npm-published #33
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Bun Compile | |
| # Compiles Auggie CLI into self-contained native binaries using Bun, | |
| # pulling the pre-built @augmentcode/auggie package from npm. | |
| name: Bun Compile | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| version: | |
| description: 'npm package version (e.g. 0.17.0)' | |
| required: true | |
| type: string | |
| repository_dispatch: | |
| types: [npm-published] | |
| push: | |
| branches: | |
| - auggie-bun-compile-workflow | |
| jobs: | |
| build: | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| matrix: | |
| include: | |
| - target: bun-darwin-arm64 | |
| os: macos-latest | |
| output: auggie-darwin-arm64 | |
| artifact: auggie-darwin-arm64 | |
| - target: bun-darwin-x64 | |
| os: macos-latest | |
| output: auggie-darwin-x64 | |
| artifact: auggie-darwin-x64 | |
| - target: bun-linux-x64 | |
| os: ubuntu-latest | |
| output: auggie-linux-x64 | |
| artifact: auggie-linux-x64 | |
| - target: bun-windows-x64 | |
| os: ubuntu-latest | |
| output: auggie-windows-x64.exe | |
| artifact: auggie-windows-x64 | |
| permissions: | |
| contents: read | |
| steps: | |
| - name: Set up Bun | |
| uses: oven-sh/setup-bun@v2 | |
| - name: Install package | |
| env: | |
| VERSION: ${{ inputs.version || github.event.client_payload.version }} | |
| run: | | |
| if [ -z "$VERSION" ]; then | |
| echo "::error::No version provided. Supply via workflow_dispatch input or repository_dispatch payload." | |
| exit 1 | |
| fi | |
| # Retry with backoff — npm registry may not have propagated the version yet | |
| # when triggered immediately via repository_dispatch on publish. | |
| max_attempts=5 | |
| for attempt in $(seq 1 $max_attempts); do | |
| echo "Attempt $attempt/$max_attempts: installing @augmentcode/auggie@${VERSION}" | |
| if bun install "@augmentcode/auggie@${VERSION}"; then | |
| echo "Successfully installed on attempt $attempt" | |
| exit 0 | |
| fi | |
| if [ "$attempt" -lt "$max_attempts" ]; then | |
| delay=$((attempt * 30)) | |
| echo "Install failed, retrying in ${delay}s..." | |
| sleep "$delay" | |
| fi | |
| done | |
| echo "::error::Failed to install @augmentcode/auggie@${VERSION} after $max_attempts attempts" | |
| exit 1 | |
| - name: Create entry point | |
| run: | | |
| echo 'await import("@augmentcode/auggie");' > augment.mjs | |
| - name: Compile binary | |
| run: bun build augment.mjs --compile --target=${{ matrix.target }} --outfile=${{ matrix.output }} | |
| - name: Import code signing certificate | |
| if: contains(matrix.target, 'darwin') | |
| env: | |
| APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }} | |
| APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }} | |
| run: | | |
| echo "$APPLE_CERTIFICATE" | base64 --decode > certificate.p12 | |
| security create-keychain -p "temppass" build.keychain | |
| security default-keychain -s build.keychain | |
| security unlock-keychain -p "temppass" build.keychain | |
| security import certificate.p12 -k build.keychain -P "$APPLE_CERTIFICATE_PASSWORD" -T /usr/bin/codesign | |
| security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "temppass" build.keychain | |
| rm -f certificate.p12 | |
| - name: Sign binary | |
| if: contains(matrix.target, 'darwin') | |
| run: | | |
| IDENTITY=$(security find-identity -v -p codesigning build.keychain | grep "Developer ID" | head -1 | sed 's/.*"\(.*\)".*/\1/') | |
| if [ -z "$IDENTITY" ]; then | |
| echo "::error::No Developer ID signing identity found in build.keychain" | |
| exit 1 | |
| fi | |
| echo "Signing with identity: $IDENTITY" | |
| codesign --force --options runtime --timestamp --sign "$IDENTITY" ${{ matrix.output }} | |
| - name: Notarize binary | |
| if: contains(matrix.target, 'darwin') | |
| env: | |
| APPLE_ID: ${{ secrets.APPLE_ID }} | |
| APPLE_APP_SPECIFIC_PASSWORD: ${{ secrets.APPLE_APP_SPECIFIC_PASSWORD }} | |
| APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} | |
| run: | | |
| zip "${{ matrix.output }}.zip" "${{ matrix.output }}" | |
| xcrun notarytool submit "${{ matrix.output }}.zip" --apple-id "$APPLE_ID" --password "$APPLE_APP_SPECIFIC_PASSWORD" --team-id "$APPLE_TEAM_ID" --wait | |
| rm -f "${{ matrix.output }}.zip" | |
| - name: Upload artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: ${{ matrix.artifact }} | |
| path: ${{ matrix.output }} | |
| release: | |
| needs: build | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| steps: | |
| - name: Download all artifacts | |
| uses: actions/download-artifact@v4 | |
| with: | |
| path: artifacts | |
| merge-multiple: true | |
| - name: Generate checksums | |
| run: | | |
| cd artifacts | |
| sha256sum auggie-* > checksums.txt | |
| cat checksums.txt | |
| - name: Create GitHub Release | |
| env: | |
| GH_TOKEN: ${{ github.token }} | |
| GH_REPO: ${{ github.repository }} | |
| VERSION: ${{ inputs.version || github.event.client_payload.version }} | |
| run: | | |
| if [ -z "$VERSION" ]; then | |
| echo "::error::No version provided. Cannot create release." | |
| exit 1 | |
| fi | |
| PRERELEASE_FLAG="" | |
| if [[ "$VERSION" == *prerelease* ]]; then | |
| PRERELEASE_FLAG="--prerelease" | |
| fi | |
| gh release create "v${VERSION}" \ | |
| --title "v${VERSION}" \ | |
| --generate-notes \ | |
| $PRERELEASE_FLAG \ | |
| artifacts/* | |