release #2345

Workflow file for this run

.github/workflows/publish.yml at fe3144c

	name: publish
	run-name: "${{ format('release {0}', inputs.bump) }}"

	on:
	push:
	branches:
	- dev
	- snapshot-*
	workflow_dispatch:
	inputs:
	bump:
	description: "Bump major, minor, or patch"
	required: false
	type: choice
	options:
	- major
	- minor
	- patch
	version:
	description: "Override version (optional)"
	required: false
	type: string

	concurrency: ${{ github.workflow }}-${{ github.ref }}-${{ inputs.version \|\| inputs.bump }}

	permissions:
	id-token: write
	contents: write
	packages: write

	jobs:
	publish:
	runs-on: blacksmith-4vcpu-ubuntu-2404
	if: github.repository == 'sst/opencode'
	steps:
	- uses: actions/checkout@v3
	with:
	fetch-depth: 0

	- run: git fetch --force --tags

	- uses: ./.github/actions/setup-bun

	- name: Install OpenCode
	if: inputs.bump \|\| inputs.version
	run: bun i -g opencode-ai@1.0.169

	- name: Login to GitHub Container Registry
	uses: docker/login-action@v3
	with:
	registry: ghcr.io
	username: ${{ github.repository_owner }}
	password: ${{ secrets.GITHUB_TOKEN }}

	- name: Set up QEMU
	uses: docker/setup-qemu-action@v3

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3

	- uses: actions/setup-node@v4
	with:
	node-version: "24"
	registry-url: "https://registry.npmjs.org"

	- name: Setup Git Identity
	run: \|
	git config --global user.email "opencode@sst.dev"
	git config --global user.name "opencode"
	git remote set-url origin https://x-access-token:${{ secrets.SST_GITHUB_TOKEN }}@github.com/${{ github.repository }}

	- name: Publish
	id: publish
	run: ./script/publish-start.ts
	env:
	OPENCODE_BUMP: ${{ inputs.bump }}
	OPENCODE_VERSION: ${{ inputs.version }}
	OPENCODE_API_KEY: ${{ secrets.OPENCODE_API_KEY }}
	AUR_KEY: ${{ secrets.AUR_KEY }}
	GITHUB_TOKEN: ${{ secrets.SST_GITHUB_TOKEN }}
	NPM_CONFIG_PROVENANCE: false

	- uses: actions/upload-artifact@v4
	with:
	name: opencode-cli
	path: packages/opencode/dist

	outputs:
	release: ${{ steps.publish.outputs.release }}
	tag: ${{ steps.publish.outputs.tag }}
	version: ${{ steps.publish.outputs.version }}

	publish-tauri:
	needs: publish
	continue-on-error: true
	strategy:
	fail-fast: false
	matrix:
	settings:
	- host: macos-latest
	target: x86_64-apple-darwin
	- host: macos-latest
	target: aarch64-apple-darwin
	- host: blacksmith-4vcpu-windows-2025
	target: x86_64-pc-windows-msvc
	- host: blacksmith-4vcpu-ubuntu-2404
	target: x86_64-unknown-linux-gnu
	- host: blacksmith-4vcpu-ubuntu-2404-arm
	target: aarch64-unknown-linux-gnu
	runs-on: ${{ matrix.settings.host }}
	steps:
	- uses: actions/checkout@v3
	with:
	fetch-depth: 0
	ref: ${{ needs.publish.outputs.tag }}

	- uses: apple-actions/import-codesign-certs@v2
	if: ${{ runner.os == 'macOS' }}
	with:
	keychain: build
	p12-file-base64: ${{ secrets.APPLE_CERTIFICATE }}
	p12-password: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}

	- name: Verify Certificate
	if: ${{ runner.os == 'macOS' }}
	run: \|
	CERT_INFO=$(security find-identity -v -p codesigning build.keychain \| grep "Developer ID Application")
	CERT_ID=$(echo "$CERT_INFO" \| awk -F'"' '{print $2}')
	echo "CERT_ID=$CERT_ID" >> $GITHUB_ENV
	echo "Certificate imported."

	- name: Setup Apple API Key
	if: ${{ runner.os == 'macOS' }}
	run: \|
	echo "${{ secrets.APPLE_API_KEY_PATH }}" > $RUNNER_TEMP/apple-api-key.p8

	- run: git fetch --force --tags

	- uses: ./.github/actions/setup-bun

	- name: install dependencies (ubuntu only)
	if: contains(matrix.settings.host, 'ubuntu')
	run: \|
	sudo apt-get update
	sudo apt-get install -y libwebkit2gtk-4.1-dev libappindicator3-dev librsvg2-dev patchelf

	- name: install Rust stable
	uses: dtolnay/rust-toolchain@stable
	with:
	targets: ${{ matrix.settings.target }}

	- uses: Swatinem/rust-cache@v2
	with:
	workspaces: packages/tauri/src-tauri
	shared-key: ${{ matrix.settings.target }}

	- name: Prepare
	run: \|
	cd packages/tauri
	bun ./scripts/prepare.ts
	env:
	OPENCODE_VERSION: ${{ needs.publish.outputs.version }}
	NPM_CONFIG_TOKEN: ${{ secrets.NPM_TOKEN }}
	GITHUB_TOKEN: ${{ secrets.SST_GITHUB_TOKEN }}
	AUR_KEY: ${{ secrets.AUR_KEY }}
	OPENCODE_API_KEY: ${{ secrets.OPENCODE_API_KEY }}
	RUST_TARGET: ${{ matrix.settings.target }}
	GH_TOKEN: ${{ github.token }}
	GITHUB_RUN_ID: ${{ github.run_id }}

	# Fixes AppImage build issues, can be removed when https://github.com/tauri-apps/tauri/pull/12491 is released
	- name: Install tauri-cli from portable appimage branch
	if: contains(matrix.settings.host, 'ubuntu')
	run: \|
	cargo install tauri-cli --git https://github.com/tauri-apps/tauri --branch feat/truly-portable-appimage --force
	echo "Installed tauri-cli version:"
	cargo tauri --version

	- name: Build and upload artifacts
	timeout-minutes: 20
	uses: tauri-apps/tauri-action@390cbe447412ced1303d35abe75287949e43437a
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	TAURI_BUNDLER_NEW_APPIMAGE_FORMAT: true
	TAURI_SIGNING_PRIVATE_KEY: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY }}
	TAURI_SIGNING_PRIVATE_KEY_PASSWORD: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY_PASSWORD }}
	APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }}
	APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
	APPLE_SIGNING_IDENTITY: ${{ env.CERT_ID }}
	APPLE_API_ISSUER: ${{ secrets.APPLE_API_ISSUER }}
	APPLE_API_KEY: ${{ secrets.APPLE_API_KEY }}
	APPLE_API_KEY_PATH: ${{ runner.temp }}/apple-api-key.p8
	with:
	projectPath: packages/tauri
	uploadWorkflowArtifacts: true
	tauriScript: ${{ (contains(matrix.settings.host, 'ubuntu') && 'cargo tauri') \|\| '' }}
	args: --target ${{ matrix.settings.target }} --config ./src-tauri/tauri.prod.conf.json --verbose
	updaterJsonPreferNsis: true
	releaseId: ${{ needs.publish.outputs.release }}
	tagName: ${{ needs.publish.outputs.tag }}
	releaseAssetNamePattern: opencode-desktop-[platform]-[arch][ext]
	releaseDraft: true

	publish-release:
	needs:
	- publish
	- publish-tauri
	if: needs.publish.outputs.tag
	runs-on: blacksmith-4vcpu-ubuntu-2404
	steps:
	- uses: actions/checkout@v3
	with:
	fetch-depth: 0
	ref: ${{ needs.publish.outputs.tag }}

	- uses: ./.github/actions/setup-bun

	- name: Setup SSH for AUR
	run: \|
	sudo apt-get update
	sudo apt-get install -y pacman-package-manager
	mkdir -p ~/.ssh
	echo "${{ secrets.AUR_KEY }}" > ~/.ssh/id_rsa
	chmod 600 ~/.ssh/id_rsa
	git config --global user.email "opencode@sst.dev"
	git config --global user.name "opencode"
	ssh-keyscan -H aur.archlinux.org >> ~/.ssh/known_hosts \|\| true

	- run: ./script/publish-complete.ts
	env:
	OPENCODE_VERSION: ${{ needs.publish.outputs.version }}
	AUR_KEY: ${{ secrets.AUR_KEY }}
	GITHUB_TOKEN: ${{ secrets.SST_GITHUB_TOKEN }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

release #2345

Workflow file

release #2345

Uh oh!

Workflow file for this run