publish.yml 7.7 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228
  1. name: publish
  2. run-name: "${{ format('release {0}', inputs.bump) }}"
  3. on:
  4. push:
  5. branches:
  6. - dev
  7. - snapshot-*
  8. workflow_dispatch:
  9. inputs:
  10. bump:
  11. description: "Bump major, minor, or patch"
  12. required: false
  13. type: choice
  14. options:
  15. - major
  16. - minor
  17. - patch
  18. version:
  19. description: "Override version (optional)"
  20. required: false
  21. type: string
  22. concurrency: ${{ github.workflow }}-${{ github.ref }}-${{ inputs.version || inputs.bump }}
  23. permissions:
  24. id-token: write
  25. contents: write
  26. packages: write
  27. jobs:
  28. publish:
  29. runs-on: blacksmith-4vcpu-ubuntu-2404
  30. if: github.repository == 'sst/opencode'
  31. steps:
  32. - uses: actions/checkout@v3
  33. with:
  34. fetch-depth: 0
  35. - run: git fetch --force --tags
  36. - uses: ./.github/actions/setup-bun
  37. - name: Install OpenCode
  38. if: inputs.bump || inputs.version
  39. run: bun i -g [email protected]
  40. - name: Login to GitHub Container Registry
  41. uses: docker/login-action@v3
  42. with:
  43. registry: ghcr.io
  44. username: ${{ github.repository_owner }}
  45. password: ${{ secrets.GITHUB_TOKEN }}
  46. - name: Set up QEMU
  47. uses: docker/setup-qemu-action@v3
  48. - name: Set up Docker Buildx
  49. uses: docker/setup-buildx-action@v3
  50. - uses: actions/setup-node@v4
  51. with:
  52. node-version: "24"
  53. registry-url: "https://registry.npmjs.org"
  54. - name: Setup Git Identity
  55. run: |
  56. git config --global user.email "[email protected]"
  57. git config --global user.name "opencode"
  58. git remote set-url origin https://x-access-token:${{ secrets.SST_GITHUB_TOKEN }}@github.com/${{ github.repository }}
  59. - name: Publish
  60. id: publish
  61. run: ./script/publish-start.ts
  62. env:
  63. OPENCODE_BUMP: ${{ inputs.bump }}
  64. OPENCODE_VERSION: ${{ inputs.version }}
  65. OPENCODE_API_KEY: ${{ secrets.OPENCODE_API_KEY }}
  66. AUR_KEY: ${{ secrets.AUR_KEY }}
  67. GITHUB_TOKEN: ${{ secrets.SST_GITHUB_TOKEN }}
  68. NPM_CONFIG_PROVENANCE: false
  69. outputs:
  70. releaseId: ${{ steps.publish.outputs.releaseId }}
  71. tagName: ${{ steps.publish.outputs.tagName }}
  72. publish-tauri:
  73. needs: publish
  74. continue-on-error: true
  75. strategy:
  76. fail-fast: false
  77. matrix:
  78. settings:
  79. - host: macos-latest
  80. target: x86_64-apple-darwin
  81. - host: macos-latest
  82. target: aarch64-apple-darwin
  83. - host: blacksmith-4vcpu-windows-2025
  84. target: x86_64-pc-windows-msvc
  85. - host: blacksmith-4vcpu-ubuntu-2404
  86. target: x86_64-unknown-linux-gnu
  87. runs-on: ${{ matrix.settings.host }}
  88. steps:
  89. - uses: actions/checkout@v3
  90. with:
  91. fetch-depth: 0
  92. ref: ${{ needs.publish.outputs.tagName }}
  93. - uses: apple-actions/import-codesign-certs@v2
  94. if: ${{ runner.os == 'macOS' }}
  95. with:
  96. keychain: build
  97. p12-file-base64: ${{ secrets.APPLE_CERTIFICATE }}
  98. p12-password: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
  99. - name: Verify Certificate
  100. if: ${{ runner.os == 'macOS' }}
  101. run: |
  102. CERT_INFO=$(security find-identity -v -p codesigning build.keychain | grep "Developer ID Application")
  103. CERT_ID=$(echo "$CERT_INFO" | awk -F'"' '{print $2}')
  104. echo "CERT_ID=$CERT_ID" >> $GITHUB_ENV
  105. echo "Certificate imported."
  106. - name: Setup Apple API Key
  107. if: ${{ runner.os == 'macOS' }}
  108. run: |
  109. echo "${{ secrets.APPLE_API_KEY_PATH }}" > $RUNNER_TEMP/apple-api-key.p8
  110. - run: git fetch --force --tags
  111. - uses: ./.github/actions/setup-bun
  112. - name: install dependencies (ubuntu only)
  113. if: contains(matrix.settings.host, 'ubuntu')
  114. run: |
  115. sudo apt-get update
  116. sudo apt-get install -y libwebkit2gtk-4.1-dev libappindicator3-dev librsvg2-dev patchelf
  117. - name: install Rust stable
  118. uses: dtolnay/rust-toolchain@stable
  119. with:
  120. targets: ${{ matrix.settings.target }}
  121. - uses: Swatinem/rust-cache@v2
  122. with:
  123. workspaces: packages/tauri/src-tauri
  124. shared-key: ${{ matrix.settings.target }}
  125. - name: Prepare
  126. run: |
  127. cd packages/tauri
  128. bun ./scripts/prepare.ts
  129. env:
  130. OPENCODE_BUMP: ${{ inputs.bump }}
  131. OPENCODE_VERSION: ${{ inputs.version }}
  132. OPENCODE_CHANNEL: latest
  133. NPM_CONFIG_TOKEN: ${{ secrets.NPM_TOKEN }}
  134. GITHUB_TOKEN: ${{ secrets.SST_GITHUB_TOKEN }}
  135. AUR_KEY: ${{ secrets.AUR_KEY }}
  136. OPENCODE_API_KEY: ${{ secrets.OPENCODE_API_KEY }}
  137. RUST_TARGET: ${{ matrix.settings.target }}
  138. GH_TOKEN: ${{ github.token }}
  139. OPENCODE_RELEASE_TAG: ${{ needs.publish.outputs.tagName }}
  140. # Fixes AppImage build issues, can be removed when https://github.com/tauri-apps/tauri/pull/12491 is released
  141. - name: Install tauri-cli from portable appimage branch
  142. if: contains(matrix.settings.host, 'ubuntu')
  143. run: |
  144. cargo install tauri-cli --git https://github.com/tauri-apps/tauri --branch feat/truly-portable-appimage --force
  145. echo "Installed tauri-cli version:"
  146. cargo tauri --version
  147. - name: Build and upload artifacts
  148. timeout-minutes: 20
  149. uses: tauri-apps/tauri-action@390cbe447412ced1303d35abe75287949e43437a
  150. env:
  151. GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  152. TAURI_BUNDLER_NEW_APPIMAGE_FORMAT: true
  153. TAURI_SIGNING_PRIVATE_KEY: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY }}
  154. TAURI_SIGNING_PRIVATE_KEY_PASSWORD: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY_PASSWORD }}
  155. APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }}
  156. APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
  157. APPLE_SIGNING_IDENTITY: ${{ env.CERT_ID }}
  158. APPLE_API_ISSUER: ${{ secrets.APPLE_API_ISSUER }}
  159. APPLE_API_KEY: ${{ secrets.APPLE_API_KEY }}
  160. APPLE_API_KEY_PATH: ${{ runner.temp }}/apple-api-key.p8
  161. with:
  162. projectPath: packages/tauri
  163. uploadWorkflowArtifacts: true
  164. tauriScript: ${{ (contains(matrix.settings.host, 'ubuntu') && 'cargo tauri') || '' }}
  165. args: --target ${{ matrix.settings.target }} --config src-tauri/tauri.prod.conf.json
  166. updaterJsonPreferNsis: true
  167. releaseId: ${{ needs.publish.outputs.releaseId }}
  168. tagName: ${{ needs.publish.outputs.tagName }}
  169. releaseAssetNamePattern: opencode-desktop-[platform]-[arch][ext]
  170. releaseDraft: true
  171. publish-release:
  172. needs:
  173. - publish
  174. - publish-tauri
  175. if: needs.publish.outputs.tagName
  176. runs-on: blacksmith-4vcpu-ubuntu-2404
  177. steps:
  178. - uses: actions/checkout@v3
  179. with:
  180. fetch-depth: 0
  181. ref: ${{ needs.publish.outputs.tagName }}
  182. - uses: ./.github/actions/setup-bun
  183. - name: Setup SSH for AUR
  184. run: |
  185. sudo apt-get update
  186. sudo apt-get install -y pacman-package-manager
  187. mkdir -p ~/.ssh
  188. echo "${{ secrets.AUR_KEY }}" > ~/.ssh/id_rsa
  189. chmod 600 ~/.ssh/id_rsa
  190. git config --global user.email "[email protected]"
  191. git config --global user.name "opencode"
  192. ssh-keyscan -H aur.archlinux.org >> ~/.ssh/known_hosts || true
  193. - run: ./script/publish-complete.ts
  194. env:
  195. OPENCODE_BUMP: ${{ inputs.bump }}
  196. OPENCODE_VERSION: ${{ inputs.version }}
  197. AUR_KEY: ${{ secrets.AUR_KEY }}
  198. GITHUB_TOKEN: ${{ secrets.SST_GITHUB_TOKEN }}
  199. OPENCODE_RELEASE_TAG: ${{ needs.publish.outputs.tagName }}