vrr/goose
2
0
Fork 0
mirror of https://github.com/block/goose.git synced 2026-04-28 11:39:43 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 28
goose/.github/workflows/bundle-desktop-intel.yml
Jack Amadeo 376e94e47a
chore(aaif): Switch macOS code signing (#8076)
2026-03-27 11:36:19 +00:00

195 lines
6.6 KiB
YAML
Raw Blame History

# This is a **reuseable** workflow that bundles the Desktop App for Intel macOS.
# It doesn't get triggered on its own. It gets used in multiple workflows:
# - release.yml
# - canary.yml
# - pr-comment-bundle-desktop.yml
on:
workflow_call:
inputs:
version:
description: 'Version to set for the build'
required: false
default: ""
type: string
signing:
description: 'Whether to perform signing and notarization'
required: false
default: false
type: boolean
quick_test:
description: 'Whether to perform the quick launch test'
required: false
default: true
type: boolean
ref:
type: string
required: false
default: ''
environment:
description: 'GitHub Environment containing signing secrets (e.g. "production"). Leave empty to skip.'
required: false
type: string
default: ''
name: Reusable workflow to bundle desktop app for Intel Mac
jobs:
bundle-desktop-intel:
runs-on: macos-latest
name: Bundle Desktop App on Intel macOS
environment: ${{ inputs.environment || '' }}
env:
MACOSX_DEPLOYMENT_TARGET: "12.0"
permissions:
id-token: write
contents: read
steps:
# Check initial disk space
- name: Check initial disk space
run: df -h
- name: Checkout code
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
with:
# Only pass ref if it's explicitly set, otherwise let checkout action use its default behavior
ref: ${{ inputs.ref != '' && inputs.ref || '' }}
# Update versions before build
- name: Update versions
if: ${{ inputs.version != '' }}
run: |
# Update version in Cargo.toml
sed -i.bak 's/^version = ".*"/version = "'${{ inputs.version }}'"/' Cargo.toml
rm -f Cargo.toml.bak
# Update version in package.json
source ./bin/activate-hermit
cd ui/desktop
npm pkg set "version=${{ inputs.version }}"
- name: Cache Rust dependencies
uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
with:
key: intel-macos-deployment-target-12
- name: Build goose-server for Intel macOS (x86_64)
run: |
source ./bin/activate-hermit
rustup target add x86_64-apple-darwin
cargo build --release -p goose-server --target x86_64-apple-darwin
# Post-build cleanup to free space
- name: Post-build cleanup
run: |
echo "Performing post-build cleanup..."
# Remove debug artifacts
rm -rf target/debug || true
rm -rf target/x86_64-apple-darwin/debug || true
# Keep only what's needed for the next steps
rm -rf target/x86_64-apple-darwin/release/deps || true
rm -rf target/x86_64-apple-darwin/release/build || true
rm -rf target/x86_64-apple-darwin/release/incremental || true
# Check disk space after cleanup
df -h
- name: Copy binaries into Electron folder
run: |
cp target/x86_64-apple-darwin/release/goosed ui/desktop/src/bin/goosed
- name: Cache pnpm dependencies
uses: actions/cache@8b402f58fbc84540c8b491a91e594a4576fec3d7 # v5.0.2
with:
path: |
ui/desktop/node_modules
.hermit/node/cache
key: intel-pnpm-cache-v1-${{ runner.os }}-${{ hashFiles('ui/pnpm-lock.yaml') }}
restore-keys: |
intel-pnpm-cache-v1-${{ runner.os }}-
- name: Install dependencies
run: source ../../bin/activate-hermit && pnpm install --frozen-lockfile
working-directory: ui/desktop
# Configure Electron builder for Intel architecture
- name: Configure for Intel build
run: |
# Set the architecture to x64 for Intel Mac build
jq '.build.mac.target[0].arch = "x64"' package.json > package.json.tmp && mv package.json.tmp package.json
working-directory: ui/desktop
- name: Import Apple signing certificate
if: ${{ inputs.signing }}
uses: ./.github/actions/apple-codesign
with:
certificate-base64: ${{ secrets.APPLE_CERTIFICATE_BASE64 }}
certificate-password: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
# Check disk space before bundling
- name: Check disk space before bundling
run: df -h
- name: Build App
env:
APPLE_ID: ${{ inputs.signing && secrets.APPLE_ID || '' }}
APPLE_ID_PASSWORD: ${{ inputs.signing && secrets.APPLE_ID_PASSWORD || '' }}
APPLE_TEAM_ID: ${{ inputs.signing && secrets.APPLE_TEAM_ID || '' }}
run: |
source ../../bin/activate-hermit
attempt=0
max_attempts=2
until [ $attempt -ge $max_attempts ]; do
pnpm run bundle:intel && break
attempt=$((attempt + 1))
echo "Attempt $attempt failed. Retrying..."
sleep 5
done
if [ $attempt -ge $max_attempts ]; then
echo "Action failed after $max_attempts attempts."
exit 1
fi
working-directory: ui/desktop
- name: Clean up signing keychain
if: always()
run: |
if [ -n "$KEYCHAIN_PATH" ] && [ -f "$KEYCHAIN_PATH" ]; then
security delete-keychain "$KEYCHAIN_PATH" || true
fi
- name: Final cleanup before artifact upload
run: |
echo "Performing final cleanup..."
# Remove build artifacts that are no longer needed
rm -rf target || true
# Check disk space after cleanup
df -h
- name: Upload Desktop artifact
uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
with:
name: Goose-darwin-x64
path: ui/desktop/out/Goose-darwin-x64/Goose_intel_mac.zip
- name: Quick launch test (macOS)
if: ${{ inputs.quick_test }}
run: |
# Ensure no quarantine attributes (if needed)
xattr -cr "ui/desktop/out/Goose-darwin-x64/Goose.app"
echo "Opening Goose.app..."
open -g "ui/desktop/out/Goose-darwin-x64/Goose.app"
# Give the app a few seconds to start and write logs
sleep 5
# Check if it's running
if pgrep -f "Goose.app/Contents/MacOS/Goose" > /dev/null; then
echo "App appears to be running."
else
echo "App did not stay open. Possible crash or startup error."
exit 1
fi
# Kill the app to clean up
pkill -f "Goose.app/Contents/MacOS/Goose"
Reference in a new issue View git blame Copy permalink