jlengrand/Maestro
1
0
Fork 0
mirror of https://github.com/jlengrand/Maestro.git synced 2026-03-10 08:31:19 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
dbc2885ec4d2dbecc5f4441f976f86c9024ee550
Maestro/.github/workflows/release.yml
Pedram Amini dbc2885ec4 ## CHANGES 
- Added automatic post-release docs sync, committing updated release notes to repo 📝
- Introduced `scripts/sync-release-notes.mjs` generating docs from GitHub releases via `gh` 🔄
- Published new `docs/releases.md` page with full versioned release history 📚
- Exposed Release Notes in Mintlify navigation under Reference docs section 🧭
- Strengthened Linux x64 packaging checks to hard-fail native arch mismatches 🛡️
- Expanded CI verification to include `better_sqlite3.node` alongside `pty.node` 🧩
2025-12-29 10:37:49 -06:00

665 lines
25 KiB
YAML
Raw Blame History

name: Release Maestro
# This workflow is triggered only by git tags (trusted input)
# No user-controlled data is executed in shell commands
on:
push:
tags:
- 'v*.*.*' # Semantic version tags (e.g., v1.0.0)
- '20*' # Date-based tags (e.g., 2025-11-27)
workflow_dispatch:
permissions:
contents: write
jobs:
build:
strategy:
fail-fast: false
matrix:
include:
- os: macos-latest
platform: mac
arch: universal
- os: ubuntu-latest
platform: linux
arch: x64
# ARM64 Linux requires native ARM64 runner for node-pty native module
# Cross-compilation from x64 doesn't work: https://github.com/electron-userland/electron-builder/issues/7608
- os: ubuntu-24.04-arm
platform: linux-arm64
arch: arm64
- os: windows-latest
platform: win
arch: x64
runs-on: ${{ matrix.os }}
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: '20'
cache: 'npm'
# Linux x64: Install build dependencies for native modules and electron-builder
# Requires build-essential for compiling node-pty native module
- name: Install Linux x64 build dependencies
if: matrix.platform == 'linux'
run: |
sudo apt-get update
sudo apt-get install -y libarchive-tools rpm build-essential
# Linux ARM64: Install build dependencies for native modules and electron-builder
# Requires build-essential for compiling node-pty native module
# Ruby and fpm are needed because the bundled fpm is x86-only and won't run on ARM64
- name: Install Linux ARM64 build dependencies
if: matrix.platform == 'linux-arm64'
run: |
sudo apt-get update
sudo apt-get install -y libarchive-tools rpm build-essential ruby ruby-dev rubygems
sudo gem install --no-document fpm
# Linux x64: Setup Python 3.11 for node-gyp (Python 3.12+ removed distutils)
- name: Setup Python for node-gyp (Linux x64)
if: matrix.platform == 'linux'
uses: actions/setup-python@v5
with:
python-version: '3.11'
# Linux ARM64: Setup Python 3.11 for node-gyp (Python 3.12+ removed distutils)
- name: Setup Python for node-gyp (Linux ARM64)
if: matrix.platform == 'linux-arm64'
uses: actions/setup-python@v5
with:
python-version: '3.11'
# Windows: Setup for native module compilation
- name: Setup Windows build tools
if: matrix.platform == 'win'
uses: ilammy/msvc-dev-cmd@v1
# macOS: Setup Python 3.11 for node-gyp (Python 3.12+ removed distutils)
- name: Setup Python for node-gyp
if: matrix.platform == 'mac'
uses: actions/setup-python@v5
with:
python-version: '3.11'
# Extract version from git tag for use in build steps
- name: Set version from tag
id: version
shell: bash
env:
REF_TYPE: ${{ github.ref_type }}
REF_NAME: ${{ github.ref_name }}
run: |
if [[ "$REF_TYPE" == "tag" ]]; then
VERSION="${REF_NAME#v}"
else
VERSION=$(node -p "require('./package.json').version")
fi
echo "VERSION=$VERSION" >> $GITHUB_OUTPUT
echo "Using version: $VERSION"
# Update package.json with the release version
# This ensures CLI and other components read the correct version
- name: Update package.json version
shell: bash
env:
VERSION: ${{ steps.version.outputs.VERSION }}
run: |
node -e "
const fs = require('fs');
const pkg = JSON.parse(fs.readFileSync('package.json', 'utf8'));
pkg.version = process.env.VERSION;
fs.writeFileSync('package.json', JSON.stringify(pkg, null, 2) + '\n');
"
echo "Updated package.json to version $VERSION"
- name: Install dependencies
run: npm ci
# Rebuild native modules for the target platform
- name: Rebuild native modules
run: npm run postinstall
env:
npm_config_build_from_source: true
# Verify native module architecture (Linux x64)
- name: Verify node-pty architecture (Linux x64)
if: matrix.platform == 'linux'
run: |
echo "Checking node-pty binary architecture..."
PTY_PATH=$(find node_modules/node-pty -name "pty.node" -type f 2>/dev/null | head -1)
if [ -n "$PTY_PATH" ]; then
file "$PTY_PATH"
# Verify it's x64, not ARM64
if file "$PTY_PATH" | grep -q "x86-64\|x86_64\|AMD64"; then
echo "✓ node-pty is correctly built for x64"
else
echo "✗ ERROR: node-pty is NOT built for x64!"
file "$PTY_PATH"
exit 1
fi
else
echo "✗ ERROR: node-pty binary not found!"
exit 1
fi
# Verify native module architecture (Linux ARM64)
- name: Verify node-pty architecture (Linux ARM64)
if: matrix.platform == 'linux-arm64'
run: |
echo "Checking node-pty binary architecture..."
PTY_PATH=$(find node_modules/node-pty -name "pty.node" -type f 2>/dev/null | head -1)
if [ -n "$PTY_PATH" ]; then
file "$PTY_PATH"
# Verify it's ARM64, not x86_64
if file "$PTY_PATH" | grep -q "ARM aarch64\|aarch64"; then
echo "✓ node-pty is correctly built for ARM64"
else
echo "✗ ERROR: node-pty is NOT built for ARM64!"
file "$PTY_PATH"
exit 1
fi
else
echo "✗ ERROR: node-pty binary not found!"
exit 1
fi
# Verify better-sqlite3 architecture (Linux ARM64 only)
- name: Verify better-sqlite3 architecture
if: matrix.platform == 'linux-arm64'
run: |
echo "Checking better-sqlite3 binary architecture..."
SQLITE_PATH=$(find node_modules/better-sqlite3 -name "better_sqlite3.node" -type f 2>/dev/null | head -1)
if [ -n "$SQLITE_PATH" ]; then
file "$SQLITE_PATH"
# Verify it's ARM64, not x86_64
if file "$SQLITE_PATH" | grep -q "ARM aarch64\|aarch64"; then
echo "✓ better-sqlite3 is correctly built for ARM64"
else
echo "✗ ERROR: better-sqlite3 is NOT built for ARM64!"
file "$SQLITE_PATH"
exit 1
fi
else
echo "✗ ERROR: better-sqlite3 binary not found!"
exit 1
fi
- name: Build application
run: npm run build
env:
VITE_APP_VERSION: ${{ steps.version.outputs.VERSION }}
# List release directory before packaging for debugging
- name: Create release directory
run: mkdir -p release
shell: bash
# Import Apple certificate for code signing
- name: Import Apple certificate
if: matrix.platform == 'mac'
env:
APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }}
APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
run: |
# Create temporary keychain
KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
KEYCHAIN_PASSWORD=$(openssl rand -base64 32)
# Create keychain
security create-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
security set-keychain-settings -lut 21600 "$KEYCHAIN_PATH"
security unlock-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
# Import certificate
echo "$APPLE_CERTIFICATE" | base64 --decode > $RUNNER_TEMP/certificate.p12
security import $RUNNER_TEMP/certificate.p12 -P "$APPLE_CERTIFICATE_PASSWORD" -A -t cert -f pkcs12 -k "$KEYCHAIN_PATH"
security list-keychain -d user -s "$KEYCHAIN_PATH"
# Allow codesign to access the key
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
- name: Package for macOS
if: matrix.platform == 'mac'
run: npx electron-builder --mac --publish never --config.extraMetadata.version=${{ steps.version.outputs.VERSION }}
env:
DEBUG: electron-builder
APPLE_ID: ${{ secrets.APPLE_ID }}
APPLE_APP_SPECIFIC_PASSWORD: ${{ secrets.APPLE_APP_SPECIFIC_PASSWORD }}
APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
- name: Package for Windows
if: matrix.platform == 'win'
shell: bash
run: npx electron-builder --win --publish never --config.extraMetadata.version=${{ steps.version.outputs.VERSION }}
env:
DEBUG: electron-builder
# Linux x64: Explicitly rebuild native modules before packaging
# The npmRebuild: false in package.json prevents electron-builder from re-running
# npm rebuild during packaging, so we ensure correct binaries are in place first
- name: Package for Linux x64
if: matrix.platform == 'linux'
env:
DEBUG: electron-builder
npm_config_arch: x64
npm_config_target_arch: x64
BUILD_VERSION: ${{ steps.version.outputs.VERSION }}
run: |
# Explicitly rebuild native modules for x64 architecture
echo "Rebuilding native modules for x64..."
npx electron-rebuild --arch=x64 --force
# Verify node-pty binary was built correctly for x64 before packaging
echo "Verifying node-pty binary architecture before packaging..."
PTY_PATH=$(find node_modules/node-pty -name "pty.node" -type f 2>/dev/null | head -1)
if [ -n "$PTY_PATH" ]; then
echo "Found pty.node at: $PTY_PATH"
file "$PTY_PATH"
if file "$PTY_PATH" | grep -q "x86-64\|x86_64\|AMD64"; then
echo "✓ node-pty is correctly built for x64"
else
echo "✗ ERROR: node-pty is NOT built for x64!"
exit 1
fi
else
echo "✗ ERROR: node-pty binary not found!"
exit 1
fi
# Verify better-sqlite3 binary was built correctly for x64 before packaging
echo "Verifying better-sqlite3 binary architecture before packaging..."
SQLITE_PATH=$(find node_modules/better-sqlite3 -name "better_sqlite3.node" -type f 2>/dev/null | head -1)
if [ -n "$SQLITE_PATH" ]; then
echo "Found better_sqlite3.node at: $SQLITE_PATH"
file "$SQLITE_PATH"
if file "$SQLITE_PATH" | grep -q "x86-64\|x86_64\|AMD64"; then
echo "✓ better-sqlite3 is correctly built for x64"
else
echo "✗ ERROR: better-sqlite3 is NOT built for x64!"
exit 1
fi
else
echo "✗ ERROR: better-sqlite3 binary not found!"
exit 1
fi
# Package with x64 target
npx electron-builder --linux --x64 --publish never --config.extraMetadata.version="$BUILD_VERSION"
# ARM64 Linux: Build on native ARM64 runner to properly compile node-pty
# Critical: Explicitly rebuild native modules for ARM64 before packaging
# The npmRebuild: false in package.json prevents electron-builder from re-running
# npm rebuild with x86_64 flags (-m64) that would corrupt the ARM64 binaries
- name: Package for Linux ARM64
if: matrix.platform == 'linux-arm64'
env:
DEBUG: electron-builder
npm_config_arch: arm64
npm_config_target_arch: arm64
USE_SYSTEM_FPM: "true"
BUILD_VERSION: ${{ steps.version.outputs.VERSION }}
run: |
# Explicitly rebuild native modules for ARM64 architecture
# This ensures node-pty is correctly compiled before packaging
echo "Rebuilding native modules for ARM64..."
npx electron-rebuild --arch=arm64 --force
# Verify node-pty binary was built correctly for ARM64 before packaging
echo "Verifying node-pty binary architecture before packaging..."
PTY_PATH=$(find node_modules/node-pty -name "pty.node" -type f 2>/dev/null | head -1)
if [ -n "$PTY_PATH" ]; then
echo "Found pty.node at: $PTY_PATH"
file "$PTY_PATH"
if file "$PTY_PATH" | grep -q "ARM\|aarch64"; then
echo "✓ node-pty is correctly built for ARM64"
else
echo "✗ ERROR: node-pty is NOT built for ARM64!"
exit 1
fi
else
echo "✗ ERROR: node-pty binary not found!"
exit 1
fi
# Verify better-sqlite3 binary was built correctly for ARM64 before packaging
echo "Verifying better-sqlite3 binary architecture before packaging..."
SQLITE_PATH=$(find node_modules/better-sqlite3 -name "better_sqlite3.node" -type f 2>/dev/null | head -1)
if [ -n "$SQLITE_PATH" ]; then
echo "Found better_sqlite3.node at: $SQLITE_PATH"
file "$SQLITE_PATH"
if file "$SQLITE_PATH" | grep -q "ARM\|aarch64"; then
echo "✓ better-sqlite3 is correctly built for ARM64"
else
echo "✗ ERROR: better-sqlite3 is NOT built for ARM64!"
exit 1
fi
else
echo "✗ ERROR: better-sqlite3 binary not found!"
exit 1
fi
# Package with ARM64 target
npx electron-builder --linux --arm64 --publish never --config.extraMetadata.version="$BUILD_VERSION"
# Verify native modules are correctly included in unpacked resources (Linux x64)
- name: Verify native modules in package (Linux x64)
if: matrix.platform == 'linux'
run: |
UNPACKED_DIR="release/linux-unpacked/resources/app.asar.unpacked"
# Verify pty.node
echo "Checking for pty.node in unpacked resources..."
PTY_NODE="$UNPACKED_DIR/node_modules/node-pty/build/Release/pty.node"
if [ -f "$PTY_NODE" ]; then
echo "✓ pty.node found at: $PTY_NODE"
file "$PTY_NODE"
ls -la "$PTY_NODE"
# Double-check architecture - FAIL if wrong architecture
if file "$PTY_NODE" | grep -q "x86-64\|x86_64\|AMD64"; then
echo "✓ Architecture verified: x64"
else
echo "✗ ERROR: Architecture mismatch in packaged pty.node!"
file "$PTY_NODE"
exit 1
fi
else
echo "✗ ERROR: pty.node not found in unpacked resources!"
echo "Contents of app.asar.unpacked:"
find "$UNPACKED_DIR" -name "*.node" -o -name "pty*" 2>/dev/null || echo "Directory not found"
exit 1
fi
# Verify better_sqlite3.node
echo "Checking for better_sqlite3.node in unpacked resources..."
SQLITE_NODE="$UNPACKED_DIR/node_modules/better-sqlite3/build/Release/better_sqlite3.node"
if [ -f "$SQLITE_NODE" ]; then
echo "✓ better_sqlite3.node found at: $SQLITE_NODE"
file "$SQLITE_NODE"
ls -la "$SQLITE_NODE"
# Double-check architecture - FAIL if wrong architecture
if file "$SQLITE_NODE" | grep -q "x86-64\|x86_64\|AMD64"; then
echo "✓ Architecture verified: x64"
else
echo "✗ ERROR: Architecture mismatch in packaged better_sqlite3.node!"
file "$SQLITE_NODE"
exit 1
fi
else
echo "✗ ERROR: better_sqlite3.node not found in unpacked resources!"
echo "Contents of app.asar.unpacked:"
find "$UNPACKED_DIR" -name "*.node" 2>/dev/null || echo "Directory not found"
exit 1
fi
# Verify native modules are correctly included in unpacked resources (Linux ARM64)
- name: Verify native modules in package (Linux ARM64)
if: matrix.platform == 'linux-arm64'
run: |
UNPACKED_DIR="release/linux-arm64-unpacked/resources/app.asar.unpacked"
# Verify pty.node
echo "Checking for pty.node in unpacked resources..."
PTY_NODE="$UNPACKED_DIR/node_modules/node-pty/build/Release/pty.node"
if [ -f "$PTY_NODE" ]; then
echo "✓ pty.node found at: $PTY_NODE"
file "$PTY_NODE"
ls -la "$PTY_NODE"
# Double-check architecture
if file "$PTY_NODE" | grep -q "ARM\|aarch64"; then
echo "✓ Architecture verified: ARM64"
else
echo "✗ WARNING: Architecture mismatch in packaged binary!"
file "$PTY_NODE"
fi
else
echo "✗ ERROR: pty.node not found in unpacked resources!"
echo "Contents of app.asar.unpacked:"
find "$UNPACKED_DIR" -name "*.node" 2>/dev/null || echo "Directory not found"
exit 1
fi
# Verify better_sqlite3.node
echo "Checking for better_sqlite3.node in unpacked resources..."
SQLITE_NODE="$UNPACKED_DIR/node_modules/better-sqlite3/build/Release/better_sqlite3.node"
if [ -f "$SQLITE_NODE" ]; then
echo "✓ better_sqlite3.node found at: $SQLITE_NODE"
file "$SQLITE_NODE"
ls -la "$SQLITE_NODE"
else
echo "✗ ERROR: better_sqlite3.node not found in unpacked resources!"
echo "Contents of app.asar.unpacked:"
find "$UNPACKED_DIR" -name "*.node" 2>/dev/null || echo "Directory not found"
exit 1
fi
# List what was built for debugging
- name: List release artifacts
run: ls -la release/
shell: bash
- name: Upload macOS artifacts
if: matrix.platform == 'mac'
uses: actions/upload-artifact@v4
with:
name: maestro-macos
path: |
release/*.dmg
release/*.zip
release/*-mac.zip
release/*-mac-*.zip
release/latest-mac.yml
if-no-files-found: error
retention-days: 5
- name: Upload Windows artifacts
if: matrix.platform == 'win'
uses: actions/upload-artifact@v4
with:
name: maestro-windows
path: |
release/*.exe
release/latest.yml
if-no-files-found: error
retention-days: 5
- name: Upload Linux x64 artifacts
if: matrix.platform == 'linux'
uses: actions/upload-artifact@v4
with:
name: maestro-linux-x64
path: |
release/*.AppImage
release/*.deb
release/*.rpm
release/*.snap
release/latest-linux.yml
if-no-files-found: warn
retention-days: 5
- name: Upload Linux ARM64 artifacts
if: matrix.platform == 'linux-arm64'
uses: actions/upload-artifact@v4
with:
name: maestro-linux-arm64
path: |
release/*.AppImage
release/*.deb
release/*.rpm
release/*.snap
release/latest-linux-arm64.yml
if-no-files-found: warn
retention-days: 5
release:
needs: build
runs-on: ubuntu-latest
# Run release even if some builds failed (fail-fast: false allows partial success)
if: always() && startsWith(github.ref, 'refs/tags/') && needs.build.result != 'cancelled'
steps:
# Download each platform's artifacts separately to handle partial failures
- name: Download macOS artifacts
uses: actions/download-artifact@v4
continue-on-error: true
with:
name: maestro-macos
path: artifacts/maestro-macos
- name: Download Windows artifacts
uses: actions/download-artifact@v4
continue-on-error: true
with:
name: maestro-windows
path: artifacts/maestro-windows
- name: Download Linux x64 artifacts
uses: actions/download-artifact@v4
continue-on-error: true
with:
name: maestro-linux-x64
path: artifacts/maestro-linux-x64
- name: Download Linux ARM64 artifacts
uses: actions/download-artifact@v4
continue-on-error: true
with:
name: maestro-linux-arm64
path: artifacts/maestro-linux-arm64
- name: List downloaded artifacts
run: |
echo "Available artifacts:"
find artifacts -type f 2>/dev/null || echo "No artifacts found"
# Deduplicate artifacts to prevent race conditions when uploading
# Files with the same name from different platform builds are consolidated
- name: Deduplicate artifacts
run: |
mkdir -p artifacts/release
# Copy all artifacts to a single directory, letting later copies overwrite
# This handles cases where both Linux builds produce the same file
for dir in artifacts/maestro-macos artifacts/maestro-windows artifacts/maestro-linux-x64 artifacts/maestro-linux-arm64; do
if [ -d "$dir" ]; then
echo "Processing $dir..."
cp -v "$dir"/* artifacts/release/ 2>/dev/null || true
fi
done
echo ""
echo "Final deduplicated artifacts:"
ls -la artifacts/release/ 2>/dev/null || echo "No artifacts"
- name: Check for any artifacts
id: check_artifacts
run: |
if find artifacts -type f 2>/dev/null | grep -q .; then
echo "has_artifacts=true" >> $GITHUB_OUTPUT
else
echo "has_artifacts=false" >> $GITHUB_OUTPUT
echo "::error::No artifacts were built successfully"
exit 1
fi
- name: Create Release
id: create_release
if: steps.check_artifacts.outputs.has_artifacts == 'true'
uses: softprops/action-gh-release@v2
with:
files: artifacts/release/*
fail_on_unmatched_files: false
draft: false
prerelease: false
generate_release_notes: true
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Get release notes
if: steps.check_artifacts.outputs.has_artifacts == 'true'
id: release_notes
uses: actions/github-script@v7
with:
script: |
const release = await github.rest.repos.getReleaseByTag({
owner: context.repo.owner,
repo: context.repo.repo,
tag: context.ref.replace('refs/tags/', '')
});
// Get the release body (auto-generated notes)
let notes = release.data.body || '';
// Truncate if too long for Discord (max ~2000 chars for description)
// Leave room for the download link text
const maxLength = 1800;
if (notes.length > maxLength) {
notes = notes.substring(0, maxLength) + '...\n\n*See full changelog on GitHub*';
}
// Set output
core.setOutput('notes', notes);
- name: Notify Discord
if: steps.check_artifacts.outputs.has_artifacts == 'true' && !contains(github.ref_name, '-rc') && !contains(github.ref_name, '-RC')
uses: sarisia/actions-status-discord@v1
with:
webhook: ${{ secrets.DISCORD_WEBHOOK_URL }}
nodetail: true
title: "🎉 Maestro ${{ github.ref_name }} Released!"
description: |
${{ steps.release_notes.outputs.notes }}
**[Download & Full Changelog](${{ github.server_url }}/${{ github.repository }}/releases/tag/${{ github.ref_name }})**
url: ${{ github.server_url }}/${{ github.repository }}/releases/tag/${{ github.ref_name }}
color: 0x58B09C
# Sync release notes to docs after release is published
sync-docs:
needs: release
runs-on: ubuntu-latest
if: always() && needs.release.result == 'success'
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
token: ${{ secrets.GITHUB_TOKEN }}
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: '20'
- name: Sync release notes to docs
run: node scripts/sync-release-notes.mjs
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Check for changes
id: changes
run: |
if git diff --quiet docs/releases.md; then
echo "changed=false" >> $GITHUB_OUTPUT
else
echo "changed=true" >> $GITHUB_OUTPUT
fi
- name: Commit and push docs update
if: steps.changes.outputs.changed == 'true'
env:
TAG_NAME: ${{ github.ref_name }}
run: |
git config user.name "github-actions[bot]"
git config user.email "github-actions[bot]@users.noreply.github.com"
git add docs/releases.md
git commit -m "docs: sync release notes for ${TAG_NAME}"
git push
Reference in New Issue View Git Blame Copy Permalink