feat(cli): route release asset downloads through proxy API to codebuff-community. Use NEXT_PUBLIC_CODEBUFF_APP_URL to resolve /api/releases/download/{version}/{fileName}; fallback to codebuff.com/api/releases/download when not configured. Generated with Codebuff. Co-Authored-By: Codebuff <noreply@codebuff.com>

Author: brandonkachen

.github/actions/setup-project/action.yml

@@ -0,0 +1,31 @@
+name: 'Setup Project'
+description: 'Setup Bun, cache dependencies, and install packages'
+
+inputs:
+  bun-version:
+    description: 'Bun version to install'
+    required: false
+    default: '1.3.0'
+
+runs:
+  using: 'composite'
+  steps:
+    - name: Set up Bun
+      uses: oven-sh/setup-bun@v2
+      with:
+        bun-version: ${{ inputs.bun-version }}
+
+    - name: Cache dependencies
+      uses: actions/cache@v4
+      with:
+        path: |
+          node_modules
+          */node_modules
+        key: ${{ runner.os }}-deps-${{ hashFiles('**/bun.lock*', '**/package.json') }}
+        restore-keys: |
+          ${{ runner.os }}-deps-${{ hashFiles('**/bun.lock*') }}
+          ${{ runner.os }}-deps-
+
+    - name: Install dependencies
+      shell: bash
+      run: bun install --frozen-lockfile

.github/knowledge.md

@@ -1,4 +1,39 @@
-# GitHub Actions Knowledge
+# GitHub Workflows
+
+## Refactoring Patterns
+
+### Composite Actions
+
+Common setup steps (checkout, Bun setup, caching, installation) have been extracted to `.github/actions/setup-project/action.yml`.
+
+Usage:
+
+```yaml
+steps:
+  - uses: actions/checkout@v4
+    with:
+      # checkout-specific params
+
+  - uses: ./.github/actions/setup-project
+```
+
+Note: Checkout must be separate from the composite action to avoid circular dependencies.
+
+### Environment Variables
+
+GitHub API URLs are extracted as environment variables to avoid duplication:
+
+```yaml
+env:
+  GITHUB_API_URL: https://api.github.com/repos/CodebuffAI/codebuff
+  GITHUB_UPLOADS_URL: https://uploads.github.com/repos/CodebuffAI/codebuff
+```
+
+This pattern:
+
+- Reduces duplication across workflow steps
+- Makes repository changes easier (single point of change)
+- Improves readability and maintainability
 
 ## CI/CD Pipeline Overview
 

.github/workflows/cli-release-build.yml

@@ -65,32 +65,15 @@ jobs:
         with:
           ref: ${{ inputs.checkout-ref || github.sha }}
 
+      - uses: ./.github/actions/setup-project
+
       - name: Download staging metadata
         if: inputs.artifact-name != ''
         uses: actions/download-artifact@v4
         with:
           name: ${{ inputs.artifact-name }}
           path: cli/release-staging/
 
-      - name: Set up Bun
-        uses: oven-sh/setup-bun@v2
-        with:
-          bun-version: '1.3.0'
-
-      - name: Cache dependencies
-        uses: actions/cache@v4
-        with:
-          path: |
-            node_modules
-            */node_modules
-          key: ${{ runner.os }}-deps-${{ hashFiles('**/bun.lock*', '**/package.json') }}
-          restore-keys: |
-            ${{ runner.os }}-deps-${{ hashFiles('**/bun.lock*') }}
-            ${{ runner.os }}-deps-
-
-      - name: Install dependencies
-        run: bun install --frozen-lockfile
-
       - name: Ensure CLI dependencies
         run: bun install --frozen-lockfile --cwd cli
 

.github/workflows/cli-release-staging.yml

@@ -27,29 +27,13 @@ jobs:
           token: ${{ secrets.GITHUB_TOKEN }}
           ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.sha }}
 
-      - name: Set up Bun
-        uses: oven-sh/setup-bun@v2
-        with:
-          bun-version: '1.3.0'
-
-      - name: Cache dependencies
-        uses: actions/cache@v4
-        with:
-          path: |
-            node_modules
-            */node_modules
-          key: ${{ runner.os }}-deps-${{ hashFiles('**/bun.lock*', '**/package.json') }}
-          restore-keys: |
-            ${{ runner.os }}-deps-${{ hashFiles('**/bun.lock*') }}
-            ${{ runner.os }}-deps-
-
-      - name: Install dependencies
-        run: bun install --frozen-lockfile
+      - uses: ./.github/actions/setup-project
 
       - name: Calculate staging version
         id: bump_version
         env:
           GITHUB_TOKEN: ${{ secrets.CODEBUFF_GITHUB_TOKEN }}
+          GITHUB_API_URL: https://api.github.com/repos/CodebuffAI/codebuff-community
         run: |
           cd cli/release-staging
 
@@ -58,7 +42,7 @@ jobs:
 
           echo "Fetching latest CLI prerelease from GitHub..."
           RELEASES_JSON=$(curl -s -H "Authorization: token ${GITHUB_TOKEN}" \
-            "https://api.github.com/repos/CodebuffAI/codebuff/releases?per_page=100")
+            "${GITHUB_API_URL}/releases?per_page=100")
 
           LATEST_TAG=$(echo "$RELEASES_JSON" | jq -r '.[] | select(.prerelease == true and (.name // "" | test("Codebuff CLI v"))) | .tag_name' | sort -V | tail -n 1)
 
@@ -152,12 +136,14 @@ jobs:
           ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.sha }}
 
       - name: Clean up old CLI prereleases
+        env:
+          GITHUB_API_URL: https://api.github.com/repos/CodebuffAI/codebuff-community
         run: |
           ONE_WEEK_AGO=$(date -d '7 days ago' -u +%Y-%m-%dT%H:%M:%SZ)
           echo "Removing CLI prereleases older than: $ONE_WEEK_AGO"
 
           RELEASES=$(curl -s -H "Authorization: token ${{ secrets.CODEBUFF_GITHUB_TOKEN }}" \
-            "https://api.github.com/repos/CodebuffAI/codebuff/releases?per_page=100")
+            "${GITHUB_API_URL}/releases?per_page=100")
 
           if echo "$RELEASES" | jq -e . >/dev/null 2>&1; then
             OLD=$(echo "$RELEASES" | jq -r '.[] | select(.prerelease == true and .created_at < "'$ONE_WEEK_AGO'" and (.tag_name | test("^v[0-9].*-beta\\.[0-9]+$"))) | "\(.id):\(.tag_name)"')
@@ -168,7 +154,7 @@ jobs:
               echo "$OLD" | while IFS=: read -r RELEASE_ID TAG_NAME; do
                 curl -s -X DELETE \
                   -H "Authorization: token ${{ secrets.CODEBUFF_GITHUB_TOKEN }}" \
-                  "https://api.github.com/repos/CodebuffAI/codebuff/releases/$RELEASE_ID"
+                  "${GITHUB_API_URL}/releases/$RELEASE_ID"
               done
             else
               echo "No stale prereleases found."
@@ -192,6 +178,7 @@ jobs:
       - name: Create GitHub prerelease
         env:
           VERSION: ${{ needs.prepare-and-commit-staging.outputs.new_version }}
+          GITHUB_API_URL: https://api.github.com/repos/CodebuffAI/codebuff
         run: |
           CURRENT_TIME=$(date -u +"%Y-%m-%dT%H:%M:%SZ")
           RELEASE_BODY=$(cat <<'EOF'
@@ -214,7 +201,7 @@ jobs:
             -H "Accept: application/vnd.github.v3+json" \
             -H "Authorization: token ${{ secrets.CODEBUFF_GITHUB_TOKEN }}" \
             -H "Content-Type: application/json" \
-            https://api.github.com/repos/CodebuffAI/codebuff/releases \
+            ${GITHUB_API_URL}/releases \
             -d "{
               \"tag_name\": \"v${VERSION}\",
               \"name\": \"Codecane v${VERSION} (Staging)\",
@@ -226,9 +213,11 @@ jobs:
       - name: Upload release assets
         env:
           VERSION: ${{ needs.prepare-and-commit-staging.outputs.new_version }}
+          GITHUB_API_URL: https://api.github.com/repos/CodebuffAI/codebuff
+          GITHUB_UPLOADS_URL: https://uploads.github.com/repos/CodebuffAI/codebuff
         run: |
           RELEASE_ID=$(curl -s -H "Authorization: token ${{ secrets.CODEBUFF_GITHUB_TOKEN }}" \
-            "https://api.github.com/repos/CodebuffAI/codebuff/releases/tags/v${VERSION}" | jq -r '.id')
+            "${GITHUB_API_URL}/releases/tags/v${VERSION}" | jq -r '.id')
 
           if [ -z "$RELEASE_ID" ] || [ "$RELEASE_ID" = "null" ]; then
             echo "Failed to resolve release ID for v${VERSION}"
@@ -243,12 +232,17 @@ jobs:
                 -H "Authorization: token ${{ secrets.CODEBUFF_GITHUB_TOKEN }}" \
                 -H "Content-Type: application/octet-stream" \
                 --data-binary @"$file" \
-                "https://uploads.github.com/repos/CodebuffAI/codebuff/releases/$RELEASE_ID/assets?name=$FILENAME"
+                "${GITHUB_UPLOADS_URL}/releases/$RELEASE_ID/assets?name=$FILENAME"
             fi
           done
 
   publish-staging-npm:
-    needs: [prepare-and-commit-staging, build-staging-binaries, create-staging-release]
+    needs:
+      [
+        prepare-and-commit-staging,
+        build-staging-binaries,
+        create-staging-release,
+      ]
     runs-on: ubuntu-latest
     permissions:
       contents: read

.github/workflows/npm-app-release-build.yml

@@ -62,34 +62,14 @@ jobs:
         with:
           ref: ${{ inputs.checkout-ref || github.sha }}
 
+      - uses: ./.github/actions/setup-project
+
       - name: Download updated package
         uses: actions/download-artifact@v4
         with:
           name: ${{ inputs.artifact-name }}
           path: ${{ inputs.artifact-name == 'updated-staging-package' && 'npm-app/release-staging/' || 'npm-app/release/' }}
 
-      - name: Set up Bun
-        uses: oven-sh/setup-bun@v2
-        with:
-          bun-version: '1.3.0'
-
-      # Cache dependencies for speed
-      - name: Cache dependencies
-        uses: actions/cache@v4
-        with:
-          path: |
-            node_modules
-            */node_modules
-          key: ${{ runner.os }}-deps-${{ hashFiles('**/bun.lock*', '**/package.json') }}
-          restore-keys: |
-            ${{ runner.os }}-deps-${{ hashFiles('**/bun.lock*') }}
-            ${{ runner.os }}-deps-
-
-      - name: Install dependencies
-        run: bun install --frozen-lockfile
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
       - name: Set environment variables
         env:
           SECRETS_CONTEXT: ${{ toJSON(secrets) }}

.github/workflows/npm-app-release-prod.yml

@@ -27,25 +27,7 @@ jobs:
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Set up Bun
-        uses: oven-sh/setup-bun@v2
-        with:
-          bun-version: '1.3.0'
-
-      # Cache dependencies for speed
-      - name: Cache dependencies
-        uses: actions/cache@v4
-        with:
-          path: |
-            node_modules
-            */node_modules
-          key: ${{ runner.os }}-deps-${{ hashFiles('**/bun.lock*', '**/package.json') }}
-          restore-keys: |
-            ${{ runner.os }}-deps-${{ hashFiles('**/bun.lock*') }}
-            ${{ runner.os }}-deps-
-
-      - name: Install dependencies
-        run: bun install --frozen-lockfile
+      - uses: ./.github/actions/setup-project
 
       - name: Calculate and update production version
         id: bump_version

cli/release-staging/index.js

@@ -240,7 +240,7 @@ async function downloadBinary(version) {
     throw new Error(`Unsupported platform: ${process.platform} ${process.arch}`)
   }
 
-  const downloadUrl = `https://github.com/CodebuffAI/codebuff/releases/download/v${version}/${fileName}`
+  const downloadUrl = `${process.env.NEXT_PUBLIC_CODEBUFF_APP_URL || 'https://codebuff.com'}/api/releases/download/${version}/${fileName}`
 
   fs.mkdirSync(CONFIG.configDir, { recursive: true })
 

npm-app/release-staging/index.js

@@ -250,9 +250,10 @@ async function downloadBinary(version) {
     throw new Error(`Unsupported platform: ${process.platform} ${process.arch}`)
   }
 
-  // For now, we get version info from npm but still download binaries from GitHub
-  // TODO: This assumes GitHub releases still exist with the same naming convention
-  const downloadUrl = `https://github.com/CodebuffAI/codebuff-community/releases/download/v${version}/${fileName}`
+  // Use proxy endpoint that handles version mapping from npm to GitHub releases
+  const downloadUrl = process.env.NEXT_PUBLIC_CODEBUFF_APP_URL
+    ? `${process.env.NEXT_PUBLIC_CODEBUFF_APP_URL}/api/releases/download/${version}/${fileName}`
+    : `https://codebuff.com/api/releases/download/${version}/${fileName}`
 
   // Ensure config directory exists
   fs.mkdirSync(CONFIG.configDir, { recursive: true })

npm-app/release/index.js

@@ -215,7 +215,10 @@ async function downloadBinary(version) {
     throw new Error(`Unsupported platform: ${process.platform} ${process.arch}`)
   }
 
-  const downloadUrl = `https://github.com/${CONFIG.githubRepo}/releases/download/v${version}/${fileName}`
+  // Use proxy endpoint that handles version mapping
+  const downloadUrl = process.env.NEXT_PUBLIC_CODEBUFF_APP_URL
+    ? `${process.env.NEXT_PUBLIC_CODEBUFF_APP_URL}/api/releases/download/${version}/${fileName}`
+    : `https://codebuff.com/api/releases/download/${version}/${fileName}`
 
   // Ensure config directory exists
   fs.mkdirSync(CONFIG.configDir, { recursive: true })

web/next.config.mjs

@@ -32,7 +32,7 @@ const nextConfig = {
       'pino-pretty',
       'encoding',
       'perf_hooks',
-      'async_hooks'
+      'async_hooks',
     )
 
     // Suppress contentlayer webpack cache warnings
@@ -125,6 +125,12 @@ const nextConfig = {
         destination: 'https://discord.gg/mcWTGjgTj3',
         permanent: false,
       },
+      {
+        source: '/releases',
+        destination:
+          'https://github.com/CodebuffAI/codebuff-community/releases',
+        permanent: false,
+      },
     ]
   },
   images: {