v0.0.218-dev #280

Workflow file for this run

.github/workflows/release.yml at 080ada5

	name: Release Enchanted Twin App

	on:
	workflow_dispatch:
	inputs:
	version:
	description: "Version number (e.g. v1.2.3)"
	required: true
	default: "v0.0.0"
	release:
	types: [published]

	jobs:
	build-and-release:
	runs-on: macos-latest
	if: (github.event_name == 'release' && github.event.release.prerelease == false) \|\| github.event_name == 'workflow_dispatch'

	env:
	GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	CSC_LINK: ${{ secrets.CSC_LINK }}
	CSC_KEY_PASSWORD: ${{ secrets.CSC_KEY_PASSWORD }}
	AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
	AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}

	steps:
	- name: Checkout code
	uses: actions/checkout@v4

	- name: Set up Python 3.11 (needed by node-gyp < 10)
	id: setup-python
	uses: actions/setup-python@v5
	with:
	python-version: '3.11'

	- name: Export NODE_GYP_FORCE_PYTHON
	run: echo "NODE_GYP_FORCE_PYTHON=${{ steps.setup-python.outputs.python-path }}" >> "$GITHUB_ENV"

	- name: Set up Node.js
	uses: actions/setup-node@v4
	with:
	node-version: "20"

	- name: Install pnpm
	uses: pnpm/action-setup@v2
	with:
	version: 8

	- name: Set up Go
	uses: actions/setup-go@v4
	with:
	go-version: "1.24.2"

	- name: Show key toolchain versions
	run: \|
	echo "Python $(python -V)"
	echo "Node $(node -v)"
	echo "pnpm $(pnpm -v)"
	npx --yes node-gyp --version \|\| true


	- name: Check secrets are injected
	env:
	COMPLETIONS_API_KEY: ${{ secrets.COMPLETIONS_API_KEY }}
	EMBEDDINGS_API_KEY: ${{ secrets.EMBEDDINGS_API_KEY }}
	run: \|
	echo "COMPLETIONS_API_KEY length: ${#COMPLETIONS_API_KEY}"
	echo "EMBEDDINGS_API_KEY length: ${#EMBEDDINGS_API_KEY}"

	- name: Install dependencies
	working-directory: app
	run: pnpm install

	- name: Write Apple API key (.p8) to disk
	run: \|
	mkdir -p app/build
	echo "$APPLE_API_KEY" > app/build/AuthKey.p8
	env:
	APPLE_API_KEY: ${{ secrets.APPLE_API_KEY }}

	- name: Set app version
	# Run for both workflow_dispatch and release events
	if: github.event_name == 'workflow_dispatch' \|\| github.event_name == 'release'
	working-directory: app
	run: \|
	if [ "${{ github.event_name }}" == "release" ]; then
	VERSION="${{ github.event.release.tag_name }}"
	else
	VERSION="${{ github.event.inputs.version }}"
	fi
	VERSION_NUMBER="${VERSION#v}"
	# Update version in package.json
	jq ".version = \"$VERSION_NUMBER\"" package.json > package.json.tmp
	mv package.json.tmp package.json
	echo "Updated package.json version to $VERSION_NUMBER"

	- name: Build & notarize macOS app
	env:
	COMPLETIONS_API_URL: "https://openrouter.ai/api/v1"
	COMPLETIONS_MODEL: "openai/gpt-4.1"
	REASONING_MODEL: "openai/gpt-5"
	EMBEDDINGS_API_URL: "https://api.openai.com/v1"
	EMBEDDINGS_MODEL: "text-embedding-3-small"
	IS_PROD_BUILD: "true"
	NOTARY_API_KEY_ID: ${{ secrets.NOTARY_API_KEY_ID }}
	NOTARY_API_ISSUER: ${{ secrets.NOTARY_API_ISSUER }}
	NOTARY_TEAM_ID: ${{ secrets.NOTARY_TEAM_ID }}
	OLLAMA_BASE_URL: "https://enchanted.ngrok.pro"
	TELEGRAM_TOKEN: ${{ secrets.TELEGRAM_TOKEN }}
	TELEGRAM_CHAT_SERVER: "https://enchanted-proxy-telegram-dev.up.railway.app/query"
	AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
	AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
	ENCHANTED_MCP_URL: https://proxy-api.enchanted.freysa.ai/mcp
	POSTHOG_API_KEY: phc_j0wkdCa4BCngP92yQBK3PbsuH5LWv3tliaasJEhw6v4
	TTS_MODEL: kokoro
	TTS_URL: https://inference.tinfoil.sh/v1/
	STT_MODEL: whisper-large-v3-turbo
	STT_URL: https://inference.tinfoil.sh/v1/
	PROXY_TEE_URL: https://proxy-api.enchanted.freysa.ai
	VITE_FIREBASE_API_KEY: AIzaSyBMQG7Kw8p1Ymm1j_A-x2Jxc-x4BakXz3k
	VITE_FIREBASE_AUTH_DOMAIN: freysa-prod.firebaseapp.com
	VITE_FIREBASE_PROJECT_ID: freysa-prod
	HOLON_API_URL: http://23.22.67.228:8123
	ANONYMIZER_TYPE: "local"
	USE_LOCAL_EMBEDDINGS: "true"
	TTS_ENDPOINT: "https://inference.tinfoil.sh/v1/audio/speech"
	VITE_DISABLE_ONBOARDING: "true"
	VITE_DISABLE_HOLONS: "true"
	VITE_DISABLE_TASKS: "false"
	VITE_DISABLE_CONNECTORS: "true"
	VITE_DISABLE_VOICE: "true"

	run: make build-mac-silicon

	- name: Upload release artifacts to GitHub
	uses: softprops/action-gh-release@v1
	with:
	tag_name: ${{ github.event_name == 'release' && github.event.release.tag_name \|\| inputs.version }}
	files: app/dist/*.dmg
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

	- name: Verify notarization
	run: \|
	RESULT=$(spctl --assess --type exec --verbose=4 app/dist/mac-arm64/Enchanted.app 2>&1)
	echo "$RESULT"
	if [[ "$RESULT" != "accepted" ]]; then
	echo "❌ App is not notarized!"
	exit 1
	fi
	echo "✅ App is notarized and accepted by Gatekeeper."

	- name: Ensure the 'stable' release exists
	run: \|
	gh release view stable >/dev/null 2>&1 \|\| \
	gh release create stable --title "Latest stable build" \
	--notes "Automatically updated by CI" \
	--prerelease
	env:
	GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

	- name: Upload all artifacts to 'stable'
	run: \|
	# Upload all files in dist, excluding directories
	find app/dist -type f -exec gh release upload stable {} --clobber \;
	env:
	GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

v0.0.218-dev #280

Workflow file

v0.0.218-dev #280

Uh oh!

Workflow file for this run