERSION }}"
-          helm push "lxd-csi-driver-${chartVersion}.tgz" "oci://${{ env.CONTAINER_REGISTRY }}/${{ github.repository_owner }}/charts"
+          for version in ${{ needs.precheck.outputs.versions }}; do
+            chartVersion="${version}"
+
+            # If the version does not start with an integer (prefix 'v' is optional),
+            # we prefix Chart version with 'v0-' prefix to satisfy Helm chart version constraints.
+            if [[ ! "${version}" =~ ^v?[0-9] ]]; then
+              chartVersion="v0-${version}"
+            fi
+
+            helm package charts --version "${chartVersion}" --app-version "${version}"
+            helm push "lxd-csi-driver-${chartVersion}.tgz" "oci://${{ env.CONTAINER_REGISTRY }}/${{ github.repository_owner }}/charts"
+          done
+
+      - name: Make a release
+        uses: softprops/action-gh-release@v2
+        if: ${{ needs.precheck.outputs.release != '' }}
+        with:
+          name: ${{ needs.precheck.outputs.release }}
+          tag_name: ${{ needs.precheck.outputs.release }}
+          generate_release_notes: true
+          draft: false
@@ -1,7 +1,6 @@
 REGISTRY=ghcr.io
 IMAGE=canonical/lxd-csi-driver
-# Use latest-edge for development builds to match what is in deploy/* manifests.
-VERSION?=latest-edge
+VERSION?=dev
 
 build:
 	@echo "> Building LXD CSI ...";