name: Build Binaries on: push: tags: - 'v*' workflow_dispatch: inputs: tag: description: 'Tag to build (e.g., v0.12.0)' required: true type: string source_ref: description: 'Source ref to build/publish (defaults to tag; use only for release recovery)' required: false type: string permissions: {} jobs: build: runs-on: ubuntu-latest permissions: contents: write env: RELEASE_TAG: ${{ github.event.inputs.tag || github.ref_name }} SOURCE_REF: ${{ github.event.inputs.source_ref || github.event.inputs.tag || github.ref_name }} steps: - name: Checkout uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ env.SOURCE_REF }} persist-credentials: false - name: Setup Bun uses: oven-sh/setup-bun@0c5077e51419868618aeaa5fe8019c62421857d6 # v2.2.0 with: bun-version: 1.3.10 - name: Setup Node.js uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 with: node-version: '22' registry-url: 'https://registry.npmjs.org' - name: Build binaries run: ./scripts/build-binaries.sh - name: Extract changelog for this version id: changelog run: | VERSION="${RELEASE_TAG}" VERSION="${VERSION#v}" # Remove 'v' prefix node scripts/release-notes.mjs extract --version "${VERSION}" --tag "${RELEASE_TAG}" --out /tmp/release-notes.md - name: Create GitHub Release and upload binaries env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | cd packages/coding-agent/binaries release_assets=( pi-darwin-arm64.tar.gz pi-darwin-x64.tar.gz pi-linux-x64.tar.gz pi-linux-arm64.tar.gz pi-windows-x64.zip pi-windows-arm64.zip ) sha256sum "${release_assets[@]}" > SHA256SUMS release_assets+=(SHA256SUMS) if gh release view "${RELEASE_TAG}" >/dev/null 2>&1; then gh release edit "${RELEASE_TAG}" \ --title "${RELEASE_TAG}" \ --notes-file /tmp/release-notes.md gh release upload "${RELEASE_TAG}" "${release_assets[@]}" --clobber else gh release create "${RELEASE_TAG}" \ --title "${RELEASE_TAG}" \ --notes-file /tmp/release-notes.md \ "${release_assets[@]}" fi publish-npm: runs-on: ubuntu-latest needs: build environment: npm-publish permissions: contents: read id-token: write env: RELEASE_TAG: ${{ github.event.inputs.tag || github.ref_name }} SOURCE_REF: ${{ github.event.inputs.source_ref || github.event.inputs.tag || github.ref_name }} steps: - name: Checkout uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ env.SOURCE_REF }} persist-credentials: false - name: Setup Node.js uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 with: node-version: '22' registry-url: 'https://registry.npmjs.org' cache: npm - name: Install system dependencies run: | sudo apt-get update sudo apt-get install -y libcairo2-dev libpango1.0-dev libjpeg-dev libgif-dev librsvg2-dev fd-find ripgrep sudo ln -s $(which fdfind) /usr/local/bin/fd - name: Install dependencies run: npm ci --ignore-scripts - name: Build run: npm run build - name: Check run: npm run check - name: Test run: npm test - name: Verify release artifacts are committed run: git diff --exit-code - name: Upgrade npm for trusted publishing run: | npm install -g npm@11.16.0 --ignore-scripts npm --version - name: Publish npm packages run: node scripts/publish.mjs