-
Notifications
You must be signed in to change notification settings - Fork 10
164 lines (144 loc) · 5.73 KB
/
penpal-release.yml
File metadata and controls
164 lines (144 loc) · 5.73 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
name: Penpal Release
on:
push:
tags: ['penpal-*']
workflow_dispatch: # manual trigger runs build only (no release or Homebrew bump)
env:
CARGO_TERM_COLOR: always
jobs:
build:
name: Build
runs-on: macos-latest
permissions:
contents: read
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
# Validate that the git tag version matches Cargo.toml to prevent
# mismatched artifact names vs Homebrew URLs (see package.sh line 9).
- name: Validate tag matches Cargo.toml version
if: github.event_name == 'push'
run: |
TAG_VERSION="${GITHUB_REF#refs/tags/penpal-}"
CARGO_VERSION=$(grep '^version' apps/penpal/frontend/src-tauri/Cargo.toml | head -1 | sed 's/version = "//;s/"//')
if [ "$TAG_VERSION" != "$CARGO_VERSION" ]; then
echo "::error::Tag version ($TAG_VERSION) does not match Cargo.toml version ($CARGO_VERSION)"
exit 1
fi
# Install hermit (manages node, rust, just, go)
- uses: cashapp/activate-hermit@e49f5cb4dd64ff0b0b659d1d8df499595451155a # v1
# Cache Cargo dependencies
- uses: Swatinem/rust-cache@e18b497796c12c097a38f9edb9d0641fb99eee32 # v2
with:
workspaces: apps/penpal/frontend/src-tauri
key: aarch64-apple-darwin
# Enable pnpm via corepack
- run: corepack enable pnpm
# Install dependencies
- name: Install dependencies
run: |
pnpm install --frozen-lockfile
cd apps/penpal/frontend/src-tauri && cargo fetch
# Build Go sidecar binaries
- name: Build Go sidecar
working-directory: apps/penpal
run: |
mkdir -p frontend/src-tauri/binaries
GOOS=darwin GOARCH=arm64 go build \
-o "frontend/src-tauri/binaries/penpal-server-aarch64-apple-darwin" \
./cmd/penpal-server
GOOS=darwin GOARCH=arm64 go build \
-o "frontend/src-tauri/binaries/penpal-cli-aarch64-apple-darwin" \
./cmd/penpal-cli
# Build frontend (architecture-independent)
- name: Build frontend
working-directory: apps/penpal/frontend
run: VITE_BASE=/ VITE_API_URL=http://localhost:8080 pnpm run build
# Build Tauri app
- name: Build Tauri app
working-directory: apps/penpal/frontend
run: pnpm tauri build --target aarch64-apple-darwin
# Package into distributable zip
- name: Package
working-directory: apps/penpal
run: ./scripts/package.sh arm64 aarch64-apple-darwin
# Upload artifact for the release job
- uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4
with:
name: penpal-arm64
path: apps/penpal/dist/*.zip
release:
name: Create Release
needs: build
if: github.event_name == 'push'
runs-on: ubuntu-latest
permissions:
contents: write
actions: write
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
fetch-depth: 0
fetch-tags: true
# Download build artifact
- uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4
with:
path: artifacts
merge-multiple: true
# Extract version from tag and validate semver format
- name: Extract version
id: version
run: |
TAG="${GITHUB_REF#refs/tags/penpal-}"
if [[ ! "$TAG" =~ ^[0-9]+\.[0-9]+\.[0-9]+(-[a-zA-Z0-9.]+)?$ ]]; then
echo "::error::Tag version '$TAG' does not match semver format"
exit 1
fi
echo "version=$TAG" >> "$GITHUB_OUTPUT"
# Create GitHub Release
- name: Create GitHub Release
env:
GITHUB_TOKEN: ${{ github.token }}
VERSION: ${{ steps.version.outputs.version }}
TAG_NAME: penpal-${{ steps.version.outputs.version }}
run: |
PREV_TAG=$(git describe --tags --match 'penpal-*' --abbrev=0 HEAD^ 2>/dev/null || echo "")
ARGS=(--generate-notes)
if [ -n "$PREV_TAG" ]; then
ARGS+=(--notes-start-tag "$PREV_TAG")
fi
gh release create "$TAG_NAME" \
--title "Penpal v${VERSION}" \
"${ARGS[@]}" \
artifacts/*.zip
# Compute SHA256 for the artifact
- name: Compute artifact hash
id: hash
env:
VERSION: ${{ steps.version.outputs.version }}
run: |
echo "sha256=$(shasum -a 256 "artifacts/Penpal-${VERSION}-arm64.zip" | awk '{print $1}')" >> "$GITHUB_OUTPUT"
# Generate a token scoped to block/homebrew-tap so we can trigger
# a cross-repo workflow_dispatch (GITHUB_TOKEN is repo-scoped).
- name: Generate token for tap release
id: generate_token
uses: actions/create-github-app-token@d72941d797fd3113feb6b93fd0dec494b13a2547 # v1
with:
app-id: ${{ secrets.BLOCK_HOMEBREW_TAP_APP_ID }}
private-key: ${{ secrets.BLOCK_HOMEBREW_TAP_PRIVATE_KEY }}
owner: block
repositories: homebrew-tap
# Trigger cask bump on block/homebrew-tap.
- name: Trigger Homebrew cask bump
env:
GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }}
VERSION: ${{ steps.version.outputs.version }}
SHA256: ${{ steps.hash.outputs.sha256 }}
run: |
BASE_URL="https://github.com/block/builderbot/releases/download/penpal-${VERSION}"
gh workflow run bump-cask.yaml \
-R block/homebrew-tap \
-f repo=block/builderbot \
-f cask=penpal \
-f tag="penpal-${VERSION}" \
-f artifact_url="${BASE_URL}/Penpal-${VERSION}-arm64.zip" \
-f sha256="${SHA256}"