lzh/picoclaw
1
0
Fork 0
mirror of https://github.com/sipeed/picoclaw.git synced 2026-06-12 18:08:54 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
f6bceb29a324461074136d25d40f2bf10e1c17c3
picoclaw/.github/workflows/release.yml
T
BeaconCat 9fba52d0fa ci: parallel macOS CGO launcher build, lowercase Docker tags, conditional Docker Hub login (#2643) 
- Add build-macos-launcher job (runs on macOS, parallel with GoReleaser)
  that builds the CGO-enabled launcher with systray support, signs and
  notarizes it via rcodesign, then uploads as artifact.

- Add patch-macos-archives job (runs on cheap Linux runner, needs both
  GoReleaser and build-macos-launcher) that downloads the launcher
  artifact and darwin release archives, replaces the launcher binary,
  and re-uploads the patched archives.

- Fix Docker image tag errors: GITHUB_REPOSITORY_OWNER is immutable in
  GitHub Actions. Introduce REPO_OWNER (lowercase) in workflows and
  reference it in .goreleaser.yaml for GHCR image names and nfpms
  homepage.

- Make Docker Hub login conditional on DOCKERHUB_USERNAME secret being
  set, so forks without Docker Hub credentials don't fail.

- Make Docker Hub image in goreleaser conditional on DOCKERHUB_IMAGE_NAME
  being non-empty (empty image names are ignored by GoReleaser).

Verified on fork: both nightly and release workflows pass all jobs.
  Nightly:  https://github.com/BeaconCat/picoclaw/actions/runs/24848808843
  Release:  https://github.com/BeaconCat/picoclaw/actions/runs/24849753787

Co-authored-by: BeaconCat <BeaconCat@users.noreply.github.com>
2026-04-24 09:53:07 +08:00

274 lines
8.0 KiB
YAML
Raw Blame History

name: Release
on:
workflow_dispatch:
inputs:
tag:
description: "Existing tag to release (e.g. v0.2.0)"
required: true
type: string
prerelease:
description: "Mark as pre-release"
required: false
type: boolean
default: false
draft:
description: "Create as draft"
required: false
type: boolean
default: false
upload_tos:
description: "Upload to Volcengine TOS"
required: false
type: boolean
default: true
jobs:
release:
name: GoReleaser Release
runs-on: ubuntu-latest
permissions:
contents: write
packages: write
steps:
- name: Verify tag exists
shell: bash
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
if ! gh api "repos/${{ github.repository }}/git/ref/tags/${{ inputs.tag }}" --silent 2>/dev/null; then
echo "::error::Tag '${{ inputs.tag }}' does not exist. Create it first using the 'Create Tag' workflow."
exit 1
fi
- name: Checkout tag
uses: actions/checkout@v6
with:
fetch-depth: 0
ref: ${{ inputs.tag }}
- name: Setup Go from go.mod
id: setup-go
uses: actions/setup-go@v6
with:
go-version-file: go.mod
- name: Setup pnpm
uses: pnpm/action-setup@v6
with:
version: 10.33.0
run_install: false
- name: Setup Node.js
uses: actions/setup-node@v6
with:
node-version: 22
cache: pnpm
cache-dependency-path: web/frontend/pnpm-lock.yaml
- name: Set up QEMU
uses: docker/setup-qemu-action@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v4
- name: Login to GitHub Container Registry
uses: docker/login-action@v4
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Login to Docker Hub
if: env.DOCKERHUB_USERNAME != ''
uses: docker/login-action@v4
env:
DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
with:
registry: docker.io
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Install zip
run: sudo apt-get install -y zip
- name: Lowercase owner for Docker tags
id: repo
run: echo "owner=$(echo '${{ github.repository_owner }}' | tr '[:upper:]' '[:lower:]')" >> "$GITHUB_OUTPUT"
- name: Run GoReleaser
uses: goreleaser/goreleaser-action@v7
with:
distribution: goreleaser
version: ~> v2
args: release --clean
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
REPO_OWNER: ${{ steps.repo.outputs.owner }}
DOCKERHUB_IMAGE_NAME: ${{ vars.DOCKERHUB_REPOSITORY }}
GOVERSION: ${{ steps.setup-go.outputs.go-version }}
INCLUDE_ANDROID_BUNDLE: "true"
MACOS_SIGN_P12: ${{ secrets.MACOS_SIGN_P12 }}
MACOS_SIGN_PASSWORD: ${{ secrets.MACOS_SIGN_PASSWORD }}
MACOS_NOTARY_ISSUER_ID: ${{ secrets.MACOS_NOTARY_ISSUER_ID }}
MACOS_NOTARY_KEY_ID: ${{ secrets.MACOS_NOTARY_KEY_ID }}
MACOS_NOTARY_KEY: ${{ secrets.MACOS_NOTARY_KEY }}
- name: Apply release flags
shell: bash
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
gh release edit "${{ inputs.tag }}" \
--draft=${{ inputs.draft }} \
--prerelease=${{ inputs.prerelease }}
build-macos-launcher:
name: Build macOS Launcher (${{ matrix.arch_name }})
runs-on: macos-latest
permissions:
contents: read
strategy:
matrix:
include:
- goarch: arm64
arch_name: arm64
- goarch: amd64
arch_name: x86_64
steps:
- name: Checkout tag
uses: actions/checkout@v6
with:
fetch-depth: 0
ref: ${{ inputs.tag }}
- name: Setup Go from go.mod
uses: actions/setup-go@v6
with:
go-version-file: go.mod
- name: Setup pnpm
uses: pnpm/action-setup@v6
with:
version: 10.33.0
run_install: false
- name: Setup Node.js
uses: actions/setup-node@v6
with:
node-version: 22
cache: pnpm
cache-dependency-path: web/frontend/pnpm-lock.yaml
- name: Build frontend
run: |
cd web/frontend
CI=true pnpm install --frozen-lockfile
pnpm build:backend
- name: Build picoclaw-launcher with CGO
env:
CGO_ENABLED: "1"
GOOS: darwin
GOARCH: ${{ matrix.goarch }}
run: |
SDK_PATH=$(xcrun --show-sdk-path)
export CGO_CFLAGS="-isysroot ${SDK_PATH} -mmacosx-version-min=11.0"
export CGO_LDFLAGS="-isysroot ${SDK_PATH}"
go generate ./...
go build -tags "goolm,stdjson" \
-ldflags "-s -w \
-X github.com/sipeed/picoclaw/pkg/config.Version=${{ inputs.tag }} \
-X github.com/sipeed/picoclaw/pkg/config.GitCommit=$(git rev-parse --short HEAD) \
-X github.com/sipeed/picoclaw/pkg/config.BuildTime=$(date -u +%Y-%m-%dT%H:%M:%SZ)" \
-o picoclaw-launcher-cgo \
./web/backend
- name: Sign and notarize launcher binary
if: env.MACOS_SIGN_P12 != ''
env:
MACOS_SIGN_P12: ${{ secrets.MACOS_SIGN_P12 }}
MACOS_SIGN_PASSWORD: ${{ secrets.MACOS_SIGN_PASSWORD }}
MACOS_NOTARY_ISSUER_ID: ${{ secrets.MACOS_NOTARY_ISSUER_ID }}
MACOS_NOTARY_KEY_ID: ${{ secrets.MACOS_NOTARY_KEY_ID }}
MACOS_NOTARY_KEY: ${{ secrets.MACOS_NOTARY_KEY }}
run: |
pip3 install rcodesign
echo "$MACOS_SIGN_P12" | base64 -d > cert.p12
rcodesign sign \
--p12-file cert.p12 \
--p12-password "$MACOS_SIGN_PASSWORD" \
picoclaw-launcher-cgo
echo "$MACOS_NOTARY_KEY" > notary-key.p8
rcodesign notary-submit \
--api-key-path notary-key.p8 \
--api-issuer "$MACOS_NOTARY_ISSUER_ID" \
--wait \
picoclaw-launcher-cgo
rm -f cert.p12 notary-key.p8
- name: Upload launcher artifact
uses: actions/upload-artifact@v4
with:
name: macos-launcher-${{ matrix.arch_name }}
path: picoclaw-launcher-cgo
retention-days: 1
patch-macos-archives:
name: Patch macOS Archives
needs: [release, build-macos-launcher]
runs-on: ubuntu-latest
permissions:
contents: write
strategy:
matrix:
include:
- arch_name: arm64
- arch_name: x86_64
steps:
- name: Download launcher artifact
uses: actions/download-artifact@v4
with:
name: macos-launcher-${{ matrix.arch_name }}
- name: Patch darwin release archive
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
TAG: ${{ inputs.tag }}
run: |
ARCHIVE_NAME="picoclaw_Darwin_${{ matrix.arch_name }}.tar.gz"
gh release download "${TAG}" \
--repo "${{ github.repository }}" \
--pattern "${ARCHIVE_NAME}" \
--dir ./patch-tmp
mkdir -p ./patch-extracted
tar xzf "./patch-tmp/${ARCHIVE_NAME}" -C ./patch-extracted
cp picoclaw-launcher-cgo ./patch-extracted/picoclaw-launcher
chmod +x ./patch-extracted/picoclaw-launcher
tar czf "${ARCHIVE_NAME}" -C ./patch-extracted .
gh release upload "${TAG}" \
--repo "${{ github.repository }}" \
"${ARCHIVE_NAME}" --clobber
echo "Patched ${ARCHIVE_NAME} with CGO launcher (systray enabled)"
upload-tos:
name: Upload to TOS
needs: [release, patch-macos-archives]
if: ${{ inputs.upload_tos }}
uses: ./.github/workflows/upload-tos.yml
with:
tag: ${{ inputs.tag }}
secrets: inherit
Reference in New Issue View Git Blame Copy Permalink