-
Notifications
You must be signed in to change notification settings - Fork 23
161 lines (148 loc) · 5.61 KB
/
bun-compile.yml
File metadata and controls
161 lines (148 loc) · 5.61 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
# Bun Compile
# Compiles Auggie CLI into self-contained native binaries using Bun,
# pulling the pre-built @augmentcode/auggie package from npm.
name: Bun Compile
on:
workflow_dispatch:
inputs:
version:
description: 'npm package version (e.g. 0.17.0)'
required: true
type: string
repository_dispatch:
types: [npm-published]
push:
branches:
- auggie-bun-compile-workflow
jobs:
build:
runs-on: ${{ matrix.os }}
strategy:
matrix:
include:
- target: bun-darwin-arm64
os: macos-latest
output: auggie-darwin-arm64
artifact: auggie-darwin-arm64
- target: bun-darwin-x64
os: macos-latest
output: auggie-darwin-x64
artifact: auggie-darwin-x64
- target: bun-linux-x64
os: ubuntu-latest
output: auggie-linux-x64
artifact: auggie-linux-x64
- target: bun-windows-x64
os: ubuntu-latest
output: auggie-windows-x64.exe
artifact: auggie-windows-x64
permissions:
contents: read
steps:
- name: Set up Bun
uses: oven-sh/setup-bun@v2
with:
bun-version: "1.3.11"
- name: Install package
env:
VERSION: ${{ inputs.version || github.event.client_payload.version }}
run: |
if [ -z "$VERSION" ]; then
echo "::error::No version provided. Supply via workflow_dispatch input or repository_dispatch payload."
exit 1
fi
# Retry with backoff — npm registry may not have propagated the version yet
# when triggered immediately via repository_dispatch on publish.
max_attempts=5
for attempt in $(seq 1 $max_attempts); do
echo "Attempt $attempt/$max_attempts: installing @augmentcode/auggie@${VERSION}"
if bun install "@augmentcode/auggie@${VERSION}"; then
echo "Successfully installed on attempt $attempt"
exit 0
fi
if [ "$attempt" -lt "$max_attempts" ]; then
delay=$((attempt * 30))
echo "Install failed, retrying in ${delay}s..."
sleep "$delay"
fi
done
echo "::error::Failed to install @augmentcode/auggie@${VERSION} after $max_attempts attempts"
exit 1
- name: Create entry point
run: |
echo 'await import("@augmentcode/auggie");' > augment.mjs
- name: Compile binary
run: bun build augment.mjs --compile --target=${{ matrix.target }} --outfile=${{ matrix.output }}
- name: Import code signing certificate
if: contains(matrix.target, 'darwin')
env:
APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }}
APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
run: |
echo "$APPLE_CERTIFICATE" | base64 --decode > certificate.p12
security create-keychain -p "temppass" build.keychain
security default-keychain -s build.keychain
security unlock-keychain -p "temppass" build.keychain
security import certificate.p12 -k build.keychain -P "$APPLE_CERTIFICATE_PASSWORD" -T /usr/bin/codesign
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "temppass" build.keychain
rm -f certificate.p12
- name: Sign binary
if: contains(matrix.target, 'darwin')
run: |
IDENTITY=$(security find-identity -v -p codesigning build.keychain | grep "Developer ID" | head -1 | sed 's/.*"\(.*\)".*/\1/')
if [ -z "$IDENTITY" ]; then
echo "::error::No Developer ID signing identity found in build.keychain"
exit 1
fi
echo "Signing with identity: $IDENTITY"
codesign --force --options runtime --timestamp --sign "$IDENTITY" ${{ matrix.output }}
- name: Notarize binary
if: contains(matrix.target, 'darwin')
env:
APPLE_ID: ${{ secrets.APPLE_ID }}
APPLE_APP_SPECIFIC_PASSWORD: ${{ secrets.APPLE_APP_SPECIFIC_PASSWORD }}
APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
run: |
zip "${{ matrix.output }}.zip" "${{ matrix.output }}"
xcrun notarytool submit "${{ matrix.output }}.zip" --apple-id "$APPLE_ID" --password "$APPLE_APP_SPECIFIC_PASSWORD" --team-id "$APPLE_TEAM_ID" --wait
rm -f "${{ matrix.output }}.zip"
- name: Upload artifact
uses: actions/upload-artifact@v4
with:
name: ${{ matrix.artifact }}
path: ${{ matrix.output }}
release:
needs: build
runs-on: ubuntu-latest
permissions:
contents: write
steps:
- name: Download all artifacts
uses: actions/download-artifact@v4
with:
path: artifacts
merge-multiple: true
- name: Generate checksums
run: |
cd artifacts
sha256sum auggie-* > checksums.txt
cat checksums.txt
- name: Create GitHub Release
env:
GH_TOKEN: ${{ github.token }}
GH_REPO: ${{ github.repository }}
VERSION: ${{ inputs.version || github.event.client_payload.version }}
run: |
if [ -z "$VERSION" ]; then
echo "::error::No version provided. Cannot create release."
exit 1
fi
PRERELEASE_FLAG=""
if [[ "$VERSION" == *prerelease* ]]; then
PRERELEASE_FLAG="--prerelease"
fi
gh release create "v${VERSION}" \
--title "v${VERSION}" \
--generate-notes \
$PRERELEASE_FLAG \
artifacts/*