augmentcode · kjiang-ac · Mar 5, 2026 · Mar 5, 2026 · Mar 5, 2026 · Mar 5, 2026
diff --git a/.github/workflows/bun-compile.yml b/.github/workflows/bun-compile.yml
@@ -0,0 +1,154 @@
+# Bun Compile
+# Compiles Auggie CLI into self-contained native binaries using Bun,
+# pulling the pre-built @augmentcode/auggie package from npm.
+
+name: Bun Compile
+on:
+  workflow_dispatch:
+    inputs:
+      version:
+        description: 'npm package version (e.g. 0.17.0)'
+        required: true
+        type: string
+  repository_dispatch:
+    types: [npm-published]
+  push:
+    branches:
+      - auggie-bun-compile-workflow
+
+jobs:
+  build:
+    runs-on: ${{ matrix.os }}
+    strategy:
+      matrix:
+        include:
+          - target: bun-darwin-arm64
+            os: macos-latest
+            output: auggie-darwin-arm64
+            artifact: auggie-darwin-arm64
+          - target: bun-darwin-x64
+            os: macos-latest
+            output: auggie-darwin-x64
+            artifact: auggie-darwin-x64
+          - target: bun-linux-x64
+            os: ubuntu-latest
+            output: auggie-linux-x64
+            artifact: auggie-linux-x64
+          - target: bun-windows-x64
+            os: ubuntu-latest
+            output: auggie-windows-x64.exe
+            artifact: auggie-windows-x64
+    permissions:
+      contents: read
+    steps:
+      - name: Set up Bun
+        uses: oven-sh/setup-bun@v2
+
+      - name: Install package
+        env:
+          VERSION: ${{ inputs.version || github.event.client_payload.version }}
+        run: |
+          if [ -z "$VERSION" ]; then
+            echo "::error::No version provided. Supply via workflow_dispatch input or repository_dispatch payload."
+            exit 1
+          fi
+          # Retry with backoff — npm registry may not have propagated the version yet
+          # when triggered immediately via repository_dispatch on publish.
+          max_attempts=5
+          for attempt in $(seq 1 $max_attempts); do
+            echo "Attempt $attempt/$max_attempts: installing @augmentcode/auggie@${VERSION}"
+            if bun install "@augmentcode/auggie@${VERSION}"; then
+              echo "Successfully installed on attempt $attempt"
+              exit 0
+            fi
+            if [ "$attempt" -lt "$max_attempts" ]; then
+              delay=$((attempt * 30))
+              echo "Install failed, retrying in ${delay}s..."
+              sleep "$delay"
+            fi
+          done
+          echo "::error::Failed to install @augmentcode/auggie@${VERSION} after $max_attempts attempts"
+          exit 1
+
+      - name: Create entry point
+        run: |
+          echo 'await import("@augmentcode/auggie");' > augment.mjs
+
+      - name: Compile binary
+        run: bun build augment.mjs --compile --target=${{ matrix.target }} --outfile=${{ matrix.output }}
+
+      - name: Import code signing certificate
+        if: contains(matrix.target, 'darwin')
+        env:
+          APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }}
+          APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
+        run: |
+          echo "$APPLE_CERTIFICATE" | base64 --decode > certificate.p12
+          security create-keychain -p "temppass" build.keychain
+          security default-keychain -s build.keychain
+          security unlock-keychain -p "temppass" build.keychain
+          security import certificate.p12 -k build.keychain -P "$APPLE_CERTIFICATE_PASSWORD" -T /usr/bin/codesign
+          security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "temppass" build.keychain
+          rm -f certificate.p12
+
+      - name: Sign binary
+        if: contains(matrix.target, 'darwin')
+        run: |
+          IDENTITY=$(security find-identity -v -p codesigning build.keychain | grep "Developer ID" | head -1 | sed 's/.*"\(.*\)".*/\1/')
+          if [ -z "$IDENTITY" ]; then
+            echo "::error::No Developer ID signing identity found in build.keychain"
+            exit 1
+          fi
+          echo "Signing with identity: $IDENTITY"
+          codesign --force --options runtime --timestamp --sign "$IDENTITY" ${{ matrix.output }}
+
+      - name: Notarize binary
+        if: contains(matrix.target, 'darwin')
+        env:
+          APPLE_ID: ${{ secrets.APPLE_ID }}
+          APPLE_APP_SPECIFIC_PASSWORD: ${{ secrets.APPLE_APP_SPECIFIC_PASSWORD }}
+          APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
+        run: |
+          zip "${{ matrix.output }}.zip" "${{ matrix.output }}"
+          xcrun notarytool submit "${{ matrix.output }}.zip" --apple-id "$APPLE_ID" --password "$APPLE_APP_SPECIFIC_PASSWORD" --team-id "$APPLE_TEAM_ID" --wait
+          rm -f "${{ matrix.output }}.zip"
+
+      - name: Upload artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: ${{ matrix.artifact }}
+          path: ${{ matrix.output }}
+
+  release:
+    needs: build
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+    steps:
+      - name: Download all artifacts
+        uses: actions/download-artifact@v4
+        with:
+          path: artifacts
+          merge-multiple: true
+
+      - name: Generate checksums
+        run: |
+          cd artifacts
+          sha256sum auggie-* > checksums.txt
+          cat checksums.txt
+
+      - name: Create GitHub Release
+        env:
+          GH_TOKEN: ${{ github.token }}
+          GH_REPO: ${{ github.repository }}
+          VERSION: ${{ inputs.version || github.event.client_payload.version }}
+        run: |
+          if [ -z "$VERSION" ]; then
+            echo "::error::No version provided. Cannot create release."
+            exit 1
+          fi
+          gh release create "v${VERSION}" \
+            --title "v${VERSION}" \
+            --generate-notes \
+            artifacts/*
+