| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188 |
- name: publish
- run-name: "${{ format('release {0}', inputs.bump) }}"
- on:
- push:
- branches:
- - dev
- - snapshot-*
- workflow_dispatch:
- inputs:
- bump:
- description: "Bump major, minor, or patch"
- required: false
- type: choice
- options:
- - major
- - minor
- - patch
- version:
- description: "Override version (optional)"
- required: false
- type: string
- concurrency: ${{ github.workflow }}-${{ github.ref }}
- permissions:
- id-token: write
- contents: write
- packages: write
- jobs:
- publish:
- runs-on: blacksmith-4vcpu-ubuntu-2404
- if: github.repository == 'sst/opencode' && github.ref == 'refs/heads/dev'
- steps:
- - uses: actions/checkout@v3
- with:
- fetch-depth: 0
- - run: git fetch --force --tags
- - uses: ./.github/actions/setup-bun
- - name: Setup SSH for AUR
- if: inputs.bump || inputs.version
- run: |
- sudo apt-get update
- sudo apt-get install -y pacman-package-manager
- mkdir -p ~/.ssh
- echo "${{ secrets.AUR_KEY }}" > ~/.ssh/id_rsa
- chmod 600 ~/.ssh/id_rsa
- git config --global user.email "[email protected]"
- git config --global user.name "opencode"
- ssh-keyscan -H aur.archlinux.org >> ~/.ssh/known_hosts || true
- - name: Install OpenCode
- if: inputs.bump || inputs.version
- run: bun i -g [email protected]
- - name: Login to GitHub Container Registry
- uses: docker/login-action@v3
- with:
- registry: ghcr.io
- username: ${{ github.repository_owner }}
- password: ${{ secrets.GITHUB_TOKEN }}
- - uses: actions/setup-node@v4
- with:
- node-version: "24"
- registry-url: "https://registry.npmjs.org"
- - name: Publish
- id: publish
- run: ./script/publish.ts
- env:
- OPENCODE_BUMP: ${{ inputs.bump }}
- OPENCODE_VERSION: ${{ inputs.version }}
- OPENCODE_API_KEY: ${{ secrets.OPENCODE_API_KEY }}
- AUR_KEY: ${{ secrets.AUR_KEY }}
- GITHUB_TOKEN: ${{ secrets.SST_GITHUB_TOKEN }}
- NPM_CONFIG_PROVENANCE: false
- outputs:
- releaseId: ${{ steps.publish.outputs.releaseId }}
- tagName: ${{ steps.publish.outputs.tagName }}
- publish-tauri:
- needs: publish
- if: inputs.bump || inputs.version
- continue-on-error: true
- strategy:
- fail-fast: false
- matrix:
- settings:
- - host: macos-latest
- target: x86_64-apple-darwin
- - host: macos-latest
- target: aarch64-apple-darwin
- - host: windows-latest
- target: x86_64-pc-windows-msvc
- - host: ubuntu-24.04
- target: x86_64-unknown-linux-gnu
- runs-on: ${{ matrix.settings.host }}
- steps:
- - uses: actions/checkout@v3
- with:
- fetch-depth: 0
- - uses: apple-actions/import-codesign-certs@v2
- if: ${{ runner.os == 'macOS' }}
- with:
- keychain: build
- p12-file-base64: ${{ secrets.APPLE_CERTIFICATE }}
- p12-password: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
- - name: Verify Certificate
- if: ${{ runner.os == 'macOS' }}
- run: |
- CERT_INFO=$(security find-identity -v -p codesigning build.keychain | grep "Developer ID Application")
- CERT_ID=$(echo "$CERT_INFO" | awk -F'"' '{print $2}')
- echo "CERT_ID=$CERT_ID" >> $GITHUB_ENV
- echo "Certificate imported."
- - name: Setup Apple API Key
- if: ${{ runner.os == 'macOS' }}
- run: |
- echo "${{ secrets.APPLE_API_KEY_PATH }}" > $RUNNER_TEMP/apple-api-key.p8
- - run: git fetch --force --tags
- - uses: ./.github/actions/setup-bun
- - name: install dependencies (ubuntu only)
- if: startsWith(matrix.settings.host, 'ubuntu')
- run: |
- sudo apt-get update
- sudo apt-get install -y libwebkit2gtk-4.1-dev libappindicator3-dev librsvg2-dev patchelf
- - name: install Rust stable
- uses: dtolnay/rust-toolchain@stable
- with:
- targets: ${{ matrix.settings.target }}
- - uses: Swatinem/rust-cache@v2
- with:
- workspaces: packages/tauri/src-tauri
- shared-key: ${{ matrix.settings.target }}
- - name: Prepare
- run: |
- cd packages/tauri
- bun ./scripts/prepare.ts
- env:
- OPENCODE_BUMP: ${{ inputs.bump }}
- OPENCODE_VERSION: ${{ inputs.version }}
- OPENCODE_CHANNEL: latest
- NPM_CONFIG_TOKEN: ${{ secrets.NPM_TOKEN }}
- GITHUB_TOKEN: ${{ secrets.SST_GITHUB_TOKEN }}
- AUR_KEY: ${{ secrets.AUR_KEY }}
- OPENCODE_API_KEY: ${{ secrets.OPENCODE_API_KEY }}
- RUST_TARGET: ${{ matrix.settings.target }}
- GH_TOKEN: ${{ github.token }}
- # Fixes AppImage build issues, can be removed when https://github.com/tauri-apps/tauri/pull/12491 is released
- - run: cargo install tauri-cli --git https://github.com/tauri-apps/tauri --branch feat/truly-portable-appimage
- if: startsWith(matrix.settings.host, 'ubuntu')
- - name: Build and upload artifacts
- uses: tauri-apps/tauri-action@390cbe447412ced1303d35abe75287949e43437a
- env:
- GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- TAURI_BUNDLER_NEW_APPIMAGE_FORMAT: true
- TAURI_SIGNING_PRIVATE_KEY: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY }}
- TAURI_SIGNING_PRIVATE_KEY_PASSWORD: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY_PASSWORD }}
- APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }}
- APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
- APPLE_SIGNING_IDENTITY: ${{ env.CERT_ID }}
- APPLE_API_ISSUER: ${{ secrets.APPLE_API_ISSUER }}
- APPLE_API_KEY: ${{ secrets.APPLE_API_KEY }}
- APPLE_API_KEY_PATH: ${{ runner.temp }}/apple-api-key.p8
- with:
- projectPath: packages/tauri
- uploadWorkflowArtifacts: true
- tauriScript: ${{ (startsWith(matrix.settings.host, 'ubuntu') && 'cargo tauri') || '' }}
- args: --target ${{ matrix.settings.target }}
- updaterJsonPreferNsis: true
- releaseId: ${{ needs.publish.outputs.releaseId }}
- tagName: ${{ needs.publish.outputs.tagName }}
- assetName: opencode-desktop-[platform]-[arch][ext]
|
