vrr/codeburn
2
0
Fork 0
mirror of https://github.com/AgentSeal/codeburn.git synced 2026-04-28 06:59:37 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
codeburn/.github/workflows/release-menubar.yml
Resham Joshi 495a254338 feat(mac): native Swift menubar app + one-command install 
Introduces mac/ with a native SwiftUI menubar app that replaces the
previous SwiftBar plugin entirely. Install via `npx codeburn menubar`,
which downloads the .app from GitHub Releases, strips Gatekeeper
quarantine, and drops it into ~/Applications.

Highlights

- mac/ SwiftUI app: agent tabs, Today/7/30/Month/All period switcher,
  Trend/Forecast/Pulse/Stats/Plan insights, activity + model
  breakdowns, optimize findings, CSV/JSON export, Star-on-GitHub
  banner, live 60s refresh, instant currency switching with offline FX
  cache.
- Security: CodeburnCLI argv-based spawn (no shell interpretation),
  SafeFile symlink guards + O_NOFOLLOW writes, FX rate clamping to
  [0.0001, 1_000_000], keychain filtered to account == "default",
  removed byte-window credential log, in-flight refresh guard, POSIX
  flock on config.json writes, TerminalLauncher validates argv before
  AppleScript interpolation.
- Performance: shared static NumberFormatter (thousands of allocations
  per popover redraw eliminated), concurrent pipe drain with 20 MB cap
  + 60s timeout in DataClient, Observation-tracked reactive UI, 5-min
  payload cache keyed on (period, provider).
- CLI: new `codeburn menubar` subcommand that downloads + installs +
  launches the .app (no clone, no build). New `status --format
  menubar-json` payload builder. `export` rewritten to produce a
  folder of one-table-per-file CSVs with a `.codeburn-export` marker
  so arbitrary -o paths cannot be silently deleted.
- Removed: src/menubar.ts (SwiftBar plugin generator),
  install-menubar / uninstall-menubar subcommands, `status --format
  menubar` directive output, tests/menubar.test.ts,
  tests/security/menubar-injection.test.ts.
- Release: .github/workflows/release-menubar.yml builds universal
  binary, assembles .app, ad-hoc signs, zips, uploads on mac-v* tag
  push. Runs on the free macos-latest runner.

Tests

- 230 TypeScript tests pass
- 10 Swift CapacityEstimator tests pass
- TypeScript typecheck clean
- Swift release build clean
2026-04-17 16:55:56 -07:00

70 lines
2.4 KiB
YAML
Raw Blame History

name: Release macOS Menubar
# Triggers on a `mac-v*` tag push (e.g. `git tag mac-v0.8.0 && git push origin mac-v0.8.0`),
# or manually via the Actions tab. Runs entirely on the free macos-latest runner -- no Apple
# Developer Program membership, no signing certificates, no secrets required. The bundle ships
# ad-hoc signed; `npx codeburn menubar` strips the download quarantine flag on install so
# Gatekeeper stays quiet.
on:
push:
tags:
- 'mac-v*'
workflow_dispatch:
inputs:
version:
description: 'Version label for the bundle (e.g. v0.8.0 or dev-preview)'
required: true
default: 'dev-preview'
permissions:
contents: write # Needed to create the release + upload assets.
jobs:
build:
runs-on: macos-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Resolve version label
id: version
run: |
if [[ "${GITHUB_REF}" == refs/tags/mac-v* ]]; then
echo "value=${GITHUB_REF#refs/tags/mac-}" >> "$GITHUB_OUTPUT"
else
echo "value=${{ github.event.inputs.version }}" >> "$GITHUB_OUTPUT"
fi
- name: Show Swift toolchain
run: swift --version
- name: Build + bundle + zip
run: mac/Scripts/package-app.sh "${{ steps.version.outputs.value }}"
- name: Upload artifact (for manual runs)
if: github.event_name == 'workflow_dispatch'
uses: actions/upload-artifact@v4
with:
name: CodeBurnMenubar-${{ steps.version.outputs.value }}
path: mac/.build/dist/CodeBurnMenubar-*.zip
if-no-files-found: error
- name: Create / update GitHub Release
if: startsWith(github.ref, 'refs/tags/mac-v')
uses: softprops/action-gh-release@v2
with:
tag_name: ${{ github.ref_name }}
name: Menubar ${{ steps.version.outputs.value }}
body: |
Install with:
```
npx codeburn menubar
```
Unsigned build. The installer clears Gatekeeper quarantine on download, so the
app launches without warnings. Direct-download users from this page may see
"cannot verify developer" -- right-click → Open once to dismiss it, or use the
npx command above.
files: mac/.build/dist/CodeBurnMenubar-*.zip
fail_on_unmatched_files: true
Reference in a new issue View git blame Copy permalink