-
Notifications
You must be signed in to change notification settings - Fork 3.4k
363 lines (317 loc) · 13.2 KB
/
Copy pathrelease.yml
File metadata and controls
363 lines (317 loc) · 13.2 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
name: Release CLI Binaries
on:
push:
tags:
- 'v*'
workflow_dispatch:
inputs:
version:
description: 'Version tag (e.g., v0.2.0)'
required: true
type: string
concurrency:
group: release-${{ github.ref }}
cancel-in-progress: false
jobs:
build:
strategy:
matrix:
include:
- os: ubuntu-latest
target: bun-linux-x64
binary: archon-linux-x64
- os: ubuntu-latest
target: bun-linux-arm64
binary: archon-linux-arm64
- os: ubuntu-latest
target: bun-windows-x64
binary: archon-windows-x64.exe
- os: macos-latest
target: bun-darwin-x64
binary: archon-darwin-x64
- os: macos-latest
target: bun-darwin-arm64
binary: archon-darwin-arm64
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@v4
- name: Setup Bun
uses: oven-sh/setup-bun@v2
with:
bun-version: 1.3.11
- name: Install dependencies
run: bun install --frozen-lockfile
- name: Build binary
env:
# On workflow_dispatch, github.ref_name is the branch name (e.g. 'main'),
# not the version tag — fall back to the user-supplied `version` input.
VERSION: ${{ github.event_name == 'workflow_dispatch' && inputs.version || github.ref_name }}
GIT_COMMIT: ${{ github.sha }}
TARGET: ${{ matrix.target }}
OUTFILE: dist/${{ matrix.binary }}
run: |
# Strip 'v' prefix from tag (e.g. v0.3.1 → 0.3.1)
VERSION="${VERSION#v}"
# Short commit (first 8 chars of SHA)
GIT_COMMIT="${GIT_COMMIT::8}"
mkdir -p dist
VERSION="$VERSION" GIT_COMMIT="$GIT_COMMIT" TARGET="$TARGET" OUTFILE="$OUTFILE" bash scripts/build-binaries.sh
- name: Smoke-test built binary
if: matrix.target == 'bun-linux-x64' && runner.os == 'Linux'
env:
RAW_VERSION: ${{ github.event_name == 'workflow_dispatch' && inputs.version || github.ref_name }}
run: |
chmod +x dist/${{ matrix.binary }}
if ! VERSION_OUTPUT=$(./dist/${{ matrix.binary }} version 2>&1); then
echo "::error::Binary failed to execute"
echo "$VERSION_OUTPUT"
exit 1
fi
echo "$VERSION_OUTPUT"
# Must not error with "Failed to read version" or similar
if echo "$VERSION_OUTPUT" | grep -qE "Failed to read version|package\.json not found|bad installation"; then
echo "::error::Binary is broken — version command cannot read embedded version"
echo "::error::This means BUNDLED_IS_BINARY was not set to true at build time."
exit 1
fi
# Must report 'Build: binary', not 'Build: source'
if ! echo "$VERSION_OUTPUT" | grep -q "Build: binary"; then
echo "::error::Binary reports wrong build type"
echo "::error::Expected 'Build: binary' in version output"
exit 1
fi
# Must report the (stripped) tag version. Compare against the same
# value that was baked into the binary (VERSION#v), not the raw ref,
# so the check doesn't rely on the CLI re-adding a 'v' prefix.
EXPECTED_VERSION="${RAW_VERSION#v}"
if echo "$VERSION_OUTPUT" | grep -qE "v?${EXPECTED_VERSION}(\s|$)"; then
echo "::notice::Binary correctly reports version ${EXPECTED_VERSION}"
else
echo "::error::Binary does not report version ${EXPECTED_VERSION}"
exit 1
fi
- name: Smoke-test bundled defaults load
if: matrix.target == 'bun-linux-x64' && runner.os == 'Linux'
run: |
# `workflow list` requires running from a git repo
BIN="$PWD/dist/${{ matrix.binary }}"
TMP_REPO=$(mktemp -d)
cd "$TMP_REPO"
git init -q
git -c user.email=ci@example.com -c user.name=ci commit --allow-empty -q -m init
if ! OUTPUT=$("$BIN" workflow list 2>&1); then
echo "::error::workflow list failed to execute"
echo "$OUTPUT"
exit 1
fi
echo "$OUTPUT"
if echo "$OUTPUT" | grep -q "archon-assist"; then
echo "::notice::Bundled workflows loaded correctly"
else
echo "::error::Bundled workflows did not load — embedded JSON may be missing from the binary"
exit 1
fi
- name: Smoke-test Claude binary-path resolver (negative case)
if: matrix.target == 'bun-linux-x64' && runner.os == 'Linux'
run: |
# With no CLAUDE_BIN_PATH and no config, running a Claude workflow must
# fail with a clear, user-facing error — NOT with "Module not found
# /Users/runner/..." which would indicate the resolver was bypassed.
BIN="$PWD/dist/${{ matrix.binary }}"
TMP_REPO=$(mktemp -d)
cd "$TMP_REPO"
git init -q
git -c user.email=ci@example.com -c user.name=ci commit --allow-empty -q -m init
# Run without CLAUDE_BIN_PATH set. Expect a clean resolver error.
# Capture both stdout and stderr; we only care that the resolver message is present.
# --no-worktree skips isolation: this test exercises the Claude resolver
# path, not worktree setup. Without it we hit the worktree auto-sync added
# in #1310 first and fail on "neither origin/HEAD nor origin/main exist"
# because the fresh `git init` tmp repo has no origin configured.
set +e
OUTPUT=$(env -u CLAUDE_BIN_PATH "$BIN" workflow run archon-assist --no-worktree "hello" 2>&1)
EXIT_CODE=$?
set -e
echo "$OUTPUT"
if echo "$OUTPUT" | grep -qE 'Module not found.*Users/runner'; then
echo "::error::Resolver was bypassed — SDK hit the import.meta.url fallback (regression of #1210)"
exit 1
fi
if ! echo "$OUTPUT" | grep -q "Claude Code not found"; then
echo "::error::Expected 'Claude Code not found' error when CLAUDE_BIN_PATH is unset"
exit 1
fi
if ! echo "$OUTPUT" | grep -q "CLAUDE_BIN_PATH"; then
echo "::error::Error message does not reference CLAUDE_BIN_PATH remediation"
exit 1
fi
echo "::notice::Resolver error path works (exit code: $EXIT_CODE)"
- name: Smoke-test Claude subprocess spawn (positive case)
if: matrix.target == 'bun-linux-x64' && runner.os == 'Linux'
run: |
# Install Claude Code via the native installer (Anthropic's recommended
# default) and run a workflow with CLAUDE_BIN_PATH set. The subprocess
# must spawn cleanly. We do NOT require the query to succeed (no auth
# in CI — an auth error is fine and expected); we only fail if the SDK
# can't find the executable, which would indicate a resolver regression.
curl -fsSL https://claude.ai/install.sh | bash
CLI_PATH="$HOME/.local/bin/claude"
if [ ! -x "$CLI_PATH" ]; then
echo "::error::Claude Code binary not found after curl install at $CLI_PATH"
ls -la "$HOME/.local/bin/" || true
exit 1
fi
echo "Using CLAUDE_BIN_PATH=$CLI_PATH"
BIN="$PWD/dist/${{ matrix.binary }}"
TMP_REPO=$(mktemp -d)
cd "$TMP_REPO"
git init -q
git -c user.email=ci@example.com -c user.name=ci commit --allow-empty -q -m init
# --no-worktree: same rationale as the negative-case test above — this
# test exercises the Claude subprocess spawn path, not worktree setup.
set +e
OUTPUT=$(CLAUDE_BIN_PATH="$CLI_PATH" "$BIN" workflow run archon-assist --no-worktree "hello" 2>&1)
EXIT_CODE=$?
set -e
echo "$OUTPUT"
if echo "$OUTPUT" | grep -qE 'Module not found.*(cli\.js|Users/runner)'; then
echo "::error::Subprocess could not find the executable (resolver regression)"
exit 1
fi
if echo "$OUTPUT" | grep -q "Claude Code not found"; then
echo "::error::Resolver failed even though CLAUDE_BIN_PATH was set to an existing file"
exit 1
fi
# Any of these outcomes are acceptable — they prove the subprocess spawned:
# - auth error ("credit balance", "unauthorized", "authentication")
# - rate-limit / API error
# - successful query (if auth was injected via some other mechanism)
echo "::notice::Claude subprocess spawn path is healthy (exit code: $EXIT_CODE)"
- name: Upload binary artifact
uses: actions/upload-artifact@v4
with:
name: ${{ matrix.binary }}
path: dist/${{ matrix.binary }}
retention-days: 1
release:
needs: build
runs-on: ubuntu-latest
permissions:
contents: write
steps:
- uses: actions/checkout@v4
- name: Download all artifacts
uses: actions/download-artifact@v4
with:
path: dist
merge-multiple: true
- name: Setup Bun
uses: oven-sh/setup-bun@v2
with:
bun-version: 1.3.11
- name: Install dependencies
run: bun install --frozen-lockfile
- name: Build web UI
run: bun --filter @archon/web build
- name: Package web dist
run: |
tar czf dist/archon-web.tar.gz -C packages/web/dist .
- name: Generate checksums
run: |
cd dist
sha256sum archon-* archon-web.tar.gz > checksums.txt
cat checksums.txt
- name: Get version
id: version
run: |
if [ "${{ github.event_name }}" = "workflow_dispatch" ]; then
echo "version=${{ inputs.version }}" >> $GITHUB_OUTPUT
else
echo "version=${GITHUB_REF#refs/tags/}" >> $GITHUB_OUTPUT
fi
- name: Create Release
uses: softprops/action-gh-release@v2
with:
tag_name: ${{ steps.version.outputs.version }}
name: Archon CLI ${{ steps.version.outputs.version }}
draft: false
prerelease: ${{ contains(steps.version.outputs.version, '-') }}
generate_release_notes: true
files: |
dist/archon-*
dist/archon-web.tar.gz
dist/checksums.txt
body: |
## Installation
### Quick Install (Recommended)
**macOS / Linux**
```bash
curl -fsSL https://archon.diy/install | bash
```
**Windows (PowerShell)**
```powershell
irm https://archon.diy/install.ps1 | iex
```
**Homebrew (macOS / Linux)**
```bash
brew install coleam00/archon/archon
```
**Docker**
```bash
docker run --rm -v "$PWD:/workspace" ghcr.io/coleam00/archon:latest workflow list
```
### Manual Installation
**macOS (Apple Silicon)**
```bash
curl -fsSL https://github.com/coleam00/Archon/releases/latest/download/archon-darwin-arm64 -o /usr/local/bin/archon
chmod +x /usr/local/bin/archon
```
**macOS (Intel)**
```bash
curl -fsSL https://github.com/coleam00/Archon/releases/latest/download/archon-darwin-x64 -o /usr/local/bin/archon
chmod +x /usr/local/bin/archon
```
**Linux (x64)**
```bash
curl -fsSL https://github.com/coleam00/Archon/releases/latest/download/archon-linux-x64 -o /usr/local/bin/archon
chmod +x /usr/local/bin/archon
```
**Linux (ARM64)**
```bash
curl -fsSL https://github.com/coleam00/Archon/releases/latest/download/archon-linux-arm64 -o /usr/local/bin/archon
chmod +x /usr/local/bin/archon
```
**Windows (Manual)**
Download `archon-windows-x64.exe` from the assets below, rename to `archon.exe`, and add to your PATH.
### Verify installation
```bash
archon version
```
update-homebrew:
needs: release
runs-on: ubuntu-latest
permissions:
contents: write
steps:
- uses: actions/checkout@v4
with:
ref: dev
- name: Get version
id: version
run: |
if [ "${{ github.event_name }}" = "workflow_dispatch" ]; then
echo "version=${{ inputs.version }}" >> $GITHUB_OUTPUT
else
echo "version=${GITHUB_REF#refs/tags/}" >> $GITHUB_OUTPUT
fi
- name: Wait for release assets
run: sleep 30
- name: Update Homebrew formula
run: bash scripts/update-homebrew.sh ${{ steps.version.outputs.version }}
- name: Commit updated formula
run: |
git config user.name "github-actions[bot]"
git config user.email "github-actions[bot]@users.noreply.github.com"
git add homebrew/archon.rb
git diff --cached --quiet || git commit -m "chore: update Homebrew formula for ${{ steps.version.outputs.version }}"
git push origin dev