auggie/.github/workflows/bun-compile.yml at 750372f38e8fe7eef9e86186052f6843cb5f183d · augmentcode/auggie · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
# Bun Compile
# Compiles Auggie CLI into self-contained native binaries using Bun,
# pulling the pre-built @augmentcode/auggie package from npm.

name: Bun Compile
on:
  workflow_dispatch:
    inputs:
      version:
        description: 'npm package version (e.g. 0.17.0)'
        required: true
        type: string
  repository_dispatch:
    types: [npm-published]
  push:
    branches:
      - auggie-bun-compile-workflow

jobs:
  build:
    runs-on: ${{ matrix.os }}
    strategy:
      matrix:
        include:
          - target: bun-darwin-arm64
            os: macos-latest
            output: auggie-darwin-arm64
            artifact: auggie-darwin-arm64
          - target: bun-darwin-x64
            os: macos-latest
            output: auggie-darwin-x64
            artifact: auggie-darwin-x64
          - target: bun-linux-x64
            os: ubuntu-latest
            output: auggie-linux-x64
            artifact: auggie-linux-x64
          - target: bun-windows-x64
            os: ubuntu-latest
            output: auggie-windows-x64.exe
            artifact: auggie-windows-x64
    permissions:
      contents: read
    steps:
      - name: Set up Bun
        uses: oven-sh/setup-bun@v2

      - name: Install package
        env:
          VERSION: ${{ inputs.version || github.event.client_payload.version }}
        run: |
          if [ -z "$VERSION" ]; then
            echo "::error::No version provided. Supply via workflow_dispatch input or repository_dispatch payload."
            exit 1
          fi
          bun install "@augmentcode/auggie@${VERSION}"

      - name: Create entry point
        run: |
          echo 'await import("@augmentcode/auggie");' > augment.mjs

      - name: Compile binary
        run: bun build augment.mjs --compile --target=${{ matrix.target }} --outfile=${{ matrix.output }}

      - name: Import code signing certificate
        if: contains(matrix.target, 'darwin')
        env:
          APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }}
          APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
        run: |
          echo "$APPLE_CERTIFICATE" | base64 --decode > certificate.p12
          security create-keychain -p "temppass" build.keychain
          security default-keychain -s build.keychain
          security unlock-keychain -p "temppass" build.keychain
          security import certificate.p12 -k build.keychain -P "$APPLE_CERTIFICATE_PASSWORD" -T /usr/bin/codesign
          security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "temppass" build.keychain
          rm -f certificate.p12

      - name: Sign binary
        if: contains(matrix.target, 'darwin')
        run: |
          IDENTITY=$(security find-identity -v -p codesigning build.keychain | grep "Developer ID" | head -1 | sed 's/.*"\(.*\)".*/\1/')
          if [ -z "$IDENTITY" ]; then
            echo "::error::No Developer ID signing identity found in build.keychain"
            exit 1
          fi
          echo "Signing with identity: $IDENTITY"
          codesign --force --options runtime --timestamp --sign "$IDENTITY" ${{ matrix.output }}

      - name: Notarize binary
        if: contains(matrix.target, 'darwin')
        env:
          APPLE_ID: ${{ secrets.APPLE_ID }}
          APPLE_APP_SPECIFIC_PASSWORD: ${{ secrets.APPLE_APP_SPECIFIC_PASSWORD }}
          APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
        run: |
          zip "${{ matrix.output }}.zip" "${{ matrix.output }}"
          xcrun notarytool submit "${{ matrix.output }}.zip" --apple-id "$APPLE_ID" --password "$APPLE_APP_SPECIFIC_PASSWORD" --team-id "$APPLE_TEAM_ID" --wait
          rm -f "${{ matrix.output }}.zip"

      - name: Upload artifact
        uses: actions/upload-artifact@v4
        with:
          name: ${{ matrix.artifact }}
          path: ${{ matrix.output }}

  release:
    needs: build
    runs-on: ubuntu-latest
    permissions:
      contents: write
    steps:
      - name: Download all artifacts
        uses: actions/download-artifact@v4
        with:
          path: artifacts
          merge-multiple: true

      - name: Generate checksums
        run: |
          cd artifacts
          sha256sum auggie-* > checksums.txt
          cat checksums.txt

      - name: Create GitHub Release
        env:
          GH_TOKEN: ${{ github.token }}
          GH_REPO: ${{ github.repository }}
          VERSION: ${{ inputs.version || github.event.client_payload.version }}
        run: |
          if [ -z "$VERSION" ]; then
            echo "::error::No version provided. Cannot create release."
            exit 1
          fi
          if [[ "$VERSION" == *prerelease* ]]; then
            gh release create "v${VERSION}" \
              --title "v${VERSION}" \
              --generate-notes \
              --prerelease \
              artifacts/*
          else
            gh release create "v${VERSION}" \
              --title "v${VERSION}" \
              --generate-notes \
              artifacts/*
          fi