b8f4ed6102
The runtime-release matrix builds linux+darwin × amd64+arm64, but each job wrote its checksum to SHA256SUMS-<arch> (arch only). The linux/<arch> and darwin/<arch> jobs therefore emitted the same filename, which clobbered each other under the publish job's `merge-multiple: true` download. The merged SHA256SUMS ended up with only 2 of the 4 platforms, so consumers of the missing tarballs (notably xworkmate-bridge-linux-arm64.tar.gz) failed with "missing checksum" — breaking the console offline arm64 package build. Name the per-job file SHA256SUMS-<os>-<arch> so all four are unique and the merged SHA256SUMS lists every published tarball. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
110 lines
3.4 KiB
YAML
110 lines
3.4 KiB
YAML
name: Build XWorkmate Bridge Runtime Release
|
|
|
|
on:
|
|
push:
|
|
branches: [main, release/**]
|
|
paths:
|
|
- "**/*.go"
|
|
- go.mod
|
|
- go.sum
|
|
- .github/workflows/runtime-release.yml
|
|
workflow_dispatch:
|
|
|
|
permissions:
|
|
contents: write
|
|
|
|
concurrency:
|
|
group: xworkmate-bridge-runtime-release-${{ github.ref }}
|
|
cancel-in-progress: true
|
|
|
|
jobs:
|
|
build:
|
|
name: Build ${{ matrix.os }}-${{ matrix.arch }}
|
|
runs-on: ubuntu-latest
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
os: [linux, darwin]
|
|
arch: [amd64, arm64]
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- uses: actions/setup-go@v6
|
|
with:
|
|
go-version-file: go.mod
|
|
cache: true
|
|
|
|
- name: Test
|
|
run: go test ./...
|
|
|
|
- name: Build runtime asset
|
|
env:
|
|
TARGET_OS: ${{ matrix.os }}
|
|
TARGET_ARCH: ${{ matrix.arch }}
|
|
run: |
|
|
set -euo pipefail
|
|
root="dist/runtime/xworkmate-bridge"
|
|
mkdir -p "${root}/bin" dist/assets
|
|
CGO_ENABLED=0 GOOS="${TARGET_OS}" GOARCH="${TARGET_ARCH}" \
|
|
go build -buildvcs=false -trimpath \
|
|
-ldflags "-X main.buildCommit=${GITHUB_SHA}" \
|
|
-o "${root}/bin/xworkmate-go-core" .
|
|
cat > "${root}/manifest.json" <<JSON
|
|
{
|
|
"component": "xworkmate-bridge",
|
|
"commit": "${GITHUB_SHA}",
|
|
"os": "${TARGET_OS}",
|
|
"arch": "${TARGET_ARCH}",
|
|
"binary": "bin/xworkmate-go-core"
|
|
}
|
|
JSON
|
|
tar -czf "dist/assets/xworkmate-bridge-${TARGET_OS}-${TARGET_ARCH}.tar.gz" \
|
|
-C dist/runtime xworkmate-bridge
|
|
(
|
|
cd dist/assets
|
|
# Name the per-job checksum file by OS *and* ARCH. Keying on ARCH
|
|
# alone makes the linux/darwin jobs of the same arch both emit
|
|
# SHA256SUMS-<arch>, which then clobber each other under the
|
|
# publish job's merge-multiple download — leaving SHA256SUMS with
|
|
# only 2 of the 4 platforms and breaking arm64 (and darwin-amd64)
|
|
# consumers with "missing checksum".
|
|
sha256sum -- ./*.tar.gz | sed 's# \./# #' > "SHA256SUMS-${TARGET_OS}-${TARGET_ARCH}"
|
|
)
|
|
|
|
- uses: actions/upload-artifact@v4
|
|
with:
|
|
name: xworkmate-bridge-${{ matrix.os }}-${{ matrix.arch }}
|
|
path: |
|
|
dist/assets/*.tar.gz
|
|
dist/assets/SHA256SUMS-*
|
|
if-no-files-found: error
|
|
|
|
publish:
|
|
needs: build
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/download-artifact@v4
|
|
with:
|
|
pattern: xworkmate-bridge-*
|
|
path: dist
|
|
merge-multiple: true
|
|
|
|
- name: Publish assets
|
|
env:
|
|
GH_TOKEN: ${{ github.token }}
|
|
run: |
|
|
set -euo pipefail
|
|
tag="runtime-${GITHUB_SHA::12}"
|
|
cat dist/SHA256SUMS-* | sort -u > dist/SHA256SUMS
|
|
rm -f dist/SHA256SUMS-*
|
|
if gh release view "${tag}" --repo "${GITHUB_REPOSITORY}" >/dev/null 2>&1; then
|
|
gh release upload "${tag}" dist/*.tar.gz dist/SHA256SUMS \
|
|
--repo "${GITHUB_REPOSITORY}" --clobber
|
|
else
|
|
gh release create "${tag}" dist/*.tar.gz dist/SHA256SUMS \
|
|
--repo "${GITHUB_REPOSITORY}" \
|
|
--target "${GITHUB_SHA}" \
|
|
--title "XWorkmate Bridge runtime ${GITHUB_SHA::12}" \
|
|
--notes "Prebuilt bridge binaries. No target-host Go build is required."
|
|
fi
|