Chore: better published unsigned artifacts#22649
Conversation
| "codex-command-runner": { | ||
| "platforms": { | ||
| "windows-x86_64": { | ||
| "regex": "^codex-command-runner-x86_64-pc-windows-msvc\\.exe\\.zst$", | ||
| "path": "codex-command-runner.exe" | ||
| }, | ||
| "windows-aarch64": { | ||
| "regex": "^codex-command-runner-aarch64-pc-windows-msvc\\.exe\\.zst$", | ||
| "path": "codex-command-runner.exe" | ||
| } | ||
| } | ||
| }, | ||
| "codex-windows-sandbox-setup": { | ||
| "platforms": { | ||
| "windows-x86_64": { | ||
| "regex": "^codex-windows-sandbox-setup-x86_64-pc-windows-msvc\\.exe\\.zst$", | ||
| "path": "codex-windows-sandbox-setup.exe" | ||
| }, | ||
| "windows-aarch64": { | ||
| "regex": "^codex-windows-sandbox-setup-aarch64-pc-windows-msvc\\.exe\\.zst$", | ||
| "path": "codex-windows-sandbox-setup.exe" | ||
| } | ||
| } | ||
| } |
There was a problem hiding this comment.
This is in addition to what was previously planned to account for window related artifacts.
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 009e2676ab
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| ! -name 'aarch64-unknown-linux-musl' \ | ||
| ! -name 'x86_64-unknown-linux-musl' \ |
There was a problem hiding this comment.
When workflow_dispatch runs with sign_macos=false, this filter keeps only the primary Linux artifact directories, but the app-server Linux binaries are uploaded under x86_64-unknown-linux-musl-app-server and aarch64-unknown-linux-musl-app-server (see the build matrix artifact names). The new unsigned DotSlash config still requires codex-app-server-*-unknown-linux-musl.zst, so the subsequent unsigned dotslash-publish-release step will not find matching Linux app-server release assets after these directories are deleted.
Useful? React with 👍 / 👎.
|
@codex review |
|
Codex Review: Didn't find any major issues. Breezy! ℹ️ About Codex in GitHubYour team has set up Codex to review pull requests in this repo. Reviews are triggered when you
If Codex has suggestions, it will comment; otherwise it will react with 👍. Codex can also answer questions or update the PR. Try commenting "@codex address that feedback". |
| - name: List | ||
| run: ls -R dist/ | ||
|
|
||
| - name: Keep only unsigned macOS artifacts |
There was a problem hiding this comment.
| - name: Keep only unsigned macOS artifacts | |
| - name: Prune artifacts excluded from unsigned macOS release |
| } | ||
| } | ||
| }, | ||
| "codex-command-runner": { |
There was a problem hiding this comment.
Can you also add:
"bwrap": {
"platforms": {
"linux-x86_64": {
"regex": "^bwrap-x86_64-unknown-linux-musl\\.zst$",
"path": "bwrap"
},
"linux-aarch64": {
"regex": "^bwrap-aarch64-unknown-linux-musl\\.zst$",
"path": "bwrap"
}
}
},to match dotslash-config.json?
2 participants
This is the exact same change as @bolinfest made but he could not push because of github action change permission.
Why
The
rust-releaseworkflow can now be run manually withsign_macos=falseto skip macOS signing, but that path previously stopped before creating a GitHub Release. That left the unsigned macOS binaries available only as workflow-run artifacts, which are awkward to fetch from automation and cannot be retrieved with a simple unauthenticatedcurl.For the unsigned path we still should not perform the normal release side effects: no npm or Python publishing, no WinGet publishing, no
latest-alpha-clibranch update, and no promotion to GitHub's latest release. The goal is only to make the build outputs easy to fetch from the release page.What changed
releasejob in.github/workflows/rust-release.ymlto run forworkflow_dispatchruns withsign_macos=false.make_latest: false.latest-alpha-cliupdate.github/dotslash-unsigned-config.json, which publishes*-unsignedDotSlash files that use unsigned macOS artifacts and the normal Linux/Windows artifacts.What I added
PLEASE READ THIS!!!
I added
codex-command-runnerandcodex-windows-sandbox-setupentries to.github/dotslash-unsigned-config.jsonso that withsign_macos=falsewe would still get the dotslash files for those artifacts which are necessary for windows builds.