Skip to content

B
bit-pm
Unverified 提交 dc3e0021 authored 作者: wwwillchen-bot's avatar wwwillchen-bot 提交者: GitHub
浏览文件
操作

feat: merge release builds and publish from one job (#2662)

Fixes #1225 ## Summary - Separates the release workflow into build and publish phases - Build phase runs on all platforms in dry-run mode (no actual publish) - Artifacts are uploaded and downloaded between phases - Publish phase uses GitHub environment "release" for manual approval gate - Removes commented-out code for cleaner workflow ## Test plan - [ ] Trigger the release workflow manually - [ ] Verify build phase completes for all platforms (Windows, macOS, Linux) - [ ] Verify artifacts are uploaded successfully - [ ] Verify publish phase waits for environment approval - [ ] Approve and verify publish completes from dry-run artifacts - [ ] Verify verify-assets step still validates the release 🤖 Generated with [Claude Code](https://claude.com/claude-code) <!-- devin-review-badge-begin --> --- <a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2662" target="_blank"> <picture> <source media="(prefers-color-scheme: dark)" srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1"> <img src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1" alt="Open with Devin"> </picture> </a> <!-- devin-review-badge-end --> <!-- This is an auto-generated description by cubic. --> --- ## Summary by cubic Adds a manual approval gate to the release workflow by splitting it into build (dry-run) and publish phases. Builds run on Windows, macOS, and Linux; publish reuses artifacts after approval via the “release” environment. - **New Features** - Build job runs npm run publish -- --dry-run on all OS and uploads out/ artifacts (1-day retention). - Publish job waits on GitHub environment “release”, downloads artifacts, and runs npm run publish -- --from-dry-run. - verify-assets now runs after publish to validate the release. - Cleaned up commented code and pins npm 11.8.0 in publish job. - **Migration** - Ensure the GitHub environment “release” exists and requires the desired approvers. <sup>Written for commit 04fcc4025e533a6d8fb0804df80c10b3215cff8a. Summary will update on new commits.</sup> <!-- End of auto-generated description by cubic. --> Co-authored-by: 's avatarWill Chen <willchen90@gmail.com> Co-authored-by: 's avatarClaude Opus 4.5 <noreply@anthropic.com>
上级 6c846d93
隐藏空白字符变更
内嵌 并排
正在显示 包含 45 行增加31 行删除
.github/workflows/release.yml
浏览文件 @ dc3e0021
......@@ -14,10 +14,6 @@ jobs:
strategy:
# Continue building other platforms even if one fails
fail-fast: false
# Uncomment max-parallel to prevent race condition (where multiple releases are
# created concurrently). Typically though, we'll create a release manually ahead of time
# which prevents the race.
# max-parallel: 1
matrix:
os: [
{ name: "windows", image: "windows-latest" },
......@@ -99,39 +95,16 @@ jobs:
echo "AZURE_METADATA_JSON=$PWD\signing-metadata.json" >> $env:GITHUB_ENV
# - name: Set up certificate
# if: contains(matrix.os.name, 'windows')
# run: |
# echo "${{ secrets.SM_CLIENT_CERT_FILE_B64 }}" | base64 --decode > /d/Certificate_pkcs12.p12
# shell: bash
# - name: Set variables
# if: contains(matrix.os.name, 'windows')
# id: variables
# run: |
# echo "SM_HOST=${{ secrets.SM_HOST }}" >> "$GITHUB_ENV"
# echo "SM_API_KEY=${{ secrets.SM_API_KEY }}" >> "$GITHUB_ENV"
# echo "SM_CLIENT_CERT_FILE=D:\\Certificate_pkcs12.p12" >> "$GITHUB_ENV"
# echo "SM_CLIENT_CERT_PASSWORD=${{ secrets.SM_CLIENT_CERT_PASSWORD }}" >> "$GITHUB_ENV"
# shell: bash
# - name: Code signing with Software Trust Manager
# if: contains(matrix.os.name, 'windows')
# uses: digicert/ssm-code-signing@v1.1.0
# - name: Sync certificate (Windows)
# if: contains(matrix.os.name, 'windows')
# run: |
# smctl windows certsync --keypair-alias=${{ secrets.DIGICERT_KEYPAIR_ALIAS }}
# shell: bash
# Publish (all platforms)
- name: Publish app
# Build (dry-run) - does NOT publish
- name: Build app (dry-run)
uses: nick-fields/retry@ce71cc2ab81d554ebbe88c79ab5975992d79ba08 # v3.0.2
with:
timeout_minutes: 30
max_attempts: 3
command: ./node_modules/.bin/electron-forge publish
command: npm run publish -- --dry-run
env:
DEBUG: "@electron/*,electron-forge:*,electron-osx-sign*,electron-notarize*,electron-windows-installer:main,electron-windows-sign"
NODE_OPTIONS: "--max-old-space-size=4096"
# SM_CODE_SIGNING_CERT_SHA1_HASH: ${{ secrets.SM_CODE_SIGNING_CERT_SHA1_HASH }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
APPLE_ID: ${{ secrets.APPLE_ID }}
......@@ -141,9 +114,50 @@ jobs:
AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
WINDOWS_SIGN: ${{ contains(matrix.os.name, 'windows') && 'true' || '' }}
- name: Upload build artifacts
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
with:
name: build-${{ matrix.os.name }}
path: out/
retention-days: 1
publish:
name: Publish Release
needs: build
runs-on: ubuntu-latest
environment: release
steps:
- name: Github checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Use Node.js
uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e # v4.3.0
with:
node-version-file: package.json
- name: Install npm 11.8.0
run: npm install -g npm@11.8.0
- run: npm ci
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Download all build artifacts
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
with:
path: out/
pattern: build-*
merge-multiple: true
- name: List artifacts
run: ls -laR out/
- name: Publish from dry-run
run: npm run publish -- --from-dry-run
env:
DEBUG: "@electron/*,electron-forge:*"
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
verify-assets:
name: Verify Release Assets
needs: build
needs: publish
runs-on: ubuntu-latest
steps:
- name: Github checkout
......
Markdown 格式
0%
您添加了 0 到此讨论。请谨慎行事。
请先完成此评论的编辑!
注册 或者 后发表评论