Add release workflow and binary download fallback#4
Merged
Conversation
Adds CI/CD to publish cross-compiled binaries on v* tags and a download fallback in bootstrap.sh so users without Go can install the plugin from GitHub Releases. Binaries are checksum-verified before execution. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Supports minimal Linux distros that only have sha256sum. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
If grep finds no matching line in checksums.txt (empty file, wrong filenames, truncated download), abort instead of executing an unverified binary. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
.github/workflows/release.yml): triggered onv*tags, runs tests + vet, cross-compiles for darwin/linux × amd64/arm64, generates SHA-256 checksums, and publishes a GitHub Release with all assetsplugin/hooks/bootstrap.sh): when no binary and no Go toolchain are available, downloads the correct prebuilt binary from GitHub Releases, verifies its SHA-256 checksum, and caches it locallymake releasetarget: mirrors CI locally for pre-tag validationSecurity
curl -fSLwith connect/max timeouts prevents hanging or following to unexpected destinationsTest plan
bash -n plugin/hooks/bootstrap.sh— syntax check passesgo test ./...— all tests passmake release— builds all 4 platform binaries + checksums.txtv0.1.0tag after merge and verify GitHub Actions creates a release with 4 binaries + checksums.txtplugin/hooks/bin/, unset Go from PATH, run bootstrap.sh to verify download fallback🤖 Generated with Claude Code