Skip to content

🤖 Add release workflow for automated binary publishing #168

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
ammario merged 7 commits into from
Oct 10, 2025
+121 −35
Merged

🤖 Add release workflow for automated binary publishing #168

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
cbe2a83
🤖 Add release workflow for automated binary publishing
ammar-agent Oct 10, 2025
1f4a4ff
Remove workflow README documentation
ammar-agent Oct 10, 2025
d7f7bbf
DRY workflows with composite action and signing script
ammar-agent Oct 10, 2025
e49d451
Grant release workflow write permission for uploads
ammar-agent Oct 10, 2025
27b7cff
Fix composite action: checkout must happen before using local action
ammar-agent Oct 10, 2025
89651e6
Move build step out of composite action
ammar-agent Oct 10, 2025
92b8509
Add ImageMagick to release workflow
ammar-agent Oct 10, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 13 additions & 0 deletions .github/actions/setup-cmux/action.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
name: 'Setup cmux build environment'
description: 'Setup Bun and install dependencies'
runs:
using: "composite"
steps:
- name: Setup Bun
uses: oven-sh/setup-bun@v2
with:
bun-version: latest

- name: Install dependencies
run: bun install --frozen-lockfile
shell: bash
47 changes: 12 additions & 35 deletions .github/workflows/build.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,42 +14,25 @@ jobs:
- name: Checkout code
uses: actions/checkout@v4

- name: Setup Bun
uses: oven-sh/setup-bun@v2
with:
bun-version: latest

- name: Install dependencies
run: bun install --frozen-lockfile
- uses: ./.github/actions/setup-cmux

- name: Install ImageMagick
run: brew install imagemagick

- name: Build application
run: bun run build

- name: Package for macOS
run: |
# Decode certificate to file to avoid issues with newlines in base64 string
if [ -n "${{ secrets.MACOS_CERTIFICATE }}" ]; then
echo "${{ secrets.MACOS_CERTIFICATE }}" | base64 -D > /tmp/certificate.p12
export CSC_LINK="/tmp/certificate.p12"
export CSC_KEY_PASSWORD="${{ secrets.MACOS_CERTIFICATE_PWD }}"
fi

# Notarization credentials (optional - will skip if not provided)
if [ -n "${{ secrets.AC_APIKEY_ID }}" ]; then
# Decode API key to file
echo "${{ secrets.AC_APIKEY_P8_BASE64 }}" | base64 -D > /tmp/AuthKey.p8
export APPLE_API_KEY="/tmp/AuthKey.p8"
export APPLE_API_KEY_ID="${{ secrets.AC_APIKEY_ID }}"
export APPLE_API_ISSUER="${{ secrets.AC_APIKEY_ISSUER_ID }}"
echo "✅ Notarization credentials found (API key) - will notarize"
else
echo "⚠️ No notarization credentials - skipping notarization"
fi
- name: Setup code signing
run: ./scripts/setup-macos-signing.sh
env:
MACOS_CERTIFICATE: ${{ secrets.MACOS_CERTIFICATE }}
MACOS_CERTIFICATE_PWD: ${{ secrets.MACOS_CERTIFICATE_PWD }}
AC_APIKEY_P8_BASE64: ${{ secrets.AC_APIKEY_P8_BASE64 }}
AC_APIKEY_ID: ${{ secrets.AC_APIKEY_ID }}
AC_APIKEY_ISSUER_ID: ${{ secrets.AC_APIKEY_ISSUER_ID }}

make dist-mac
- name: Package for macOS
run: make dist-mac

- name: Upload macOS DMG (x64)
uses: actions/upload-artifact@v4
Expand All @@ -74,13 +57,7 @@ jobs:
- name: Checkout code
uses: actions/checkout@v4

- name: Setup Bun
uses: oven-sh/setup-bun@v2
with:
bun-version: latest

- name: Install dependencies
run: bun install --frozen-lockfile
- uses: ./.github/actions/setup-cmux

- name: Install ImageMagick
run: sudo apt-get update && sudo apt-get install -y imagemagick
Expand Down
58 changes: 58 additions & 0 deletions .github/workflows/release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,58 @@
name: Release

on:
release:
types: [published]

permissions:
contents: write # Required for electron-builder to upload release assets

jobs:
build-macos:
name: Build and Release macOS
runs-on: macos-latest
steps:
- name: Checkout code
uses: actions/checkout@v4

- uses: ./.github/actions/setup-cmux

- name: Install ImageMagick
run: brew install imagemagick

- name: Build application
run: bun run build

- name: Setup code signing
run: ./scripts/setup-macos-signing.sh
env:
MACOS_CERTIFICATE: ${{ secrets.MACOS_CERTIFICATE }}
MACOS_CERTIFICATE_PWD: ${{ secrets.MACOS_CERTIFICATE_PWD }}
AC_APIKEY_P8_BASE64: ${{ secrets.AC_APIKEY_P8_BASE64 }}
AC_APIKEY_ID: ${{ secrets.AC_APIKEY_ID }}
AC_APIKEY_ISSUER_ID: ${{ secrets.AC_APIKEY_ISSUER_ID }}

- name: Package and publish for macOS
run: bun x electron-builder --mac --publish always
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

build-linux:
name: Build and Release Linux
runs-on: ${{ github.repository_owner == 'coder' && 'depot-ubuntu-22.04-16' || 'ubuntu-latest' }}
steps:
- name: Checkout code
uses: actions/checkout@v4

- uses: ./.github/actions/setup-cmux

- name: Install ImageMagick
run: sudo apt-get update && sudo apt-get install -y imagemagick

- name: Build application
run: bun run build

- name: Package and publish for Linux
run: bun x electron-builder --linux --publish always
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
4 changes: 4 additions & 0 deletions package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -96,6 +96,10 @@
"build": {
"appId": "com.cmux.app",
"productName": "Cmux",
"publish": {
"provider": "github",
"releaseType": "release"
},
"directories": {
"output": "release"
},
Expand Down
34 changes: 34 additions & 0 deletions scripts/setup-macos-signing.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
#!/bin/bash
# Sets up macOS code signing and notarization from GitHub secrets
# Usage: ./scripts/setup-macos-signing.sh
#
# Required environment variables:
# MACOS_CERTIFICATE - Base64-encoded .p12 certificate
# MACOS_CERTIFICATE_PWD - Certificate password
# AC_APIKEY_P8_BASE64 - Base64-encoded Apple API key (.p8)
# AC_APIKEY_ID - Apple API Key ID
# AC_APIKEY_ISSUER_ID - Apple API Issuer ID

set -euo pipefail

# Setup code signing certificate
if [ -n "${MACOS_CERTIFICATE:-}" ]; then
echo "Setting up code signing certificate..."
echo "$MACOS_CERTIFICATE" | base64 -D > /tmp/certificate.p12
echo "CSC_LINK=/tmp/certificate.p12" >> "$GITHUB_ENV"
echo "CSC_KEY_PASSWORD=$MACOS_CERTIFICATE_PWD" >> "$GITHUB_ENV"
else
echo "⚠️ No code signing certificate provided - building unsigned"
fi

# Setup notarization credentials
if [ -n "${AC_APIKEY_ID:-}" ]; then
echo "Setting up notarization credentials..."
echo "$AC_APIKEY_P8_BASE64" | base64 -D > /tmp/AuthKey.p8
echo "APPLE_API_KEY=/tmp/AuthKey.p8" >> "$GITHUB_ENV"
echo "APPLE_API_KEY_ID=$AC_APIKEY_ID" >> "$GITHUB_ENV"
echo "APPLE_API_ISSUER=$AC_APIKEY_ISSUER_ID" >> "$GITHUB_ENV"
echo "✅ Notarization credentials configured"
else
echo "⚠️ No notarization credentials - skipping notarization"
fi
Loading