chore: bump version to 0.60.0 #142
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release | |
| on: | |
| push: | |
| tags: | |
| - 'v*' | |
| workflow_dispatch: | |
| concurrency: | |
| group: release-${{ github.ref }} | |
| cancel-in-progress: false | |
| permissions: | |
| contents: write | |
| jobs: | |
| goreleaser: | |
| # Guard: only run goreleaser in the canonical repository (not in forks) | |
| if: ${{ github.repository == 'steveyegge/beads' }} | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v6 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set up Go | |
| uses: actions/setup-go@v6 | |
| with: | |
| go-version-file: 'go.mod' | |
| - name: Install cross-compilation toolchains and signing tools | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y gcc-mingw-w64-x86-64 gcc-aarch64-linux-gnu osslsigncode libicu-dev | |
| - name: Install Zig | |
| uses: mlugg/setup-zig@v2 | |
| with: | |
| version: 0.14.0 | |
| - name: Create zig cross-compilation wrappers | |
| run: | | |
| mkdir -p /tmp/zigcc | |
| for pair in \ | |
| "cc-x86_64-macos:x86_64-macos" \ | |
| "cc-aarch64-macos:aarch64-macos" \ | |
| "cc-aarch64-windows-gnu:aarch64-windows-gnu" \ | |
| "cc-aarch64-linux-android:aarch64-linux-android" \ | |
| "cc-x86_64-freebsd:x86_64-freebsd"; do | |
| name="${pair%%:*}" | |
| target="${pair##*:}" | |
| # Build wrapper: strip -lresolv entirely. The macOS builds use the | |
| # netgo tag (pure-Go DNS), so libresolv is not needed. Zig's sysroot | |
| # has neither libresolv nor libresolv.9 (ziglang/zig#16674). | |
| # Serialize zig calls per target with flock to prevent races. | |
| { | |
| echo '#!/bin/bash' | |
| echo 'args=()' | |
| echo 'for arg in "$@"; do' | |
| echo ' [[ "$arg" == "-lresolv" ]] && continue' | |
| echo ' args+=("$arg")' | |
| echo 'done' | |
| printf 'exec flock /tmp/zigcc/lock-%s zig cc -target %s "${args[@]}"\n' \ | |
| "$target" "$target" | |
| } > "/tmp/zigcc/$name" | |
| chmod +x "/tmp/zigcc/$name" | |
| done | |
| - name: Install go-winres for Windows PE resource embedding | |
| run: go install github.com/tc-hib/go-winres@latest | |
| - name: Run GoReleaser | |
| uses: goreleaser/goreleaser-action@v7 | |
| with: | |
| distribution: goreleaser | |
| version: '~> v2' | |
| args: > | |
| release --clean --parallelism 1 | |
| ${{ github.repository != 'steveyegge/beads' && '--skip=publish --skip=announce' || '' }} | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| # Homebrew tap publishing (requires PAT with contents:write on homebrew-beads) | |
| # If not set, goreleaser skips tap upload (skip_upload: auto in .goreleaser.yml) | |
| HOMEBREW_TAP_TOKEN: ${{ secrets.HOMEBREW_TAP_TOKEN }} | |
| # Windows code signing (optional - signing is skipped if not set) | |
| WINDOWS_SIGNING_CERT_PFX_BASE64: ${{ secrets.WINDOWS_SIGNING_CERT_PFX_BASE64 }} | |
| WINDOWS_SIGNING_CERT_PASSWORD: ${{ secrets.WINDOWS_SIGNING_CERT_PASSWORD }} | |
| publish-pypi: | |
| runs-on: ubuntu-latest | |
| needs: goreleaser | |
| if: ${{ always() && github.repository == 'steveyegge/beads' }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v6 | |
| - name: Set up Python | |
| uses: actions/setup-python@v6 | |
| with: | |
| python-version: '3.14' | |
| - name: Install uv | |
| run: pip install uv | |
| - name: Build package | |
| run: | | |
| cd integrations/beads-mcp | |
| uv build | |
| - name: Publish to PyPI | |
| env: | |
| TWINE_USERNAME: __token__ | |
| TWINE_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} | |
| run: | | |
| cd integrations/beads-mcp | |
| uv tool run twine upload dist/* | |
| publish-npm: | |
| runs-on: ubuntu-latest | |
| needs: goreleaser | |
| if: ${{ github.repository == 'steveyegge/beads' }} | |
| permissions: | |
| contents: read | |
| id-token: write # Required for npm provenance/trusted publishing | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v6 | |
| - name: Set up Node.js | |
| uses: actions/setup-node@v6 | |
| with: | |
| node-version: '24' | |
| registry-url: 'https://registry.npmjs.org' | |
| - name: Update npm for OIDC trusted publishing | |
| run: npm install -g npm@latest # Requires npm >= 11.5.1 for trusted publishing | |
| - name: Publish to npm | |
| run: | | |
| cd npm-package | |
| npm publish --access public | |
| # Uses OIDC trusted publishing - no token needed | |
| # Provenance attestations are automatic with trusted publishing | |