From 1758269c7dd4433161341177f7079e8999522dae Mon Sep 17 00:00:00 2001 From: Goni Zahavy Date: Mon, 16 Feb 2026 23:41:44 +0200 Subject: [PATCH 01/11] ci publish test --- .github/workflows/publish.yml | 261 ++-------------------------------- 1 file changed, 12 insertions(+), 249 deletions(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index a1b492258b73..51572ccaeddb 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -1,271 +1,34 @@ name: publish -run-name: "${{ format('release {0}', inputs.bump) }}" - on: - push: - branches: - - ci - - dev - - beta - - snapshot-* workflow_dispatch: - inputs: - bump: - description: "Bump major, minor, or patch" - required: false - type: choice - options: - - major - - minor - - patch - version: - description: "Override version (optional)" - required: false - type: string - -concurrency: ${{ github.workflow }}-${{ github.ref }}-${{ inputs.version || inputs.bump }} - -permissions: - id-token: write - contents: write - packages: write jobs: - version: - runs-on: blacksmith-4vcpu-ubuntu-2404 - if: github.repository == 'anomalyco/opencode' - steps: - - uses: actions/checkout@v3 - with: - fetch-depth: 0 - - - uses: ./.github/actions/setup-bun - - - name: Install OpenCode - if: inputs.bump || inputs.version - run: bun i -g opencode-ai - - - id: version - run: | - ./script/version.ts - env: - GH_TOKEN: ${{ github.token }} - OPENCODE_BUMP: ${{ inputs.bump }} - OPENCODE_VERSION: ${{ inputs.version }} - OPENCODE_API_KEY: ${{ secrets.OPENCODE_API_KEY }} - outputs: - version: ${{ steps.version.outputs.version }} - release: ${{ steps.version.outputs.release }} - tag: ${{ steps.version.outputs.tag }} - - build-cli: - needs: version - runs-on: blacksmith-4vcpu-ubuntu-2404 - if: github.repository == 'anomalyco/opencode' - steps: - - uses: actions/checkout@v3 - with: - fetch-tags: true - - - uses: ./.github/actions/setup-bun - - - name: Build - id: build - run: | - ./packages/opencode/script/build.ts - env: - OPENCODE_VERSION: ${{ needs.version.outputs.version }} - OPENCODE_RELEASE: ${{ needs.version.outputs.release }} - GH_TOKEN: ${{ github.token }} - - - uses: actions/upload-artifact@v4 - with: - name: opencode-cli - path: packages/opencode/dist - - outputs: - version: ${{ needs.version.outputs.version }} - build-tauri: - needs: - - build-cli - - version - continue-on-error: false - strategy: - fail-fast: false - matrix: - settings: - - host: macos-latest - target: x86_64-apple-darwin - - host: macos-latest - target: aarch64-apple-darwin - - host: blacksmith-4vcpu-windows-2025 - target: x86_64-pc-windows-msvc - - host: blacksmith-4vcpu-ubuntu-2404 - target: x86_64-unknown-linux-gnu - - host: blacksmith-8vcpu-ubuntu-2404-arm - target: aarch64-unknown-linux-gnu - runs-on: ${{ matrix.settings.host }} + runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 with: fetch-tags: true - - uses: apple-actions/import-codesign-certs@v2 - if: ${{ runner.os == 'macOS' }} - with: - keychain: build - p12-file-base64: ${{ secrets.APPLE_CERTIFICATE }} - p12-password: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }} - - - name: Verify Certificate - if: ${{ runner.os == 'macOS' }} - run: | - CERT_INFO=$(security find-identity -v -p codesigning build.keychain | grep "Developer ID Application") - CERT_ID=$(echo "$CERT_INFO" | awk -F'"' '{print $2}') - echo "CERT_ID=$CERT_ID" >> $GITHUB_ENV - echo "Certificate imported." - - - name: Setup Apple API Key - if: ${{ runner.os == 'macOS' }} - run: | - echo "${{ secrets.APPLE_API_KEY_PATH }}" > $RUNNER_TEMP/apple-api-key.p8 - - uses: ./.github/actions/setup-bun + # - name: Make apt cache writable + # run: | + # sudo mkdir -p /var/cache/apt/archives + # sudo chown -R runner:runner /var/cache/apt/archives + # sudo chmod -R u+rwX /var/cache/apt/archives + - name: Cache apt packages - if: contains(matrix.settings.host, 'ubuntu') - uses: actions/cache@v4 + uses: actions/cache@v5 with: - path: /var/cache/apt/archives + path: ~/.apt-cache key: ${{ runner.os }}-${{ matrix.settings.target }}-apt-${{ hashFiles('.github/workflows/publish.yml') }} restore-keys: | ${{ runner.os }}-${{ matrix.settings.target }}-apt- - name: install dependencies (ubuntu only) - if: contains(matrix.settings.host, 'ubuntu') - run: | - sudo apt-get update - sudo apt-get install -y libwebkit2gtk-4.1-dev libappindicator3-dev librsvg2-dev patchelf - - - name: install Rust stable - uses: dtolnay/rust-toolchain@stable - with: - targets: ${{ matrix.settings.target }} - - - uses: Swatinem/rust-cache@v2 - with: - workspaces: packages/desktop/src-tauri - shared-key: ${{ matrix.settings.target }} - - - name: Prepare - run: | - cd packages/desktop - bun ./scripts/prepare.ts - env: - OPENCODE_VERSION: ${{ needs.version.outputs.version }} - GITHUB_TOKEN: ${{ steps.committer.outputs.token }} - RUST_TARGET: ${{ matrix.settings.target }} - GH_TOKEN: ${{ github.token }} - GITHUB_RUN_ID: ${{ github.run_id }} - - # Fixes AppImage build issues, can be removed when https://github.com/tauri-apps/tauri/pull/12491 is released - - name: Install tauri-cli from portable appimage branch - if: contains(matrix.settings.host, 'ubuntu') - run: | - cargo install tauri-cli --git https://github.com/tauri-apps/tauri --branch feat/truly-portable-appimage --force - echo "Installed tauri-cli version:" - cargo tauri --version - - - name: Build and upload artifacts - uses: tauri-apps/tauri-action@390cbe447412ced1303d35abe75287949e43437a - timeout-minutes: 60 - with: - projectPath: packages/desktop - uploadWorkflowArtifacts: true - tauriScript: ${{ (contains(matrix.settings.host, 'ubuntu') && 'cargo tauri') || '' }} - args: --target ${{ matrix.settings.target }} --config ./src-tauri/tauri.prod.conf.json --verbose - updaterJsonPreferNsis: true - releaseId: ${{ needs.version.outputs.release }} - tagName: ${{ needs.version.outputs.tag }} - releaseDraft: true - releaseAssetNamePattern: opencode-desktop-[platform]-[arch][ext] - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - TAURI_BUNDLER_NEW_APPIMAGE_FORMAT: true - TAURI_SIGNING_PRIVATE_KEY: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY }} - TAURI_SIGNING_PRIVATE_KEY_PASSWORD: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY_PASSWORD }} - APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }} - APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }} - APPLE_SIGNING_IDENTITY: ${{ env.CERT_ID }} - APPLE_API_ISSUER: ${{ secrets.APPLE_API_ISSUER }} - APPLE_API_KEY: ${{ secrets.APPLE_API_KEY }} - APPLE_API_KEY_PATH: ${{ runner.temp }}/apple-api-key.p8 - - publish: - needs: - - version - - build-cli - - build-tauri - runs-on: blacksmith-4vcpu-ubuntu-2404 - steps: - - uses: actions/checkout@v3 - - - uses: ./.github/actions/setup-bun - - - name: Login to GitHub Container Registry - uses: docker/login-action@v3 - with: - registry: ghcr.io - username: ${{ github.repository_owner }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Set up QEMU - uses: docker/setup-qemu-action@v3 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - - uses: actions/setup-node@v4 - with: - node-version: "24" - registry-url: "https://registry.npmjs.org" - - - name: Setup git committer - id: committer - uses: ./.github/actions/setup-git-committer - with: - opencode-app-id: ${{ vars.OPENCODE_APP_ID }} - opencode-app-secret: ${{ secrets.OPENCODE_APP_SECRET }} - - - uses: actions/download-artifact@v4 - with: - name: opencode-cli - path: packages/opencode/dist - - - name: Cache apt packages (AUR) - uses: actions/cache@v4 - with: - path: /var/cache/apt/archives - key: ${{ runner.os }}-apt-aur-${{ hashFiles('.github/workflows/publish.yml') }} - restore-keys: | - ${{ runner.os }}-apt-aur- - - - name: Setup SSH for AUR run: | sudo apt-get update - sudo apt-get install -y pacman-package-manager - mkdir -p ~/.ssh - echo "${{ secrets.AUR_KEY }}" > ~/.ssh/id_rsa - chmod 600 ~/.ssh/id_rsa - git config --global user.email "opencode@sst.dev" - git config --global user.name "opencode" - ssh-keyscan -H aur.archlinux.org >> ~/.ssh/known_hosts || true - - - run: ./script/publish.ts - env: - OPENCODE_VERSION: ${{ needs.version.outputs.version }} - OPENCODE_RELEASE: ${{ needs.version.outputs.release }} - AUR_KEY: ${{ secrets.AUR_KEY }} - GITHUB_TOKEN: ${{ steps.committer.outputs.token }} - NPM_CONFIG_PROVENANCE: false + sudo apt-get install -y --no-install-recommends \ + -o dir::cache::archives="$HOME/.apt-cache" \ + libwebkit2gtk-4.1-dev libappindicator3-dev librsvg2-dev patchelf From b5d3d02ac572023248f56a355543d43e48751c95 Mon Sep 17 00:00:00 2001 From: Goni Zahavy Date: Mon, 16 Feb 2026 23:42:58 +0200 Subject: [PATCH 02/11] Remove setup-bun action from publish.yml Removed setup-bun action from the workflow steps. --- .github/workflows/publish.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 51572ccaeddb..df8543f1215f 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -9,9 +9,7 @@ jobs: - uses: actions/checkout@v3 with: fetch-tags: true - - - uses: ./.github/actions/setup-bun - + # - name: Make apt cache writable # run: | # sudo mkdir -p /var/cache/apt/archives From ba29639e09093bb2fcfbe5b2464d108293721b3c Mon Sep 17 00:00:00 2001 From: Goni Zahavy Date: Mon, 16 Feb 2026 23:47:46 +0200 Subject: [PATCH 03/11] Fix apt-cache directory creation in publish.yml Update the installation command to create the apt-cache directory. --- .github/workflows/publish.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index df8543f1215f..9d3f7cb39fc2 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -26,7 +26,7 @@ jobs: - name: install dependencies (ubuntu only) run: | + mkdir -p ~/.apt-cache sudo apt-get update - sudo apt-get install -y --no-install-recommends \ - -o dir::cache::archives="$HOME/.apt-cache" \ + sudo apt-get install -y --no-install-recommends -o dir::cache::archives="$HOME/.apt-cache" \ libwebkit2gtk-4.1-dev libappindicator3-dev librsvg2-dev patchelf From 7bc7eeb8e3eddfceac6f30746534066336511625 Mon Sep 17 00:00:00 2001 From: Goni Zahavy Date: Mon, 16 Feb 2026 23:51:46 +0200 Subject: [PATCH 04/11] Fix cache directory and permissions in publish.yml Update cache path and permissions for apt packages. --- .github/workflows/publish.yml | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 9d3f7cb39fc2..d8b65973612a 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -19,14 +19,13 @@ jobs: - name: Cache apt packages uses: actions/cache@v5 with: - path: ~/.apt-cache + path: ~/apt-cache key: ${{ runner.os }}-${{ matrix.settings.target }}-apt-${{ hashFiles('.github/workflows/publish.yml') }} restore-keys: | ${{ runner.os }}-${{ matrix.settings.target }}-apt- - name: install dependencies (ubuntu only) run: | - mkdir -p ~/.apt-cache + mkdir -p ~/apt-cache && chmod a+rw ~/apt-cache sudo apt-get update - sudo apt-get install -y --no-install-recommends -o dir::cache::archives="$HOME/.apt-cache" \ - libwebkit2gtk-4.1-dev libappindicator3-dev librsvg2-dev patchelf + sudo apt-get install -y --no-install-recommends -o dir::cache::archives="$HOME/.apt-cache" libwebkit2gtk-4.1-dev libappindicator3-dev librsvg2-dev patchelf From 73078f7e33b35f8ef7c9c5952850035032eb38ba Mon Sep 17 00:00:00 2001 From: Goni Zahavy Date: Mon, 16 Feb 2026 23:52:51 +0200 Subject: [PATCH 05/11] Correct apt-cache directory path in publish.yml Fix path for apt-cache directory in publish workflow. --- .github/workflows/publish.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index d8b65973612a..2c92886b6d50 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -28,4 +28,4 @@ jobs: run: | mkdir -p ~/apt-cache && chmod a+rw ~/apt-cache sudo apt-get update - sudo apt-get install -y --no-install-recommends -o dir::cache::archives="$HOME/.apt-cache" libwebkit2gtk-4.1-dev libappindicator3-dev librsvg2-dev patchelf + sudo apt-get install -y --no-install-recommends -o dir::cache::archives="$HOME/apt-cache" libwebkit2gtk-4.1-dev libappindicator3-dev librsvg2-dev patchelf From ae3640d028fd5482afe234f52ad418652d007b7f Mon Sep 17 00:00:00 2001 From: Goni Zahavy Date: Mon, 16 Feb 2026 23:55:20 +0200 Subject: [PATCH 06/11] Update publish.yml --- .github/workflows/publish.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 2c92886b6d50..724c9390421c 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -1,5 +1,8 @@ name: publish on: + push: + branches: + - dev workflow_dispatch: jobs: @@ -26,6 +29,7 @@ jobs: - name: install dependencies (ubuntu only) run: | - mkdir -p ~/apt-cache && chmod a+rw ~/apt-cache + mkdir -p ~/apt-cache && chmod -R a+rw ~/apt-cache sudo apt-get update sudo apt-get install -y --no-install-recommends -o dir::cache::archives="$HOME/apt-cache" libwebkit2gtk-4.1-dev libappindicator3-dev librsvg2-dev patchelf + sudo chmod -R a+rw ~/apt-cache From 7e09727715e8596be6cf650c25ee8b408ae5bd05 Mon Sep 17 00:00:00 2001 From: Goni Zahavy Date: Mon, 16 Feb 2026 23:59:15 +0200 Subject: [PATCH 07/11] Update publish.yml --- .github/workflows/publish.yml | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 724c9390421c..d41baeadb512 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -33,3 +33,15 @@ jobs: sudo apt-get update sudo apt-get install -y --no-install-recommends -o dir::cache::archives="$HOME/apt-cache" libwebkit2gtk-4.1-dev libappindicator3-dev librsvg2-dev patchelf sudo chmod -R a+rw ~/apt-cache + + - uses: Swatinem/rust-cache@v2 + with: + workspaces: packages/desktop/src-tauri + shared-key: ${{ matrix.settings.target }} + + # Fixes AppImage build issues, can be removed when https://github.com/tauri-apps/tauri/pull/12491 is released + - name: Install tauri-cli from portable appimage branch + run: | + cargo install tauri-cli --git https://github.com/tauri-apps/tauri --branch feat/truly-portable-appimage --force + echo "Installed tauri-cli version:" + cargo tauri --version From 219a72f26c96ce9e4ae71377d3a1ccb0042ae3f1 Mon Sep 17 00:00:00 2001 From: Goni Zahavy Date: Tue, 17 Feb 2026 00:05:57 +0200 Subject: [PATCH 08/11] Add caching for all Rust crates in publish.yml Enable caching for all Rust crates in the workflow. --- .github/workflows/publish.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index d41baeadb512..e0736b54da75 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -38,6 +38,7 @@ jobs: with: workspaces: packages/desktop/src-tauri shared-key: ${{ matrix.settings.target }} + cache-all-crates: true # Fixes AppImage build issues, can be removed when https://github.com/tauri-apps/tauri/pull/12491 is released - name: Install tauri-cli from portable appimage branch From d0baf66fce8ff71060c2cfb896811e136e67a611 Mon Sep 17 00:00:00 2001 From: Goni Zahavy Date: Tue, 17 Feb 2026 00:46:23 +0200 Subject: [PATCH 09/11] Update publish.yml --- .github/workflows/publish.yml | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index e0736b54da75..cf8da111b726 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -13,12 +13,6 @@ jobs: with: fetch-tags: true - # - name: Make apt cache writable - # run: | - # sudo mkdir -p /var/cache/apt/archives - # sudo chown -R runner:runner /var/cache/apt/archives - # sudo chmod -R u+rwX /var/cache/apt/archives - - name: Cache apt packages uses: actions/cache@v5 with: @@ -38,11 +32,17 @@ jobs: with: workspaces: packages/desktop/src-tauri shared-key: ${{ matrix.settings.target }} - cache-all-crates: true - - # Fixes AppImage build issues, can be removed when https://github.com/tauri-apps/tauri/pull/12491 is released - - name: Install tauri-cli from portable appimage branch - run: | - cargo install tauri-cli --git https://github.com/tauri-apps/tauri --branch feat/truly-portable-appimage --force - echo "Installed tauri-cli version:" - cargo tauri --version + + # Cache *cargo install* itself (separate concern) + - uses: taiki-e/cache-cargo-install-action@v3 + with: + tool: tauri-cli + git: https://github.com/tauri-apps/tauri + # BEST: pin a commit for stable caching & reproducibility + # rev: + # If you must follow the branch: + tag: feat/truly-portable-appimage + + - name: Show tauri-cli version + run: cargo tauri --version + \ No newline at end of file From c1230fba3666ac1ff25ff269dec7f2f264184c9f Mon Sep 17 00:00:00 2001 From: Goni Zahavy Date: Tue, 17 Feb 2026 00:49:26 +0200 Subject: [PATCH 10/11] Update publish.yml --- .github/workflows/publish.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index cf8da111b726..9a32a6288b15 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -41,7 +41,7 @@ jobs: # BEST: pin a commit for stable caching & reproducibility # rev: # If you must follow the branch: - tag: feat/truly-portable-appimage + rev: feat/truly-portable-appimage - name: Show tauri-cli version run: cargo tauri --version From e3ecd7984d26054610b465bfcd57b3bf84bf49b3 Mon Sep 17 00:00:00 2001 From: Goni Zahavy Date: Tue, 17 Feb 2026 00:54:04 +0200 Subject: [PATCH 11/11] Update publish.yml --- .github/workflows/publish.yml | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 9a32a6288b15..699a27008e9f 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -38,10 +38,8 @@ jobs: with: tool: tauri-cli git: https://github.com/tauri-apps/tauri - # BEST: pin a commit for stable caching & reproducibility - # rev: - # If you must follow the branch: - rev: feat/truly-portable-appimage + # branch: feat/truly-portable-appimage + rev: b5573c1db2bb6118594b586a6aa51aeb37aa7d84 - name: Show tauri-cli version run: cargo tauri --version