-
Notifications
You must be signed in to change notification settings - Fork 0
241 lines (222 loc) · 8.12 KB
/
Copy pathrelease.yml
File metadata and controls
241 lines (222 loc) · 8.12 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
name: Release
on:
push:
tags: ["v*"]
workflow_dispatch:
inputs:
tag:
description: "Release tag, for example v1.5.1"
required: true
permissions:
contents: read
jobs:
test:
runs-on: windows-latest
steps:
- uses: actions/checkout@v7
with:
ref: ${{ github.event.inputs.tag || github.ref }}
- uses: actions/setup-node@v6
with:
node-version: "22"
- uses: dtolnay/rust-toolchain@1.85.0
with:
targets: x86_64-pc-windows-msvc,aarch64-pc-windows-msvc
components: clippy
- name: Check Rust
shell: bash
run: cargo check --locked
- name: Clippy
shell: bash
run: cargo clippy --locked -- -D warnings
- name: Test Rust
shell: bash
run: cargo test --locked
- name: Build x64
shell: bash
run: cargo build --locked --release --target x86_64-pc-windows-msvc
- name: Build arm64
shell: bash
run: cargo build --locked --release --target aarch64-pc-windows-msvc
- name: Test npm installer helpers
shell: bash
run: |
cd npm
npm test
- name: Check npm package contents
shell: bash
run: |
cd npm
npm pack --dry-run --json > pack.json
node - <<'NODE'
const fs = require("fs");
const pack = JSON.parse(fs.readFileSync("pack.json", "utf8"))[0];
const files = new Set(pack.files.map((f) => f.path));
for (const required of ["package.json", "scripts/install.js", "bin/codex-browser-bridge.js"]) {
if (!files.has(required)) {
throw new Error(`npm package is missing ${required}`);
}
}
NODE
release:
needs: [test]
runs-on: windows-latest
permissions:
contents: write
steps:
- uses: actions/checkout@v7
with:
fetch-depth: 0
ref: ${{ github.event.inputs.tag || github.ref }}
- uses: dtolnay/rust-toolchain@1.85.0
with:
targets: x86_64-pc-windows-msvc,aarch64-pc-windows-msvc
components: clippy
- name: Get version
id: version
shell: bash
run: |
TAG="${{ github.event.inputs.tag || github.ref_name }}"
if [[ ! "$TAG" =~ ^v[0-9]+(\.[0-9]+){1,2}([-+][0-9A-Za-z.-]+)?$ ]]; then
echo "Invalid release tag: $TAG" >&2
exit 1
fi
echo "tag=$TAG" >> "$GITHUB_OUTPUT"
- name: Validate release contents
shell: bash
run: |
TAG="${{ steps.version.outputs.tag }}"
VERSION="${TAG#v}"
git fetch origin main --depth=1
git rev-parse "$TAG^{commit}" >/dev/null
git merge-base --is-ancestor "$TAG^{commit}" origin/main
PACKAGE_VERSION="$(grep -m1 '"version"' npm/package.json | sed -E 's/.*"version": "([^"]+)".*/\1/')"
if [ "$PACKAGE_VERSION" != "$VERSION" ]; then
echo "npm package version $PACKAGE_VERSION does not match release tag $TAG" >&2
exit 1
fi
CARGO_VERSION="$(grep -m1 '^version = ' Cargo.toml | sed -E 's/version = "([^"]+)"/\1/')"
if [ "$CARGO_VERSION" != "$VERSION" ]; then
echo "Cargo.toml version $CARGO_VERSION does not match release tag $TAG" >&2
exit 1
fi
if ! grep -Fq "## [$VERSION]" CHANGELOG.md; then
echo "CHANGELOG.md is missing ## [$VERSION]" >&2
exit 1
fi
- name: Build
shell: bash
run: |
cargo build --locked --release --target x86_64-pc-windows-msvc
cargo build --locked --release --target aarch64-pc-windows-msvc
cp target/x86_64-pc-windows-msvc/release/codex-browser-bridge.exe codex-browser-bridge.exe
cp target/aarch64-pc-windows-msvc/release/codex-browser-bridge.exe codex-browser-bridge-arm64.exe
./codex-browser-bridge.exe --version
- name: Generate checksums
shell: bash
run: sha256sum codex-browser-bridge*.exe > checksums.txt
- name: Generate release notes
shell: bash
run: |
if [ -f CHANGELOG.md ]; then
VERSION="${{ steps.version.outputs.tag }}"
VERSION="${VERSION#v}"
HEADING="## [$VERSION]"
awk -v heading="$HEADING" '
index($0, heading) == 1 { found=1; next }
found && /^## \[/ { exit }
found { print }
' CHANGELOG.md > release_notes.txt
fi
if [ ! -s release_notes.txt ]; then
prev=$(git describe --tags --abbrev=0 HEAD~1 2>/dev/null || git rev-list --max-parents=0 HEAD)
git log --oneline --no-merges "$prev"..HEAD > release_notes.txt
fi
- name: Create GitHub Release
env:
GH_TOKEN: ${{ github.token }}
shell: bash
run: |
gh release create "${{ steps.version.outputs.tag }}" \
--title "${{ steps.version.outputs.tag }}" \
--notes-file release_notes.txt \
codex-browser-bridge.exe \
codex-browser-bridge-arm64.exe \
checksums.txt
publish-npm:
needs: [release]
runs-on: ubuntu-latest
permissions:
contents: read
id-token: write
steps:
- uses: actions/checkout@v7
with:
ref: ${{ github.event.inputs.tag || github.ref }}
- uses: actions/setup-node@v6
with:
node-version: "22"
registry-url: "https://registry.npmjs.org"
- name: Verify npm version matches tag
shell: bash
run: |
TAG="${{ github.event.inputs.tag || github.ref_name }}"
VERSION="${TAG#v}"
PACKAGE_VERSION="$(node -p 'require("./npm/package.json").version')"
if [ "$PACKAGE_VERSION" != "$VERSION" ]; then
echo "npm package version $PACKAGE_VERSION does not match release tag $TAG" >&2
exit 1
fi
- name: Embed release checksums
shell: bash
env:
GH_TOKEN: ${{ github.token }}
TAG_VERSION: ${{ github.event.inputs.tag || github.ref_name }}
run: |
TAG="${{ github.event.inputs.tag || github.ref_name }}"
rm -f npm/checksums.txt npm/checksums.json
gh release download "$TAG" --pattern checksums.txt --dir npm
node - <<'NODE'
const fs = require("fs");
const path = require("path");
const text = fs.readFileSync(path.join("npm", "checksums.txt"), "utf8");
const files = {};
for (const line of text.split(/\r?\n/)) {
const match = line.trim().match(/^([a-fA-F0-9]{64})\s+[*]?(.+)$/);
if (match) files[match[2].trim()] = match[1].toLowerCase();
}
for (const required of ["codex-browser-bridge.exe", "codex-browser-bridge-arm64.exe"]) {
if (!files[required]) throw new Error(`missing checksum for ${required}`);
}
fs.writeFileSync(path.join("npm", "checksums.json"), `${JSON.stringify({ version: process.env.TAG_VERSION, files }, null, 2)}\n`);
NODE
- name: Test npm installer helpers
shell: bash
run: |
cd npm
npm test
- name: Check npm package contents
shell: bash
run: |
cd npm
npm pack --dry-run --json > pack.json
node - <<'NODE'
const fs = require("fs");
const pack = JSON.parse(fs.readFileSync("pack.json", "utf8"))[0];
const files = new Set(pack.files.map((f) => f.path));
for (const required of ["package.json", "checksums.json", "scripts/install.js", "bin/codex-browser-bridge.js", "skills/codex-browser/SKILL.md"]) {
if (!files.has(required)) {
throw new Error(`npm package is missing ${required}`);
}
}
NODE
- name: Bundle skill into npm package
shell: bash
run: cp -r skills npm/skills
- name: Publish npm package
shell: bash
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
run: |
cd npm
npm publish --provenance --access public