Skip to content

v0.2.6: skill footprint estimates, agent budget meter, tooltips #15

v0.2.6: skill footprint estimates, agent budget meter, tooltips

v0.2.6: skill footprint estimates, agent budget meter, tooltips #15

Workflow file for this run

name: Release
# Triggered by pushing a tag like v0.2.0. Builds the Electron app natively on
# each OS (electron-builder + node-gyp native modules don't cross-compile
# cleanly) and uploads every artifact to the GitHub Release directly so the
# workflow keeps working even if the account-wide Actions artifact quota is
# full. electron-updater reads `latest-{mac,linux,win}.yml` from the same
# release to drive auto-updates in production.
on:
push:
tags:
- "v*"
permissions:
contents: write
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: false
jobs:
prepare-release:
name: Prepare draft release
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v5
- name: Create or reset draft release
uses: softprops/action-gh-release@v2
with:
tag_name: ${{ github.ref_name }}
name: Skiller ${{ github.ref_name }}
body: |
Desktop installers — download the one that matches your OS:
- **macOS (Apple Silicon):** `Skiller-<version>-macos-arm64.dmg` (signed + notarized — drag to Applications)
- **Windows (x64):** `Skiller-<version>-win-x64.exe` (NSIS installer)
- **Linux (x64):** `Skiller-<version>-linux-x86_64.AppImage` or `.deb`
After the first install, Skiller checks this release on launch and
via **Settings → App Updates**. Updates are downloaded on demand
and applied on next restart — powered by `electron-updater`.
draft: true
prerelease: false
generate_release_notes: true
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
build-desktop:
name: Build ${{ matrix.label }}
needs: prepare-release
runs-on: ${{ matrix.runner }}
strategy:
fail-fast: false
matrix:
include:
- label: macos-arm64
runner: macos-14
script: dist:mac
- label: windows-x64
runner: windows-latest
script: dist:win
- label: linux-x64
runner: ubuntu-latest
script: dist:linux
steps:
- uses: actions/checkout@v5
- uses: oven-sh/setup-bun@v2
with:
bun-version: latest
# create-dmg builds the styled drag-to-Applications DMG that
# scripts/repack-dmg.sh wraps around electron-builder's signed .app.
- name: Install create-dmg (macOS)
if: runner.os == 'macOS'
run: brew install create-dmg
# Native module build toolchain for better-sqlite3 under Electron's ABI.
- name: Install Linux deps
if: runner.os == 'Linux'
run: |
sudo apt-get update
sudo apt-get install -y --no-install-recommends \
build-essential pkg-config python3 \
libxss1 libnss3 libasound2t64 \
fakeroot dpkg
- run: bun install --frozen-lockfile
# Rebuild native modules (better-sqlite3) against the Electron ABI
# bundled by electron-builder. Runs on every OS — electron-builder
# handles the platform-specific node-gyp invocation.
- name: Rebuild native modules
run: bunx electron-builder install-app-deps
# Import the Developer ID signing cert into a temporary keychain.
# Without this, electron-builder's codesign step fails with
# "The specified item could not be found in the keychain."
- name: Import Developer ID certificate (macOS)
if: runner.os == 'macOS'
env:
MACOS_CERT_P12: ${{ secrets.MACOS_CERT_P12 }}
MACOS_CERT_P12_PASSWORD: ${{ secrets.MACOS_CERT_P12_PASSWORD }}
MACOS_KEYCHAIN_PASSWORD: ${{ secrets.MACOS_KEYCHAIN_PASSWORD }}
run: |
KEYCHAIN_PATH="$RUNNER_TEMP/skiller-build.keychain-db"
CERT_PATH="$RUNNER_TEMP/cert.p12"
echo "$MACOS_CERT_P12" | base64 --decode > "$CERT_PATH"
security create-keychain -p "$MACOS_KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
security set-keychain-settings -lut 21600 "$KEYCHAIN_PATH"
security unlock-keychain -p "$MACOS_KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
security import "$CERT_PATH" \
-P "$MACOS_CERT_P12_PASSWORD" \
-A -t cert -f pkcs12 \
-k "$KEYCHAIN_PATH"
security set-key-partition-list -S apple-tool:,apple:,codesign: \
-s -k "$MACOS_KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
security list-keychain -d user -s "$KEYCHAIN_PATH" login.keychain
rm -f "$CERT_PATH"
# notarytool / @electron/notarize needs the .p8 file on disk. Secret
# should be the raw contents of AuthKey_XXXX.p8 (multiline).
- name: Write notarization API key (macOS)
if: runner.os == 'macOS' && env.APPLE_API_KEY_P8 != ''
env:
APPLE_API_KEY_P8: ${{ secrets.APPLE_API_KEY_P8 }}
run: |
KEY_PATH="$RUNNER_TEMP/AuthKey.p8"
printf '%s' "$APPLE_API_KEY_P8" > "$KEY_PATH"
chmod 600 "$KEY_PATH"
echo "APPLE_API_KEY=$KEY_PATH" >> "$GITHUB_ENV"
- name: Build app
env:
# electron-builder reads GH_TOKEN for its publish step; we publish
# via softprops below instead but the var being set also unlocks
# electron-builder's release-draft verification.
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# macOS signing + notarization. Env-var names follow electron-builder's
# conventions (NB: `APPLE_API_ISSUER`, not `APPLE_API_KEY_ISSUER` —
# electron-builder rejects the "_KEY_" variant).
CSC_NAME: ${{ secrets.CSC_NAME }}
APPLE_API_ISSUER: ${{ secrets.APPLE_API_ISSUER }}
APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }}
run: bun run ${{ matrix.script }}
# Upload every artifact (including latest-*.yml and .blockmap files —
# electron-updater needs them alongside the binaries).
- name: Upload build outputs to Release
uses: softprops/action-gh-release@v2
with:
tag_name: ${{ github.ref_name }}
draft: true
files: |
artifacts/*.dmg
artifacts/*.zip
artifacts/*.exe
artifacts/*.AppImage
artifacts/*.deb
artifacts/*.tar.xz
artifacts/*.yml
artifacts/*.blockmap
fail_on_unmatched_files: false
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
publish-release:
name: Publish release
needs: build-desktop
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v5
- name: Publish release
uses: softprops/action-gh-release@v2
with:
tag_name: ${{ github.ref_name }}
draft: false
prerelease: false
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}