name: publish run-name: "${{ format('release {0}', inputs.bump) }}" on: push: branches: - ci - dev - beta - snapshot-* workflow_dispatch: inputs: bump: description: "Bump major, minor, or patch" required: false type: choice options: - major - minor - patch version: description: "Override version (optional)" required: false type: string concurrency: ${{ github.workflow }}-${{ github.ref }}-${{ inputs.version || inputs.bump }} permissions: id-token: write contents: write packages: write jobs: version: runs-on: blacksmith-4vcpu-ubuntu-2404 if: github.repository == 'anomalyco/opencode' steps: - uses: actions/checkout@v3 with: fetch-depth: 0 - uses: ./.github/actions/setup-bun - name: Install OpenCode if: inputs.bump || inputs.version run: bun i -g opencode-ai - id: version run: | ./script/version.ts env: GH_TOKEN: ${{ github.token }} OPENCODE_BUMP: ${{ inputs.bump }} OPENCODE_VERSION: ${{ inputs.version }} OPENCODE_API_KEY: ${{ secrets.OPENCODE_API_KEY }} outputs: version: ${{ steps.version.outputs.version }} release: ${{ steps.version.outputs.release }} tag: ${{ steps.version.outputs.tag }} build-cli: needs: version runs-on: blacksmith-4vcpu-ubuntu-2404 if: github.repository == 'anomalyco/opencode' steps: - uses: actions/checkout@v3 with: fetch-tags: true - uses: ./.github/actions/setup-bun - name: Build id: build run: | ./packages/opencode/script/build.ts env: OPENCODE_VERSION: ${{ needs.version.outputs.version }} OPENCODE_RELEASE: ${{ needs.version.outputs.release }} GH_TOKEN: ${{ github.token }} - uses: actions/upload-artifact@v4 with: name: opencode-cli path: packages/opencode/dist outputs: version: ${{ needs.version.outputs.version }} build-tauri: needs: - build-cli - version continue-on-error: false strategy: fail-fast: false matrix: settings: - host: macos-latest target: x86_64-apple-darwin - host: macos-latest target: aarch64-apple-darwin - host: blacksmith-4vcpu-windows-2025 target: x86_64-pc-windows-msvc - host: blacksmith-4vcpu-ubuntu-2404 target: x86_64-unknown-linux-gnu - host: blacksmith-8vcpu-ubuntu-2404-arm target: aarch64-unknown-linux-gnu runs-on: ${{ matrix.settings.host }} steps: - uses: actions/checkout@v3 with: fetch-tags: true - uses: apple-actions/import-codesign-certs@v2 if: ${{ runner.os == 'macOS' }} with: keychain: build p12-file-base64: ${{ secrets.APPLE_CERTIFICATE }} p12-password: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }} - name: Verify Certificate if: ${{ runner.os == 'macOS' }} run: | CERT_INFO=$(security find-identity -v -p codesigning build.keychain | grep "Developer ID Application") CERT_ID=$(echo "$CERT_INFO" | awk -F'"' '{print $2}') echo "CERT_ID=$CERT_ID" >> $GITHUB_ENV echo "Certificate imported." - name: Setup Apple API Key if: ${{ runner.os == 'macOS' }} run: | echo "${{ secrets.APPLE_API_KEY_PATH }}" > $RUNNER_TEMP/apple-api-key.p8 - uses: ./.github/actions/setup-bun - name: Cache apt packages if: contains(matrix.settings.host, 'ubuntu') uses: actions/cache@v4 with: path: /var/cache/apt/archives key: ${{ runner.os }}-${{ matrix.settings.target }}-apt-${{ hashFiles('.github/workflows/publish.yml') }} restore-keys: | ${{ runner.os }}-${{ matrix.settings.target }}-apt- - name: install dependencies (ubuntu only) if: contains(matrix.settings.host, 'ubuntu') run: | sudo apt-get update sudo apt-get install -y libwebkit2gtk-4.1-dev libappindicator3-dev librsvg2-dev patchelf - name: install Rust stable uses: dtolnay/rust-toolchain@stable with: targets: ${{ matrix.settings.target }} - uses: Swatinem/rust-cache@v2 with: workspaces: packages/desktop/src-tauri shared-key: ${{ matrix.settings.target }} - name: Prepare run: | cd packages/desktop bun ./scripts/prepare.ts env: OPENCODE_VERSION: ${{ needs.version.outputs.version }} GITHUB_TOKEN: ${{ steps.committer.outputs.token }} RUST_TARGET: ${{ matrix.settings.target }} GH_TOKEN: ${{ github.token }} GITHUB_RUN_ID: ${{ github.run_id }} # Fixes AppImage build issues, can be removed when https://github.com/tauri-apps/tauri/pull/12491 is released - name: Install tauri-cli from portable appimage branch if: contains(matrix.settings.host, 'ubuntu') run: | cargo install tauri-cli --git https://github.com/tauri-apps/tauri --branch feat/truly-portable-appimage --force echo "Installed tauri-cli version:" cargo tauri --version - name: Build and upload artifacts uses: tauri-apps/tauri-action@390cbe447412ced1303d35abe75287949e43437a timeout-minutes: 60 with: projectPath: packages/desktop uploadWorkflowArtifacts: true tauriScript: ${{ (contains(matrix.settings.host, 'ubuntu') && 'cargo tauri') || '' }} args: --target ${{ matrix.settings.target }} --config ./src-tauri/tauri.prod.conf.json --verbose updaterJsonPreferNsis: true releaseId: ${{ needs.version.outputs.release }} tagName: ${{ needs.version.outputs.tag }} releaseDraft: true releaseAssetNamePattern: opencode-desktop-[platform]-[arch][ext] env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} TAURI_BUNDLER_NEW_APPIMAGE_FORMAT: true TAURI_SIGNING_PRIVATE_KEY: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY }} TAURI_SIGNING_PRIVATE_KEY_PASSWORD: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY_PASSWORD }} APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }} APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }} APPLE_SIGNING_IDENTITY: ${{ env.CERT_ID }} APPLE_API_ISSUER: ${{ secrets.APPLE_API_ISSUER }} APPLE_API_KEY: ${{ secrets.APPLE_API_KEY }} APPLE_API_KEY_PATH: ${{ runner.temp }}/apple-api-key.p8 publish: needs: - version - build-cli - build-tauri runs-on: blacksmith-4vcpu-ubuntu-2404 steps: - uses: actions/checkout@v3 - uses: ./.github/actions/setup-bun - name: Login to GitHub Container Registry uses: docker/login-action@v3 with: registry: ghcr.io username: ${{ github.repository_owner }} password: ${{ secrets.GITHUB_TOKEN }} - name: Set up QEMU uses: docker/setup-qemu-action@v3 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - uses: actions/setup-node@v4 with: node-version: "24" registry-url: "https://registry.npmjs.org" - name: Setup git committer id: committer uses: ./.github/actions/setup-git-committer with: opencode-app-id: ${{ vars.OPENCODE_APP_ID }} opencode-app-secret: ${{ secrets.OPENCODE_APP_SECRET }} - uses: actions/download-artifact@v4 with: name: opencode-cli path: packages/opencode/dist - name: Cache apt packages (AUR) uses: actions/cache@v4 with: path: /var/cache/apt/archives key: ${{ runner.os }}-apt-aur-${{ hashFiles('.github/workflows/publish.yml') }} restore-keys: | ${{ runner.os }}-apt-aur- - name: Setup SSH for AUR run: | sudo apt-get update sudo apt-get install -y pacman-package-manager mkdir -p ~/.ssh echo "${{ secrets.AUR_KEY }}" > ~/.ssh/id_rsa chmod 600 ~/.ssh/id_rsa git config --global user.email "opencode@sst.dev" git config --global user.name "opencode" ssh-keyscan -H aur.archlinux.org >> ~/.ssh/known_hosts || true - run: ./script/publish.ts env: OPENCODE_VERSION: ${{ needs.version.outputs.version }} OPENCODE_RELEASE: ${{ needs.version.outputs.release }} AUR_KEY: ${{ secrets.AUR_KEY }} GITHUB_TOKEN: ${{ steps.committer.outputs.token }} NPM_CONFIG_PROVENANCE: false