-
Notifications
You must be signed in to change notification settings - Fork 26
317 lines (275 loc) · 11.2 KB
/
release.yml
File metadata and controls
317 lines (275 loc) · 11.2 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
name: Release
on:
push:
tags:
- "v*"
concurrency:
group: release
cancel-in-progress: false
env:
GH_REPO: AltimateAI/altimate-code
jobs:
test:
name: Test
runs-on: ubuntu-latest
timeout-minutes: 60
steps:
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
- uses: oven-sh/setup-bun@ecf28ddc73e819eb6fa29df6b34ef8921c743461 # v2
with:
bun-version: "1.3.10"
- name: Cache Bun dependencies
uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4
with:
path: ~/.bun/install/cache
key: bun-${{ runner.os }}-${{ hashFiles('bun.lock') }}
restore-keys: |
bun-${{ runner.os }}-
- name: Configure git for tests
run: |
git config --global user.name "CI"
git config --global user.email "ci@test.local"
- name: Install dependencies
run: bun install
- name: Typecheck
run: bun turbo typecheck
- name: Run release-critical tests
run: bun test --timeout 30000 test/branding/ test/install/
working-directory: packages/opencode
build:
name: Build (${{ matrix.name }})
# Runs in PARALLEL with test — publish waits for both
runs-on: ubuntu-latest
timeout-minutes: 15
permissions:
contents: read
strategy:
fail-fast: false
matrix:
include:
# Each target builds ONE binary in parallel (~5 min each)
# Index matches allTargets array in build.ts
- { index: 0, name: "linux-arm64" }
- { index: 1, name: "linux-x64" }
- { index: 2, name: "linux-x64-baseline" }
- { index: 3, name: "linux-arm64-musl" }
- { index: 4, name: "linux-x64-musl" }
- { index: 5, name: "linux-x64-baseline-musl" }
- { index: 6, name: "darwin-arm64" }
- { index: 7, name: "darwin-x64" }
- { index: 8, name: "darwin-x64-baseline" }
- { index: 9, name: "win32-arm64" }
- { index: 10, name: "win32-x64" }
- { index: 11, name: "win32-x64-baseline" }
steps:
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
- uses: oven-sh/setup-bun@ecf28ddc73e819eb6fa29df6b34ef8921c743461 # v2
with:
bun-version: "1.3.10"
- name: Cache Bun dependencies
uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4
with:
path: ~/.bun/install/cache
key: bun-${{ runner.os }}-${{ hashFiles('bun.lock') }}
restore-keys: |
bun-${{ runner.os }}-
- name: Install dependencies
run: bun install
- name: Build ${{ matrix.name }}
run: bun run packages/opencode/script/build.ts --target-index=${{ matrix.index }}
env:
OPENCODE_VERSION: ${{ github.ref_name }}
OPENCODE_CHANNEL: latest
OPENCODE_RELEASE: "1"
GH_REPO: ${{ env.GH_REPO }}
MODELS_DEV_API_JSON: test/tool/fixtures/models-api.json
# Smoke-test: verify the compiled binary actually starts.
# Only possible for native linux-x64 builds on the ubuntu runner.
# This catches missing externals (e.g. @altimateai/altimate-core)
# that compile fine but crash at runtime.
- name: Smoke test binary
if: matrix.name == 'linux-x64'
run: |
BINARY=$(find packages/opencode/dist -name altimate -type f | head -1)
if [ -z "$BINARY" ]; then
echo "::error::No binary found in dist/"
exit 1
fi
chmod +x "$BINARY"
# Set NODE_PATH so the binary can resolve external NAPI modules
# (mirrors what the npm bin wrapper does at runtime)
NODE_PATH="$(pwd)/packages/opencode/node_modules:$(pwd)/node_modules" "$BINARY" --version
echo "Smoke test passed: binary starts and prints version"
- name: Upload build artifact
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4
with:
name: dist-${{ matrix.name }}
path: packages/opencode/dist/
compression-level: 1
publish-npm:
name: Publish to npm
needs: build
runs-on: ubuntu-latest
timeout-minutes: 60
permissions:
contents: read
steps:
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
- uses: oven-sh/setup-bun@ecf28ddc73e819eb6fa29df6b34ef8921c743461 # v2
with:
bun-version: "1.3.10"
- name: Cache Bun dependencies
uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4
with:
path: ~/.bun/install/cache
key: bun-${{ runner.os }}-${{ hashFiles('bun.lock') }}
restore-keys: |
bun-${{ runner.os }}-
- name: Install dependencies
run: bun install
- name: Build dbt-tools (bundled with CLI)
run: bun run build
working-directory: packages/dbt-tools
- name: Smoke test dbt-tools bundle
run: |
# Verify node_python_bridge.py was copied into dist
if [ ! -f packages/dbt-tools/dist/node_python_bridge.py ]; then
echo "::error::node_python_bridge.py missing from dbt-tools dist"
exit 1
fi
# Verify no hardcoded absolute path in __dirname (catches any CI runner OS)
if grep -qE 'var __dirname\s*=\s*"(/|[A-Za-z]:\\)' packages/dbt-tools/dist/index.js; then
echo "::error::dbt-tools bundle contains hardcoded absolute path in __dirname"
exit 1
fi
# Verify __dirname was patched to runtime resolution
if ! grep -q 'import.meta.dirname' packages/dbt-tools/dist/index.js; then
echo "::error::dbt-tools bundle missing import.meta.dirname patch"
exit 1
fi
echo "dbt-tools smoke test passed"
- name: Free disk space for artifact download + npm publish
run: |
sudo rm -rf /usr/share/dotnet /usr/local/lib/android /opt/ghc /usr/local/share/boost
df -h /
- name: Download all build artifacts
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4
with:
pattern: "dist-*"
path: packages/opencode/dist/
merge-multiple: true
- name: Configure npm auth
run: echo "//registry.npmjs.org/:_authToken=${NPM_TOKEN}" > "$RUNNER_TEMP/.npmrc"
env:
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
# TODO: Uncomment when AUR publishing is enabled (see publish.ts for setup steps)
# - name: Configure SSH for AUR
# if: ${{ !contains(github.ref_name, '-') }}
# run: |
# mkdir -p ~/.ssh
# echo "$AUR_SSH_PRIVATE_KEY" > ~/.ssh/aur
# chmod 600 ~/.ssh/aur
# ssh-keyscan -t ed25519 aur.archlinux.org >> ~/.ssh/known_hosts 2>/dev/null
# cat >> ~/.ssh/config << 'EOF'
# Host aur.archlinux.org
# IdentityFile ~/.ssh/aur
# User aur
# EOF
# env:
# AUR_SSH_PRIVATE_KEY: ${{ secrets.AUR_SSH_PRIVATE_KEY }}
# Smoke-test a linux-x64 binary from the downloaded artifacts before publishing.
# This is the last gate before npm publish — catches runtime crashes that
# compile-time checks miss (e.g. missing NAPI externals like v0.5.10).
- name: Pre-publish smoke test
run: |
BINARY=$(find packages/opencode/dist -path '*altimate-code-linux-x64/bin/altimate' -type f | head -1)
if [ -z "$BINARY" ]; then
echo "::error::No linux-x64 binary found in artifacts — cannot verify release"
exit 1
else
chmod +x "$BINARY"
NODE_PATH="$(pwd)/packages/opencode/node_modules:$(pwd)/node_modules" "$BINARY" --version
echo "Pre-publish smoke test passed"
fi
- name: Publish to npm
run: bun run packages/opencode/script/publish.ts
env:
OPENCODE_VERSION: ${{ github.ref_name }}
OPENCODE_CHANNEL: latest
OPENCODE_RELEASE: "1"
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
NPM_CONFIG_USERCONFIG: ${{ runner.temp }}/.npmrc
GH_REPO: ${{ env.GH_REPO }}
GITHUB_TOKEN: ${{ secrets.HOMEBREW_TAP_TOKEN }}
# Python engine (publish-engine) job removed — engine eliminated.
# All methods now run natively in TypeScript.
github-release:
name: Create GitHub Release
needs: [build, publish-npm]
runs-on: ubuntu-latest
timeout-minutes: 60
permissions:
contents: write
steps:
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
with:
fetch-depth: 0
- name: Generate release notes
id: notes
run: |
# Validate tag format to prevent injection
if ! echo "$CURRENT_TAG" | grep -qE '^v[0-9]+\.[0-9]+\.[0-9]+(-[a-zA-Z0-9._-]+)?$'; then
echo "::error::Invalid tag format: $CURRENT_TAG"
exit 1
fi
# Get the previous tag
PREV_TAG=$(git tag --sort=-version:refname | grep -E '^v[0-9]' | head -2 | tail -1)
# Generate changelog from commits between tags
echo "## What's Changed" > notes.md
echo "" >> notes.md
if [ -n "$PREV_TAG" ]; then
# Categorize commits
echo "### Features" >> notes.md
git log "${PREV_TAG}".."${CURRENT_TAG}" --pretty=format:"- %s (%h)" --grep="^feat" >> notes.md || true
echo "" >> notes.md
echo "" >> notes.md
echo "### Bug Fixes" >> notes.md
git log "${PREV_TAG}".."${CURRENT_TAG}" --pretty=format:"- %s (%h)" --grep="^fix" >> notes.md || true
echo "" >> notes.md
echo "" >> notes.md
echo "### Other Changes" >> notes.md
git log "${PREV_TAG}".."${CURRENT_TAG}" --pretty=format:"- %s (%h)" --invert-grep --grep="^feat" --grep="^fix" >> notes.md || true
echo "" >> notes.md
else
echo "Initial release" >> notes.md
fi
echo "" >> notes.md
echo "### Install" >> notes.md
echo '```bash' >> notes.md
echo "npm install -g @altimateai/altimate-code@${CURRENT_TAG#v}" >> notes.md
echo "# or" >> notes.md
echo "brew install AltimateAI/tap/altimate-code" >> notes.md
echo '```' >> notes.md
echo "" >> notes.md
echo "**Full Changelog**: https://github.com/${GH_REPO}/compare/${PREV_TAG}...${CURRENT_TAG}" >> notes.md
env:
GH_REPO: ${{ env.GH_REPO }}
CURRENT_TAG: ${{ github.ref_name }}
- name: Download all build artifacts
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4
with:
pattern: "dist-*"
path: packages/opencode/dist/
merge-multiple: true
- name: Create GitHub Release
uses: softprops/action-gh-release@a06a81a03ee405af7f2048a818ed3f03bbf83c7b # v2
with:
body_path: notes.md
draft: false
prerelease: ${{ contains(github.ref_name, '-') }}
files: |
packages/opencode/dist/*.tar.gz
packages/opencode/dist/*.zip
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}