Skip to content
Release

chore: bump version to 0.60.0 #142

Sign in to view logs

chore: bump version to 0.60.0

chore: bump version to 0.60.0 #142

Workflow file for this run

.github/workflows/release.yml at 91df6ef
name: Release
on:
push:
tags:
- 'v*'
workflow_dispatch:
concurrency:
group: release-${{ github.ref }}
cancel-in-progress: false
permissions:
contents: write
jobs:
goreleaser:
# Guard: only run goreleaser in the canonical repository (not in forks)
if: ${{ github.repository == 'steveyegge/beads' }}
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v6
with:
fetch-depth: 0
- name: Set up Go
uses: actions/setup-go@v6
with:
go-version-file: 'go.mod'
- name: Install cross-compilation toolchains and signing tools
run: |
sudo apt-get update
sudo apt-get install -y gcc-mingw-w64-x86-64 gcc-aarch64-linux-gnu osslsigncode libicu-dev
- name: Install Zig
uses: mlugg/setup-zig@v2
with:
version: 0.14.0
- name: Create zig cross-compilation wrappers
run: |
mkdir -p /tmp/zigcc
for pair in \
"cc-x86_64-macos:x86_64-macos" \
"cc-aarch64-macos:aarch64-macos" \
"cc-aarch64-windows-gnu:aarch64-windows-gnu" \
"cc-aarch64-linux-android:aarch64-linux-android" \
"cc-x86_64-freebsd:x86_64-freebsd"; do
name="${pair%%:*}"
target="${pair##*:}"
# Build wrapper: strip -lresolv entirely. The macOS builds use the
# netgo tag (pure-Go DNS), so libresolv is not needed. Zig's sysroot
# has neither libresolv nor libresolv.9 (ziglang/zig#16674).
# Serialize zig calls per target with flock to prevent races.
{
echo '#!/bin/bash'
echo 'args=()'
echo 'for arg in "$@"; do'
echo ' [[ "$arg" == "-lresolv" ]] && continue'
echo ' args+=("$arg")'
echo 'done'
printf 'exec flock /tmp/zigcc/lock-%s zig cc -target %s "${args[@]}"\n' \
"$target" "$target"
} > "/tmp/zigcc/$name"
chmod +x "/tmp/zigcc/$name"
done
- name: Install go-winres for Windows PE resource embedding
run: go install github.com/tc-hib/go-winres@latest
- name: Run GoReleaser
uses: goreleaser/goreleaser-action@v7
with:
distribution: goreleaser
version: '~> v2'
args: >
release --clean --parallelism 1
${{ github.repository != 'steveyegge/beads' && '--skip=publish --skip=announce' || '' }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# Homebrew tap publishing (requires PAT with contents:write on homebrew-beads)
# If not set, goreleaser skips tap upload (skip_upload: auto in .goreleaser.yml)
HOMEBREW_TAP_TOKEN: ${{ secrets.HOMEBREW_TAP_TOKEN }}
# Windows code signing (optional - signing is skipped if not set)
WINDOWS_SIGNING_CERT_PFX_BASE64: ${{ secrets.WINDOWS_SIGNING_CERT_PFX_BASE64 }}
WINDOWS_SIGNING_CERT_PASSWORD: ${{ secrets.WINDOWS_SIGNING_CERT_PASSWORD }}
publish-pypi:
runs-on: ubuntu-latest
needs: goreleaser
if: ${{ always() && github.repository == 'steveyegge/beads' }}
steps:
- name: Checkout
uses: actions/checkout@v6
- name: Set up Python
uses: actions/setup-python@v6
with:
python-version: '3.14'
- name: Install uv
run: pip install uv
- name: Build package
run: |
cd integrations/beads-mcp
uv build
- name: Publish to PyPI
env:
TWINE_USERNAME: __token__
TWINE_PASSWORD: ${{ secrets.PYPI_API_TOKEN }}
run: |
cd integrations/beads-mcp
uv tool run twine upload dist/*
publish-npm:
runs-on: ubuntu-latest
needs: goreleaser
if: ${{ github.repository == 'steveyegge/beads' }}
permissions:
contents: read
id-token: write # Required for npm provenance/trusted publishing
steps:
- name: Checkout
uses: actions/checkout@v6
- name: Set up Node.js
uses: actions/setup-node@v6
with:
node-version: '24'
registry-url: 'https://registry.npmjs.org'
- name: Update npm for OIDC trusted publishing
run: npm install -g npm@latest # Requires npm >= 11.5.1 for trusted publishing
- name: Publish to npm
run: |
cd npm-package
npm publish --access public
# Uses OIDC trusted publishing - no token needed
# Provenance attestations are automatic with trusted publishing