| Josh Bleecher Snyder | 7b00c2c | 2025-07-02 12:24:30 -0700 | [diff] [blame] | 1 | name: Release Build (Nightly) |
| 2 | |
| 3 | on: |
| 4 | schedule: |
| 5 | - cron: "47 9 * * *" # 1:47 AM Pacific Time (9:47 UTC) |
| 6 | workflow_dispatch: # Allow manual triggering |
| 7 | |
| 8 | permissions: |
| 9 | contents: write |
| 10 | |
| 11 | jobs: |
| 12 | nightly: |
| 13 | runs-on: ubuntu-latest |
| 14 | if: github.ref == 'refs/heads/main' |
| 15 | steps: |
| 16 | - name: Checkout |
| 17 | uses: actions/checkout@v4 |
| 18 | with: |
| 19 | fetch-depth: 0 |
| 20 | |
| 21 | - name: Set up Node.js |
| 22 | uses: actions/setup-node@v4 |
| 23 | with: |
| 24 | node-version: "20" |
| 25 | cache: "npm" |
| 26 | cache-dependency-path: "webui/package-lock.json" |
| 27 | |
| 28 | - uses: actions/setup-go@v5 |
| 29 | with: |
| 30 | go-version-file: "${{ inputs.working-directory || '.'}}/go.mod" |
| 31 | cache: true |
| 32 | |
| Josh Bleecher Snyder | 5e97dfc | 2025-07-11 18:14:07 +0000 | [diff] [blame] | 33 | - name: Install selfupdatectl |
| 34 | run: go install github.com/fynelabs/selfupdate/cmd/selfupdatectl@v0.2.1 |
| 35 | |
| 36 | - name: Extract Ed25519 signing key |
| 37 | env: |
| 38 | SELFUPDATE_SIGNING_KEY_B64: ${{ secrets.SELFUPDATE_ED25519_PRIVATE_KEY }} |
| 39 | run: | |
| 40 | # when https://github.com/fynelabs/selfupdate/issues/39 is fixed, we can stop writing to disk |
| 41 | set -euo pipefail |
| 42 | [[ -z "${SELFUPDATE_SIGNING_KEY_B64:-}" ]] && { echo >&2 "Signing key secret missing"; exit 1; } |
| 43 | selfupdate_keyfile=$(mktemp "$RUNNER_TEMP/ed25519.XXXXXX") |
| 44 | chmod 600 "$selfupdate_keyfile" |
| 45 | echo "$SELFUPDATE_SIGNING_KEY_B64" | base64 -d > "$selfupdate_keyfile" |
| 46 | echo "SELFUPDATE_PRIVKEY_PATH=$selfupdate_keyfile" >>"$GITHUB_ENV" |
| 47 | |
| Josh Bleecher Snyder | 7b00c2c | 2025-07-02 12:24:30 -0700 | [diff] [blame] | 48 | - name: Check for changes since last tag |
| 49 | id: check_changes |
| 50 | run: | |
| 51 | git fetch --tags --force |
| 52 | # find latest nightly tag that looks like nightly/v0.0.N |
| 53 | latest_nightly=$(git tag -l "nightly/v0.0.*" --sort=-v:refname | head -n1) |
| 54 | if [ -z "$latest_nightly" ]; then |
| 55 | echo "has_changes=true" >> $GITHUB_OUTPUT |
| 56 | echo "tag=v0.0.1" >> $GITHUB_OUTPUT |
| 57 | echo "nightly_tag=nightly/v0.0.1" >> $GITHUB_OUTPUT |
| 58 | else |
| 59 | echo "Latest nightly tag is $latest_nightly" |
| 60 | # Check if there are any new commits since the last nightly tag |
| 61 | changes=$(git log $latest_nightly..HEAD --oneline) |
| 62 | if [ -z "$changes" ]; then |
| 63 | echo "No new changes since last nightly tag, skipping nightly build" |
| 64 | echo "has_changes=false" >> $GITHUB_OUTPUT |
| 65 | else |
| 66 | echo "Changes found since last nightly tag:" |
| 67 | echo "$changes" |
| 68 | echo "has_changes=true" >> $GITHUB_OUTPUT |
| 69 | # Extract N from nightly/v0.0.N and increment |
| 70 | version_part="${latest_nightly#nightly/v0.0.}" |
| 71 | new_n=$((version_part + 1)) |
| 72 | new_tag="v0.0.${new_n}" |
| 73 | new_nightly_tag="nightly/v0.0.${new_n}" |
| 74 | echo "tag=$new_tag" >> $GITHUB_OUTPUT |
| 75 | echo "nightly_tag=$new_nightly_tag" >> $GITHUB_OUTPUT |
| 76 | fi |
| 77 | fi |
| 78 | |
| 79 | - name: Create and push nightly git tag |
| 80 | if: steps.check_changes.outputs.has_changes == 'true' |
| 81 | env: |
| 82 | TAG: ${{ steps.check_changes.outputs.tag }} |
| 83 | NIGHTLY_TAG: ${{ steps.check_changes.outputs.nightly_tag }} |
| 84 | run: | |
| 85 | git config user.name "Sketch Nightly Bot" |
| 86 | git config user.email "hello@sketch.dev" |
| 87 | git tag -a "$TAG" -m "Nightly build $TAG" |
| 88 | git tag -a "$NIGHTLY_TAG" -m "Nightly build tracking tag for $TAG" |
| 89 | git push origin "$TAG" |
| 90 | git push origin "$NIGHTLY_TAG" |
| 91 | |
| 92 | - name: Run GoReleaser (Nightly) |
| 93 | if: steps.check_changes.outputs.has_changes == 'true' |
| 94 | uses: goreleaser/goreleaser-action@v4 |
| 95 | with: |
| 96 | version: latest |
| Josh Bleecher Snyder | 6ae637a | 2025-07-09 12:41:56 -0700 | [diff] [blame] | 97 | # because our builds aren't hermetic, we must build serially |
| 98 | args: release --clean --parallelism 1 |
| Josh Bleecher Snyder | 7b00c2c | 2025-07-02 12:24:30 -0700 | [diff] [blame] | 99 | env: |
| 100 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |
| 101 | |
| 102 | - name: Mark release as prerelease |
| 103 | if: steps.check_changes.outputs.has_changes == 'true' |
| 104 | uses: actions/github-script@v6 |
| 105 | with: |
| 106 | script: | |
| 107 | const tag = process.env.TAG; |
| 108 | const [owner, repo] = process.env.GITHUB_REPOSITORY.split('/'); |
| 109 | const release = await github.rest.repos.getReleaseByTag({ owner, repo, tag }); |
| 110 | await github.rest.repos.updateRelease({ |
| 111 | owner, |
| 112 | repo, |
| 113 | release_id: release.data.id, |
| 114 | prerelease: true |
| 115 | }); |
| 116 | env: |
| 117 | TAG: ${{ steps.check_changes.outputs.tag }} |
| Josh Bleecher Snyder | 5e97dfc | 2025-07-11 18:14:07 +0000 | [diff] [blame] | 118 | |
| 119 | - name: Clean up signing key |
| 120 | if: always() |
| 121 | run: | |
| 122 | if [[ -n "${SELFUPDATE_PRIVKEY_PATH:-}" && -f "$SELFUPDATE_PRIVKEY_PATH" ]]; then |
| 123 | shred -u "$SELFUPDATE_PRIVKEY_PATH" |
| 124 | fi |