Skip to content
Release

Merge pull request #243 from forketyfork/fix/agent-quit-capture-drain #75

Sign in to view logs

Merge pull request #243 from forketyfork/fix/agent-quit-capture-drain

Merge pull request #243 from forketyfork/fix/agent-quit-capture-drain #75

Workflow file for this run

.github/workflows/release.yaml at 6c0c145
name: Release
on:
push:
tags:
- 'v*'
workflow_dispatch:
permissions:
contents: write
pull-requests: write
jobs:
build-macos:
strategy:
matrix:
include:
- arch: arm64
runner: macos-latest
- arch: x86_64
runner: macos-15-intel
runs-on: ${{ matrix.runner }}
env:
ZIG_GLOBAL_CACHE_DIR: ${{ github.workspace }}/architect/.zig-cache
ZIG_LOCAL_CACHE_DIR: ${{ github.workspace }}/architect/.zig-cache/local
# Prevent ghostty (dependency) from reading the repository git tag of Architect
# and thinking it is its own release tag.
GIT_CEILING_DIRECTORIES: ${{ github.workspace }}/architect/.zig-cache
steps:
- uses: actions/checkout@v6
with:
path: architect
- name: Install Nix
uses: cachix/install-nix-action@v31
with:
extra_nix_config: |
experimental-features = nix-command flakes
- name: Cache Zig package cache
uses: actions/cache@v5
with:
path: architect/.zig-cache
key: zig-${{ runner.os }}-${{ matrix.arch }}-${{ hashFiles('architect/build.zig.zon') }}
restore-keys: |
zig-${{ runner.os }}-${{ matrix.arch }}-
- name: Import code-signing certificate
env:
MACOS_CERTIFICATE: ${{ secrets.MACOS_CERTIFICATE }}
MACOS_CERTIFICATE_PWD: ${{ secrets.MACOS_CERTIFICATE_PWD }}
if: ${{ env.MACOS_CERTIFICATE != '' && env.MACOS_CERTIFICATE_PWD != '' }}
uses: Apple-Actions/import-codesign-certs@v6
with:
p12-file-base64: ${{ env.MACOS_CERTIFICATE }}
p12-password: ${{ env.MACOS_CERTIFICATE_PWD }}
- name: Cache Nix store
uses: cachix/cachix-action@v16
with:
name: forketyfork
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
- name: Prefetch Zig dependencies
run: |
for i in 1 2 3; do
nix develop --command just setup && break
if [ $i -eq 3 ]; then exit 1; fi
sleep 5
done
working-directory: architect
- name: Build release
run: |
for i in 1 2 3; do
nix develop --command zig build -Doptimize=ReleaseFast && break
if [ $i -eq 3 ]; then exit 1; fi
sleep 5
done
working-directory: architect
- name: Bundle libraries and package
run: |
chmod +x scripts/bundle-macos.sh
./scripts/bundle-macos.sh zig-out/bin/architect release
if security find-identity -v -p codesigning >/tmp/codesign-identities.txt 2>/dev/null; then
IDENTITY=$(awk 'NR==1 {print $2}' /tmp/codesign-identities.txt)
echo "Signing with identity ${IDENTITY}"
for lib in release/Architect.app/Contents/MacOS/lib/*.dylib; do
codesign --force --options runtime --timestamp --sign "$IDENTITY" "$lib"
done
codesign --force --options runtime --timestamp --sign "$IDENTITY" \
--entitlements macos/Architect.entitlements \
release/Architect.app/Contents/MacOS/architect
codesign --force --options runtime --timestamp --sign "$IDENTITY" \
--entitlements macos/Architect.entitlements \
release/Architect.app
else
echo "No Developer ID cert available; applying ad-hoc signature for Gatekeeper"
for lib in release/Architect.app/Contents/MacOS/lib/*.dylib; do
codesign --force --sign - "$lib"
done
codesign --force --sign - --entitlements macos/Architect.entitlements \
release/Architect.app/Contents/MacOS/architect
codesign --force --sign - --entitlements macos/Architect.entitlements \
release/Architect.app
fi
cd release
tar -czf architect-macos-${{ matrix.arch }}.tar.gz Architect.app
working-directory: architect
- name: Upload artifact
uses: actions/upload-artifact@v6
with:
name: architect-macos-${{ matrix.arch }}
path: architect/release/architect-macos-${{ matrix.arch }}.tar.gz
- name: Create Release
if: startsWith(github.ref, 'refs/tags/')
uses: softprops/action-gh-release@v2
with:
files: architect/release/architect-macos-${{ matrix.arch }}.tar.gz
draft: false
prerelease: false
generate_release_notes: true
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
update-formula:
needs: build-macos
if: startsWith(github.ref, 'refs/tags/')
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
with:
ref: main
token: ${{ secrets.PAT_TOKEN }}
- name: Update Homebrew formula
env:
GH_TOKEN: ${{ secrets.PAT_TOKEN }}
run: |
VERSION=${GITHUB_REF#refs/tags/}
echo "Updating formula for version $VERSION"
# Download and compute SHA256 for the source tarball
TARBALL_URL="https://github.com/${{ github.repository }}/archive/refs/tags/${VERSION}.tar.gz"
SHA256=$(curl -sL "$TARBALL_URL" | sha256sum | awk '{print $1}')
echo "Computed SHA256: $SHA256"
# Update the formula file
sed -i "s|url \"https://github.com/${{ github.repository }}/archive/refs/tags/v[^\"]*\.tar\.gz\"|url \"$TARBALL_URL\"|" Formula/architect.rb
sed -i "0,/sha256 \"[^\"]*\"/s//sha256 \"$SHA256\"/" Formula/architect.rb
# Check if there were changes
if git diff --quiet Formula/architect.rb; then
echo "No changes to formula"
exit 0
fi
# Create a PR with the changes
BRANCH_NAME="update-formula-${VERSION}"
git config user.name "github-actions[bot]"
git config user.email "github-actions[bot]@users.noreply.github.com"
git checkout -b "$BRANCH_NAME"
git add Formula/architect.rb
git commit -m "Update Homebrew formula to ${VERSION}"
git push origin "$BRANCH_NAME"
# Create PR
gh pr create \
--title "Update Homebrew formula to ${VERSION}" \
--body "Automatically updates the Homebrew formula to version ${VERSION} with the correct SHA256 checksum.
**Changes:**
- Update version to ${VERSION}
- Update SHA256 to \`${SHA256}\`
This PR was automatically generated by the release workflow." \
--base main \
--head "$BRANCH_NAME"