Support for single binary distribution#491
Merged
dyoshikawa merged 17 commits intomainfrom Nov 9, 2025
Merged
Conversation
- Add build scripts for creating standalone binaries using bun compile - Support cross-platform builds (Linux x64, macOS x64/ARM64, Windows x64) - Use two-stage build process: esbuild bundles dependencies, then bun compiles to binary - Add dist-bun directory to gitignore for compiled binaries - Add esbuild as dev dependency for bundling Available scripts: - build:bun: Build binary for current platform - build:bun:all: Build binaries for all platforms - build:bun:linux/macos/windows: Build platform-specific binaries
Contributor
There was a problem hiding this comment.
Pull Request Overview
This PR adds support for creating standalone binaries using Bun's compile feature, enabling cross-platform distribution of the rulesync CLI tool.
- Adds build scripts for bundling and compiling standalone binaries using esbuild and Bun
- Introduces cross-platform build targets (Linux x64, macOS x64/ARM64, Windows x64)
- Updates .gitignore to exclude build artifacts
Reviewed Changes
Copilot reviewed 1 out of 2 changed files in this pull request and generated no comments.
| File | Description |
|---|---|
| package.json | Adds 7 new build:bun scripts for binary compilation and adds esbuild as a dev dependency |
| .gitignore | Adds dist-bun directory and /rulesync binary to ignored files |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- Replace esbuild with tsup for dependency bundling - Add GitHub Actions workflow to build and upload binaries on release - Support cross-platform builds (Linux x64, macOS x64/ARM64, Windows x64) - Add tsup.bundle.config.ts for bundling all dependencies - Update build scripts to use tsup instead of esbuild Build process: 1. tsup bundles all dependencies into single file (dist-bun/index.js) 2. bun compile creates standalone binary from bundled file This approach resolves node-fetch-native export issues with bun compile.
- Remove tsup dependency for bundling (no longer needed) - Use bun build --compile --external giget directly - Significantly faster build times compared to tsup approach - Remove tsup.bundle.config.ts Technical details: - The --external giget flag prevents bundling c12's dependency chain - This avoids the node-fetch-native export compatibility issue - Binary size remains similar (~60-116MB depending on platform) - All functionality works correctly with giget as external dependency This simplifies the build process while maintaining full compatibility.
…pile-binary-011CUv7Fy7fJ9FZYpbxR35VB
…pile-binary-011CUv7Fy7fJ9FZYpbxR35VB
Changed from ignoring `/rulesync` to ignoring `dist-bun/` directory and `*.bun-build` files for better organization of Bun build artifacts. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
- Simplify CI workflow to focus on binary building instead of quality checks - Consolidate binary builds to single Ubuntu runner (cross-compilation) - Remove redundant Bun installation from Dockerfile (use mise instead) - Add Bun to mise.toml toolchain configuration - Remove npm scripts for individual platform builds - Add e2e workflow for end-to-end testing - Build Linux (x64, arm64) and macOS (x64, arm64) binaries 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
- Move binary build from CI to E2E workflow to reduce CI execution time - Rename CI job from "build" to "quality" to better reflect its purpose - Add dependency checks and build artifact validation to CI workflow - E2E workflow now builds binaries first, then runs platform-specific tests - Remove workflow_run trigger from E2E to simplify workflow dependencies 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
Update the workflow name from "E2E Tests" to "E2E Tests on Cross-Platform" to better reflect that these tests run on multiple operating systems (Ubuntu, macOS, Windows). 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
Add explicit `bun install` step before building binaries to ensure all dependencies are available during the build process. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
Add --ignore-scripts flag to bun install to prevent unnecessary script execution during CI. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
- Split binary building workflows into dedicated files - Created release-binaries.yml for release binary builds - Renamed e2e.yml to e2e-binaries.yml for consistency - Removed build-binaries job from release.yml (now in release-binaries.yml) - Added permissions declaration to ci.yml for clarity This separation improves workflow maintainability and allows independent execution and debugging of binary builds and NPM publishing. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
Changed contents permission from write to read in the release workflow since release assets are uploaded via JSR publish action which uses OIDC authentication rather than requiring direct write permissions to the repository. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
cm-dyoshikawa
changed the title
Removed Node.js and pnpm setup steps from the release-binaries workflow. Now using Bun exclusively for dependency installation with --ignore-scripts flag to streamline the binary compilation process. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
This commit addresses three critical security issues identified in PR #491: 1. **Pin Bun version to 1.3.2 in release workflow** - Changed from 'latest' to '1.3.2' to ensure consistent binary builds - Eliminates supply chain risk from version inconsistency 2. **Add SHA256 checksum generation and publishing** - Generate SHA256SUMS file for all binaries - Include checksums in release assets for integrity verification - Enables users to verify binary authenticity 3. **Fix GitHub Actions expression injection risks** - Use environment variables instead of direct expression interpolation - Changed ${{ matrix.os }} to env variable MATRIX_OS - Changed ${{ env.BINARY_PATH }} to shell variable "${BINARY_PATH}" - Prevents potential command injection vulnerabilities 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
dyoshikawa
deleted the
claude/enable-bun-compile-binary-011CUv7Fy7fJ9FZYpbxR35VB
branch
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes: #284