Create Release #47
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Builds CastCodes OSS release assets and optionally publishes them to GitHub. | |
| # | |
| # The public fork does not depend on upstream Warp release infrastructure. This | |
| # workflow intentionally avoids Sentry, external artifact storage, Slack, Azure signing, | |
| # and private channel configuration for OSS releases. | |
| # | |
| # Standard OSS assets are intentionally limited to the popular distribution targets: | |
| # macOS arm64, Linux x86_64, Windows x64, and web. Legacy/low-demand targets such | |
| # as Intel macOS, universal macOS, Linux ARM64, and Windows ARM64 are excluded from | |
| # the default release lane so the workflow finishes faster and publishes fewer assets. | |
| name: Create Release | |
| on: | |
| workflow_call: | |
| inputs: | |
| channel: | |
| description: The channel to create release assets for. | |
| required: false | |
| type: string | |
| default: oss | |
| release_tag: | |
| description: Optional semver tag to build into artifacts. | |
| required: false | |
| type: string | |
| default: "" | |
| build_linux: | |
| description: Build Linux artifacts. | |
| type: boolean | |
| default: true | |
| build_windows: | |
| description: Build Windows artifacts. | |
| type: boolean | |
| default: true | |
| build_macos: | |
| description: Build macOS artifacts. | |
| type: boolean | |
| default: true | |
| build_web: | |
| description: Build web artifacts. | |
| type: boolean | |
| default: true | |
| should_publish: | |
| description: Publish this release. | |
| type: boolean | |
| default: false | |
| workflow_dispatch: | |
| inputs: | |
| channel: | |
| description: Release channel. | |
| type: choice | |
| required: true | |
| default: oss | |
| options: | |
| - oss | |
| release_tag: | |
| description: Semver tag to publish or build into dry-run artifacts. | |
| type: string | |
| required: false | |
| default: v0.0.3 | |
| publish: | |
| description: Create the GitHub release and upload assets. | |
| type: boolean | |
| default: false | |
| build_linux: | |
| description: Build Linux artifacts. | |
| type: boolean | |
| default: true | |
| build_windows: | |
| description: Build Windows artifacts. | |
| type: boolean | |
| default: true | |
| build_macos: | |
| description: Build macOS artifacts. | |
| type: boolean | |
| default: true | |
| build_web: | |
| description: Build web artifacts. | |
| type: boolean | |
| default: true | |
| permissions: | |
| contents: read | |
| concurrency: | |
| group: create-release-${{ inputs.channel || 'oss' }}-${{ inputs.release_tag || github.ref_name }} | |
| cancel-in-progress: false | |
| env: | |
| CARGO_TERM_COLOR: always | |
| CONFIG_FILE: ".github/workflows/release_configurations.json" | |
| jobs: | |
| prepare_release: | |
| name: Prepare release | |
| runs-on: ubuntu-24.04 | |
| permissions: | |
| contents: write | |
| outputs: | |
| release_branch: ${{ steps.release_inputs.outputs.release_branch }} | |
| release_tag: ${{ steps.release_inputs.outputs.release_tag }} | |
| should_publish: ${{ steps.release_inputs.outputs.should_publish }} | |
| channel: ${{ steps.release_inputs.outputs.channel }} | |
| is_oss: ${{ steps.release_inputs.outputs.is_oss }} | |
| steps: | |
| - name: Checkout sources | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| fetch-depth: 0 | |
| - name: Get channel configuration | |
| id: get-config | |
| uses: ./.github/actions/get_channel_config/ | |
| with: | |
| config_file: ${{ env.CONFIG_FILE }} | |
| channel: ${{ inputs.channel }} | |
| - name: Validate release inputs | |
| id: release_inputs | |
| shell: bash | |
| env: | |
| CHANNEL: ${{ steps.get-config.outputs.channel }} | |
| RELEASE_TAG_INPUT: ${{ inputs.release_tag }} | |
| PUBLISH_INPUT: ${{ inputs.publish }} | |
| SHOULD_PUBLISH_INPUT: ${{ inputs.should_publish }} | |
| DEFAULT_BRANCH: ${{ github.event.repository.default_branch }} | |
| run: | | |
| set -euo pipefail | |
| should_publish="${PUBLISH_INPUT:-${SHOULD_PUBLISH_INPUT:-false}}" | |
| release_tag="$RELEASE_TAG_INPUT" | |
| if [[ -z "$release_tag" ]]; then | |
| release_tag="v0.$GITHUB_SHA" | |
| fi | |
| if [[ "$should_publish" == "true" ]]; then | |
| if [[ "$GITHUB_REF" != "refs/heads/$DEFAULT_BRANCH" ]]; then | |
| echo "::error::Can only publish releases from the default branch ($DEFAULT_BRANCH)." | |
| exit 1 | |
| fi | |
| if [[ "$CHANNEL" != "oss" ]]; then | |
| echo "::error::Manual publish is only enabled for the oss channel in this public fork." | |
| exit 1 | |
| fi | |
| if [[ ! "$release_tag" =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then | |
| echo "::error::Release tag must be a semver tag like v1.2.3." | |
| exit 1 | |
| fi | |
| if git ls-remote --exit-code --tags origin "refs/tags/$release_tag" >/dev/null 2>&1; then | |
| echo "::error::Release tag $release_tag already exists." | |
| exit 1 | |
| fi | |
| fi | |
| echo "release_branch=$GITHUB_REF_NAME" >> "$GITHUB_OUTPUT" | |
| echo "release_tag=$release_tag" >> "$GITHUB_OUTPUT" | |
| echo "should_publish=$should_publish" >> "$GITHUB_OUTPUT" | |
| echo "channel=$CHANNEL" >> "$GITHUB_OUTPUT" | |
| if [[ "$CHANNEL" == "oss" ]]; then | |
| echo "is_oss=true" >> "$GITHUB_OUTPUT" | |
| else | |
| echo "is_oss=false" >> "$GITHUB_OUTPUT" | |
| fi | |
| - name: Create release tag | |
| if: ${{ steps.release_inputs.outputs.should_publish == 'true' }} | |
| shell: bash | |
| env: | |
| RELEASE_TAG: ${{ steps.release_inputs.outputs.release_tag }} | |
| run: | | |
| set -euo pipefail | |
| git config user.name "github-actions[bot]" | |
| git config user.email "41898282+github-actions[bot]@users.noreply.github.com" | |
| git tag "$RELEASE_TAG" "$GITHUB_SHA" | |
| git push origin "refs/tags/$RELEASE_TAG" | |
| - name: Create GitHub release | |
| if: ${{ steps.release_inputs.outputs.should_publish == 'true' }} | |
| uses: softprops/action-gh-release@da05d552573ad5aba039eaac05058a918a7bf631 # v2.2.2 | |
| with: | |
| name: ${{ steps.get-config.outputs.release_base_name }} ${{ steps.release_inputs.outputs.release_tag }} | |
| tag_name: ${{ steps.release_inputs.outputs.release_tag }} | |
| body: ${{ steps.get-config.outputs.release_body_text }} | |
| draft: false | |
| prerelease: ${{ steps.get-config.outputs.is_prerelease }} | |
| token: ${{ github.token }} | |
| release_macos_arm64: | |
| name: Build Release (macOS arm64) | |
| runs-on: macos-26 | |
| needs: prepare_release | |
| if: ${{ inputs.build_macos != false }} | |
| timeout-minutes: 240 | |
| permissions: | |
| contents: write | |
| id-token: write | |
| attestations: write | |
| steps: | |
| - name: Checkout sources | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 | |
| with: | |
| ref: ${{ needs.prepare_release.outputs.release_branch }} | |
| persist-credentials: false | |
| - name: Prepare environment | |
| uses: ./.github/actions/prepare_environment | |
| with: | |
| target_os: macos | |
| is_self_hosted: false | |
| install_release_deps: true | |
| - name: Ensure rust target is installed | |
| run: rustup target add aarch64-apple-darwin | |
| shell: bash | |
| - name: Setup Go | |
| uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6 | |
| with: | |
| go-version: stable | |
| - name: Install cargo-bundle | |
| run: script/install_cargo_bundle | |
| - name: Install create-dmg | |
| run: brew install create-dmg | |
| - name: Build, sign, and notarize arm64 bundle | |
| id: bundle_app | |
| shell: bash | |
| env: | |
| CHANNEL: ${{ needs.prepare_release.outputs.channel }} | |
| GIT_RELEASE_TAG: ${{ needs.prepare_release.outputs.release_tag }} | |
| SHOULD_PUBLISH: ${{ needs.prepare_release.outputs.should_publish }} | |
| WARP_APPLE_TEAM_ID: 9LR8Z8UQ9X | |
| WARP_CODESIGN_IDENTITY: "Developer ID Application: Soul Protocol LLC (9LR8Z8UQ9X)" | |
| WARP_DEVELOPER_ID_CERT: ${{ secrets.WARP_DEVELOPER_ID_CERT }} | |
| WARP_DEVELOPER_ID_CERT_PASSWORD: ${{ secrets.WARP_DEVELOPER_ID_CERT_PASSWORD }} | |
| WARP_CODESIGN_KEYCHAIN_PASSWORD: ${{ secrets.WARP_CODESIGN_KEYCHAIN_PASSWORD }} | |
| WARP_NOTARIZATION_APPLE_ID: ${{ secrets.WARP_NOTARIZATION_APPLE_ID }} | |
| WARP_NOTARIZATION_PASSWORD: ${{ secrets.WARP_NOTARIZATION_PASSWORD }} | |
| run: | | |
| set -euo pipefail | |
| if [[ "$SHOULD_PUBLISH" == "true" ]]; then | |
| required=( | |
| WARP_DEVELOPER_ID_CERT | |
| WARP_DEVELOPER_ID_CERT_PASSWORD | |
| WARP_CODESIGN_KEYCHAIN_PASSWORD | |
| WARP_NOTARIZATION_APPLE_ID | |
| WARP_NOTARIZATION_PASSWORD | |
| ) | |
| for var in "${required[@]}"; do | |
| if [[ -z "${!var:-}" ]]; then | |
| echo "::error::${var} is required to publish a Gatekeeper-valid macOS DMG" | |
| exit 1 | |
| fi | |
| done | |
| script/bundle --read-passwords-from-env --channel "$CHANNEL" --arch aarch64 --dmg-name-suffix arm64 | |
| else | |
| echo "Dry run: building unsigned macOS bundle (signing/notarization skipped)." | |
| script/bundle --nosign --channel "$CHANNEL" --arch aarch64 --dmg-name-suffix arm64 | |
| fi | |
| - name: Verify notarized DMG | |
| if: ${{ needs.prepare_release.outputs.should_publish == 'true' }} | |
| shell: bash | |
| run: | | |
| set -euo pipefail | |
| hdiutil verify "${{ steps.bundle_app.outputs.dmg_path }}" | |
| xcrun stapler validate "${{ steps.bundle_app.outputs.dmg_path }}" | |
| spctl -a -vv --context context:primary-signature -t open "${{ steps.bundle_app.outputs.dmg_path }}" | |
| - name: Checksum DMG | |
| shell: bash | |
| run: | | |
| set -euo pipefail | |
| dmg_path="${{ steps.bundle_app.outputs.dmg_path }}" | |
| ( | |
| cd "$(dirname "$dmg_path")" | |
| shasum -a 256 "$(basename "$dmg_path")" > "$(basename "$dmg_path").sha256" | |
| ) | |
| - name: Add DMG to GitHub release assets | |
| if: ${{ needs.prepare_release.outputs.should_publish == 'true' }} | |
| uses: softprops/action-gh-release@da05d552573ad5aba039eaac05058a918a7bf631 # v2.2.2 | |
| with: | |
| tag_name: ${{ needs.prepare_release.outputs.release_tag }} | |
| files: | | |
| ${{ steps.bundle_app.outputs.dmg_path }} | |
| ${{ steps.bundle_app.outputs.dmg_path }}.sha256 | |
| token: ${{ github.token }} | |
| - name: Upload DMG as workflow artifact | |
| uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6 | |
| with: | |
| name: release-macos-aarch64-${{ needs.prepare_release.outputs.channel }} | |
| path: | | |
| ${{ steps.bundle_app.outputs.dmg_path }} | |
| ${{ steps.bundle_app.outputs.dmg_path }}.sha256 | |
| - name: Attest DMG | |
| if: ${{ needs.prepare_release.outputs.should_publish == 'true' }} | |
| uses: actions/attest@59d89421af93a897026c735860bf21b6eb4f7b26 # v4 | |
| with: | |
| subject-path: | | |
| ${{ steps.bundle_app.outputs.dmg_path }} | |
| ${{ steps.bundle_app.outputs.dmg_path }}.sha256 | |
| - name: Package arm64 CLI from app build | |
| shell: bash | |
| run: | | |
| set -euo pipefail | |
| cp "${{ steps.bundle_app.outputs.binary_path }}" cast-codes | |
| tar czf cast-codes-macos-aarch64.tar.gz cast-codes -C "$(dirname "${{ steps.bundle_app.outputs.bundled_resources_dir }}")" resources | |
| shasum -a 256 cast-codes-macos-aarch64.tar.gz > cast-codes-macos-aarch64.tar.gz.sha256 | |
| - name: Add arm64 CLI to GitHub release assets | |
| if: ${{ needs.prepare_release.outputs.should_publish == 'true' }} | |
| uses: softprops/action-gh-release@da05d552573ad5aba039eaac05058a918a7bf631 # v2.2.2 | |
| with: | |
| tag_name: ${{ needs.prepare_release.outputs.release_tag }} | |
| files: | | |
| cast-codes-macos-aarch64.tar.gz | |
| cast-codes-macos-aarch64.tar.gz.sha256 | |
| token: ${{ github.token }} | |
| - name: Upload arm64 CLI as workflow artifact | |
| uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6 | |
| with: | |
| name: release-macos-cli-aarch64-${{ needs.prepare_release.outputs.channel }} | |
| path: | | |
| cast-codes-macos-aarch64.tar.gz | |
| cast-codes-macos-aarch64.tar.gz.sha256 | |
| - name: Attest arm64 CLI | |
| if: ${{ needs.prepare_release.outputs.should_publish == 'true' }} | |
| uses: actions/attest@59d89421af93a897026c735860bf21b6eb4f7b26 # v4 | |
| with: | |
| subject-path: | | |
| cast-codes-macos-aarch64.tar.gz | |
| cast-codes-macos-aarch64.tar.gz.sha256 | |
| release_linux_x86: | |
| name: Build Release (Linux x86_64) | |
| runs-on: ubuntu-24.04 | |
| needs: prepare_release | |
| if: ${{ inputs.build_linux != false }} | |
| timeout-minutes: 120 | |
| permissions: | |
| contents: write | |
| id-token: write | |
| attestations: write | |
| env: | |
| APPIMAGE_EXTRACT_AND_RUN: "1" | |
| SETTINGS_SCHEMA_CACHE: ${{ github.workspace }}/.settings_schema_cache.json | |
| steps: | |
| - name: Checkout sources | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 | |
| with: | |
| ref: ${{ needs.prepare_release.outputs.release_branch }} | |
| persist-credentials: false | |
| - name: Prepare environment | |
| uses: ./.github/actions/prepare_environment | |
| with: | |
| target_os: linux | |
| is_self_hosted: false | |
| install_release_deps: true | |
| - name: Show compiler versions | |
| run: | | |
| gcc --version | |
| g++ --version | |
| shell: bash | |
| - name: Install linuxdeploy | |
| run: script/linux/install_linuxdeploy | |
| - name: Clean stale bundle output | |
| run: rm -rf target/*/bundle/linux | |
| shell: bash | |
| - name: Bundle app | |
| id: bundle_app | |
| shell: bash | |
| env: | |
| CHANNEL: ${{ needs.prepare_release.outputs.channel }} | |
| GIT_RELEASE_TAG: ${{ needs.prepare_release.outputs.release_tag }} | |
| run: script/bundle --channel "$CHANNEL" --packages appimage,deb,rpm | |
| - name: Free runner space before Arch package | |
| shell: bash | |
| run: | | |
| set -euo pipefail | |
| df -h | |
| docker system prune -af || true | |
| sudo rm -rf \ | |
| /usr/local/lib/android \ | |
| /usr/share/dotnet \ | |
| /opt/ghc \ | |
| /opt/hostedtoolcache/CodeQL | |
| df -h | |
| - name: Bundle Arch Linux package | |
| uses: ./.github/actions/bundle_arch_package | |
| with: | |
| channel: ${{ needs.prepare_release.outputs.channel }} | |
| release-tag: ${{ needs.prepare_release.outputs.release_tag }} | |
| arch: x86_64 | |
| - name: Checksum Linux app packages | |
| shell: bash | |
| run: | | |
| set -euo pipefail | |
| find "${{ steps.bundle_app.outputs.packages_dir }}" -maxdepth 1 -type f ! -name '*.sha256' -print0 | | |
| while IFS= read -r -d '' file; do | |
| ( | |
| cd "$(dirname "$file")" | |
| sha256sum "$(basename "$file")" > "$(basename "$file").sha256" | |
| ) | |
| done | |
| - name: Add Linux app packages to GitHub release assets | |
| if: ${{ needs.prepare_release.outputs.should_publish == 'true' }} | |
| uses: softprops/action-gh-release@da05d552573ad5aba039eaac05058a918a7bf631 # v2.2.2 | |
| with: | |
| tag_name: ${{ needs.prepare_release.outputs.release_tag }} | |
| files: ${{ steps.bundle_app.outputs.packages_dir }}/* | |
| token: ${{ github.token }} | |
| - name: Upload Linux app packages as workflow artifact | |
| uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6 | |
| with: | |
| name: release-linux-x86_64-${{ needs.prepare_release.outputs.channel }} | |
| path: ${{ steps.bundle_app.outputs.packages_dir }} | |
| - name: Attest Linux app packages | |
| if: ${{ needs.prepare_release.outputs.should_publish == 'true' }} | |
| uses: actions/attest@59d89421af93a897026c735860bf21b6eb4f7b26 # v4 | |
| with: | |
| subject-path: ${{ steps.bundle_app.outputs.packages_dir }}/* | |
| release_linux_cli_x86: | |
| name: Build Release (Linux CLI x86_64) | |
| runs-on: ubuntu-24.04 | |
| needs: prepare_release | |
| if: ${{ inputs.build_linux != false }} | |
| timeout-minutes: 120 | |
| permissions: | |
| contents: write | |
| id-token: write | |
| attestations: write | |
| env: | |
| SETTINGS_SCHEMA_CACHE: ${{ github.workspace }}/.settings_schema_cache.json | |
| steps: | |
| - name: Checkout sources | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 | |
| with: | |
| ref: ${{ needs.prepare_release.outputs.release_branch }} | |
| persist-credentials: false | |
| - name: Prepare environment | |
| uses: ./.github/actions/prepare_environment | |
| with: | |
| target_os: linux | |
| is_self_hosted: false | |
| install_release_deps: true | |
| - name: Show compiler versions | |
| run: | | |
| gcc --version | |
| g++ --version | |
| shell: bash | |
| - name: Clean stale bundle output | |
| run: rm -rf target/*/bundle/linux | |
| shell: bash | |
| - name: Bundle CLI | |
| id: bundle_cli | |
| shell: bash | |
| env: | |
| CHANNEL: ${{ needs.prepare_release.outputs.channel }} | |
| GIT_RELEASE_TAG: ${{ needs.prepare_release.outputs.release_tag }} | |
| run: script/bundle --channel "$CHANNEL" --artifact cli --packages deb,rpm | |
| - name: Package CLI tar.gz | |
| shell: bash | |
| run: | | |
| set -euo pipefail | |
| cp "${{ steps.bundle_cli.outputs.executable_path }}" cast-codes | |
| tar czf cast-codes-linux-x86_64.tar.gz cast-codes -C "$(dirname "${{ steps.bundle_cli.outputs.bundled_resources_dir }}")" resources | |
| - name: Free runner space before Arch CLI package | |
| shell: bash | |
| run: | | |
| set -euo pipefail | |
| df -h | |
| docker system prune -af || true | |
| sudo rm -rf \ | |
| /usr/local/lib/android \ | |
| /usr/share/dotnet \ | |
| /opt/ghc \ | |
| /opt/hostedtoolcache/CodeQL | |
| df -h | |
| - name: Bundle Arch Linux CLI package | |
| uses: ./.github/actions/bundle_arch_package | |
| with: | |
| channel: ${{ needs.prepare_release.outputs.channel }} | |
| release-tag: ${{ needs.prepare_release.outputs.release_tag }} | |
| arch: x86_64 | |
| artifact: cli | |
| - name: Checksum Linux CLI packages | |
| id: cli_assets | |
| shell: bash | |
| run: | | |
| set -euo pipefail | |
| find "${{ steps.bundle_cli.outputs.packages_dir }}" -maxdepth 1 -type f ! -name '*.sha256' -print0 | | |
| while IFS= read -r -d '' file; do | |
| ( | |
| cd "$(dirname "$file")" | |
| sha256sum "$(basename "$file")" > "$(basename "$file").sha256" | |
| ) | |
| done | |
| sha256sum cast-codes-linux-x86_64.tar.gz > cast-codes-linux-x86_64.tar.gz.sha256 | |
| release_assets_dir="$PWD/release-linux-cli-assets" | |
| rm -rf "$release_assets_dir" | |
| mkdir -p "$release_assets_dir" | |
| find "${{ steps.bundle_cli.outputs.packages_dir }}" -maxdepth 1 -type f \ | |
| \( -name '*.deb' -o -name '*.deb.sha256' \ | |
| -o -name '*.rpm' -o -name '*.rpm.sha256' \ | |
| -o -name '*.pkg.tar.zst' -o -name '*.pkg.tar.zst.sha256' \) \ | |
| -exec cp '{}' "$release_assets_dir/" \; | |
| cp cast-codes-linux-x86_64.tar.gz cast-codes-linux-x86_64.tar.gz.sha256 "$release_assets_dir/" | |
| echo "release_assets_dir=$release_assets_dir" >> "$GITHUB_OUTPUT" | |
| - name: Add Linux CLI packages to GitHub release assets | |
| if: ${{ needs.prepare_release.outputs.should_publish == 'true' }} | |
| uses: softprops/action-gh-release@da05d552573ad5aba039eaac05058a918a7bf631 # v2.2.2 | |
| with: | |
| tag_name: ${{ needs.prepare_release.outputs.release_tag }} | |
| files: ${{ steps.cli_assets.outputs.release_assets_dir }}/* | |
| token: ${{ github.token }} | |
| - name: Upload Linux CLI packages as workflow artifact | |
| uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6 | |
| with: | |
| name: release-linux-cli-x86_64-${{ needs.prepare_release.outputs.channel }} | |
| path: ${{ steps.cli_assets.outputs.release_assets_dir }}/* | |
| - name: Attest Linux CLI packages | |
| if: ${{ needs.prepare_release.outputs.should_publish == 'true' }} | |
| uses: actions/attest@59d89421af93a897026c735860bf21b6eb4f7b26 # v4 | |
| with: | |
| subject-path: ${{ steps.cli_assets.outputs.release_assets_dir }}/* | |
| release_web: | |
| name: Build Release (Web) | |
| runs-on: ubuntu-24.04 | |
| needs: prepare_release | |
| if: ${{ inputs.build_web != false }} | |
| timeout-minutes: 90 | |
| permissions: | |
| contents: write | |
| id-token: write | |
| attestations: write | |
| steps: | |
| - name: Checkout sources | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 | |
| with: | |
| ref: ${{ needs.prepare_release.outputs.release_branch }} | |
| persist-credentials: false | |
| - name: Prepare environment | |
| uses: ./.github/actions/prepare_environment | |
| with: | |
| target_os: wasm | |
| is_self_hosted: false | |
| - name: Bundle web app | |
| id: bundle_app | |
| shell: bash | |
| env: | |
| CHANNEL: ${{ needs.prepare_release.outputs.channel }} | |
| GIT_RELEASE_TAG: ${{ needs.prepare_release.outputs.release_tag }} | |
| run: script/wasm/bundle --channel "$CHANNEL" | |
| - name: Brotli compress app bundle | |
| shell: bash | |
| run: | | |
| set -euo pipefail | |
| brotli --rm "${{ steps.bundle_app.outputs.packages_dir }}"/* | |
| for file in "${{ steps.bundle_app.outputs.packages_dir }}"/*.br; do | |
| mv -- "$file" "${file%.br}" | |
| done | |
| - name: Checksum web assets | |
| shell: bash | |
| run: | | |
| set -euo pipefail | |
| for dir in "${{ steps.bundle_app.outputs.packages_dir }}" "${{ steps.bundle_app.outputs.assets_dir }}"; do | |
| find "$dir" -type f ! -name '*.sha256' -print0 | | |
| while IFS= read -r -d '' file; do | |
| ( | |
| cd "$(dirname "$file")" | |
| sha256sum "$(basename "$file")" > "$(basename "$file").sha256" | |
| ) | |
| done | |
| done | |
| - name: Add web assets to GitHub release assets | |
| if: ${{ needs.prepare_release.outputs.should_publish == 'true' }} | |
| uses: softprops/action-gh-release@da05d552573ad5aba039eaac05058a918a7bf631 # v2.2.2 | |
| with: | |
| tag_name: ${{ needs.prepare_release.outputs.release_tag }} | |
| files: ${{ steps.bundle_app.outputs.packages_dir }}/* | |
| token: ${{ github.token }} | |
| - name: Upload web assets as workflow artifact | |
| uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6 | |
| with: | |
| name: release-web-${{ needs.prepare_release.outputs.channel }} | |
| path: | | |
| ${{ steps.bundle_app.outputs.packages_dir }} | |
| ${{ steps.bundle_app.outputs.assets_dir }} | |
| - name: Attest web assets | |
| if: ${{ needs.prepare_release.outputs.should_publish == 'true' }} | |
| uses: actions/attest@59d89421af93a897026c735860bf21b6eb4f7b26 # v4 | |
| with: | |
| subject-path: ${{ steps.bundle_app.outputs.packages_dir }}/* | |
| release_windows: | |
| name: Build Release (Windows x64) | |
| runs-on: windows-2025 | |
| needs: prepare_release | |
| if: ${{ inputs.build_windows != false }} | |
| timeout-minutes: 150 | |
| permissions: | |
| contents: write | |
| id-token: write | |
| attestations: write | |
| steps: | |
| - name: Checkout sources | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 | |
| with: | |
| ref: ${{ needs.prepare_release.outputs.release_branch }} | |
| persist-credentials: false | |
| - name: Prepare environment | |
| uses: ./.github/actions/prepare_environment | |
| with: | |
| target_os: windows | |
| cache_key: x64 | |
| is_self_hosted: false | |
| install_release_deps: true | |
| - name: Build binary | |
| id: build_binary | |
| shell: bash | |
| env: | |
| CHANNEL: ${{ needs.prepare_release.outputs.channel }} | |
| GIT_RELEASE_TAG: ${{ needs.prepare_release.outputs.release_tag }} | |
| run: script/bundle -Channel "$CHANNEL" -skip_build_installer --arch x64 | |
| - name: Bundle app | |
| id: bundle_app | |
| shell: bash | |
| env: | |
| CHANNEL: ${{ needs.prepare_release.outputs.channel }} | |
| GIT_RELEASE_TAG: ${{ needs.prepare_release.outputs.release_tag }} | |
| run: script/bundle -Channel "$CHANNEL" -skip_build_binary --arch x64 | |
| - name: Checksum Windows installer | |
| shell: bash | |
| run: | | |
| set -euo pipefail | |
| installer_path="${{ steps.bundle_app.outputs.installer_path }}" | |
| ( | |
| cd "$(dirname "$installer_path")" | |
| sha256sum "$(basename "$installer_path")" > "$(basename "$installer_path").sha256" | |
| ) | |
| - name: Add installer to GitHub release assets | |
| if: ${{ needs.prepare_release.outputs.should_publish == 'true' }} | |
| uses: softprops/action-gh-release@da05d552573ad5aba039eaac05058a918a7bf631 # v2.2.2 | |
| with: | |
| tag_name: ${{ needs.prepare_release.outputs.release_tag }} | |
| files: | | |
| ${{ steps.bundle_app.outputs.installer_path }} | |
| ${{ steps.bundle_app.outputs.installer_path }}.sha256 | |
| token: ${{ github.token }} | |
| - name: Upload installer as workflow artifact | |
| uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6 | |
| with: | |
| name: release-windows-x64-${{ needs.prepare_release.outputs.channel }} | |
| path: | | |
| ${{ steps.bundle_app.outputs.installer_path }} | |
| ${{ steps.bundle_app.outputs.installer_path }}.sha256 | |
| - name: Attest installer | |
| if: ${{ needs.prepare_release.outputs.should_publish == 'true' }} | |
| uses: actions/attest@59d89421af93a897026c735860bf21b6eb4f7b26 # v4 | |
| with: | |
| subject-path: | | |
| ${{ steps.bundle_app.outputs.installer_path }} | |
| ${{ steps.bundle_app.outputs.installer_path }}.sha256 | |
| verify_release_jobs: | |
| name: Verify release jobs | |
| runs-on: ubuntu-24.04 | |
| needs: | |
| - prepare_release | |
| - release_macos_arm64 | |
| - release_linux_x86 | |
| - release_linux_cli_x86 | |
| - release_web | |
| - release_windows | |
| if: ${{ always() }} | |
| permissions: | |
| contents: read | |
| steps: | |
| - name: Check required release jobs | |
| shell: bash | |
| run: | | |
| set -euo pipefail | |
| failed=() | |
| check_result() { | |
| local name="$1" | |
| local result="$2" | |
| local enabled="$3" | |
| if [[ "$enabled" != "true" ]]; then | |
| return | |
| fi | |
| if [[ "$result" != "success" ]]; then | |
| failed+=("$name=$result") | |
| fi | |
| } | |
| check_result "macos-arm64" "${{ needs.release_macos_arm64.result }}" "${{ inputs.build_macos }}" | |
| check_result "linux-x86" "${{ needs.release_linux_x86.result }}" "${{ inputs.build_linux }}" | |
| check_result "linux-cli-x86" "${{ needs.release_linux_cli_x86.result }}" "${{ inputs.build_linux }}" | |
| check_result "web" "${{ needs.release_web.result }}" "${{ inputs.build_web }}" | |
| check_result "windows" "${{ needs.release_windows.result }}" "${{ inputs.build_windows }}" | |
| if (( ${#failed[@]} )); then | |
| printf '::error::Release job failures: %s\n' "${failed[*]}" | |
| exit 1 | |
| fi | |
| echo "All enabled release jobs completed successfully." |