feat: sync fork improvements including proxy hardening and OpenCode integration

.github/workflows/release.yml

@@ -4,9 +4,50 @@ on:
     tags:
       - "v*"
   workflow_dispatch:
+    inputs:
+      version:
+        description: "Version to release (e.g., 5.1.0)"
+        required: false
+        type: string
+
+permissions:
+  contents: write
+
+env:
+  # Extract version from tag or input
+  VERSION: ${{ github.event.inputs.version || github.ref_name }}
 
 jobs:
-  build-tauri:
+  # Sync version before build (only on workflow_dispatch with version input)
+  prepare:
+    runs-on: ubuntu-latest
+    if: github.event.inputs.version != ''
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: 20
+
+      - name: Sync version across all files
+        run: node scripts/sync-version.js set ${{ github.event.inputs.version }}
+
+      - name: Commit and tag
+        run: |
+          git config user.name "github-actions[bot]"
+          git config user.email "github-actions[bot]@users.noreply.github.com"
+          git add -A
+          git diff --staged --quiet || git commit -m "chore: bump version to ${{ github.event.inputs.version }}"
+          git tag -a "v${{ github.event.inputs.version }}" -m "Release v${{ github.event.inputs.version }}"
+          git push origin HEAD --tags
+
+  release:
+    needs: [prepare]
+    if: always() && (needs.prepare.result == 'success' || needs.prepare.result == 'skipped')
     permissions:
       contents: write
     strategy:
@@ -27,9 +68,12 @@ jobs:
             args: ""
 
     runs-on: ${{ matrix.platform }}
+
     steps:
       - name: Checkout repository
         uses: actions/checkout@v4
+        with:
+          ref: ${{ github.event.inputs.version && format('v{0}', github.event.inputs.version) || github.ref }}
 
       - name: Install dependencies (Linux)
         if: startsWith(matrix.platform, 'ubuntu')
@@ -53,232 +97,29 @@ jobs:
         run: npm install
 
       - name: Build the app
+        uses: tauri-apps/tauri-action@v0
         env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           TAURI_SIGNING_PRIVATE_KEY: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY }}
           TAURI_SIGNING_PRIVATE_KEY_PASSWORD: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY_PASSWORD }}
-        run: npm run tauri build -- ${{ matrix.args }}
-
-      # 3. 处理 macOS 架构重命名冲突 (解决 422 Already Exists)
-      - name: Rename macOS assets for architecture
-        if: matrix.platform == 'macos-latest'
-        run: |
-          # 识别架构
-          if [[ "${{ matrix.args }}" == *"--target aarch64-apple-darwin"* ]]; then
-            ARCH="aarch64"
-          elif [[ "${{ matrix.args }}" == *"--target x86_64-apple-darwin"* ]]; then
-            ARCH="x64"
-          elif [[ "${{ matrix.args }}" == *"--target universal-apple-darwin"* ]]; then
-            ARCH="universal"
-          else
-            ARCH="unknown"
-          fi
-
-          echo "Detected architecture: $ARCH"
-
-          # 进入产物目录
-          cd src-tauri/target/*/release/bundle/macos/
-
-          # 重命名 .app.tar.gz 和 .sig
-          if [ -f "Antigravity Tools.app.tar.gz" ]; then
-            mv "Antigravity Tools.app.tar.gz" "Antigravity Tools_${ARCH}.app.tar.gz"
-            mv "Antigravity Tools.app.tar.gz.sig" "Antigravity Tools_${ARCH}.app.tar.gz.sig"
-            echo "Renamed assets to append Arch: $ARCH"
-          fi
-
-          # 更新对应的 updater.json (指向重命名后的文件)
-          UPDATER_JSON="../../../updater/install.json"
-          if [ ! -f "$UPDATER_JSON" ]; then
-             UPDATER_JSON=$(find ../../../updater -name "*.json" | head -n 1)
-          fi
-
-          if [ -f "$UPDATER_JSON" ]; then
-            echo "Updating $UPDATER_JSON to use renamed assets..."
-            sed -i '' "s/Antigravity%20Tools.app.tar.gz/Antigravity%20Tools_${ARCH}.app.tar.gz/g" "$UPDATER_JSON"
-          fi
-
-      # 1. 上传 updater.json 到 Artifacts (供后续合并使用)
-      - name: Upload updater json
-        uses: actions/upload-artifact@v4
         with:
-          name: updater-json-${{ matrix.platform }}-${{ strategy.job-index }}
-          path: src-tauri/target/**/release/bundle/updater/*.json
-          if-no-files-found: warn
-
-      # 2. 直接上传安装包到 GitHub Release (避免 artifact 下载超时)
-      - name: Upload Release Assets
-        uses: softprops/action-gh-release@v1
-        if: startsWith(github.ref, 'refs/tags/')
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        with:
-          tag_name: ${{ github.ref_name }}
-          name: "Antigravity Tools ${{ github.ref_name }}"
-          body: "See the assets to download this version and install."
-          draft: false
+          tagName: ${{ env.VERSION }}
+          releaseName: "Antigravity Tools ${{ env.VERSION }}"
+          releaseBody: |
+            ## 🚀 Antigravity Tools ${{ env.VERSION }}
+
+            ### 📦 Installation
+            - **Windows**: Download `.msi` or `.exe` installer
+            - **macOS**: Download `.dmg` (Universal) or platform-specific build
+            - **Linux**: Download `.deb` or `.AppImage`
+
+            ### 🔄 Auto-Update
+            Existing installations will be notified automatically.
+
+            ---
+            [Full Changelog](https://github.com/${{ github.repository }}/compare/...v${{ env.VERSION }})
+          releaseDraft: false
           prerelease: false
-          files: |
-            src-tauri/target/**/release/bundle/dmg/*.dmg
-            src-tauri/target/**/release/bundle/deb/*.deb
-            src-tauri/target/**/release/bundle/appimage/*.AppImage
-            src-tauri/target/**/release/bundle/msi/*.msi
-            src-tauri/target/**/release/bundle/nsis/*.exe
-            src-tauri/target/**/release/bundle/rpm/*.rpm
-            src-tauri/target/**/release/bundle/macos/*.app.tar.gz
-            src-tauri/target/**/release/bundle/macos/*.app.tar.gz.sig
-            src-tauri/target/**/release/bundle/dmg/*.sig
-            src-tauri/target/**/release/bundle/deb/*.sig
-            src-tauri/target/**/release/bundle/appimage/*.sig
-            src-tauri/target/**/release/bundle/msi/*.sig
-            src-tauri/target/**/release/bundle/nsis/*.sig
-            src-tauri/target/**/release/bundle/rpm/*.sig
-
-  publish-release:
-    needs: build-tauri
-    runs-on: ubuntu-latest
-    permissions:
-      contents: write
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v4
-
-      # 只下载 updater.json 相关的小文件
-      - name: Download updater artifacts
-        uses: actions/download-artifact@v4
-        with:
-          pattern: updater-json-*
-          path: all-updaters
-          merge-multiple: true
-
-      - name: Extract Release Notes
-        run: |
-          VERSION="${{ github.ref_name }}"
-          echo "Extracting release notes for version $VERSION"
-
-          # Extract the section, remove leading 4 spaces dedent
-          awk -v ver="$VERSION" '
-            BEGIN { capture=0 }
-            # Match start line: "    *   **v4.1.0..."
-            $0 ~ "^[[:space:]]*\\*[[:space:]]+\\*\\*" ver { capture=1; next }
-            # Match next version line to stop: "    *   **v..."
-            capture && $0 ~ "^[[:space:]]*\\*[[:space:]]+\\*\\*v" { capture=0; exit }
-            capture { print }
-          ' README.md | sed 's/^    //' > release_notes.md
-
-          # If no notes found, add a default message
-          if [ ! -s release_notes.md ]; then
-            echo "See the assets to download this version and install." > release_notes.md
-          fi
-
-          echo "Release Notes Content:"
-          cat release_notes.md
-
-      - name: Merge updater JSONs
-        run: |
-          echo "Merging updater.json files..."
-          echo "{}" > merged_updater.json
-
-          # 查找所有下载下来的 json 并合并
-          find all-updaters -name "*.json" -type f | while read json_file; do
-            if jq -e . "$json_file" >/dev/null 2>&1; then
-              echo "Merging valid JSON: $json_file..."
-              jq -s '.[0] * .[1]' merged_updater.json "$json_file" > temp.json && mv temp.json merged_updater.json
-            else
-              echo "Skipping invalid JSON: $json_file"
-              cat "$json_file"
-            fi
-          done
-
-          echo "Merged JSON content:"
-          cat merged_updater.json
-
-          mv merged_updater.json updater.json
-
-      - name: Upload merged updater.json
-        uses: softprops/action-gh-release@v1
-        if: startsWith(github.ref, 'refs/tags/')
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        with:
-          tag_name: ${{ github.ref_name }}
-          body_path: release_notes.md
-          files: updater.json
-          # 确保不覆盖已存在的其他 assets (softprops/action-gh-release 默认是追加)
-
-  docker-build-amd64:
-    runs-on: ubuntu-latest
-    if: github.event_name != 'pull_request' && (github.repository == 'lbjlaq/Antigravity-Manager' || vars.ENABLE_DOCKER_PUSH == 'true')
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v4
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-
-      - name: Login to Docker Hub
-        uses: docker/login-action@v3
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-
-      - name: Build and push (AMD64)
-        uses: docker/build-push-action@v6
-        with:
-          context: .
-          file: docker/Dockerfile
-          platforms: linux/amd64
-          push: true
-          tags: |
-            ${{ github.repository_owner }}/antigravity-manager:latest-amd64
-            ${{ github.repository_owner }}/antigravity-manager:${{ github.ref_name }}-amd64
-          build-args: |
-            USE_MIRROR=false
-
-  docker-build-arm64:
-    runs-on: ubuntu-24.04-arm
-    if: github.event_name != 'pull_request' && (github.repository == 'lbjlaq/Antigravity-Manager' || vars.ENABLE_DOCKER_PUSH == 'true')
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v4
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-
-      - name: Login to Docker Hub
-        uses: docker/login-action@v3
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-
-      - name: Build and push (ARM64)
-        uses: docker/build-push-action@v6
-        with:
-          context: .
-          file: docker/Dockerfile
-          platforms: linux/arm64
-          push: true
-          tags: |
-            ${{ github.repository_owner }}/antigravity-manager:latest-arm64
-            ${{ github.repository_owner }}/antigravity-manager:${{ github.ref_name }}-arm64
-          build-args: |
-            USE_MIRROR=false
-
-  docker-manifest:
-    needs: [docker-build-amd64, docker-build-arm64]
-    runs-on: ubuntu-latest
-    if: github.event_name != 'pull_request' && (github.repository == 'lbjlaq/Antigravity-Manager' || vars.ENABLE_DOCKER_PUSH == 'true')
-    steps:
-      - name: Login to Docker Hub
-        uses: docker/login-action@v3
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-
-      - name: Create and push manifest
-        run: |
-          docker buildx imagetools create -t ${{ github.repository_owner }}/antigravity-manager:latest \
-            ${{ github.repository_owner }}/antigravity-manager:latest-amd64 \
-            ${{ github.repository_owner }}/antigravity-manager:latest-arm64
-
-          docker buildx imagetools create -t ${{ github.repository_owner }}/antigravity-manager:${{ github.ref_name }} \
-            ${{ github.repository_owner }}/antigravity-manager:${{ github.ref_name }}-amd64 \
-            ${{ github.repository_owner }}/antigravity-manager:${{ github.ref_name }}-arm64
+          args: ${{ matrix.args }}
+          tauriScript: npm run tauri
+          updaterJsonKeepUniversal: true

.gitignore

@@ -1,5 +1,5 @@
 # Logs
-logs
+/logs
 .logs
 *.log
 npm-debug.log*
@@ -35,6 +35,10 @@ src-tauri/.env
 .env.*
 environment/
 
+# Tauri signing keys (NEVER COMMIT!)
+.tauri-keys/
+*.key
+
 # Python virtual environments and test files
 .venv*/
 venv/
@@ -43,6 +47,5 @@ __pycache__/
 *.pyc
 
 # Reference projects (for development only)
-
+CLIProxyAPI/
 DOCKER_DEPLOYMENT.md
-pnpm-lock.yaml