kimi-code/.github/workflows/_native-build.yml
2026-05-22 15:54:50 +08:00

115 lines
3.7 KiB
YAML

name: _native-build
on:
workflow_call:
inputs:
upload-artifact-prefix:
description: 'Prefix for uploaded artifact name'
required: false
type: string
default: 'kimi-code-native'
retention-days:
description: 'Artifact retention in days'
required: false
type: number
default: 3
sign-macos:
description: 'Whether to sign + notarize macOS builds (requires Apple secrets)'
required: false
type: boolean
default: false
secrets:
APPLE_CERTIFICATE_P12:
required: false
APPLE_CERTIFICATE_PASSWORD:
required: false
APPLE_NOTARIZATION_KEY_P8:
required: false
APPLE_NOTARIZATION_KEY_ID:
required: false
APPLE_NOTARIZATION_ISSUER_ID:
required: false
permissions:
contents: read
jobs:
native-bundle:
name: Native bundle (${{ matrix.target }})
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
include:
- os: ubuntu-24.04
target: linux-x64
- os: ubuntu-24.04-arm
target: linux-arm64
- os: macos-15-intel
target: darwin-x64
- os: macos-15
target: darwin-arm64
- os: windows-2025-vs2026
target: win32-x64
- os: windows-11-arm
target: win32-arm64
steps:
- name: Checkout
uses: actions/checkout@v6
- name: Setup pnpm
uses: pnpm/action-setup@v6
- name: Setup Node.js
uses: actions/setup-node@v6
with:
node-version-file: .nvmrc
cache: 'pnpm'
- name: Install dependencies
run: pnpm install --frozen-lockfile
- name: Setup macOS keychain (release only)
if: runner.os == 'macOS' && inputs.sign-macos
uses: ./.github/actions/macos-keychain-setup
with:
certificate-p12: ${{ secrets.APPLE_CERTIFICATE_P12 }}
certificate-password: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
- name: Build native executable (release profile, macOS signed)
if: runner.os == 'macOS' && inputs.sign-macos
run: pnpm --filter @moonshot-ai/kimi-code run build:native:release
- name: Build native executable (local profile)
if: '!(runner.os == ''macOS'' && inputs.sign-macos)'
run: pnpm --filter @moonshot-ai/kimi-code run build:native:sea
- name: Notarize macOS binary
if: runner.os == 'macOS' && inputs.sign-macos
uses: ./.github/actions/macos-notarize
with:
binary-path: ${{ github.workspace }}/apps/kimi-code/dist-native/bin/${{ matrix.target }}/kimi
notarization-key-p8: ${{ secrets.APPLE_NOTARIZATION_KEY_P8 }}
notarization-key-id: ${{ secrets.APPLE_NOTARIZATION_KEY_ID }}
notarization-issuer-id: ${{ secrets.APPLE_NOTARIZATION_ISSUER_ID }}
- name: Cleanup macOS keychain
if: always() && runner.os == 'macOS' && inputs.sign-macos
uses: ./.github/actions/macos-keychain-cleanup
- name: Smoke test native executable
run: pnpm --filter @moonshot-ai/kimi-code run test:native:smoke
- name: Package native artifact
run: pnpm --filter @moonshot-ai/kimi-code run package:native
- name: Upload native artifact
uses: actions/upload-artifact@v7
with:
name: ${{ inputs.upload-artifact-prefix }}-${{ matrix.target }}
retention-days: ${{ inputs.retention-days }}
path: |
apps/kimi-code/dist-native/artifacts/kimi-code-${{ matrix.target }}.zip
apps/kimi-code/dist-native/artifacts/kimi-code-${{ matrix.target }}.zip.sha256
if-no-files-found: ignore