From 87506ed513a18a4aa8853366b0dd45f86a2b602d Mon Sep 17 00:00:00 2001 From: Kevin Longmuir Date: Thu, 26 Feb 2026 22:38:34 -0500 Subject: [PATCH 1/2] feat: per platform builds --- .github/workflows/manual-release.yml | 127 +++++++++++++++++++-------- 1 file changed, 88 insertions(+), 39 deletions(-) diff --git a/.github/workflows/manual-release.yml b/.github/workflows/manual-release.yml index 782ddaf2..0557ef00 100644 --- a/.github/workflows/manual-release.yml +++ b/.github/workflows/manual-release.yml @@ -40,7 +40,7 @@ jobs: elif [[ "$VERSION" == *"-next"* ]]; then echo "oclif_channel=next" >> $GITHUB_OUTPUT else - echo "oclif_channel=latest" >> $GITHUB_OUTPUT + echo "oclif_channel=stable" >> $GITHUB_OUTPUT fi outputs: version: ${{ steps.verify-version.outputs.version }} @@ -62,12 +62,21 @@ jobs: - run: npm test - run: npm run test:e2e - upload-assets: - runs-on: ubuntu-latest + build-standalone: + name: Build Standalone (${{ matrix.target }}) needs: [check-version, test] - permissions: - contents: write - id-token: write + runs-on: ${{ matrix.os }} + + strategy: + matrix: + include: + - os: ubuntu-latest + target: linux-x64 + - os: macos-latest + target: darwin-arm64 + - os: windows-latest + target: win32-x64 + steps: - uses: actions/checkout@v6 - uses: actions/setup-node@v6 @@ -79,29 +88,52 @@ jobs: - run: npm ci - run: npm run build - # Build platform-specific tarballs - - name: Install linux toolchain + - name: Pack standalone + shell: bash run: | - sudo apt update - sudo apt install nsis p7zip-full p7zip-rar -y + npx oclif pack tarballs \ + --targets=${{ matrix.target }} \ + --no-xz + + - uses: actions/upload-artifact@v4 + with: + name: standalone-${{ matrix.target }} + path: dist/*.tar.gz + + upload-and-promote: + runs-on: ubuntu-latest + needs: [check-version, build-standalone] + permissions: + contents: write + id-token: write + + steps: + - uses: actions/checkout@v6 + + - uses: actions/setup-node@v6 + with: + node-version-file: '.nvmrc' + + - uses: actions/download-artifact@v4 + with: + path: dist - - name: Build all tarballs in parallel + - name: Flatten artifacts run: | - npx oclif pack tarballs --targets=linux-x64,win32-x64,darwin-arm64 --no-xz --parallel + mkdir final-dist + find dist -name "*.tar.gz" -exec mv {} final-dist/ \; - # Create GitHub Release (draft - will be published manually from GitHub UI or CLI) - - name: Create GitHub Release + - name: Create GitHub Release (draft) run: | gh release create v${{ needs.check-version.outputs.version }} \ - --title "Release v${{ needs.check-version.outputs.version }} ${{ needs.check-version.outputs.oclif_channel == 'latest' && 'Latest' || needs.check-version.outputs.oclif_channel }}" \ + --title "Release v${{ needs.check-version.outputs.version }} ${{ needs.check-version.outputs.oclif_channel }}" \ --generate-notes \ --draft \ - --prerelease=${{ needs.check-version.outputs.oclif_channel != 'latest' }} \ - dist/*.tar.gz + --prerelease=${{ needs.check-version.outputs.oclif_channel != 'stable' }} \ + final-dist/*.tar.gz env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - # S3 Distribution - name: Configure AWS credentials uses: aws-actions/configure-aws-credentials@v5 with: @@ -109,33 +141,51 @@ jobs: role-session-name: herodevs_cli_upload aws-region: ${{ vars.AWS_REGION }} - - - name: Upload and promote to S3 + - name: Upload tarballs run: | - # Enable oclif debug logging - export DEBUG=oclif:* - - # Upload tarballs npx oclif upload tarballs \ --targets=linux-x64,win32-x64,darwin-arm64 \ --no-xz - # Get shortened SHA (first 7 characters) - SHORT_SHA=$(echo ${{ github.sha }} | cut -c1-7) - echo "Using shortened SHA: $SHORT_SHA" + - name: Promote channel + run: | + CHANNEL=${{ needs.check-version.outputs.oclif_channel }} + VERSION=${{ needs.check-version.outputs.version }} - # Promote to channel npx oclif promote \ - --channel=${{ needs.check-version.outputs.oclif_channel }} \ - --version=${{ needs.check-version.outputs.version }} \ - --sha=$SHORT_SHA \ + --channel=$CHANNEL \ + --version=$VERSION \ --indexes \ - --targets=linux-x64,win32-x64,darwin-arm64 \ - --ignore-missing + --targets=linux-x64,win32-x64,darwin-arm64 + + - name: Install jq + run: sudo apt-get update && sudo apt-get install -y jq + + - name: Verify channel pointer moved + run: | + CHANNEL=${{ needs.check-version.outputs.oclif_channel }} + VERSION=${{ needs.check-version.outputs.version }} + + echo "Verifying channel: $CHANNEL" + echo "Expecting version: $VERSION" + + MANIFEST_URL="https://end-of-life-dataset-cli-releases.s3.amazonaws.com/channels/${CHANNEL}/hd-linux-x64-buildmanifest" + + RESOLVED_VERSION=$(curl -s $MANIFEST_URL | jq -r .version) + + echo "Channel currently points to: $RESOLVED_VERSION" + + if [ "$RESOLVED_VERSION" != "$VERSION" ]; then + echo "Channel promotion failed." + echo "Expected $VERSION but channel points to $RESOLVED_VERSION" + exit 1 + fi + + echo "Channel promotion verified." npm-publish: runs-on: ubuntu-latest - needs: [check-version, test, upload-assets] + needs: [check-version, test, upload-and-promote] permissions: id-token: write steps: @@ -177,9 +227,8 @@ jobs: haskell: false docker-images: false swap-storage: false - - - name: Set up Node - uses: actions/setup-node@v6.1.0 + + - uses: actions/setup-node@v6 with: node-version-file: '.nvmrc' @@ -205,7 +254,7 @@ jobs: - uses: docker/setup-buildx-action@v3 - uses: docker/build-push-action@v6 with: - context: . + context: . file: ./ci/image.Dockerfile platforms: linux/amd64,linux/arm64 push: true @@ -214,4 +263,4 @@ jobs: cache-from: type=gha cache-to: type=gha,mode=max build-args: | - VERSION=${{ needs.check-version.outputs.version }} + VERSION=${{ needs.check-version.outputs.version }} \ No newline at end of file From 2825598870cc1d3457b0bdfd3950f4df405bbcd5 Mon Sep 17 00:00:00 2001 From: Kevin Longmuir Date: Thu, 26 Feb 2026 22:44:18 -0500 Subject: [PATCH 2/2] feat: stub out all the stuff that pushes, just test the build --- .github/workflows/manual-release.yml | 159 +++------------------------ 1 file changed, 17 insertions(+), 142 deletions(-) diff --git a/.github/workflows/manual-release.yml b/.github/workflows/manual-release.yml index 0557ef00..833978c7 100644 --- a/.github/workflows/manual-release.yml +++ b/.github/workflows/manual-release.yml @@ -6,8 +6,8 @@ env: on: push: - tags: - - v* + branches: + - fix/manual_release_per_platform permissions: contents: read @@ -21,14 +21,6 @@ jobs: node-version-file: '.nvmrc' - uses: ./.github/actions/verify-version id: verify-version - - name: Verify tag matches version - run: | - VERSION=${{ steps.verify-version.outputs.version }} - TAG_VERSION=${GITHUB_REF#refs/tags/v} - if [ "$VERSION" != "$TAG_VERSION" ]; then - echo "Error: Package version ($VERSION) does not match tag version ($TAG_VERSION)" - exit 1 - fi - name: Determine Oclif channel id: determine-oclif-channel run: | @@ -103,17 +95,8 @@ jobs: upload-and-promote: runs-on: ubuntu-latest needs: [check-version, build-standalone] - permissions: - contents: write - id-token: write steps: - - uses: actions/checkout@v6 - - - uses: actions/setup-node@v6 - with: - node-version-file: '.nvmrc' - - uses: actions/download-artifact@v4 with: path: dist @@ -123,144 +106,36 @@ jobs: mkdir final-dist find dist -name "*.tar.gz" -exec mv {} final-dist/ \; - - name: Create GitHub Release (draft) + - name: '[STUB] Create GitHub Release (draft)' run: | - gh release create v${{ needs.check-version.outputs.version }} \ - --title "Release v${{ needs.check-version.outputs.version }} ${{ needs.check-version.outputs.oclif_channel }}" \ - --generate-notes \ - --draft \ - --prerelease=${{ needs.check-version.outputs.oclif_channel != 'stable' }} \ - final-dist/*.tar.gz - env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + echo "STUB: Would create GH release v${{ needs.check-version.outputs.version }}" + ls -lh final-dist/ - - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v5 - with: - role-to-assume: ${{ vars.aws_oidc_role_arn }} - role-session-name: herodevs_cli_upload - aws-region: ${{ vars.AWS_REGION }} - - - name: Upload tarballs + - name: '[STUB] Upload tarballs to S3' run: | - npx oclif upload tarballs \ - --targets=linux-x64,win32-x64,darwin-arm64 \ - --no-xz + echo "STUB: Would upload tarballs to S3 for targets linux-x64,win32-x64,darwin-arm64" - - name: Promote channel + - name: '[STUB] Promote channel' run: | - CHANNEL=${{ needs.check-version.outputs.oclif_channel }} - VERSION=${{ needs.check-version.outputs.version }} + echo "STUB: Would promote channel=${{ needs.check-version.outputs.oclif_channel }} version=${{ needs.check-version.outputs.version }}" - npx oclif promote \ - --channel=$CHANNEL \ - --version=$VERSION \ - --indexes \ - --targets=linux-x64,win32-x64,darwin-arm64 - - - name: Install jq - run: sudo apt-get update && sudo apt-get install -y jq - - - name: Verify channel pointer moved + - name: '[STUB] Verify channel pointer' run: | - CHANNEL=${{ needs.check-version.outputs.oclif_channel }} - VERSION=${{ needs.check-version.outputs.version }} - - echo "Verifying channel: $CHANNEL" - echo "Expecting version: $VERSION" - - MANIFEST_URL="https://end-of-life-dataset-cli-releases.s3.amazonaws.com/channels/${CHANNEL}/hd-linux-x64-buildmanifest" - - RESOLVED_VERSION=$(curl -s $MANIFEST_URL | jq -r .version) - - echo "Channel currently points to: $RESOLVED_VERSION" - - if [ "$RESOLVED_VERSION" != "$VERSION" ]; then - echo "Channel promotion failed." - echo "Expected $VERSION but channel points to $RESOLVED_VERSION" - exit 1 - fi - - echo "Channel promotion verified." + echo "STUB: Would verify channel pointer for ${{ needs.check-version.outputs.oclif_channel }}" npm-publish: runs-on: ubuntu-latest needs: [check-version, test, upload-and-promote] - permissions: - id-token: write steps: - - uses: actions/checkout@v6 - - uses: actions/setup-node@v6 - with: - node-version-file: '.nvmrc' - registry-url: 'https://registry.npmjs.org' - - # Clean build for npm publishing - - run: npm ci - - run: npm run build - - # Dry run NPM publish - - name: Dry run NPM publish - run: npm publish --tag ${{ needs.check-version.outputs.oclif_channel }} --provenance --access public --dry-run - env: - NODE_AUTH_TOKEN: ${{ secrets.HD_CLI_NPM_TOKEN }} - - # NPM Release - - name: Create NPM release - run: npm publish --tag ${{ needs.check-version.outputs.oclif_channel }} --provenance --access public - env: - NODE_AUTH_TOKEN: ${{ secrets.HD_CLI_NPM_TOKEN }} + - name: '[STUB] NPM publish' + run: | + echo "STUB: Would publish to npm with tag=${{ needs.check-version.outputs.oclif_channel }}" publish-images: name: Publish Images needs: [npm-publish] runs-on: ubuntu-latest - permissions: - packages: write steps: - - uses: actions/checkout@v6 - - - uses: jlumbroso/free-disk-space@main - with: - tool-cache: true - large-packages: true - haskell: false - docker-images: false - swap-storage: false - - - uses: actions/setup-node@v6 - with: - node-version-file: '.nvmrc' - - - name: Parse tag - run: echo "VERSION=${{ github.ref_name }}" >> $GITHUB_ENV - - - uses: docker/metadata-action@v5 - id: meta - with: - images: | - name=${{ env.IMAGE_NAME }} - tags: | - type=sha,format=long - type=raw,value=latest - type=raw,value=${{ env.VERSION }} - - - uses: docker/login-action@v3 - with: - registry: ghcr.io - username: ${{ github.repository_owner }} - password: ${{ secrets.GITHUB_TOKEN }} - - - uses: docker/setup-buildx-action@v3 - - uses: docker/build-push-action@v6 - with: - context: . - file: ./ci/image.Dockerfile - platforms: linux/amd64,linux/arm64 - push: true - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} - cache-from: type=gha - cache-to: type=gha,mode=max - build-args: | - VERSION=${{ needs.check-version.outputs.version }} \ No newline at end of file + - name: '[STUB] Publish Docker images' + run: | + echo "STUB: Would build and push Docker images to ghcr.io" \ No newline at end of file