zeroclaw/.github/workflows/release-stable-manual.yml at 7c25c5d9b6aed26f690ef65fe3e6387c1ddc5242 · zeroclaw-labs/zeroclaw · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
name: Release Stable

on:
  workflow_dispatch:
    inputs:
      version:
        description: "Stable version to release (e.g. 0.2.0)"
        required: true
        type: string

concurrency:
  group: promote-release
  cancel-in-progress: false

permissions:
  contents: read

env:
  CARGO_TERM_COLOR: always
  REGISTRY: ghcr.io
  IMAGE_NAME: ${{ github.repository }}

jobs:
  validate:
    name: Validate Version
    runs-on: ubuntu-latest
    outputs:
      tag: ${{ steps.check.outputs.tag }}
    steps:
      - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
      - name: Validate semver and Cargo.toml match
        id: check
        shell: bash
        run: |
          set -euo pipefail
          input_version="${{ inputs.version }}"
          cargo_version=$(sed -n 's/^version = "\([^"]*\)"/\1/p' Cargo.toml | head -1)

          if [[ ! "$input_version" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
            echo "::error::Version must be semver (X.Y.Z). Got: ${input_version}"
            exit 1
          fi

          if [[ "$cargo_version" != "$input_version" ]]; then
            echo "::error::Cargo.toml version (${cargo_version}) does not match input (${input_version}). Bump Cargo.toml first."
            exit 1
          fi

          tag="v${input_version}"
          if git ls-remote --exit-code --tags origin "refs/tags/${tag}" >/dev/null 2>&1; then
            echo "::error::Tag ${tag} already exists."
            exit 1
          fi

          echo "tag=${tag}" >> "$GITHUB_OUTPUT"

  web:
    name: Build Web Dashboard
    runs-on: ubuntu-latest
    timeout-minutes: 10
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-node@v4
        with:
          node-version: 22
          cache: npm
          cache-dependency-path: web/package-lock.json
      - name: Build web dashboard
        run: cd web && npm ci && npm run build
      - uses: actions/upload-artifact@v4
        with:
          name: web-dist
          path: web/dist/
          retention-days: 1

  build:
    name: Build ${{ matrix.target }}
    needs: [validate, web]
    runs-on: ${{ matrix.os }}
    timeout-minutes: 40
    strategy:
      fail-fast: false
      matrix:
        include:
          - os: ubuntu-latest
            target: x86_64-unknown-linux-gnu
            artifact: zeroclaw
            ext: tar.gz
          - os: ubuntu-latest
            target: aarch64-unknown-linux-gnu
            artifact: zeroclaw
            ext: tar.gz
            cross_compiler: gcc-aarch64-linux-gnu
            linker_env: CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER
            linker: aarch64-linux-gnu-gcc
          - os: ubuntu-latest
            target: aarch64-unknown-linux-musl
            artifact: zeroclaw
            ext: tar.gz
            use_zigbuild: true
          - os: macos-14
            target: aarch64-apple-darwin
            artifact: zeroclaw
            ext: tar.gz
          - os: windows-latest
            target: x86_64-pc-windows-msvc
            artifact: zeroclaw.exe
            ext: zip
    steps:
      - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
      - uses: dtolnay/rust-toolchain@631a55b12751854ce901bb631d5902ceb48146f7 # stable
        with:
          toolchain: 1.92.0
          targets: ${{ matrix.target }}
      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2
        if: runner.os != 'Windows'

      - uses: actions/download-artifact@v4
        with:
          name: web-dist
          path: web/dist/

      - name: Install cross compiler
        if: matrix.cross_compiler
        run: |
          sudo apt-get update -qq
          sudo apt-get install -y ${{ matrix.cross_compiler }}

      - name: Install cargo-zigbuild
        if: matrix.use_zigbuild
        run: |
          pip3 install ziglang==0.15.2
          cargo install cargo-zigbuild --version 0.22.1

      - name: Build release
        shell: bash
        run: |
          if [ "${{ matrix.use_zigbuild || '' }}" = "true" ]; then
            cargo zigbuild --release --locked --target ${{ matrix.target }}
          else
            if [ -n "${{ matrix.linker_env || '' }}" ] && [ -n "${{ matrix.linker || '' }}" ]; then
              export "${{ matrix.linker_env }}=${{ matrix.linker }}"
            fi
            cargo build --release --locked --target ${{ matrix.target }}
          fi

      - name: Package (Unix)
        if: runner.os != 'Windows'
        run: |
          cd target/${{ matrix.target }}/release
          tar czf ../../../zeroclaw-${{ matrix.target }}.${{ matrix.ext }} ${{ matrix.artifact }}

      - name: Package (Windows)
        if: runner.os == 'Windows'
        run: |
          cd target/${{ matrix.target }}/release
          7z a ../../../zeroclaw-${{ matrix.target }}.${{ matrix.ext }} ${{ matrix.artifact }}

      - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4
        with:
          name: zeroclaw-${{ matrix.target }}
          path: zeroclaw-${{ matrix.target }}.${{ matrix.ext }}
          retention-days: 14

  publish:
    name: Publish Stable Release
    needs: [validate, build]
    runs-on: ubuntu-latest
    permissions:
      contents: write
    steps:
      - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4

      - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4
        with:
          path: artifacts

      - name: Generate checksums
        run: |
          cd artifacts
          find . -type f \( -name '*.tar.gz' -o -name '*.zip' \) -exec sha256sum {} + | sed 's|  \./[^/]*/|  |' > SHA256SUMS
          cat SHA256SUMS

      - name: Create GitHub Release
        uses: softprops/action-gh-release@a06a81a03ee405af7f2048a818ed3f03bbf83c7b # v2
        with:
          tag_name: ${{ needs.validate.outputs.tag }}
          name: ${{ needs.validate.outputs.tag }}
          prerelease: false
          generate_release_notes: true
          files: |
            artifacts/**/*
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

  docker:
    name: Push Docker Image
    needs: [validate, build]
    runs-on: ubuntu-latest
    timeout-minutes: 30
    permissions:
      contents: read
      packages: write
    steps:
      - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4

      - uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3

      - uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3
        with:
          registry: ${{ env.REGISTRY }}
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Build and push
        uses: docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 # v6
        with:
          context: .
          push: true
          tags: |
            ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ needs.validate.outputs.tag }}
            ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest
          platforms: linux/amd64,linux/arm64
          cache-from: type=gha
          cache-to: type=gha,mode=max