jlengrand/Maestro
1
0
Fork 0
mirror of https://github.com/jlengrand/Maestro.git synced 2026-03-10 08:31:19 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
ef3b87307184daba23aae1c7c0a71442cbb9610d
Maestro/.github/workflows/release.yml
Pedram Amini ef3b873071 do not announce rc releases
2025-12-22 18:10:58 -06:00

342 lines
12 KiB
YAML
Raw Blame History

name: Release Maestro
# This workflow is triggered only by git tags (trusted input)
# No user-controlled data is executed in shell commands
on:
push:
tags:
- 'v*.*.*' # Semantic version tags (e.g., v1.0.0)
- '20*' # Date-based tags (e.g., 2025-11-27)
workflow_dispatch:
permissions:
contents: write
jobs:
build:
strategy:
fail-fast: false
matrix:
include:
- os: macos-latest
platform: mac
arch: universal
- os: ubuntu-latest
platform: linux
arch: x64
# ARM64 Linux requires native ARM64 runner for node-pty native module
# Cross-compilation from x64 doesn't work: https://github.com/electron-userland/electron-builder/issues/7608
- os: ubuntu-24.04-arm
platform: linux-arm64
arch: arm64
- os: windows-latest
platform: win
arch: x64
runs-on: ${{ matrix.os }}
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: '20'
cache: 'npm'
# Linux x64: Install build dependencies for native modules and electron-builder
- name: Install Linux x64 build dependencies
if: matrix.platform == 'linux'
run: |
sudo apt-get update
sudo apt-get install -y libarchive-tools rpm
# Linux ARM64: Install build dependencies for native modules and electron-builder
- name: Install Linux ARM64 build dependencies
if: matrix.platform == 'linux-arm64'
run: |
sudo apt-get update
sudo apt-get install -y libarchive-tools rpm
# Windows: Setup for native module compilation
- name: Setup Windows build tools
if: matrix.platform == 'win'
uses: ilammy/msvc-dev-cmd@v1
# macOS: Setup Python 3.11 for node-gyp (Python 3.12+ removed distutils)
- name: Setup Python for node-gyp
if: matrix.platform == 'mac'
uses: actions/setup-python@v5
with:
python-version: '3.11'
# Extract version from git tag for use in build steps
- name: Set version from tag
id: version
shell: bash
env:
REF_TYPE: ${{ github.ref_type }}
REF_NAME: ${{ github.ref_name }}
run: |
if [[ "$REF_TYPE" == "tag" ]]; then
VERSION="${REF_NAME#v}"
else
VERSION=$(node -p "require('./package.json').version")
fi
echo "VERSION=$VERSION" >> $GITHUB_OUTPUT
echo "Using version: $VERSION"
# Update package.json with the release version
# This ensures CLI and other components read the correct version
- name: Update package.json version
shell: bash
env:
VERSION: ${{ steps.version.outputs.VERSION }}
run: |
node -e "
const fs = require('fs');
const pkg = JSON.parse(fs.readFileSync('package.json', 'utf8'));
pkg.version = process.env.VERSION;
fs.writeFileSync('package.json', JSON.stringify(pkg, null, 2) + '\n');
"
echo "Updated package.json to version $VERSION"
- name: Install dependencies
run: npm ci
# Rebuild native modules for the target platform
- name: Rebuild native modules
run: npm run postinstall
env:
npm_config_build_from_source: true
- name: Build application
run: npm run build
env:
VITE_APP_VERSION: ${{ steps.version.outputs.VERSION }}
# List release directory before packaging for debugging
- name: Create release directory
run: mkdir -p release
shell: bash
# Import Apple certificate for code signing
- name: Import Apple certificate
if: matrix.platform == 'mac'
env:
APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }}
APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
run: |
# Create temporary keychain
KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
KEYCHAIN_PASSWORD=$(openssl rand -base64 32)
# Create keychain
security create-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
security set-keychain-settings -lut 21600 "$KEYCHAIN_PATH"
security unlock-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
# Import certificate
echo "$APPLE_CERTIFICATE" | base64 --decode > $RUNNER_TEMP/certificate.p12
security import $RUNNER_TEMP/certificate.p12 -P "$APPLE_CERTIFICATE_PASSWORD" -A -t cert -f pkcs12 -k "$KEYCHAIN_PATH"
security list-keychain -d user -s "$KEYCHAIN_PATH"
# Allow codesign to access the key
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
- name: Package for macOS
if: matrix.platform == 'mac'
run: npx electron-builder --mac --publish never --config.extraMetadata.version=${{ steps.version.outputs.VERSION }}
env:
DEBUG: electron-builder
APPLE_ID: ${{ secrets.APPLE_ID }}
APPLE_APP_SPECIFIC_PASSWORD: ${{ secrets.APPLE_APP_SPECIFIC_PASSWORD }}
APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
- name: Package for Windows
if: matrix.platform == 'win'
shell: bash
run: npx electron-builder --win --publish never --config.extraMetadata.version=${{ steps.version.outputs.VERSION }}
env:
DEBUG: electron-builder
- name: Package for Linux x64
if: matrix.platform == 'linux'
run: npx electron-builder --linux --x64 --publish never --config.extraMetadata.version=${{ steps.version.outputs.VERSION }}
env:
DEBUG: electron-builder
# ARM64 Linux: Build on native ARM64 runner to properly compile node-pty
- name: Package for Linux ARM64
if: matrix.platform == 'linux-arm64'
run: npx electron-builder --linux --arm64 --publish never --config.extraMetadata.version=${{ steps.version.outputs.VERSION }}
env:
DEBUG: electron-builder
# List what was built for debugging
- name: List release artifacts
run: ls -la release/
shell: bash
- name: Upload macOS artifacts
if: matrix.platform == 'mac'
uses: actions/upload-artifact@v4
with:
name: maestro-macos
path: |
release/*.dmg
release/*.zip
release/*-mac.zip
release/*-mac-*.zip
release/latest-mac.yml
if-no-files-found: error
retention-days: 5
- name: Upload Windows artifacts
if: matrix.platform == 'win'
uses: actions/upload-artifact@v4
with:
name: maestro-windows
path: |
release/*.exe
release/latest.yml
if-no-files-found: error
retention-days: 5
- name: Upload Linux x64 artifacts
if: matrix.platform == 'linux'
uses: actions/upload-artifact@v4
with:
name: maestro-linux-x64
path: |
release/*.AppImage
release/*.deb
release/*.rpm
release/*.snap
release/latest-linux.yml
if-no-files-found: warn
retention-days: 5
- name: Upload Linux ARM64 artifacts
if: matrix.platform == 'linux-arm64'
uses: actions/upload-artifact@v4
with:
name: maestro-linux-arm64
path: |
release/*.AppImage
release/*.deb
release/*.rpm
release/*.snap
release/latest-linux-arm64.yml
if-no-files-found: warn
retention-days: 5
release:
needs: build
runs-on: ubuntu-latest
# Run release even if some builds failed (fail-fast: false allows partial success)
if: always() && startsWith(github.ref, 'refs/tags/') && needs.build.result != 'cancelled'
steps:
# Download each platform's artifacts separately to handle partial failures
- name: Download macOS artifacts
uses: actions/download-artifact@v4
continue-on-error: true
with:
name: maestro-macos
path: artifacts/maestro-macos
- name: Download Windows artifacts
uses: actions/download-artifact@v4
continue-on-error: true
with:
name: maestro-windows
path: artifacts/maestro-windows
- name: Download Linux x64 artifacts
uses: actions/download-artifact@v4
continue-on-error: true
with:
name: maestro-linux-x64
path: artifacts/maestro-linux-x64
- name: Download Linux ARM64 artifacts
uses: actions/download-artifact@v4
continue-on-error: true
with:
name: maestro-linux-arm64
path: artifacts/maestro-linux-arm64
- name: List downloaded artifacts
run: |
echo "Available artifacts:"
find artifacts -type f 2>/dev/null || echo "No artifacts found"
- name: Check for any artifacts
id: check_artifacts
run: |
if find artifacts -type f 2>/dev/null | grep -q .; then
echo "has_artifacts=true" >> $GITHUB_OUTPUT
else
echo "has_artifacts=false" >> $GITHUB_OUTPUT
echo "::error::No artifacts were built successfully"
exit 1
fi
- name: Create Release
id: create_release
if: steps.check_artifacts.outputs.has_artifacts == 'true'
uses: softprops/action-gh-release@v2
with:
files: |
artifacts/maestro-macos/*
artifacts/maestro-windows/*
artifacts/maestro-linux-x64/*
artifacts/maestro-linux-arm64/*
fail_on_unmatched_files: false
draft: false
prerelease: false
generate_release_notes: true
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Get release notes
if: steps.check_artifacts.outputs.has_artifacts == 'true'
id: release_notes
uses: actions/github-script@v7
with:
script: |
const release = await github.rest.repos.getReleaseByTag({
owner: context.repo.owner,
repo: context.repo.repo,
tag: context.ref.replace('refs/tags/', '')
});
// Get the release body (auto-generated notes)
let notes = release.data.body || '';
// Truncate if too long for Discord (max ~2000 chars for description)
// Leave room for the download link text
const maxLength = 1800;
if (notes.length > maxLength) {
notes = notes.substring(0, maxLength) + '...\n\n*See full changelog on GitHub*';
}
// Set output
core.setOutput('notes', notes);
- name: Notify Discord
if: steps.check_artifacts.outputs.has_artifacts == 'true' && !contains(github.ref_name, '-rc') && !contains(github.ref_name, '-RC')
uses: sarisia/actions-status-discord@v1
with:
webhook: ${{ secrets.DISCORD_WEBHOOK_URL }}
nodetail: true
title: "🎉 Maestro ${{ github.ref_name }} Released!"
description: |
${{ steps.release_notes.outputs.notes }}
**[Download & Full Changelog](${{ github.server_url }}/${{ github.repository }}/releases/tag/${{ github.ref_name }})**
url: ${{ github.server_url }}/${{ github.repository }}/releases/tag/${{ github.ref_name }}
color: 0x58B09C
Reference in New Issue View Git Blame Copy Permalink