Skip to content

ci: add internal dev release workflow (PRINFRA-138)#35

Merged
somanshreddy merged 2 commits into
mainfrom
04-02-ci_add_internal_dev_release_workflow
Apr 2, 2026
Merged

ci: add internal dev release workflow (PRINFRA-138)#35
somanshreddy merged 2 commits into
mainfrom
04-02-ci_add_internal_dev_release_workflow

Conversation

@somanshreddy
Copy link
Copy Markdown
Collaborator

@somanshreddy somanshreddy commented Apr 2, 2026
edited
Loading

Description

Adds a manual GitHub Actions workflow for internal dev releases. When triggered, it builds CLI binaries for 5 platforms and publishes them to a single rolling GitHub prerelease.

Trigger: workflow_dispatch (manual) — run via gh workflow run dev-release.yml or the Actions UI. No automatic runs on push/merge, keeping GitHub Actions costs controlled on the private org repo.

What it does:

  1. Checks out main at the latest commit
  2. Runs make test — workflow fails if tests don't pass (no broken binaries released)
  3. Cross-compiles for 5 platforms with CGO_ENABLED=0 (fully static binaries)
  4. Injects version string dev-<sha> via ldflags
  5. Creates tar.gz (Linux/Mac) and zip (Windows) archives
  6. Generates SHA256 checksums
  7. Deletes the previous dev prerelease (if any) and creates a fresh one with the new assets

Platforms:

  • heygen_linux_amd64.tar.gz
  • heygen_linux_arm64.tar.gz
  • heygen_darwin_amd64.tar.gz
  • heygen_darwin_arm64.tar.gz
  • heygen_windows_amd64.zip
  • checksums.txt

Design choices:

  • Uses go build + gh release instead of GoReleaser — GoReleaser expects immutable semver tags, which conflicts with a rolling dev prerelease. GoReleaser is reserved for stable tagged releases.
  • Stable filenames (no SHA in filename) — download URLs don't break between builds. The SHA is in the release body and heygen --version.
  • concurrency: cancel-in-progress: false — if triggered twice, the second run queues instead of canceling the first.
  • Delete-and-recreate pattern for the prerelease — simpler than updating assets in place.

Release notes are auto-generated with commit SHA, date, message, and who triggered the build.

The install script (PR #36) sits on top of this workflow. This PR only handles building and publishing artifacts.

Linear: PRINFRA-138

Testing

  • Built all 5 platform archives locally, verified correct binary names and archive formats
  • Verified sha256sum checksums match
  • Created a test dev prerelease on GitHub, confirmed assets upload correctly
  • Tested the full delete-and-recreate cycle
  • YAML structure validated (trigger, permissions, concurrency, steps)
  • Note: TestVideoList_AuthMissing fails on main — pre-existing, unrelated to this PR

@somanshreddy Graphite App
Copy link
Copy Markdown
Collaborator Author

somanshreddy commented Apr 2, 2026
edited
Loading

This stack of pull requests is managed by Graphite. Learn more about stacking.

This was referenced Apr 2, 2026
Merged
Merged
@somanshreddy somanshreddy changed the title ci: add internal dev release workflow ci: add internal dev release workflow (PRINFRA-138) Apr 2, 2026
@linear
Copy link
Copy Markdown

linear Bot commented Apr 2, 2026

PRINFRA-138 CLI: Install script + Homebrew tap

Set up Phase 1 distribution: install script and Homebrew tap.

Scope

  • Install script (curl pipe sh) that detects OS/arch, downloads binary, verifies checksum
  • GoReleaser config for producing binaries (darwin/linux amd64+arm64, windows amd64)
  • Homebrew tap with auto-generated formula
  • GitHub Release workflow: tag push triggers GoReleaser

Acceptance Criteria

  • Install script works on macOS (Intel + ARM) and Linux (x86_64 + arm64)
  • brew install heygen-com/tap/heygen installs working binary
  • GitHub Release creates all artifacts automatically on tag push

@somanshreddy somanshreddy mentioned this pull request Apr 2, 2026
Closed
@somanshreddy somanshreddy marked this pull request as ready for review April 2, 2026 23:41
@somanshreddy Graphite App
Copy link
Copy Markdown
Collaborator Author

somanshreddy commented Apr 2, 2026
edited
Loading

Merge activity

  • Apr 2, 11:48 PM UTC: A user started a stack merge that includes this pull request via Graphite.
  • Apr 2, 11:48 PM UTC: @somanshreddy merged this pull request with Graphite.

@somanshreddy somanshreddy merged commit 69d0546 into main Apr 2, 2026
9 checks passed
@somanshreddy somanshreddy deleted the 04-02-ci_add_internal_dev_release_workflow branch April 2, 2026 23:48
somanshreddy added a commit that referenced this pull request Apr 3, 2026
@somanshreddy
scripts: add internal install script (PRINFRA-138) (#36)
bbc8dd0 
## Description

Adds `scripts/install.sh` — a one-command installer for internal users who don't have Go. Downloads the latest dev build from the rolling `dev` prerelease (PR #35) and installs to `~/.local/bin`.

**Install or update (same command):**
```bash
# If you have gh CLI authenticated:
bash <(gh api repos/heygen-com/heygen-cli/contents/scripts/install.sh --jq '.content' | base64 -d)

# Or with a GitHub token:
export GITHUB_TOKEN=<token>
curl -fsSL -H "Authorization: token $GITHUB_TOKEN" \
  https://raw.githubusercontent.com/heygen-com/heygen-cli/main/scripts/install.sh | bash
```

**What the script does:**
1. Detects OS (`darwin`/`linux`) and architecture (`amd64`/`arm64`)
2. Downloads the matching archive from the `dev` prerelease
3. Downloads `checksums.txt` and verifies the archive SHA256 hash
4. Extracts the `heygen` binary
5. Installs to `~/.local/bin` with `0755` permissions
6. Runs `heygen --version` to verify the install
7. Warns if `~/.local/bin` is not in PATH

**Auth handling** (private repo requires authentication):
- Primary path: `gh release download` — works if user has `gh` CLI installed and authenticated (most internal devs do)
- Fallback: `curl` with `GITHUB_TOKEN` or `GH_TOKEN` environment variable
- Fails with a clear message if neither auth method is available

**Safety:**
- Checksum verification catches corrupted or tampered downloads
- `set -euo pipefail` — strict bash mode, fails fast on errors
- Temp directory with cleanup trap — no leftover files on failure
- SHA256 tool detection: `sha256sum` (Linux) or `shasum -a 256` (Mac)

**Testing overrides:**
- `HEYGEN_RELEASE_BASE_URL` — point downloads at a local directory for testing
- `INSTALL_DIR` — install to a custom directory
- `HEYGEN_RELEASE_TAG` — download a specific release tag instead of `dev`

**What the user sees:**
```
Detected: linux amd64
Installing heygen from heygen-com/heygen-cli release tag 'dev'
Downloaded release assets with gh
Installed: /home/user/.local/bin/heygen
heygen version dev-08bd87d
```

Depends on PR #35 for the dev release workflow that produces the artifacts this script downloads.

Linear: PRINFRA-138

## Testing

- `bash -n scripts/install.sh` — syntax check passes
- Tested end-to-end against a real `dev` prerelease on GitHub — download, checksum verify, install, version check all pass
- Tested `gh` download path (primary) — clean output, no stderr leaks
- Tested `curl` fallback with `HEYGEN_RELEASE_BASE_URL=file:///tmp/...` — works for local testing
- Tested checksum failure detection — corrupted archive correctly rejected with clear error
- Tested PATH hint — shown when `~/.local/bin` is not in PATH
@somanshreddy somanshreddy added this to the M4: Alpha Release milestone Apr 3, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

M4: Alpha Release

Development

Successfully merging this pull request may close these issues.

1 participant

@somanshreddy