release #23
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: release | |
| on: | |
| push: | |
| tags: | |
| - "v*" | |
| workflow_dispatch: | |
| inputs: | |
| release_tag: | |
| description: "Release tag to publish (for example: v0.4.0)" | |
| required: true | |
| type: string | |
| permissions: | |
| contents: write | |
| env: | |
| CARGO_TERM_COLOR: always | |
| jobs: | |
| build-daemon: | |
| name: Build daemon (${{ matrix.os_name }}) | |
| runs-on: ${{ matrix.runner }} | |
| strategy: | |
| fail-fast: true | |
| matrix: | |
| include: | |
| - os_name: linux-x86_64 | |
| runner: ubuntu-latest | |
| rust_target: x86_64-unknown-linux-gnu | |
| binary_name: cortex | |
| artifact_name: cortex-linux-x86_64 | |
| - os_name: windows-x86_64 | |
| runner: windows-latest | |
| rust_target: x86_64-pc-windows-msvc | |
| binary_name: cortex.exe | |
| artifact_name: cortex-windows-x86_64.exe | |
| - os_name: macos-aarch64 | |
| runner: macos-14 | |
| rust_target: aarch64-apple-darwin | |
| binary_name: cortex | |
| artifact_name: cortex-macos-aarch64 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
| - name: Resolve release tag | |
| shell: bash | |
| run: | | |
| if [[ "${{ github.event_name }}" == "workflow_dispatch" ]]; then | |
| RELEASE_TAG="${{ github.event.inputs.release_tag }}" | |
| else | |
| RELEASE_TAG="${{ github.ref_name }}" | |
| fi | |
| echo "RELEASE_TAG=${RELEASE_TAG}" >> "${GITHUB_ENV}" | |
| - name: Install Rust | |
| uses: dtolnay/rust-toolchain@3c5f7ea28cd621ae0bf5283f0e981fb97b8a7af9 | |
| with: | |
| toolchain: stable | |
| targets: ${{ matrix.rust_target }} | |
| - name: Cache Cargo | |
| uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 | |
| with: | |
| path: | | |
| ~/.cargo/registry | |
| ~/.cargo/git | |
| daemon-rs/target | |
| key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }} | |
| restore-keys: | | |
| ${{ runner.os }}-cargo- | |
| - name: Build release binary | |
| shell: bash | |
| run: cargo build --manifest-path daemon-rs/Cargo.toml --release --target "${{ matrix.rust_target }}" | |
| - name: Stage binary artifact | |
| shell: bash | |
| run: | | |
| mkdir -p dist | |
| cp "daemon-rs/target/${{ matrix.rust_target }}/release/${{ matrix.binary_name }}" "dist/${{ matrix.artifact_name }}" | |
| - name: Upload binary artifact | |
| uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 | |
| with: | |
| name: ${{ matrix.artifact_name }} | |
| path: dist/${{ matrix.artifact_name }} | |
| if-no-files-found: error | |
| package-plugin: | |
| name: Package plugin assets | |
| runs-on: ubuntu-latest | |
| needs: [build-daemon] | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
| - name: Resolve release version | |
| shell: bash | |
| run: | | |
| if [[ "${{ github.event_name }}" == "workflow_dispatch" ]]; then | |
| RELEASE_TAG="${{ github.event.inputs.release_tag }}" | |
| else | |
| RELEASE_TAG="${{ github.ref_name }}" | |
| fi | |
| VERSION="${RELEASE_TAG#v}" | |
| echo "RELEASE_TAG=${RELEASE_TAG}" >> "${GITHUB_ENV}" | |
| echo "VERSION=${VERSION}" >> "${GITHUB_ENV}" | |
| - name: Download Windows binary | |
| uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 | |
| with: | |
| name: cortex-windows-x86_64.exe | |
| path: dist/windows | |
| - name: Download macOS binary | |
| uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 | |
| with: | |
| name: cortex-macos-aarch64 | |
| path: dist/macos | |
| - name: Download Linux binary | |
| uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 | |
| with: | |
| name: cortex-linux-x86_64 | |
| path: dist/linux | |
| - name: Assemble plugin archives | |
| shell: bash | |
| run: | | |
| set -euo pipefail | |
| mkdir -p plugins/cortex-plugin/assets | |
| rm -f plugins/cortex-plugin/assets/cortex-v*.zip | |
| rm -f plugins/cortex-plugin/assets/cortex-v*.tar.gz | |
| rm -f plugins/cortex-plugin/assets/SHA256SUMS | |
| mkdir -p package/windows package/macos package/linux | |
| cp "dist/windows/cortex-windows-x86_64.exe" "package/windows/cortex.exe" | |
| cp "dist/macos/cortex-macos-aarch64" "package/macos/cortex" | |
| cp "dist/linux/cortex-linux-x86_64" "package/linux/cortex" | |
| chmod +x package/macos/cortex package/linux/cortex | |
| zip -j "plugins/cortex-plugin/assets/cortex-v${VERSION}-windows-x86_64.zip" "package/windows/cortex.exe" | |
| tar -czf "plugins/cortex-plugin/assets/cortex-v${VERSION}-macos-aarch64.tar.gz" -C package/macos cortex | |
| tar -czf "plugins/cortex-plugin/assets/cortex-v${VERSION}-linux-x86_64.tar.gz" -C package/linux cortex | |
| - name: Enforce archive size budget | |
| shell: bash | |
| run: | | |
| set -euo pipefail | |
| MAX_BYTES=20971520 | |
| for archive in plugins/cortex-plugin/assets/cortex-v${VERSION}-*; do | |
| size="$(stat -c%s "${archive}")" | |
| if (( size > MAX_BYTES )); then | |
| echo "Archive too large: ${archive} (${size} bytes > ${MAX_BYTES})" | |
| exit 1 | |
| fi | |
| done | |
| - name: Generate SHA256SUMS | |
| shell: bash | |
| run: | | |
| set -euo pipefail | |
| cd plugins/cortex-plugin/assets | |
| sha256sum "cortex-v${VERSION}-windows-x86_64.zip" > SHA256SUMS | |
| sha256sum "cortex-v${VERSION}-macos-aarch64.tar.gz" >> SHA256SUMS | |
| sha256sum "cortex-v${VERSION}-linux-x86_64.tar.gz" >> SHA256SUMS | |
| cat SHA256SUMS | |
| - name: Upload plugin assets | |
| uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 | |
| with: | |
| name: cortex-plugin-assets | |
| path: | | |
| plugins/cortex-plugin/assets/cortex-v${{ env.VERSION }}-windows-x86_64.zip | |
| plugins/cortex-plugin/assets/cortex-v${{ env.VERSION }}-macos-aarch64.tar.gz | |
| plugins/cortex-plugin/assets/cortex-v${{ env.VERSION }}-linux-x86_64.tar.gz | |
| plugins/cortex-plugin/assets/SHA256SUMS | |
| if-no-files-found: error | |
| - name: Upload packaged plugin directory | |
| uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 | |
| with: | |
| name: cortex-plugin | |
| path: plugins/cortex-plugin | |
| if-no-files-found: error | |
| build-desktop: | |
| name: Build desktop app (${{ matrix.os_name }}) | |
| runs-on: ${{ matrix.runner }} | |
| needs: [build-daemon] | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - os_name: windows-x86_64 | |
| runner: windows-latest | |
| daemon_artifact: cortex-windows-x86_64.exe | |
| sidecar_name: cortex-x86_64-pc-windows-msvc.exe | |
| - os_name: macos-aarch64 | |
| runner: macos-14 | |
| daemon_artifact: cortex-macos-aarch64 | |
| sidecar_name: cortex-aarch64-apple-darwin | |
| - os_name: linux-x86_64 | |
| runner: ubuntu-22.04 | |
| daemon_artifact: cortex-linux-x86_64 | |
| sidecar_name: cortex-x86_64-unknown-linux-gnu | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
| - name: Install system dependencies (Linux) | |
| if: runner.os == 'Linux' | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y libwebkit2gtk-4.1-dev libgtk-3-dev libayatana-appindicator3-dev librsvg2-dev | |
| - name: Install Rust | |
| uses: dtolnay/rust-toolchain@3c5f7ea28cd621ae0bf5283f0e981fb97b8a7af9 | |
| with: | |
| toolchain: stable | |
| - name: Cache Cargo | |
| uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 | |
| with: | |
| path: | | |
| ~/.cargo/registry | |
| ~/.cargo/git | |
| desktop/cortex-control-center/src-tauri/target | |
| key: ${{ runner.os }}-desktop-cargo-${{ hashFiles('**/Cargo.lock') }} | |
| restore-keys: | | |
| ${{ runner.os }}-desktop-cargo- | |
| - name: Setup Node | |
| uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 | |
| with: | |
| node-version: 22 | |
| - name: Install frontend deps | |
| shell: bash | |
| run: npm ci | |
| working-directory: desktop/cortex-control-center | |
| - name: Download daemon binary | |
| uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 | |
| with: | |
| name: ${{ matrix.daemon_artifact }} | |
| path: daemon-dist | |
| - name: Place sidecar binary | |
| shell: bash | |
| run: | | |
| mkdir -p desktop/cortex-control-center/src-tauri/binaries | |
| cp "daemon-dist/${{ matrix.daemon_artifact }}" \ | |
| "desktop/cortex-control-center/src-tauri/binaries/${{ matrix.sidecar_name }}" | |
| chmod +x "desktop/cortex-control-center/src-tauri/binaries/${{ matrix.sidecar_name }}" | |
| - name: Mask signing secrets | |
| shell: bash | |
| run: | | |
| echo "::add-mask::${{ secrets.TAURI_SIGNING_PRIVATE_KEY }}" | |
| echo "::add-mask::${{ secrets.TAURI_SIGNING_PRIVATE_KEY_PASSWORD }}" | |
| - name: Build desktop app | |
| uses: tauri-apps/tauri-action@7a7e7e08c0179083619ead83e4669b4718a9f191 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| TAURI_SIGNING_PRIVATE_KEY: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY }} | |
| TAURI_SIGNING_PRIVATE_KEY_PASSWORD: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY_PASSWORD }} | |
| with: | |
| projectPath: desktop/cortex-control-center | |
| tauriScript: npx tauri | |
| - name: Upload desktop artifacts | |
| uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 | |
| with: | |
| name: desktop-${{ matrix.os_name }} | |
| path: | | |
| desktop/cortex-control-center/src-tauri/target/release/bundle/nsis/*.exe | |
| desktop/cortex-control-center/src-tauri/target/release/bundle/nsis/*.nsis.zip | |
| desktop/cortex-control-center/src-tauri/target/release/bundle/nsis/*.nsis.zip.sig | |
| desktop/cortex-control-center/src-tauri/target/release/bundle/dmg/*.dmg | |
| desktop/cortex-control-center/src-tauri/target/release/bundle/macos/*.app.tar.gz | |
| desktop/cortex-control-center/src-tauri/target/release/bundle/macos/*.app.tar.gz.sig | |
| desktop/cortex-control-center/src-tauri/target/release/bundle/appimage/*.AppImage | |
| desktop/cortex-control-center/src-tauri/target/release/bundle/appimage/*.AppImage.tar.gz | |
| desktop/cortex-control-center/src-tauri/target/release/bundle/appimage/*.AppImage.tar.gz.sig | |
| desktop/cortex-control-center/src-tauri/target/release/bundle/deb/*.deb | |
| if-no-files-found: warn | |
| release: | |
| name: Publish GitHub release | |
| runs-on: ubuntu-latest | |
| needs: [package-plugin, build-desktop] | |
| steps: | |
| - name: Resolve release version | |
| shell: bash | |
| run: | | |
| if [[ "${{ github.event_name }}" == "workflow_dispatch" ]]; then | |
| RELEASE_TAG="${{ github.event.inputs.release_tag }}" | |
| else | |
| RELEASE_TAG="${{ github.ref_name }}" | |
| fi | |
| echo "RELEASE_TAG=${RELEASE_TAG}" >> "${GITHUB_ENV}" | |
| echo "VERSION=${RELEASE_TAG#v}" >> "${GITHUB_ENV}" | |
| - name: Download all artifacts | |
| uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 | |
| with: | |
| path: dist | |
| merge-multiple: true | |
| - name: Flatten desktop artifacts | |
| shell: bash | |
| run: | | |
| # Desktop bundles land in subdirs (dmg/, appimage/, deb/, nsis/, macos/). | |
| # Move them to dist/ root so the release glob picks them up. | |
| find dist -mindepth 2 -type f \( -name '*.dmg' -o -name '*.AppImage' -o -name '*.AppImage.tar.gz' -o -name '*.AppImage.tar.gz.sig' -o -name '*.deb' -o -name '*-setup.exe' -o -name '*.nsis.zip' -o -name '*.nsis.zip.sig' -o -name '*.app.tar.gz' -o -name '*.app.tar.gz.sig' \) -exec mv {} dist/ \; | |
| - name: Regenerate SHA256SUMS with all assets | |
| shell: bash | |
| run: | | |
| cd dist | |
| rm -f SHA256SUMS | |
| sha256sum \ | |
| "cortex-v${VERSION}-windows-x86_64.zip" \ | |
| "cortex-v${VERSION}-macos-aarch64.tar.gz" \ | |
| "cortex-v${VERSION}-linux-x86_64.tar.gz" \ | |
| *.exe \ | |
| *.dmg \ | |
| *.AppImage \ | |
| *.deb \ | |
| *.app.tar.gz \ | |
| 2>/dev/null | sort > SHA256SUMS | |
| cat SHA256SUMS | |
| - name: List release artifacts | |
| shell: bash | |
| run: find dist -maxdepth 1 -type f | sort | |
| - name: Create GitHub release | |
| uses: softprops/action-gh-release@6cbd405e2c4e67a21c47fa9e383d020e4e28b836 | |
| with: | |
| tag_name: ${{ env.RELEASE_TAG }} | |
| files: | | |
| dist/cortex-v${{ env.VERSION }}-windows-x86_64.zip | |
| dist/cortex-v${{ env.VERSION }}-macos-aarch64.tar.gz | |
| dist/cortex-v${{ env.VERSION }}-linux-x86_64.tar.gz | |
| dist/SHA256SUMS | |
| dist/*.exe | |
| dist/*.nsis.zip | |
| dist/*.nsis.zip.sig | |
| dist/*.dmg | |
| dist/*.app.tar.gz | |
| dist/*.app.tar.gz.sig | |
| dist/*.AppImage | |
| dist/*.AppImage.tar.gz | |
| dist/*.AppImage.tar.gz.sig | |
| dist/*.deb | |
| generate_release_notes: true | |
| fail_on_unmatched_files: false |