fix: resolve symlinks in vault path test for macOS /var → /private/var #51
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release SAME Binary | |
| on: | |
| push: | |
| tags: | |
| - 'v*' | |
| permissions: | |
| contents: write | |
| id-token: write | |
| jobs: | |
| build: | |
| strategy: | |
| matrix: | |
| include: | |
| - os: macos-latest | |
| goos: darwin | |
| goarch: arm64 | |
| suffix: darwin-arm64 | |
| cc: "" | |
| # darwin-amd64 removed - Intel Macs rare, no free CI runner | |
| - os: ubuntu-latest | |
| goos: linux | |
| goarch: amd64 | |
| suffix: linux-amd64 | |
| cc: "" | |
| - os: ubuntu-24.04-arm | |
| goos: linux | |
| goarch: arm64 | |
| suffix: linux-arm64 | |
| cc: "" | |
| - os: ubuntu-latest | |
| goos: windows | |
| goarch: amd64 | |
| suffix: windows-amd64.exe | |
| cc: zig | |
| zig_target: x86_64-windows-gnu | |
| - os: ubuntu-latest | |
| goos: windows | |
| goarch: arm64 | |
| suffix: windows-arm64.exe | |
| cc: zig | |
| zig_target: aarch64-windows-gnu | |
| runs-on: ${{ matrix.os }} | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 | |
| - uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6 | |
| with: | |
| go-version: '1.25' | |
| cache-dependency-path: go.sum | |
| - name: Install zig (Windows cross-compile) | |
| if: matrix.cc == 'zig' | |
| uses: mlugg/setup-zig@d1434d08867e3ee9daa34448df10607b98908d29 # v2 | |
| with: | |
| version: 0.13.0 | |
| - name: Run tests | |
| if: matrix.goos == 'darwin' && matrix.goarch == 'arm64' | |
| env: | |
| CGO_ENABLED: '1' | |
| run: go test ./... -v -count=1 | |
| - name: Build (native) | |
| if: matrix.cc == '' | |
| env: | |
| CGO_ENABLED: '1' | |
| GOOS: ${{ matrix.goos }} | |
| GOARCH: ${{ matrix.goarch }} | |
| run: | | |
| go build -ldflags "-s -w -X main.Version=${{ github.ref_name }}" \ | |
| -o build/same-${{ matrix.suffix }} ./cmd/same | |
| - name: Build (zig cross-compile) | |
| if: matrix.cc == 'zig' | |
| env: | |
| CGO_ENABLED: '1' | |
| GOOS: ${{ matrix.goos }} | |
| GOARCH: ${{ matrix.goarch }} | |
| CC: "zig cc -target ${{ matrix.zig_target }}" | |
| CXX: "zig c++ -target ${{ matrix.zig_target }}" | |
| CGO_CFLAGS: "-I${{ github.workspace }}/cgo-headers -fno-sanitize=undefined" | |
| run: | | |
| go build -ldflags "-s -w -X main.Version=${{ github.ref_name }}" \ | |
| -o build/same-${{ matrix.suffix }} ./cmd/same | |
| - name: Upload artifact | |
| uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 | |
| with: | |
| name: same-${{ matrix.suffix }} | |
| path: build/same-${{ matrix.suffix }} | |
| release: | |
| needs: build | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Download all artifacts | |
| uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8 | |
| with: | |
| path: artifacts | |
| - name: Generate SHA256 checksums | |
| run: | | |
| cd artifacts | |
| sha256sum \ | |
| same-darwin-arm64/same-darwin-arm64 \ | |
| same-linux-amd64/same-linux-amd64 \ | |
| same-linux-arm64/same-linux-arm64 \ | |
| same-windows-amd64.exe/same-windows-amd64.exe \ | |
| same-windows-arm64.exe/same-windows-arm64.exe \ | |
| | sed 's|[^ ]*/||' > sha256sums.txt | |
| - name: Create GitHub Release | |
| uses: softprops/action-gh-release@a06a81a03ee405af7f2048a818ed3f03bbf83c7b # v2 | |
| with: | |
| generate_release_notes: true | |
| files: | | |
| artifacts/same-darwin-arm64/same-darwin-arm64 | |
| artifacts/same-linux-amd64/same-linux-amd64 | |
| artifacts/same-linux-arm64/same-linux-arm64 | |
| artifacts/same-windows-amd64.exe/same-windows-amd64.exe | |
| artifacts/same-windows-arm64.exe/same-windows-arm64.exe | |
| artifacts/sha256sums.txt | |
| npm-publish: | |
| needs: release | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 | |
| - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6 | |
| with: | |
| node-version: '22' | |
| registry-url: 'https://registry.npmjs.org' | |
| - name: Verify version match | |
| run: | | |
| MAKE_VERSION=$(grep '^VERSION' Makefile | head -1 | awk '{print $NF}') | |
| NPM_VERSION=$(node -p "require('./npm/package.json').version") | |
| TAG_VERSION="${GITHUB_REF_NAME#v}" | |
| if [ "$MAKE_VERSION" != "$NPM_VERSION" ]; then | |
| echo "Version mismatch: Makefile=$MAKE_VERSION npm=$NPM_VERSION" | |
| exit 1 | |
| fi | |
| if [ "$TAG_VERSION" != "$NPM_VERSION" ]; then | |
| echo "Tag version $TAG_VERSION does not match npm version $NPM_VERSION" | |
| exit 1 | |
| fi | |
| echo "Version match: $MAKE_VERSION (tag: $GITHUB_REF_NAME)" | |
| - name: Publish to npm | |
| env: | |
| NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} | |
| working-directory: npm | |
| run: | | |
| PKG_NAME=$(node -p "require('./package.json').name") | |
| PKG_VER=$(node -p "require('./package.json').version") | |
| if npm view "${PKG_NAME}@${PKG_VER}" version 2>/dev/null; then | |
| echo "::notice::Version ${PKG_VER} already published to npm — skipping" | |
| exit 0 | |
| fi | |
| # Attempt publish; handle expected failures gracefully (e.g., npm org | |
| # not yet created, 2FA required, token permissions). | |
| if npm publish --access public 2>&1; then | |
| echo "::notice::Published ${PKG_NAME}@${PKG_VER} to npm" | |
| else | |
| echo "::warning::npm publish failed — this is non-blocking. Publish manually: cd npm && npm publish --access public --auth-type=web" | |
| exit 0 | |
| fi | |
| mcp-registry-publish: | |
| needs: npm-publish | |
| runs-on: ubuntu-latest | |
| permissions: | |
| id-token: write | |
| contents: read | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 | |
| - name: Sync server.json version with tag | |
| run: | | |
| VERSION="${GITHUB_REF_NAME#v}" | |
| jq --arg v "$VERSION" ' | |
| .version = $v | | |
| .packages[0].version = $v | |
| ' server.json > server.tmp && mv server.tmp server.json | |
| echo "Updated server.json to version $VERSION" | |
| cat server.json | |
| - name: Validate server.json against MCP schema | |
| run: | | |
| npm install -g ajv-cli ajv-formats | |
| curl -sL "https://static.modelcontextprotocol.io/schemas/2025-12-11/server.schema.json" -o /tmp/server.schema.json | |
| ajv validate -s /tmp/server.schema.json -d server.json --strict=false | |
| echo "✓ server.json is valid" | |
| - name: Install mcp-publisher | |
| run: | | |
| curl -L "https://github.com/modelcontextprotocol/registry/releases/latest/download/mcp-publisher_$(uname -s | tr '[:upper:]' '[:lower:]')_$(uname -m | sed 's/x86_64/amd64/;s/aarch64/arm64/').tar.gz" | tar xz mcp-publisher | |
| - name: Authenticate to MCP Registry | |
| run: ./mcp-publisher login github-oidc | |
| - name: Publish to MCP Registry | |
| run: | | |
| if ./mcp-publisher publish 2>&1; then | |
| echo "::notice::Published to MCP Registry" | |
| else | |
| echo "::warning::MCP Registry publish failed — this is non-blocking. Publish manually with: mcp-publisher login github && mcp-publisher publish" | |
| exit 0 | |
| fi |