roborev/.github/workflows/release.yml at main · roborev-dev/roborev · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
name: Release

on:
  push:
    tags:
      - 'v*'

permissions:
  contents: write

jobs:
  build:
    runs-on: ubuntu-latest
    strategy:
      matrix:
        include:
          - goos: linux
            goarch: amd64
          - goos: linux
            goarch: arm64
          - goos: darwin
            goarch: amd64
          - goos: darwin
            goarch: arm64
          - goos: windows
            goarch: amd64
          - goos: windows
            goarch: arm64

    steps:
      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd  # v6.0.2

      - uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417  # v6.3.0
        with:
          go-version: '1.24'

      - name: Build
        env:
          GOOS: ${{ matrix.goos }}
          GOARCH: ${{ matrix.goarch }}
          CGO_ENABLED: 0
        run: |
          VERSION=${GITHUB_REF#refs/tags/v}
          EXT=""
          if [ "$GOOS" = "windows" ]; then EXT=".exe"; fi

          mkdir -p dist
          LDFLAGS="-s -w -X github.com/roborev-dev/roborev/internal/version.Version=v${VERSION}"
          go build -ldflags="$LDFLAGS" -o dist/roborev${EXT} ./cmd/roborev

          cd dist
          ARCHIVE="roborev_${VERSION}_${{ matrix.goos }}_${{ matrix.goarch }}.tar.gz"
          tar czf "$ARCHIVE" roborev${EXT}
          rm roborev${EXT}

      - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f  # v7.0.0
        with:
          name: roborev-${{ matrix.goos }}-${{ matrix.goarch }}
          path: dist/*.tar.gz

  release:
    needs: build
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd  # v6.0.2

      - uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3  # v8.0.0
        with:
          path: artifacts
          merge-multiple: true

      - name: Generate checksums
        run: |
          cd artifacts
          sha256sum *.tar.gz > SHA256SUMS
          cat SHA256SUMS

      - name: Get tag message
        id: tag_message
        run: |
          TAG_NAME="${GITHUB_REF#refs/tags/}"

          # Only extract message from annotated tags (type "tag"), not lightweight tags (type "commit")
          TAG_TYPE=$(git cat-file -t "$TAG_NAME")
          if [ "$TAG_TYPE" != "tag" ]; then
            echo "Warning: $TAG_NAME is a lightweight tag, using auto-generated notes"
            echo "has_body=false" >> $GITHUB_OUTPUT
            exit 0
          fi

          # Get the tag message body (our changelog), skipping the first line ("Release X.Y.Z")
          TAG_MSG=$(git tag -l --format='%(contents:body)' "$TAG_NAME")

          if [ -n "$TAG_MSG" ]; then
            # Use unique delimiter to avoid conflicts with tag message content
            DELIM="TAGMSG_$(date +%s%N)"
            echo "body<<$DELIM" >> $GITHUB_OUTPUT
            echo "$TAG_MSG" >> $GITHUB_OUTPUT
            echo "$DELIM" >> $GITHUB_OUTPUT
            echo "has_body=true" >> $GITHUB_OUTPUT
          else
            echo "has_body=false" >> $GITHUB_OUTPUT
          fi

      - name: Create Release
        uses: softprops/action-gh-release@a06a81a03ee405af7f2048a818ed3f03bbf83c7b  # v2.5.0
        with:
          files: |
            artifacts/*.tar.gz
            artifacts/SHA256SUMS
          body: ${{ steps.tag_message.outputs.has_body == 'true' && steps.tag_message.outputs.body || '' }}
          generate_release_notes: ${{ steps.tag_message.outputs.has_body != 'true' }}

  update-homebrew:
    needs: release
    runs-on: ubuntu-latest
    steps:
      - uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3  # v8.0.0
        with:
          path: artifacts
          merge-multiple: true

      - name: Compute SHA256 for all binaries
        id: sha256
        run: |
          VERSION=${GITHUB_REF#refs/tags/v}
          echo "version=$VERSION" >> $GITHUB_OUTPUT

          # Verify all expected artifacts exist
          for platform in darwin_amd64 darwin_arm64 linux_amd64 linux_arm64; do
            file="artifacts/roborev_${VERSION}_${platform}.tar.gz"
            if [ ! -f "$file" ]; then
              echo "ERROR: Missing artifact: $file"
              echo "Available artifacts:"
              ls -la artifacts/
              exit 1
            fi
          done

          # macOS
          echo "darwin_amd64=$(sha256sum artifacts/roborev_${VERSION}_darwin_amd64.tar.gz | cut -d' ' -f1)" >> $GITHUB_OUTPUT
          echo "darwin_arm64=$(sha256sum artifacts/roborev_${VERSION}_darwin_arm64.tar.gz | cut -d' ' -f1)" >> $GITHUB_OUTPUT

          # Linux
          echo "linux_amd64=$(sha256sum artifacts/roborev_${VERSION}_linux_amd64.tar.gz | cut -d' ' -f1)" >> $GITHUB_OUTPUT
          echo "linux_arm64=$(sha256sum artifacts/roborev_${VERSION}_linux_arm64.tar.gz | cut -d' ' -f1)" >> $GITHUB_OUTPUT

      - name: Checkout tap repository
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd  # v6.0.2
        with:
          repository: roborev-dev/homebrew-tap
          token: ${{ secrets.HOMEBREW_TAP_TOKEN }}
          path: homebrew-tap

      - name: Update formula
        env:
          VERSION: ${{ steps.sha256.outputs.version }}
          DARWIN_AMD64_SHA: ${{ steps.sha256.outputs.darwin_amd64 }}
          DARWIN_ARM64_SHA: ${{ steps.sha256.outputs.darwin_arm64 }}
          LINUX_AMD64_SHA: ${{ steps.sha256.outputs.linux_amd64 }}
          LINUX_ARM64_SHA: ${{ steps.sha256.outputs.linux_arm64 }}
        run: |
          cd homebrew-tap

          # Use Ruby to update the formula (more robust than sed for nested blocks)
          ruby -i -e '
            content = File.read("Formula/roborev.rb")

            # Update version
            content.gsub!(/version "[^"]*"/, %Q{version "#{ENV["VERSION"]}"})

            # Track block depth for proper nesting
            # Formula structure: on_macos do / on_linux do > if Hardware::CPU.intel?/arm? > sha256
            macos_depth = 0
            linux_depth = 0
            in_intel = false
            in_arm = false
            updated = { darwin_amd64: false, darwin_arm64: false, linux_amd64: false, linux_arm64: false }

            lines = content.lines.map do |line|
              stripped = line.strip

              # Track on_macos/on_linux blocks by depth
              if line.include?("on_macos do")
                macos_depth = 1
              elsif line.include?("on_linux do")
                linux_depth = 1
              end

              # Track CPU architecture blocks
              if line.include?("Hardware::CPU.intel?")
                in_intel = true
              elsif line.include?("Hardware::CPU.arm?")
                in_arm = true
              end

              # Update sha256 based on current context
              if line.include?("sha256") && line.include?("\"")
                if macos_depth > 0 && in_intel
                  line = line.gsub(/sha256 "[^"]*"/, %Q{sha256 "#{ENV["DARWIN_AMD64_SHA"]}"})
                  updated[:darwin_amd64] = true
                elsif macos_depth > 0 && in_arm
                  line = line.gsub(/sha256 "[^"]*"/, %Q{sha256 "#{ENV["DARWIN_ARM64_SHA"]}"})
                  updated[:darwin_arm64] = true
                elsif linux_depth > 0 && in_intel
                  line = line.gsub(/sha256 "[^"]*"/, %Q{sha256 "#{ENV["LINUX_AMD64_SHA"]}"})
                  updated[:linux_amd64] = true
                elsif linux_depth > 0 && in_arm
                  line = line.gsub(/sha256 "[^"]*"/, %Q{sha256 "#{ENV["LINUX_ARM64_SHA"]}"})
                  updated[:linux_arm64] = true
                end
              end

              # Track end statements - reset CPU flags on end, decrement block depth
              if stripped == "end"
                if in_intel
                  in_intel = false
                elsif in_arm
                  in_arm = false
                elsif macos_depth > 0
                  macos_depth = 0
                elsif linux_depth > 0
                  linux_depth = 0
                end
              end

              line
            end

            # Verify all checksums were updated
            missing = updated.select { |k, v| !v }.keys
            unless missing.empty?
              STDERR.puts "ERROR: Failed to update sha256 for: #{missing.join(", ")}"
              exit 1
            end

            File.write("Formula/roborev.rb", lines.join)
            puts "Successfully updated formula to v#{ENV["VERSION"]}"
          ' Formula/roborev.rb

          echo "--- Updated formula ---"
          cat Formula/roborev.rb

      - name: Verify checksums in formula
        env:
          DARWIN_AMD64_SHA: ${{ steps.sha256.outputs.darwin_amd64 }}
          DARWIN_ARM64_SHA: ${{ steps.sha256.outputs.darwin_arm64 }}
          LINUX_AMD64_SHA: ${{ steps.sha256.outputs.linux_amd64 }}
          LINUX_ARM64_SHA: ${{ steps.sha256.outputs.linux_arm64 }}
        run: |
          cd homebrew-tap
          ERRORS=0

          for sha in "$DARWIN_AMD64_SHA" "$DARWIN_ARM64_SHA" "$LINUX_AMD64_SHA" "$LINUX_ARM64_SHA"; do
            if ! grep -q "sha256 \"$sha\"" Formula/roborev.rb; then
              echo "ERROR: sha256 $sha not found in formula"
              ERRORS=$((ERRORS + 1))
            fi
          done

          if [ $ERRORS -gt 0 ]; then
            echo "Checksum verification failed"
            exit 1
          fi
          echo "All checksums verified"

      - name: Commit and push
        run: |
          cd homebrew-tap
          git config user.name "github-actions[bot]"
          git config user.email "github-actions[bot]@users.noreply.github.com"

          # Check if there are changes to commit (handles re-runs)
          if git diff --quiet Formula/roborev.rb; then
            echo "No changes to formula, skipping commit"
            exit 0
          fi

          git add Formula/roborev.rb
          git commit -m "Update roborev to v${{ steps.sha256.outputs.version }}"
          git push