Skip to content

feat: add Microsoft Foundry (Azure AI) support for API Profiles #826

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
riccardo-algorime wants to merge 210 commits into
base: develop
Choose a base branch
from
Open

feat: add Microsoft Foundry (Azure AI) support for API Profiles #826

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
210 commits
Select commit Hold shift + click to select a range
91f7051
docs: Add Git Flow branching strategy to CONTRIBUTING.md
AndyMik90 Dec 22, 2025
0adadda
Feature/apps restructure v2.7.2 (#138)
AndyMik90 Dec 22, 2025
df77953
Feat: Ollama download progress tracking with new apps structure (#141)
rayBlock Dec 22, 2025
ebd8340
fix: resolve Python environment race condition (#142)
Jorisslagter Dec 22, 2025
f96c630
fix: remove legacy path from auto-claude source detection (#148)
Jorisslagter Dec 22, 2025
220faf0
Fix/linear 400 error
AndyMik90 Dec 22, 2025
30e7536
fix(task): stop running process when task status changes away from in…
AndyMik90 Dec 22, 2025
6951251
feat: Add UI scale feature with 75-200% range (#125)
enescingoz Dec 23, 2025
05f5d30
fix: hide status badge when execution phase badge is showing (#154)
AndyMik90 Dec 23, 2025
ced2ad4
fix/PRs from old main setup to apps structure (#185)
AndyMik90 Dec 23, 2025
8f766ad
feat/beta-release (#190)
AndyMik90 Dec 23, 2025
407a0be
Feat/beta release (#193)
AndyMik90 Dec 23, 2025
e3eec68
fix(ci): correct welcome workflow PR message (#206)
AndyMik90 Dec 23, 2025
f168bdc
fix: Add Python 3.10+ version validation and GitHub Actions Python se…
possebon Dec 23, 2025
02bef95
feat: Add OpenRouter as LLM/embedding provider (#162)
possebon Dec 23, 2025
5352729
fix(core): add global spec numbering lock to prevent collisions (#209)
AndyMik90 Dec 23, 2025
6ec8549
Fix/ideation status sync (#212)
souky-byte Dec 23, 2025
5ccdb6a
fix: add future annotations import to discovery.py (#229)
Jorisslagter Dec 24, 2025
0f7d6e0
fix: resolve Python detection and backend packaging issues (#241)
Furansujin Dec 24, 2025
348de6d
Feat/Auto Fix Github issues and do extensive AI PR reviews (#250)
AndyMik90 Dec 24, 2025
5e8c530
Revert "Feat/Auto Fix Github issues and do extensive AI PR reviews (#…
AndyMik90 Dec 24, 2025
f843811
feat: add i18n internationalization system (#248)
Mitsu13Ion Dec 24, 2025
a3f8754
fix: update path resolution for ollama_model_detector.py in memory ha…
delyethan Dec 25, 2025
d42041c
ci: implement enterprise-grade PR quality gates and security scanning…
AlexMadera Dec 25, 2025
596e951
feat(github): add automated PR review with follow-up support (#252)
AndyMik90 Dec 25, 2025
d4cad80
chore(deps): bump vitest from 4.0.15 to 4.0.16 in /apps/frontend (#272)
dependabot[bot] Dec 25, 2025
a2cee69
chore(deps): bump @electron/rebuild in /apps/frontend (#271)
dependabot[bot] Dec 25, 2025
6ac8250
fix(paths): normalize relative paths to posix (#239)
danielfrey63 Dec 25, 2025
e74a3df
fix: accept bug_fix workflow_type alias during planning (#240)
danielfrey63 Dec 25, 2025
1e1d7d9
fix(ci): use develop branch for dry-run builds in beta-release workfl…
AndyMik90 Dec 25, 2025
f49d481
chore(deps): bump typescript-eslint in /apps/frontend (#269)
dependabot[bot] Dec 25, 2025
5ac566e
chore(deps): bump jsdom from 26.1.0 to 27.3.0 in /apps/frontend (#268)
dependabot[bot] Dec 25, 2025
d79f2da
fix(ci): use correct electron-builder arch flags (#278)
AndyMik90 Dec 25, 2025
b005fa5
fix(security): resolve CodeQL file system race conditions and unused …
AndyMik90 Dec 25, 2025
f1cc5a0
fix(github): resolve follow-up review API issues
AndyMik90 Dec 25, 2025
50dd107
chore(deps): bump @xterm/xterm from 5.5.0 to 6.0.0 in /apps/frontend …
dependabot[bot] Dec 25, 2025
0b874d4
fix(ci): add write permissions to beta-release update-version job
AndyMik90 Dec 25, 2025
d98e283
fix: resolve spawn python ENOENT error on Linux by using getAugmented…
r3d91ll Dec 25, 2025
7f19c2e
feat(python): bundle Python 3.12 with packaged Electron app (#284)
AndyMik90 Dec 25, 2025
3ff6127
fix(frontend): validate backend source path before using it (#287)
AndyMik90 Dec 26, 2025
5106c6e
Potential fix for code scanning alert no. 224: Uncontrolled command l…
AndyMik90 Dec 26, 2025
8bb3df9
fix(frontend): support archiving tasks across all worktree locations …
AndyMik90 Dec 26, 2025
217249c
fix(github): add explicit GET method to gh api comment fetches (#294)
AndyMik90 Dec 26, 2025
8416f30
feat: enhance the logs for the commit linting stage (#293)
AlexMadera Dec 26, 2025
26beefe
feat(merge,oauth): add path-aware AI merge resolution and device code…
AndyMik90 Dec 26, 2025
7a51cbd
Fix/2.7.2 fixes (#300)
AndyMik90 Dec 26, 2025
937a60f
fix: stop tracking spec files in git (#295)
AndyMik90 Dec 26, 2025
d0b0b3d
fix(build): add --force-local flag to tar on Windows (#303)
AndyMik90 Dec 26, 2025
d9fb8f2
fix(build): use PowerShell for tar extraction on Windows
AndyMik90 Dec 26, 2025
086429c
fix(github): add augmented PATH env to all gh CLI calls
AndyMik90 Dec 26, 2025
c0a02a4
fix(build): use explicit Windows System32 tar path (#308)
AndyMik90 Dec 26, 2025
1c14227
chore(ci): cancel in-progress runs (#302)
tosincarik Dec 26, 2025
92c6f27
fix(python): use venv Python for all services to fix dotenv errors (#…
AlexMadera Dec 26, 2025
e1b0f74
fix(updater): proper semver comparison for pre-release versions (#313)
MikeeBuilds Dec 26, 2025
e80ef79
fix(project): fix task status persistence reverting on refresh (#246)…
MikeeBuilds Dec 26, 2025
661e47c
fix(ci): add auto-updater manifest files and version auto-update (#317)
MikeeBuilds Dec 26, 2025
cb6b216
fix(tasks): sync status to worktree implementation plan to prevent re…
AlexMadera Dec 26, 2025
8a80b1d
fix(ci): remove version bump to fix branch protection conflict (#325)
MikeeBuilds Dec 26, 2025
50e3111
feat: bump version (#329)
AlexMadera Dec 26, 2025
d3a63b0
perf: convert synchronous I/O to async operations in worktree handler…
JoshuaRileyDev Dec 27, 2025
fec6b9f
refactor(settings): remove deprecated ProjectSettings modal and hooks…
Mitsu13Ion Dec 27, 2025
9734b70
chore: Refactor/kanban realtime status sync (#249)
souky-byte Dec 27, 2025
787667e
refactor(components): remove deprecated TaskDetailPanel re-export (#344)
Mitsu13Ion Dec 27, 2025
d51f456
feat: centralize CLI tool path management (#341)
Furansujin Dec 27, 2025
9d43abe
refactor: remove deprecated code across backend and frontend (#348)
Mitsu13Ion Dec 27, 2025
fef07c9
feat: add terminal dropdown with inbuilt and external options in task…
JoshuaRileyDev Dec 27, 2025
40d04d7
chore: bump version to 2.7.2-beta.10
AndyMik90 Dec 27, 2025
e9782db
fix(ui): close parent modal when Edit dialog opens (#354)
MikeeBuilds Dec 27, 2025
4dcc5af
fix: make backend tests pass on Windows (#282)
tosincarik Dec 27, 2025
4e71361
fix(analyzer): add C#/Java/Swift/Kotlin project files to security has…
MikeeBuilds Dec 27, 2025
7881b2d
fix(terminal): preserve terminal state when switching projects (#358)
AndyMik90 Dec 27, 2025
1fa7a9c
fix: Resolve pre-commit hook failures with version sync, pytest path,…
ianstantiate Dec 27, 2025
eabe7c7
fix(subprocess): handle Python paths with spaces (#352)
MikeeBuilds Dec 27, 2025
20f20fa
fix(security): invalidate profile cache when file is created/modified…
MikeeBuilds Dec 27, 2025
753dc8b
fix(perf): remove projectTabs from useEffect deps to fix re-render lo…
MikeeBuilds Dec 27, 2025
9bbdef0
fix/Improving UX for Display/Scaling Changes (#332)
kvnloo Dec 27, 2025
2d3b7fb
docs: add security research documentation (#361)
bdmorin Dec 27, 2025
0ca2e3f
fix: fixed version-specific links in readme and pre-commit hook that …
ianstantiate Dec 28, 2025
db0cbea
fix: Memory Status card respects configured embedding provider (#336)…
MikeeBuilds Dec 28, 2025
bc22064
Fixes failing spec - "gh CLI Check Handler - should return installed:…
ianstantiate Dec 28, 2025
8b4ce58
fix(ideation): update progress calculation to include just-completed …
illia1f Dec 28, 2025
7751588
fix(github): improve PR review with structured outputs and fork suppo…
AndyMik90 Dec 28, 2025
68548e3
feat(analyzer): add iOS/Swift project detection (#389)
MikeeBuilds Dec 28, 2025
aaa8313
fix: improve CLI tool detection and add Claude CLI path settings (#393)
jslitzkerttcu Dec 28, 2025
98b12ed
fix(ui): prevent TaskEditDialog from unmounting when opened (#395)
MikeeBuilds Dec 28, 2025
321c971
fix(analyzer): move Swift detection before Ruby detection (#401)
MikeeBuilds Dec 29, 2025
0513121
fix: 2.7.2 bug fixes and improvements (#388)
AndyMik90 Dec 29, 2025
9aef0dd
fix(frontend): add .js extension to electron-log/main imports
AndyMik90 Dec 29, 2025
a39ea49
chore(ci): remove redundant CLA GitHub Action workflow
AndyMik90 Dec 29, 2025
4bdf7a0
fix(github): pass repo parameter to GHClient for explicit PR resoluti…
AndyMik90 Dec 29, 2025
230de5f
feat(build): add Flatpak packaging support for Linux (#404)
Mitsu13Ion Dec 29, 2025
e7e6b52
fix(model): respect task_metadata.json model selection (#415)
AndyMik90 Dec 30, 2025
2f66246
fix: Allow windows to run CC PR Reviewer (#406)
AlexMadera Dec 30, 2025
0a571d3
feat: add gitlab integration (#254)
Mitsu13Ion Dec 30, 2025
717fba0
feat: enhance pr review page to include PRs filters (#423)
AlexMadera Dec 30, 2025
62a7551
fix(spec_runner): add --base-branch argument support (#428)
Mitsu13Ion Dec 30, 2025
88c7605
fix(client): add spec_dir to SDK permissions (#429)
Mitsu13Ion Dec 30, 2025
515b73b
ci: remove conventional commits PR title validation workflow
AndyMik90 Dec 29, 2025
bdb0154
feat: Enhance the look of the PR Detail area (#427)
AlexMadera Dec 30, 2025
798ca79
fix(ui): add fallback to prevent tasks stuck in ai_review status (#397)
MikeeBuilds Dec 30, 2025
ac8dfca
refactor: remove deprecated TaskDetailPanel component (#432)
Mitsu13Ion Dec 30, 2025
666794b
feat(frontend): Add Files tab to task details panel (#430)
Mitsu13Ion Dec 30, 2025
3c0708b
fix(windows): resolve EINVAL error when opening worktree in VS Code (…
fireapache Dec 30, 2025
203a970
fix: infinite loop in useTaskDetail merge preview loading (#444)
abe238 Dec 31, 2025
c15bb31
fix: accept Python 3.12+ in install-backend.js (#443)
abe238 Dec 31, 2025
2effa53
fix: prevent infinite re-render loop in task selection useEffect (#442)
abe238 Dec 31, 2025
da31b68
feat: remove top bars (#386)
fireapache Dec 31, 2025
5d8ede2
Fix/2.7.2 beta12 (#424)
AndyMik90 Dec 31, 2025
0f9c5b8
fix(pr-review): treat LOW-only findings as ready to merge (#455)
AndyMik90 Dec 31, 2025
fb6b7fc
fix: create spec.md during roadmap-to-task conversion (#446)
Pranaveswar19 Dec 31, 2025
52a4fcc
fix(ci): add Rust toolchain for Intel Mac builds (#459)
AndyMik90 Dec 31, 2025
7210610
Fix/windows issues (#471)
AndyMik90 Jan 1, 2026
8e5c11a
chore: bump version to 2.7.2-beta.12 (#460)
AndyMik90 Jan 1, 2026
4da8cd6
fix(detection): support bun.lock text format for Bun 1.2.0+ (#525)
AndyMik90 Jan 1, 2026
8d58dd6
fix: prefer versioned Homebrew Python over system python3 (#494)
mirzaaghazadeh Jan 1, 2026
344ec65
fix(pr-review): use temporary worktree for PR review isolation (#532)
AndyMik90 Jan 1, 2026
3db02c5
fix(csp): allow external HTTPS images in Content-Security-Policy (#549)
MikeeBuilds Jan 2, 2026
30f7951
fix: resolve frontend lag and update dependencies (#526)
AndyMik90 Jan 2, 2026
f58c257
fix(memory): fix learning loop to retrieve patterns and gotchas (#530)
AndyMik90 Jan 2, 2026
7990dcb
fix(ui): preserve original task description after spec creation (#536)
AndyMik90 Jan 2, 2026
29e4550
fix: detect and clear cross-platform CLI paths in settings (#535)
AndyMik90 Jan 2, 2026
c2148bb
fix(ci): add Python setup to beta-release and fix PR status gate chec…
AndyMik90 Jan 2, 2026
16a7fa4
fix(merge): resolve KanbanBoard conflicts favoring develop
AndyMik90 Jan 2, 2026
90a2032
feat(terminal): respect preferred terminal setting for Windows PTY shell
AndyMik90 Jan 2, 2026
90dddc2
fix(ci): cache pip wheels to speed up Intel Mac builds
AndyMik90 Jan 2, 2026
dedd075
# 🔥 hotfix(electron): restore app functionality on Windows broken by …
sniggl Jan 2, 2026
6d4231e
ci(release): add CHANGELOG.md validation and fix release workflow
AndyMik90 Jan 2, 2026
04de8c7
fix(merge): handle Windows CRLF line endings in regex fallback
AndyMik90 Jan 2, 2026
effaa68
fix: Solve ladybug problem on running npm install all on windows (#576)
AlexMadera Jan 2, 2026
6ac3012
2.7.2 release
AndyMik90 Jan 2, 2026
2880baf
Merge branch 'fix/2.7.3-hotfixes' into develop
AndyMik90 Jan 2, 2026
d278963
feat: custom Anthropic compatible API profile management (#181)
gnoviawan Jan 2, 2026
3086233
Improving Task Card Title Readability (#461)
fireapache Jan 2, 2026
5efc2c5
docs: update stable download links to v2.7.2 (#579)
AlexMadera Jan 2, 2026
4a83304
feat: add Dart/Flutter/Melos support to security profiles (#583)
Mitsu13Ion Jan 2, 2026
6c85590
fix(kanban): complete refresh button implementation (#584)
MikeeBuilds Jan 3, 2026
14b3db5
fix: pass electron version explicitly to electron-rebuild on Windows …
fireapache Jan 3, 2026
f5be794
fix(frontend): resolve PATH and PYTHONPATH issues in insights and cha…
hluisi Jan 3, 2026
7177c79
fix: human_review status persistence bug (worktree plan path fix) (#605)
MikeeBuilds Jan 3, 2026
13535f1
feat(terminal): add worktree support for terminals (#625)
AndyMik90 Jan 3, 2026
acdd7d9
refactor(github-review): replace confidence scoring with evidence-bas…
AndyMik90 Jan 3, 2026
556f0b2
fix(frontend): filter empty env vars to prevent OAuth token override …
Ashwinhegde19 Jan 3, 2026
4ec9db8
fix: security hook cwd extraction and PATH issues (#555, #556) (#587)
hluisi Jan 3, 2026
f7b02e8
fix(ci): include update manifests for architecture-specific auto-upda…
hluisi Jan 3, 2026
39da819
Fix/small fixes 2.7.3 (#631)
AndyMik90 Jan 3, 2026
46c41f8
fix: change hardcoded Opus defaults to Sonnet (fix #433) (#633)
MikeeBuilds Jan 3, 2026
b720312
fix(ui): update TaskCard description truncation for improved display …
AndyMik90 Jan 3, 2026
e1e8943
fix(mcp): use shell mode for Windows command spawning (#572)
andydataguy Jan 4, 2026
eeef8a3
fix: check .claude.json for OAuth auth in profile scorer (#652)
MikeeBuilds Jan 4, 2026
65f6089
fix(python): sanitize environment to prevent PYTHONHOME contamination…
MikeeBuilds Jan 5, 2026
234d44f
fix(settings): allow toggle deselection and improve embedding model n…
MikeeBuilds Jan 5, 2026
8be0e6f
feat(sentry): add anonymous error reporting with privacy controls (#636)
AndyMik90 Jan 5, 2026
1e3e8bd
Fix/update app (#594)
AndyMik90 Jan 5, 2026
6fb2d48
fix: improve GLM presets, ideation auth, and Insights env (#648)
StillKnotKnown Jan 5, 2026
c271354
fix: detect Claude CLI installed via NVM on Linux/macOS (#623)
StillKnotKnown Jan 5, 2026
7b4993e
Fix/small fixes all around (#645)
AndyMik90 Jan 5, 2026
35573fd
fix(frontend): detect @lydell/node-pty prebuilts in postinstall (#673)
fireapache Jan 5, 2026
63f4617
sentry dev support + sessions handling in terminals
AndyMik90 Jan 5, 2026
81afc3d
fix(terminal): resolve React Fast Refresh hook error in usePtyProcess
AndyMik90 Jan 5, 2026
e293732
docs: add stars badge and star history chart to README (#675)
eddie333016 Jan 5, 2026
3930b12
fix(a11y): Add missing ARIA attributes for screen reader accessibilit…
Orinks Jan 5, 2026
2c9fcbf
chore: Update Linux app icon to use multiple resolution sizes and fix…
Pdzly Jan 5, 2026
97f3449
fix(github): pass OAuth token to Python runner subprocesses (fixes #5…
MikeeBuilds Jan 5, 2026
ec4441c
fix: centralize Claude CLI invocation (#680)
StillKnotKnown Jan 5, 2026
5005e56
Fix Window Size on Hi-DPI Displays (#696)
aaronson2012 Jan 5, 2026
78aceae
fix(profiles): support API profiles in auth check and model resolutio…
gnoviawan Jan 6, 2026
09aa4f4
fix: WIndows not finding the gith bash path (#724)
AlexMadera Jan 6, 2026
574cd11
fix: pass augmented env to Claude CLI validation on macOS (#640)
tallinn102 Jan 6, 2026
8a4b506
fix: show OAuth terminal during profile authentication (#671)
bvdr Jan 6, 2026
84bc522
fix(setup): auto-create .env from .env.example during backend install…
Crimson341 Jan 6, 2026
df57fbf
fix: InvestigationDialog overflow issue (#669)
jackchuka Jan 6, 2026
2f321fb
Fix: Security allowlist not working in worktree mode (#646)
arcker Jan 6, 2026
724ad82
fix(a11y): Add context menu for keyboard-accessible task status chang…
Orinks Jan 6, 2026
78b80bc
fix: Multiple bug fixes including binary file handling and semantic t…
AndyMik90 Jan 6, 2026
7fda36a
fix: use --continue instead of --resume for Claude session restoratio…
AndyMik90 Jan 6, 2026
e9c859c
fix(memory): use Homebrew for Ollama installation on macOS (#742)
MikeeBuilds Jan 6, 2026
e3d72d6
refactor: simplify task description handling and improve modal layout…
AndyMik90 Jan 6, 2026
f406959
fix(startup): prevent app freeze by making Claude CLI detection non-b…
aslaker Jan 7, 2026
31519c2
fix: add helpful error message when Python dependencies are missing (…
StillKnotKnown Jan 7, 2026
5e78390
fix(roadmap): normalize feature status values for Kanban display [ACS…
MikeeBuilds Jan 7, 2026
96b7eb4
ACS-103 Windows can finish a task (#739)
AlexMadera Jan 7, 2026
01decae
fix(memory): handle Ollama version errors during model pull (#760)
bbopen Jan 7, 2026
fbaf2e7
fix(windows): add pywin32 dependency for LadybugDB (#627) (#778)
AndyMik90 Jan 7, 2026
cbd47f2
fix(insights): await async sendMessage to prevent race condition (#61…
AndyMik90 Jan 7, 2026
061411d
fix(python-bundling): verify critical packages exist, not just marker…
AndyMik90 Jan 7, 2026
cc78d7a
fix(multi-project): filter task IPC events by project to prevent cros…
AndyMik90 Jan 7, 2026
4203341
fix(permissions): grant worktree access to original project directori…
AndyMik90 Jan 7, 2026
4cc9198
fix(frontend): ensure PATH includes system directories when launched …
czerewacz Jan 7, 2026
63766f7
feat(pr-review): add prominent verdict summary to PR review comments …
AndyMik90 Jan 7, 2026
40fc7e4
fix(terminal): prevent crash after worktree creation (#771)
AndyMik90 Jan 7, 2026
a47354b
fix: add PYTHONPATH to subprocess environment for bundled packages (#…
AndyMik90 Jan 7, 2026
29ef46d
fix: resolve subtasks tab not updating on Linux (#794)
StillKnotKnown Jan 7, 2026
05c652e
fix(ui): enable scrolling in Project Files list in Task Creation Wiza…
Ashwinhegde19 Jan 7, 2026
a6ffd0e
feat: Add terminal copy/paste keyboard shortcuts for Windows/Linux (#…
StillKnotKnown Jan 7, 2026
ab3149f
fix(a11y): restore missing aria-label attributes on icon buttons (#808)
Orinks Jan 8, 2026
e310d56
fix: increase Claude SDK JSON buffer size to 10MB (#815)
StillKnotKnown Jan 8, 2026
a74bd86
feat: add PR creation workflow for task worktrees (#677)
ThrownLemon Jan 8, 2026
32e8fee
fix: automate auto labeling based on comments (#812)
AlexMadera Jan 8, 2026
cbb1cb8
feat(github): enhance PR merge readiness checks with branch state val…
AndyMik90 Jan 8, 2026
ada91fb
feat: add Claude Code changelog link to version notifiers (#820)
StillKnotKnown Jan 8, 2026
07ae1ef
Fix pydantic_core missing module error during packaging (#806)
MaximStone Jan 8, 2026
63e142a
feat: Add Sentry environment variables to CI build workflows (#803)
AndyMik90 Jan 8, 2026
ee0c09e
feat: add Microsoft Foundry (Azure AI) support for API Profiles
riccardo-algorime Jan 8, 2026
d05e8e7
test: update tests for Foundry environment variables
riccardo-algorime Jan 8, 2026
1f02191
Merge branch 'develop' into feature/microsoft-foundry-api-profiles
riccardo-algorime Jan 8, 2026
2045884
ci(release): add Azure Trusted Signing for Windows builds (#805)
AndyMik90 Jan 8, 2026
c623ab0
fix(github): use selectedPR from hook to restore Files changed list (…
StillKnotKnown Jan 8, 2026
dc29794
fix(ACS-51, ACS-55, ACS-71): Fix Kanban state transitions and status …
aslaker Jan 8, 2026
152678b
fix(ci): use HTTP for Azure Trusted Signing timestamp URL (#843)
AndyMik90 Jan 8, 2026
ecfae38
Merge branch 'develop' into feature/microsoft-foundry-api-profiles
riccardo-algorime Jan 9, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
The table of contents is too big for display.
Diff view
Diff view
  •  
  •  
  •  
197 changes: 187 additions & 10 deletions .github/workflows/beta-release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -97,16 +97,28 @@ jobs:
- name: Install Rust toolchain (for building native Python packages)
uses: dtolnay/rust-toolchain@stable

- name: Cache pip wheel cache (for compiled packages like real_ladybug)
uses: actions/cache@v4
with:
path: ~/Library/Caches/pip
key: pip-wheel-${{ runner.os }}-x64-${{ hashFiles('apps/backend/requirements.txt') }}
restore-keys: |
pip-wheel-${{ runner.os }}-x64-

- name: Cache bundled Python
uses: actions/cache@v4
with:
path: apps/frontend/python-runtime
key: python-bundle-${{ runner.os }}-x64-3.12.8-rust
key: python-bundle-${{ runner.os }}-x64-3.12.8-rust-${{ hashFiles('apps/backend/requirements.txt') }}
restore-keys: |
python-bundle-${{ runner.os }}-x64-
python-bundle-${{ runner.os }}-x64-3.12.8-rust-

- name: Build application
run: cd apps/frontend && npm run build
env:
SENTRY_DSN: ${{ secrets.SENTRY_DSN }}
SENTRY_TRACES_SAMPLE_RATE: ${{ secrets.SENTRY_TRACES_SAMPLE_RATE }}
SENTRY_PROFILES_SAMPLE_RATE: ${{ secrets.SENTRY_PROFILES_SAMPLE_RATE }}

- name: Package macOS (Intel)
run: |
Expand All @@ -116,6 +128,9 @@ jobs:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
CSC_LINK: ${{ secrets.MAC_CERTIFICATE }}
CSC_KEY_PASSWORD: ${{ secrets.MAC_CERTIFICATE_PASSWORD }}
SENTRY_DSN: ${{ secrets.SENTRY_DSN }}
SENTRY_TRACES_SAMPLE_RATE: ${{ secrets.SENTRY_TRACES_SAMPLE_RATE }}
SENTRY_PROFILES_SAMPLE_RATE: ${{ secrets.SENTRY_PROFILES_SAMPLE_RATE }}

- name: Notarize macOS Intel app
env:
Expand Down Expand Up @@ -181,16 +196,28 @@ jobs:
- name: Install dependencies
run: cd apps/frontend && npm ci

- name: Cache pip wheel cache
uses: actions/cache@v4
with:
path: ~/Library/Caches/pip
key: pip-wheel-${{ runner.os }}-arm64-${{ hashFiles('apps/backend/requirements.txt') }}
restore-keys: |
pip-wheel-${{ runner.os }}-arm64-

- name: Cache bundled Python
uses: actions/cache@v4
with:
path: apps/frontend/python-runtime
key: python-bundle-${{ runner.os }}-arm64-3.12.8
key: python-bundle-${{ runner.os }}-arm64-3.12.8-${{ hashFiles('apps/backend/requirements.txt') }}
restore-keys: |
python-bundle-${{ runner.os }}-arm64-
python-bundle-${{ runner.os }}-arm64-3.12.8-

- name: Build application
run: cd apps/frontend && npm run build
env:
SENTRY_DSN: ${{ secrets.SENTRY_DSN }}
SENTRY_TRACES_SAMPLE_RATE: ${{ secrets.SENTRY_TRACES_SAMPLE_RATE }}
SENTRY_PROFILES_SAMPLE_RATE: ${{ secrets.SENTRY_PROFILES_SAMPLE_RATE }}

- name: Package macOS (Apple Silicon)
run: |
Expand All @@ -200,6 +227,9 @@ jobs:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
CSC_LINK: ${{ secrets.MAC_CERTIFICATE }}
CSC_KEY_PASSWORD: ${{ secrets.MAC_CERTIFICATE_PASSWORD }}
SENTRY_DSN: ${{ secrets.SENTRY_DSN }}
SENTRY_TRACES_SAMPLE_RATE: ${{ secrets.SENTRY_TRACES_SAMPLE_RATE }}
SENTRY_PROFILES_SAMPLE_RATE: ${{ secrets.SENTRY_PROFILES_SAMPLE_RATE }}

- name: Notarize macOS ARM64 app
env:
Expand Down Expand Up @@ -235,6 +265,12 @@ jobs:
build-windows:
needs: create-tag
runs-on: windows-latest
permissions:
id-token: write # Required for OIDC authentication with Azure
contents: read
env:
# Job-level env so AZURE_CLIENT_ID is available for step-level if conditions
AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
steps:
- uses: actions/checkout@v4
with:
Expand Down Expand Up @@ -265,16 +301,28 @@ jobs:
- name: Install dependencies
run: cd apps/frontend && npm ci

- name: Cache pip wheel cache
uses: actions/cache@v4
with:
path: ~\AppData\Local\pip\Cache
key: pip-wheel-${{ runner.os }}-x64-${{ hashFiles('apps/backend/requirements.txt') }}
restore-keys: |
pip-wheel-${{ runner.os }}-x64-

- name: Cache bundled Python
uses: actions/cache@v4
with:
path: apps/frontend/python-runtime
key: python-bundle-${{ runner.os }}-x64-3.12.8
key: python-bundle-${{ runner.os }}-x64-3.12.8-${{ hashFiles('apps/backend/requirements.txt') }}
restore-keys: |
python-bundle-${{ runner.os }}-x64-
python-bundle-${{ runner.os }}-x64-3.12.8-

- name: Build application
run: cd apps/frontend && npm run build
env:
SENTRY_DSN: ${{ secrets.SENTRY_DSN }}
SENTRY_TRACES_SAMPLE_RATE: ${{ secrets.SENTRY_TRACES_SAMPLE_RATE }}
SENTRY_PROFILES_SAMPLE_RATE: ${{ secrets.SENTRY_PROFILES_SAMPLE_RATE }}

- name: Package Windows
shell: bash
Expand All @@ -283,8 +331,122 @@ jobs:
cd apps/frontend && npm run package:win -- --config.extraMetadata.version="$VERSION"
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
CSC_LINK: ${{ secrets.WIN_CERTIFICATE }}
CSC_KEY_PASSWORD: ${{ secrets.WIN_CERTIFICATE_PASSWORD }}
# Disable electron-builder's built-in signing (we use Azure Trusted Signing instead)
CSC_IDENTITY_AUTO_DISCOVERY: false
SENTRY_DSN: ${{ secrets.SENTRY_DSN }}
SENTRY_TRACES_SAMPLE_RATE: ${{ secrets.SENTRY_TRACES_SAMPLE_RATE }}
SENTRY_PROFILES_SAMPLE_RATE: ${{ secrets.SENTRY_PROFILES_SAMPLE_RATE }}

- name: Azure Login (OIDC)
if: env.AZURE_CLIENT_ID != ''
uses: azure/login@v2
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}

- name: Sign Windows executable with Azure Trusted Signing
if: env.AZURE_CLIENT_ID != ''
uses: azure/[email protected]
with:
endpoint: https://neu.codesigning.azure.net/
trusted-signing-account-name: ${{ secrets.AZURE_SIGNING_ACCOUNT }}
certificate-profile-name: ${{ secrets.AZURE_CERTIFICATE_PROFILE }}
files-folder: apps/frontend/dist
files-folder-filter: exe
file-digest: SHA256
timestamp-rfc3161: http://timestamp.acs.microsoft.com
timestamp-digest: SHA256

- name: Verify Windows executable is signed
if: env.AZURE_CLIENT_ID != ''
shell: pwsh
run: |
cd apps/frontend/dist
$exeFile = Get-ChildItem -Filter "*.exe" | Select-Object -First 1
if ($exeFile) {
Write-Host "Verifying signature on $($exeFile.Name)..."
$sig = Get-AuthenticodeSignature -FilePath $exeFile.FullName
if ($sig.Status -ne 'Valid') {
Write-Host "::error::Signature verification failed: $($sig.Status)"
Write-Host "::error::Status Message: $($sig.StatusMessage)"
exit 1
}
Write-Host "✅ Signature verified successfully"
Write-Host " Subject: $($sig.SignerCertificate.Subject)"
Write-Host " Issuer: $($sig.SignerCertificate.Issuer)"
Write-Host " Thumbprint: $($sig.SignerCertificate.Thumbprint)"
} else {
Write-Host "::error::No .exe file found to verify"
exit 1
}

- name: Regenerate checksums after signing
if: env.AZURE_CLIENT_ID != ''
shell: pwsh
run: |
$ErrorActionPreference = "Stop"
cd apps/frontend/dist

# Find the installer exe (electron-builder names it with "Setup" or just the app name)
# electron-builder produces one installer exe per build
$exeFiles = Get-ChildItem -Filter "*.exe"
if ($exeFiles.Count -eq 0) {
Write-Host "::error::No .exe files found in dist folder"
exit 1
}

Write-Host "Found $($exeFiles.Count) exe file(s): $($exeFiles.Name -join ', ')"

$ymlFile = "latest.yml"
if (-not (Test-Path $ymlFile)) {
Write-Host "::error::$ymlFile not found - cannot update checksums"
exit 1
}

$content = Get-Content $ymlFile -Raw
$originalContent = $content

# Process each exe file and update its hash in latest.yml
foreach ($exeFile in $exeFiles) {
Write-Host "Processing $($exeFile.Name)..."

# Compute SHA512 hash and convert to base64 (electron-builder format)
$bytes = [System.IO.File]::ReadAllBytes($exeFile.FullName)
$sha512 = [System.Security.Cryptography.SHA512]::Create()
$hashBytes = $sha512.ComputeHash($bytes)
$hash = [System.Convert]::ToBase64String($hashBytes)
$size = $exeFile.Length

Write-Host " Hash: $hash"
Write-Host " Size: $size"
}

# For electron-builder, latest.yml has a single file entry for the installer
# Update the sha512 and size for the primary exe (first one, typically the installer)
$primaryExe = $exeFiles | Select-Object -First 1
$bytes = [System.IO.File]::ReadAllBytes($primaryExe.FullName)
$sha512 = [System.Security.Cryptography.SHA512]::Create()
$hashBytes = $sha512.ComputeHash($bytes)
$hash = [System.Convert]::ToBase64String($hashBytes)
$size = $primaryExe.Length

# Update sha512 hash (base64 pattern: alphanumeric, +, /, =)
$content = $content -replace 'sha512: [A-Za-z0-9+/=]+', "sha512: $hash"
# Update size
$content = $content -replace 'size: \d+', "size: $size"

if ($content -eq $originalContent) {
Write-Host "::error::Checksum replacement failed - content unchanged. Check if latest.yml format has changed."
exit 1
}

Set-Content -Path $ymlFile -Value $content -NoNewline
Write-Host "✅ Updated $ymlFile with new base64 hash and size for $($primaryExe.Name)"

- name: Skip signing notice
if: env.AZURE_CLIENT_ID == ''
run: echo "::warning::Windows signing skipped - AZURE_CLIENT_ID not configured. The .exe will be unsigned."

- name: Upload artifacts
uses: actions/upload-artifact@v4
Expand Down Expand Up @@ -335,23 +497,38 @@ jobs:
flatpak install -y --user flathub org.freedesktop.Platform//25.08 org.freedesktop.Sdk//25.08
flatpak install -y --user flathub org.electronjs.Electron2.BaseApp//25.08

- name: Cache pip wheel cache
uses: actions/cache@v4
with:
path: ~/.cache/pip
key: pip-wheel-${{ runner.os }}-x64-${{ hashFiles('apps/backend/requirements.txt') }}
restore-keys: |
pip-wheel-${{ runner.os }}-x64-

- name: Cache bundled Python
uses: actions/cache@v4
with:
path: apps/frontend/python-runtime
key: python-bundle-${{ runner.os }}-x64-3.12.8
key: python-bundle-${{ runner.os }}-x64-3.12.8-${{ hashFiles('apps/backend/requirements.txt') }}
restore-keys: |
python-bundle-${{ runner.os }}-x64-
python-bundle-${{ runner.os }}-x64-3.12.8-

- name: Build application
run: cd apps/frontend && npm run build
env:
SENTRY_DSN: ${{ secrets.SENTRY_DSN }}
SENTRY_TRACES_SAMPLE_RATE: ${{ secrets.SENTRY_TRACES_SAMPLE_RATE }}
SENTRY_PROFILES_SAMPLE_RATE: ${{ secrets.SENTRY_PROFILES_SAMPLE_RATE }}

- name: Package Linux
run: |
VERSION="${{ needs.create-tag.outputs.version }}"
cd apps/frontend && npm run package:linux -- --config.extraMetadata.version="$VERSION"
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SENTRY_DSN: ${{ secrets.SENTRY_DSN }}
SENTRY_TRACES_SAMPLE_RATE: ${{ secrets.SENTRY_TRACES_SAMPLE_RATE }}
SENTRY_PROFILES_SAMPLE_RATE: ${{ secrets.SENTRY_PROFILES_SAMPLE_RATE }}

- name: Upload artifacts
uses: actions/upload-artifact@v4
Expand Down
Loading
Loading