Release #51
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| tag_name: | |
| description: "Tag name for release (optional - uses version from Cargo.toml if not specified)" | |
| required: false | |
| type: string | |
| permissions: | |
| contents: write | |
| jobs: | |
| get-version: | |
| name: Get Version | |
| runs-on: ubuntu-latest | |
| outputs: | |
| version: ${{ steps.get_version.outputs.version }} | |
| tag_name: ${{ steps.get_version.outputs.tag_name }} | |
| steps: | |
| - name: Checkout codex-acp | |
| uses: actions/checkout@v4 | |
| - name: Get version from Cargo.toml | |
| id: get_version | |
| run: | | |
| VERSION=$(grep -m1 "^version" Cargo.toml | sed 's/.*"\(.*\)".*/\1/') | |
| echo "version=$VERSION" >> $GITHUB_OUTPUT | |
| if [ -n "${{ github.event.inputs.tag_name }}" ]; then | |
| echo "tag_name=${{ github.event.inputs.tag_name }}" >> $GITHUB_OUTPUT | |
| else | |
| echo "tag_name=v$VERSION" >> $GITHUB_OUTPUT | |
| fi | |
| build: | |
| name: Build - ${{ matrix.os }} | |
| needs: get-version | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - os: macos-14 | |
| target: aarch64-apple-darwin | |
| binary_extension: "" | |
| - os: macos-14 | |
| target: x86_64-apple-darwin | |
| binary_extension: "" | |
| - os: ubuntu-22.04 | |
| target: x86_64-unknown-linux-gnu | |
| binary_extension: "" | |
| - os: ubuntu-22.04 | |
| target: x86_64-unknown-linux-musl | |
| binary_extension: "" | |
| - os: ubuntu-22.04-arm | |
| target: aarch64-unknown-linux-gnu | |
| - os: ubuntu-22.04-arm | |
| target: aarch64-unknown-linux-musl | |
| binary_extension: "" | |
| - os: windows-latest | |
| target: x86_64-pc-windows-msvc | |
| binary_extension: ".exe" | |
| - os: windows-11-arm | |
| target: aarch64-pc-windows-msvc | |
| binary_extension: ".exe" | |
| runs-on: ${{ matrix.os }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Install Rust | |
| uses: dtolnay/[email protected] | |
| with: | |
| targets: ${{ matrix.target }} | |
| - name: Cache cargo registry | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.cargo/registry | |
| key: ${{ matrix.os }}-${{ matrix.target }}-cargo-registry-${{ hashFiles('**/Cargo.lock') }} | |
| restore-keys: | | |
| ${{ matrix.os }}-${{ matrix.target }}-cargo-registry- | |
| - name: Cache cargo index | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.cargo/git | |
| key: ${{ matrix.os }}-${{ matrix.target }}-cargo-git-${{ hashFiles('**/Cargo.lock') }} | |
| restore-keys: | | |
| ${{ matrix.os }}-${{ matrix.target }}-cargo-git- | |
| - if: ${{ matrix.target == 'x86_64-unknown-linux-musl' || matrix.target == 'aarch64-unknown-linux-musl'}} | |
| name: Install musl build tools | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y musl-tools pkg-config | |
| - name: Build release binary | |
| run: cargo build --release --target ${{ matrix.target }} | |
| - name: Code sign macOS binary | |
| if: startsWith(matrix.os, 'macos') | |
| env: | |
| MACOS_CERTIFICATE: ${{ secrets.MACOS_CERTIFICATE }} | |
| MACOS_CERTIFICATE_PASSWORD: ${{ secrets.MACOS_CERTIFICATE_PASSWORD }} | |
| APPLE_NOTARIZATION_KEY: ${{ secrets.APPLE_NOTARIZATION_KEY }} | |
| APPLE_NOTARIZATION_KEY_ID: ${{ secrets.APPLE_NOTARIZATION_KEY_ID }} | |
| APPLE_NOTARIZATION_ISSUER_ID: ${{ secrets.APPLE_NOTARIZATION_ISSUER_ID }} | |
| run: | | |
| ./script/sign-mac target/${{ matrix.target }}/release/codex-acp | |
| - name: Code sign Windows binary | |
| if: startsWith(matrix.os, 'windows') | |
| env: | |
| AZURE_TENANT_ID: ${{ secrets.AZURE_SIGNING_TENANT_ID }} | |
| AZURE_CLIENT_ID: ${{ secrets.AZURE_SIGNING_CLIENT_ID }} | |
| AZURE_CLIENT_SECRET: ${{ secrets.AZURE_SIGNING_CLIENT_SECRET }} | |
| ACCOUNT_NAME: ${{ vars.AZURE_SIGNING_ACCOUNT_NAME }} | |
| CERT_PROFILE_NAME: ${{ vars.AZURE_SIGNING_CERT_PROFILE_NAME }} | |
| ENDPOINT: ${{ vars.AZURE_SIGNING_ENDPOINT }} | |
| FILE_DIGEST: SHA256 | |
| TIMESTAMP_DIGEST: SHA256 | |
| TIMESTAMP_SERVER: http://timestamp.acs.microsoft.com | |
| run: | | |
| .\script\sign-windows.ps1 target\${{ matrix.target }}\release\codex-acp.exe | |
| - name: Create archive | |
| id: create_archive | |
| shell: bash | |
| run: | | |
| BINARY_NAME="codex-acp${{ matrix.binary_extension }}" | |
| ARCHIVE_NAME="codex-acp-${{ needs.get-version.outputs.version }}-${{ matrix.target }}" | |
| cd target/${{ matrix.target }}/release | |
| if [ "${{ matrix.os }}" = "windows-latest" ] || [ "${{ matrix.os }}" = "windows-11-arm" ]; then | |
| 7z a -tzip "${ARCHIVE_NAME}.zip" "${BINARY_NAME}" | |
| echo "archive_path=${ARCHIVE_NAME}.zip" >> $GITHUB_OUTPUT | |
| echo "archive_name=${ARCHIVE_NAME}.zip" >> $GITHUB_OUTPUT | |
| mv "${ARCHIVE_NAME}.zip" ../../../ | |
| else | |
| tar czf "${ARCHIVE_NAME}.tar.gz" "${BINARY_NAME}" | |
| echo "archive_path=${ARCHIVE_NAME}.tar.gz" >> $GITHUB_OUTPUT | |
| echo "archive_name=${ARCHIVE_NAME}.tar.gz" >> $GITHUB_OUTPUT | |
| mv "${ARCHIVE_NAME}.tar.gz" ../../../ | |
| fi | |
| - name: Upload artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: ${{ steps.create_archive.outputs.archive_name }} | |
| path: ${{ steps.create_archive.outputs.archive_path }} | |
| retention-days: 1 | |
| npm-packages: | |
| name: Create NPM Packages | |
| needs: [get-version, build] | |
| runs-on: ubuntu-latest | |
| outputs: | |
| packages: ${{ steps.create_packages.outputs.packages }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v6 | |
| with: | |
| node-version: "lts/*" | |
| registry-url: "https://registry.npmjs.org" | |
| - name: Download all artifacts | |
| uses: actions/download-artifact@v5 | |
| with: | |
| path: artifacts | |
| merge-multiple: true | |
| - name: Display structure of downloaded files | |
| run: ls -la artifacts/ | |
| - name: Create platform-specific packages | |
| run: bash npm/publish/create-platform-packages.sh ./artifacts ./npm-packages ${{ needs.get-version.outputs.version }} | |
| - name: Update base package version | |
| run: bash npm/publish/update-base-package.sh ${{ needs.get-version.outputs.version }} | |
| - name: Upload NPM packages | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: npm-packages | |
| path: npm-packages/ | |
| retention-days: 1 | |
| - name: Upload base package | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: npm-base-package | |
| path: npm/ | |
| retention-days: 1 | |
| publish-npm-platform: | |
| name: Publish NPM Platform Packages | |
| needs: [get-version, npm-packages] | |
| runs-on: ubuntu-latest | |
| if: ${{ !github.event.repository.fork }} | |
| environment: release # Optional: for enhanced security | |
| permissions: | |
| contents: read | |
| id-token: write | |
| steps: | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v6 | |
| with: | |
| node-version: "lts/*" | |
| registry-url: "https://registry.npmjs.org" | |
| - name: Update npm | |
| run: npm install -g npm@latest | |
| - name: Download NPM packages | |
| uses: actions/download-artifact@v5 | |
| with: | |
| name: npm-packages | |
| path: npm-packages | |
| - name: Publish platform packages | |
| run: | | |
| for pkg in npm-packages/*; do | |
| if [ -d "$pkg" ]; then | |
| echo "Publishing $(basename $pkg)..." | |
| cd "$pkg" | |
| npm publish | |
| cd ../.. | |
| fi | |
| done | |
| publish-npm-base: | |
| name: Publish NPM Base Package | |
| needs: [get-version, npm-packages, publish-npm-platform] | |
| runs-on: ubuntu-latest | |
| if: ${{ !github.event.repository.fork }} | |
| environment: release # Optional: for enhanced security | |
| permissions: | |
| contents: read | |
| id-token: write | |
| steps: | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v6 | |
| with: | |
| node-version: "lts/*" | |
| registry-url: "https://registry.npmjs.org" | |
| - name: Update npm | |
| run: npm install -g npm@latest | |
| - name: Download base package | |
| uses: actions/download-artifact@v5 | |
| with: | |
| name: npm-base-package | |
| path: npm | |
| - name: Wait for platform packages to be available | |
| run: | | |
| echo "Waiting 30 seconds for platform packages to be available on npm..." | |
| sleep 30 | |
| - name: Publish base package | |
| run: | | |
| cd npm | |
| npm publish | |
| create-release: | |
| name: Create Release | |
| needs: [get-version, build, publish-npm-base] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Download all artifacts | |
| uses: actions/download-artifact@v5 | |
| with: | |
| path: artifacts | |
| - name: Display structure of downloaded files | |
| run: ls -la artifacts/ | |
| - name: Create Release | |
| id: create_release | |
| uses: softprops/action-gh-release@v1 | |
| with: | |
| tag_name: ${{ needs.get-version.outputs.tag_name }} | |
| name: Release ${{ needs.get-version.outputs.version }} | |
| draft: false | |
| prerelease: false | |
| generate_release_notes: true | |
| files: | | |
| artifacts/**/*.tar.gz | |
| artifacts/**/*.zip | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |