chore: bump version to 0.5.8 #129
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release | |
| on: | |
| push: | |
| tags: | |
| - 'v*' | |
| # Allow manual trigger for testing | |
| workflow_dispatch: | |
| inputs: | |
| version: | |
| description: 'Version tag (e.g., v1.0.0)' | |
| required: true | |
| permissions: | |
| contents: write | |
| actions: write | |
| jobs: | |
| create-release: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| release_id: ${{ steps.create-release.outputs.id }} | |
| version: ${{ steps.get-version.outputs.version }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Get version | |
| id: get-version | |
| run: | | |
| if [ "${{ github.event_name }}" = "workflow_dispatch" ]; then | |
| echo "version=${{ github.event.inputs.version }}" >> $GITHUB_OUTPUT | |
| else | |
| echo "version=${GITHUB_REF#refs/tags/}" >> $GITHUB_OUTPUT | |
| fi | |
| - name: Create Release | |
| id: create-release | |
| uses: softprops/action-gh-release@v2 | |
| with: | |
| tag_name: ${{ steps.get-version.outputs.version }} | |
| name: VMark ${{ steps.get-version.outputs.version }} | |
| draft: true | |
| prerelease: false | |
| generate_release_notes: true | |
| build-tauri: | |
| needs: create-release | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| # macOS Apple Silicon (M1/M2/M3) | |
| - platform: macos-latest | |
| args: --target aarch64-apple-darwin | |
| sidecar_target: darwin-arm64 | |
| # macOS Intel | |
| - platform: macos-latest | |
| args: --target x86_64-apple-darwin | |
| sidecar_target: darwin-x64 | |
| # Windows | |
| - platform: windows-latest | |
| args: '' | |
| sidecar_target: '' | |
| # Linux | |
| - platform: ubuntu-22.04 | |
| args: '' | |
| sidecar_target: '' | |
| runs-on: ${{ matrix.platform }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Setup Node | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: 20 | |
| - name: Setup pnpm | |
| uses: pnpm/action-setup@v4 | |
| with: | |
| version: 9 | |
| - name: Install Rust stable | |
| uses: dtolnay/rust-toolchain@stable | |
| # macOS: Add the specific target for this build | |
| - name: Add macOS target (Apple Silicon) | |
| if: matrix.platform == 'macos-latest' && matrix.sidecar_target == 'darwin-arm64' | |
| run: rustup target add aarch64-apple-darwin | |
| - name: Add macOS target (Intel) | |
| if: matrix.platform == 'macos-latest' && matrix.sidecar_target == 'darwin-x64' | |
| run: rustup target add x86_64-apple-darwin | |
| # macOS: Import code signing certificate (signing enabled, notarization disabled) | |
| - name: Import Apple certificate | |
| if: matrix.platform == 'macos-latest' | |
| env: | |
| APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }} | |
| APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }} | |
| run: | | |
| echo $APPLE_CERTIFICATE | base64 --decode > certificate.p12 | |
| security create-keychain -p actions build.keychain | |
| security default-keychain -s build.keychain | |
| security unlock-keychain -p actions build.keychain | |
| security set-keychain-settings -t 3600 -u build.keychain | |
| security import certificate.p12 -k build.keychain -P "$APPLE_CERTIFICATE_PASSWORD" -T /usr/bin/codesign | |
| security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k actions build.keychain | |
| security list-keychains -d user -s build.keychain $(security list-keychains -d user | tr -d '"') | |
| rm certificate.p12 | |
| # Linux: Install system dependencies | |
| - name: Install Linux dependencies | |
| if: matrix.platform == 'ubuntu-22.04' | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y libwebkit2gtk-4.1-dev libappindicator3-dev librsvg2-dev patchelf | |
| - name: Install frontend dependencies | |
| run: pnpm install | |
| # Build MCP server sidecar for the target platform | |
| # NOTE: pkg binaries cannot be combined with lipo, so we build arch-specific binaries | |
| - name: Build MCP server sidecar (macOS) | |
| if: matrix.platform == 'macos-latest' | |
| working-directory: vmark-mcp-server | |
| env: | |
| SIDECAR_TARGET: ${{ matrix.sidecar_target }} | |
| run: | | |
| pnpm install | |
| pnpm build | |
| node scripts/build-sidecar.js --target $SIDECAR_TARGET | |
| - name: Health check MCP sidecar (macOS) | |
| if: matrix.platform == 'macos-latest' | |
| env: | |
| SIDECAR_TARGET: ${{ matrix.sidecar_target }} | |
| run: | | |
| if [ "$SIDECAR_TARGET" = "darwin-arm64" ]; then | |
| SIDECAR_NAME="vmark-mcp-server-aarch64-apple-darwin" | |
| else | |
| SIDECAR_NAME="vmark-mcp-server-x86_64-apple-darwin" | |
| fi | |
| SIDECAR_PATH="src-tauri/binaries/$SIDECAR_NAME" | |
| echo "Running health check on: $SIDECAR_PATH" | |
| # Version check | |
| VERSION=$("$SIDECAR_PATH" --version) | |
| echo "Version: $VERSION" | |
| # Full health check (only works on matching architecture) | |
| if [ "$SIDECAR_TARGET" = "darwin-arm64" ] && [ "$(uname -m)" = "arm64" ]; then | |
| "$SIDECAR_PATH" --health-check | |
| elif [ "$SIDECAR_TARGET" = "darwin-x64" ] && [ "$(uname -m)" = "x86_64" ]; then | |
| "$SIDECAR_PATH" --health-check | |
| else | |
| echo "Skipping full health check (cross-architecture build)" | |
| fi | |
| # Pre-sign sidecar with JIT entitlements (required for pkg/Node.js binaries) | |
| # This must happen BEFORE Tauri signs the app | |
| - name: Sign sidecar with JIT entitlements (macOS) | |
| if: matrix.platform == 'macos-latest' | |
| env: | |
| APPLE_SIGNING_IDENTITY: ${{ secrets.APPLE_SIGNING_IDENTITY }} | |
| SIDECAR_TARGET: ${{ matrix.sidecar_target }} | |
| run: | | |
| # Determine sidecar filename based on target | |
| if [ "$SIDECAR_TARGET" = "darwin-arm64" ]; then | |
| SIDECAR_NAME="vmark-mcp-server-aarch64-apple-darwin" | |
| else | |
| SIDECAR_NAME="vmark-mcp-server-x86_64-apple-darwin" | |
| fi | |
| SIDECAR_PATH="src-tauri/binaries/$SIDECAR_NAME" | |
| echo "Signing sidecar with JIT entitlements: $SIDECAR_PATH" | |
| # Sign with entitlements that allow JIT compilation (required for V8/Node.js) | |
| codesign --force --timestamp \ | |
| --entitlements src-tauri/sidecar-entitlements.plist \ | |
| --sign "$APPLE_SIGNING_IDENTITY" \ | |
| --options runtime \ | |
| --keychain build.keychain \ | |
| "$SIDECAR_PATH" | |
| # Verify signature and entitlements | |
| echo "Verifying signature..." | |
| codesign -dv --verbose=2 "$SIDECAR_PATH" | |
| echo "Checking entitlements..." | |
| codesign -d --entitlements - "$SIDECAR_PATH" | |
| - name: Build MCP server sidecar (Windows) | |
| if: matrix.platform == 'windows-latest' | |
| working-directory: vmark-mcp-server | |
| run: | | |
| pnpm install | |
| pnpm build | |
| node scripts/build-sidecar.js | |
| - name: Health check MCP sidecar (Windows) | |
| if: matrix.platform == 'windows-latest' | |
| shell: pwsh | |
| run: | | |
| $SIDECAR_PATH = "src-tauri/binaries/vmark-mcp-server-x86_64-pc-windows-msvc.exe" | |
| Write-Host "Running health check on: $SIDECAR_PATH" | |
| # Version check | |
| $VERSION = & $SIDECAR_PATH --version | |
| Write-Host "Version: $VERSION" | |
| # Full health check | |
| & $SIDECAR_PATH --health-check | |
| if ($LASTEXITCODE -ne 0) { | |
| throw "Health check failed" | |
| } | |
| - name: Build MCP server sidecar (Linux) | |
| if: matrix.platform == 'ubuntu-22.04' | |
| working-directory: vmark-mcp-server | |
| run: | | |
| pnpm install | |
| pnpm build | |
| node scripts/build-sidecar.js | |
| - name: Health check MCP sidecar (Linux) | |
| if: matrix.platform == 'ubuntu-22.04' | |
| run: | | |
| SIDECAR_PATH="src-tauri/binaries/vmark-mcp-server-x86_64-unknown-linux-gnu" | |
| echo "Running health check on: $SIDECAR_PATH" | |
| # Version check | |
| VERSION=$("$SIDECAR_PATH" --version) | |
| echo "Version: $VERSION" | |
| # Full health check | |
| "$SIDECAR_PATH" --health-check | |
| - name: Build Tauri app | |
| uses: tauri-apps/tauri-action@v0 | |
| timeout-minutes: 45 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| # macOS code signing and notarization | |
| APPLE_SIGNING_IDENTITY: ${{ secrets.APPLE_SIGNING_IDENTITY }} | |
| APPLE_ID: ${{ secrets.APPLE_ID }} | |
| APPLE_PASSWORD: ${{ secrets.APPLE_PASSWORD }} | |
| APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} | |
| # Tauri updater signing (generates .sig files and latest.json) | |
| TAURI_SIGNING_PRIVATE_KEY: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY }} | |
| TAURI_SIGNING_PRIVATE_KEY_PASSWORD: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY_PASSWORD }} | |
| CI: true | |
| with: | |
| releaseId: ${{ needs.create-release.outputs.release_id }} | |
| args: ${{ matrix.args }} | |
| # Disable per-job latest.json upload to avoid race condition | |
| # We generate and upload it once in publish-release job | |
| includeUpdaterJson: false | |
| publish-release: | |
| needs: [create-release, build-tauri] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Generate and upload latest.json | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| VERSION="${{ needs.create-release.outputs.version }}" | |
| REPO="${{ github.repository }}" | |
| echo "Generating latest.json for $VERSION..." | |
| # Download all .sig files to get signatures | |
| mkdir -p sigs | |
| gh release download "$VERSION" --repo "$REPO" --pattern "*.sig" --dir sigs || true | |
| # Read signatures | |
| MACOS_AARCH64_SIG="" | |
| MACOS_X64_SIG="" | |
| LINUX_SIG="" | |
| WINDOWS_MSI_SIG="" | |
| WINDOWS_EXE_SIG="" | |
| if [ -f "sigs/VMark_aarch64.app.tar.gz.sig" ]; then | |
| MACOS_AARCH64_SIG=$(cat "sigs/VMark_aarch64.app.tar.gz.sig") | |
| fi | |
| if [ -f "sigs/VMark_x64.app.tar.gz.sig" ]; then | |
| MACOS_X64_SIG=$(cat "sigs/VMark_x64.app.tar.gz.sig") | |
| fi | |
| if [ -f "sigs/VMark_${VERSION#v}_amd64.AppImage.sig" ]; then | |
| LINUX_SIG=$(cat "sigs/VMark_${VERSION#v}_amd64.AppImage.sig") | |
| fi | |
| if [ -f "sigs/VMark_${VERSION#v}_x64_en-US.msi.sig" ]; then | |
| WINDOWS_MSI_SIG=$(cat "sigs/VMark_${VERSION#v}_x64_en-US.msi.sig") | |
| fi | |
| if [ -f "sigs/VMark_${VERSION#v}_x64-setup.exe.sig" ]; then | |
| WINDOWS_EXE_SIG=$(cat "sigs/VMark_${VERSION#v}_x64-setup.exe.sig") | |
| fi | |
| # Get current timestamp | |
| PUB_DATE=$(date -u +"%Y-%m-%dT%H:%M:%SZ") | |
| # Base URL for downloads | |
| BASE_URL="https://github.com/$REPO/releases/download/$VERSION" | |
| # Generate latest.json | |
| cat > latest.json << EOF | |
| { | |
| "version": "$VERSION", | |
| "notes": "See release notes at https://github.com/$REPO/releases/tag/$VERSION", | |
| "pub_date": "$PUB_DATE", | |
| "platforms": { | |
| "darwin-aarch64": { | |
| "signature": "$MACOS_AARCH64_SIG", | |
| "url": "$BASE_URL/VMark_aarch64.app.tar.gz" | |
| }, | |
| "darwin-x86_64": { | |
| "signature": "$MACOS_X64_SIG", | |
| "url": "$BASE_URL/VMark_x64.app.tar.gz" | |
| }, | |
| "linux-x86_64": { | |
| "signature": "$LINUX_SIG", | |
| "url": "$BASE_URL/VMark_${VERSION#v}_amd64.AppImage" | |
| }, | |
| "windows-x86_64": { | |
| "signature": "$WINDOWS_MSI_SIG", | |
| "url": "$BASE_URL/VMark_${VERSION#v}_x64_en-US.msi" | |
| } | |
| } | |
| } | |
| EOF | |
| echo "Generated latest.json:" | |
| cat latest.json | |
| # Upload latest.json to release | |
| gh release upload "$VERSION" latest.json --repo "$REPO" --clobber | |
| echo "✅ Uploaded latest.json" | |
| - name: Publish Release | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| # Use gh CLI to publish the draft release - more reliable than action | |
| # which can create duplicate releases on API failures | |
| gh release edit "${{ needs.create-release.outputs.version }}" \ | |
| --draft=false \ | |
| --repo "${{ github.repository }}" | |
| echo "✅ Published release ${{ needs.create-release.outputs.version }}" | |
| - name: Trigger Homebrew tap update | |
| continue-on-error: true | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| VERSION="${{ needs.create-release.outputs.version }}" | |
| VERSION_NUM="${VERSION#v}" | |
| gh workflow run update-homebrew.yml \ | |
| --repo "${{ github.repository }}" \ | |
| -f version="$VERSION_NUM" | |
| echo "✅ Triggered Homebrew tap update for $VERSION_NUM" |