mongodb · viveksinghggits · Dec 2, 2025 · Dec 3, 2025 · Dec 2, 2025 · Dec 3, 2025
@@ -778,6 +778,20 @@ functions:
           GH_TOKEN: ${GH_TOKEN}
         binary: scripts/dev/run_python.sh scripts/release/create_chart_release_pr.py --chart_version ${OPERATOR_VERSION|*triggered_by_git_tag}
 
+  add_releaseinfo_to_github_assets:
+    - command: github.generate_token
+      params:
+        expansion_name: GH_TOKEN
+    - command: subprocess.exec
+      type: setup
+      params:
+        working_dir: src/github.com/mongodb/mongodb-kubernetes
+        include_expansions_in_env:
+          - OPERATOR_VERSION
+        env:
+          GH_TOKEN: ${GH_TOKEN}
+        binary: scripts/dev/run_python.sh scripts/release/release_info.py --version ${OPERATOR_VERSION|*triggered_by_git_tag}
+
   release_kubectl_mongodb_plugin:
     - command: github.generate_token
       params:

@@ -115,6 +115,12 @@ tasks:
       - func: install_macos_notarization_service
       - func: release_kubectl_mongodb_plugin
 
+  - name: add_releaseinfo_to_github_assets
+    commands:
+      - func: clone
+      - func: python_venv
+      - func: add_releaseinfo_to_github_assets
+
   - name: create_chart_release_pr
     tags: [ "helm_chart_release_pr" ]
     commands:
@@ -151,6 +157,18 @@ buildvariants:
       - name: release_readiness_probe
       - name: release_version_upgrade_hook
 
+  - name: add_releaseinfo_to_github_assets
+    display_name: add_releaseinfo_to_github_assets
+    tags: ["release"]
+    run_on:
+      - ubuntu2404-small
+    allowed_requesters: ["patch", "github_tag"]
+    # depends_on:
+    #   - name: "*"
+    #     variant: release_images
+    tasks:
+      - name: add_releaseinfo_to_github_assets
+
   - name: preflight_release_images
     display_name: preflight_release_images
     tags: [ "release" ]

@@ -1,6 +1,6 @@
 import base64
 import subprocess
-from typing import Dict
+from typing import Dict, Optional
 
 import boto3
 import docker
@@ -22,6 +22,12 @@ def build_image(self, tags: list[str],
                     args: Dict[str, str],
                     platforms: list[str]):  pass
 
+    # check_if_image_exists could easily be used to get the digest of manfiest list but
+    # the python package that we use somehow doesn't return the digest of manifest list
+    # even though the respective docker CLI returns the digest. That's why we had to introduce
+    # this function.
+    def get_manfiest_list_digest(self, image: str) -> Optional[str]: pass
+
 
 DEFAULT_BUILDER_NAME = "multiarch"  # Default buildx builder name
 
@@ -109,6 +115,28 @@ def check_if_image_exists(self, image_tag: str) -> bool:
         else:
             return True
 
+    def get_manfiest_list_digest(self, image) -> Optional[str]:
+        SKOPEO_IMAGE = "quay.io/skopeo/stable"
+
+        skopeo_inspect_command = ["inspect",  f"docker://{image}", "--format", "{{.Digest}}"]
+        docker_run_skopeo = ["docker", "run", "--rm", SKOPEO_IMAGE]
+        docker_run_skopeo.extend(skopeo_inspect_command)
+
+        try:
+            result = subprocess.run(
+                docker_run_skopeo,
+                capture_output=True,
+                text=True,
+                check=True
+            )
+            return result.stdout.strip()
+        except subprocess.CalledProcessError as e:
+            raise Exception(f"Failed to run skopeo inspect using 'docker run' for image {image}. Error: {e.stderr.strip()}") from e
+        except FileNotFoundError:
+            raise Exception("docker is not installed on the system.")
+        except Exception as e:
+            raise e
+
     def build_image(self, tags: list[str],
                     dockerfile: str,
                     path: str,
@@ -167,6 +195,10 @@ def check_if_image_exists(self, image_tag: str) -> bool:
             f"PodmanImageBuilder does not support checking if image exists remotely. Skipping check for {image_tag}.")
         return False
 
+    def get_manfiest_list_digest(self, image) -> Optional[str]:
+        logger.warning(f"PodmanImageBuilder does not support getting digest for manifest list, returning empty digest.")
+        return ""
+
     def build_image(self, tags: list[str],
                     dockerfile: str,
                     path: str,

@@ -6,7 +6,6 @@
 from pathlib import Path
 
 from botocore.exceptions import ClientError
-from github import Github, GithubException
 
 from lib.base_logger import logger
 from scripts.release.build.build_info import (
@@ -19,16 +18,14 @@
 )
 from scripts.release.kubectl_mongodb.utils import (
     CHECKSUMS_PATH,
-    GITHUB_REPO,
     LOCAL_ARTIFACTS_DIR,
     create_s3_client,
     kubectl_plugin_name,
     parse_platform,
     s3_path,
+    upload_assets_to_github_release,
 )
 
-GITHUB_TOKEN = os.environ.get("GH_TOKEN")
-
 
 def main():
     release_version = os.environ.get("OPERATOR_VERSION")
@@ -65,7 +62,10 @@ def main():
 
     if os.environ.get("SKIP_GITHUB_RELEASE_UPLOAD", "false").lower() == "false":
         github_artifacts = artifacts_tar + [checksum_file]
-        upload_assets_to_github_release(github_artifacts, release_version)
+        try:
+            upload_assets_to_github_release(github_artifacts, release_version)
+        except Exception as e:
+            raise e
 
 
 # get_commit_from_tag gets the commit associated with a release tag, so that we can use that
@@ -270,49 +270,5 @@ def create_tarballs():
     return created_archives
 
 
-# upload_assets_to_github_release uploads the release artifacts (downloaded notarized/signed staging artifacts) to
-# the GitHub release as assets.
-def upload_assets_to_github_release(asset_paths: list[str], release_version: str):
-    if not GITHUB_TOKEN:
-        logger.info("ERROR: GITHUB_TOKEN environment variable not set.")
-        sys.exit(1)
-
-    try:
-        g = Github(GITHUB_TOKEN)
-        repo = g.get_repo(GITHUB_REPO)
-    except GithubException as e:
-        logger.info(f"ERROR: Could not connect to GitHub or find repository '{GITHUB_REPO}', Error {e}.")
-        sys.exit(1)
-
-    try:
-        gh_release = None
-        # list all the releases (including draft ones), and get the one corresponding to the passed release_version
-        for r in repo.get_releases():
-            if r.tag_name == release_version:
-                gh_release = r
-                break
-
-        if gh_release is None:
-            logger.error(
-                f"Could not find release (published or draft) with tag '{release_version}'. Please ensure the release exists."
-            )
-            sys.exit(2)
-    except GithubException as e:
-        logger.debug(f"Failed to retrieve releases from the repository {GITHUB_REPO}. Error: {e}")
-        sys.exit(2)
-
-    for asset_path in asset_paths:
-        asset_name = os.path.basename(asset_path)
-        logger.info(f"Uploading artifact '{asset_name}' to github release as asset")
-        try:
-            gh_release.upload_asset(path=asset_path, name=asset_name, content_type="application/gzip")
-        except GithubException as e:
-            logger.debug(f"ERROR: Failed to upload asset {asset_name}. Error: {e}")
-            sys.exit(2)
-        except Exception as e:
-            logger.debug(f"An unexpected error occurred during upload of {asset_name}: {e}")
-            sys.exit(2)
-
-
 if __name__ == "__main__":
     main()
@@ -1,11 +1,17 @@
+import os
+import sys
+
 import boto3
 from botocore.exceptions import NoCredentialsError, PartialCredentialsError
+from github import Github, GithubException
 
+from lib.base_logger import logger
 from scripts.release.build.build_info import KUBECTL_PLUGIN_BINARY
 
 AWS_REGION = "eu-north-1"
 
 GITHUB_REPO = "mongodb/mongodb-kubernetes"
+GITHUB_TOKEN = os.environ.get("GH_TOKEN")
 
 LOCAL_ARTIFACTS_DIR = "artifacts"
 CHECKSUMS_PATH = f"{LOCAL_ARTIFACTS_DIR}/checksums.txt"
@@ -34,3 +40,41 @@ def kubectl_plugin_name(os_name: str, arch_name: str) -> str:
 # The `version` string has the correct version (either patch id or commit sha), based on the BuildScenario.
 def s3_path(filename: str, version: str) -> str:
     return f"{KUBECTL_PLUGIN_BINARY}/{version}/{filename}"
+
+
+# upload_assets_to_github_release uploads the release artifacts (downloaded notarized/signed staging artifacts) to
+# the GitHub release as assets.
+def upload_assets_to_github_release(asset_paths: list[str], release_version: str):
+    if not GITHUB_TOKEN:
+        raise Exception("ERROR: GITHUB_TOKEN environment variable not set.")
+
+    try:
+        g = Github(GITHUB_TOKEN)
+        repo = g.get_repo(GITHUB_REPO)
+    except GithubException as e:
+        raise Exception(f"ERROR: Could not connect to GitHub or find repository {GITHUB_REPO}") from e
+
+    try:
+        gh_release = None
+        # list all the releases (including draft ones), and get the one corresponding to the passed release_version
+        for r in repo.get_releases():
+            if r.tag_name == release_version:
+                gh_release = r
+                break
+
+        if gh_release is None:
+            raise Exception(
+                f"Could not find release (published or draft) with tag '{release_version}'. Please ensure the release exists."
+            )
+    except GithubException as e:
+        raise Exception(f"Failed to retrieve releases from the repository {GITHUB_REPO}") from e
+
+    for asset_path in asset_paths:
+        asset_name = os.path.basename(asset_path)
+        logger.info(f"Uploading artifact '{asset_name}' to github release as asset")
+        try:
+            gh_release.upload_asset(path=asset_path, name=asset_name, content_type="application/gzip")
+        except GithubException as e:
+            raise Exception(f"ERROR: Failed to upload asset {asset_name}") from e
+        except Exception as e:
+            raise Exception(f"An unexpected error occurred during upload of {asset_name}") from e