Codex: strengthen codex FIFO pairing test and add merge guard (#238) #61

Workflow file for this run

.github/workflows/release.yml at 853a28a

	name: Release

	on:
	push:
	tags:
	- 'v*'

	permissions:
	contents: write

	jobs:
	build:
	runs-on: ubuntu-latest
	strategy:
	matrix:
	include:
	- goos: linux
	goarch: amd64
	- goos: linux
	goarch: arm64
	- goos: darwin
	goarch: amd64
	- goos: darwin
	goarch: arm64
	- goos: windows
	goarch: amd64
	- goos: windows
	goarch: arm64

	steps:
	- uses: actions/checkout@v4

	- uses: actions/setup-go@v5
	with:
	go-version: '1.24'

	- name: Build
	env:
	GOOS: ${{ matrix.goos }}
	GOARCH: ${{ matrix.goarch }}
	CGO_ENABLED: 0
	run: \|
	VERSION=${GITHUB_REF#refs/tags/v}
	EXT=""
	if [ "$GOOS" = "windows" ]; then EXT=".exe"; fi

	mkdir -p dist
	LDFLAGS="-s -w -X github.com/roborev-dev/roborev/internal/version.Version=v${VERSION}"
	go build -ldflags="$LDFLAGS" -o dist/roborev${EXT} ./cmd/roborev

	cd dist
	ARCHIVE="roborev_${VERSION}_${{ matrix.goos }}_${{ matrix.goarch }}.tar.gz"
	tar czf "$ARCHIVE" roborev${EXT}
	rm roborev${EXT}

	- uses: actions/upload-artifact@v4
	with:
	name: roborev-${{ matrix.goos }}-${{ matrix.goarch }}
	path: dist/*.tar.gz

	release:
	needs: build
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4

	- uses: actions/download-artifact@v4
	with:
	path: artifacts
	merge-multiple: true

	- name: Generate checksums
	run: \|
	cd artifacts
	sha256sum *.tar.gz > SHA256SUMS
	cat SHA256SUMS

	- name: Get tag message
	id: tag_message
	run: \|
	TAG_NAME="${GITHUB_REF#refs/tags/}"

	# Only extract message from annotated tags (type "tag"), not lightweight tags (type "commit")
	TAG_TYPE=$(git cat-file -t "$TAG_NAME")
	if [ "$TAG_TYPE" != "tag" ]; then
	echo "Warning: $TAG_NAME is a lightweight tag, using auto-generated notes"
	echo "has_body=false" >> $GITHUB_OUTPUT
	exit 0
	fi

	# Get the tag message body (our changelog), skipping the first line ("Release X.Y.Z")
	TAG_MSG=$(git tag -l --format='%(contents:body)' "$TAG_NAME")

	if [ -n "$TAG_MSG" ]; then
	# Use unique delimiter to avoid conflicts with tag message content
	DELIM="TAGMSG_$(date +%s%N)"
	echo "body<<$DELIM" >> $GITHUB_OUTPUT
	echo "$TAG_MSG" >> $GITHUB_OUTPUT
	echo "$DELIM" >> $GITHUB_OUTPUT
	echo "has_body=true" >> $GITHUB_OUTPUT
	else
	echo "has_body=false" >> $GITHUB_OUTPUT
	fi

	- name: Create Release
	uses: softprops/action-gh-release@v1
	with:
	files: \|
	artifacts/*.tar.gz
	artifacts/SHA256SUMS
	body: ${{ steps.tag_message.outputs.has_body == 'true' && steps.tag_message.outputs.body \|\| '' }}
	generate_release_notes: ${{ steps.tag_message.outputs.has_body != 'true' }}

	update-homebrew:
	needs: release
	runs-on: ubuntu-latest
	steps:
	- uses: actions/download-artifact@v4
	with:
	path: artifacts
	merge-multiple: true

	- name: Compute SHA256 for all binaries
	id: sha256
	run: \|
	VERSION=${GITHUB_REF#refs/tags/v}
	echo "version=$VERSION" >> $GITHUB_OUTPUT

	# Verify all expected artifacts exist
	for platform in darwin_amd64 darwin_arm64 linux_amd64 linux_arm64; do
	file="artifacts/roborev_${VERSION}_${platform}.tar.gz"
	if [ ! -f "$file" ]; then
	echo "ERROR: Missing artifact: $file"
	echo "Available artifacts:"
	ls -la artifacts/
	exit 1
	fi
	done

	# macOS
	echo "darwin_amd64=$(sha256sum artifacts/roborev_${VERSION}_darwin_amd64.tar.gz \| cut -d' ' -f1)" >> $GITHUB_OUTPUT
	echo "darwin_arm64=$(sha256sum artifacts/roborev_${VERSION}_darwin_arm64.tar.gz \| cut -d' ' -f1)" >> $GITHUB_OUTPUT

	# Linux
	echo "linux_amd64=$(sha256sum artifacts/roborev_${VERSION}_linux_amd64.tar.gz \| cut -d' ' -f1)" >> $GITHUB_OUTPUT
	echo "linux_arm64=$(sha256sum artifacts/roborev_${VERSION}_linux_arm64.tar.gz \| cut -d' ' -f1)" >> $GITHUB_OUTPUT

	- name: Checkout tap repository
	uses: actions/checkout@v4
	with:
	repository: roborev-dev/homebrew-tap
	token: ${{ secrets.HOMEBREW_TAP_TOKEN }}
	path: homebrew-tap

	- name: Update formula
	env:
	VERSION: ${{ steps.sha256.outputs.version }}
	DARWIN_AMD64_SHA: ${{ steps.sha256.outputs.darwin_amd64 }}
	DARWIN_ARM64_SHA: ${{ steps.sha256.outputs.darwin_arm64 }}
	LINUX_AMD64_SHA: ${{ steps.sha256.outputs.linux_amd64 }}
	LINUX_ARM64_SHA: ${{ steps.sha256.outputs.linux_arm64 }}
	run: \|
	cd homebrew-tap

	# Use Ruby to update the formula (more robust than sed for nested blocks)
	ruby -i -e '
	content = File.read("Formula/roborev.rb")

	# Update version
	content.gsub!(/version "[^"]*"/, %Q{version "#{ENV["VERSION"]}"})

	# Track block depth for proper nesting
	# Formula structure: on_macos do / on_linux do > if Hardware::CPU.intel?/arm? > sha256
	macos_depth = 0
	linux_depth = 0
	in_intel = false
	in_arm = false
	updated = { darwin_amd64: false, darwin_arm64: false, linux_amd64: false, linux_arm64: false }

	lines = content.lines.map do \|line\|
	stripped = line.strip

	# Track on_macos/on_linux blocks by depth
	if line.include?("on_macos do")
	macos_depth = 1
	elsif line.include?("on_linux do")
	linux_depth = 1
	end

	# Track CPU architecture blocks
	if line.include?("Hardware::CPU.intel?")
	in_intel = true
	elsif line.include?("Hardware::CPU.arm?")
	in_arm = true
	end

	# Update sha256 based on current context
	if line.include?("sha256") && line.include?("\"")
	if macos_depth > 0 && in_intel
	line = line.gsub(/sha256 "[^"]*"/, %Q{sha256 "#{ENV["DARWIN_AMD64_SHA"]}"})
	updated[:darwin_amd64] = true
	elsif macos_depth > 0 && in_arm
	line = line.gsub(/sha256 "[^"]*"/, %Q{sha256 "#{ENV["DARWIN_ARM64_SHA"]}"})
	updated[:darwin_arm64] = true
	elsif linux_depth > 0 && in_intel
	line = line.gsub(/sha256 "[^"]*"/, %Q{sha256 "#{ENV["LINUX_AMD64_SHA"]}"})
	updated[:linux_amd64] = true
	elsif linux_depth > 0 && in_arm
	line = line.gsub(/sha256 "[^"]*"/, %Q{sha256 "#{ENV["LINUX_ARM64_SHA"]}"})
	updated[:linux_arm64] = true
	end
	end

	# Track end statements - reset CPU flags on end, decrement block depth
	if stripped == "end"
	if in_intel
	in_intel = false
	elsif in_arm
	in_arm = false
	elsif macos_depth > 0
	macos_depth = 0
	elsif linux_depth > 0
	linux_depth = 0
	end
	end

	line
	end

	# Verify all checksums were updated
	missing = updated.select { \|k, v\| !v }.keys
	unless missing.empty?
	STDERR.puts "ERROR: Failed to update sha256 for: #{missing.join(", ")}"
	exit 1
	end

	File.write("Formula/roborev.rb", lines.join)
	puts "Successfully updated formula to v#{ENV["VERSION"]}"
	' Formula/roborev.rb

	echo "--- Updated formula ---"
	cat Formula/roborev.rb

	- name: Verify checksums in formula
	env:
	DARWIN_AMD64_SHA: ${{ steps.sha256.outputs.darwin_amd64 }}
	DARWIN_ARM64_SHA: ${{ steps.sha256.outputs.darwin_arm64 }}
	LINUX_AMD64_SHA: ${{ steps.sha256.outputs.linux_amd64 }}
	LINUX_ARM64_SHA: ${{ steps.sha256.outputs.linux_arm64 }}
	run: \|
	cd homebrew-tap
	ERRORS=0

	for sha in "$DARWIN_AMD64_SHA" "$DARWIN_ARM64_SHA" "$LINUX_AMD64_SHA" "$LINUX_ARM64_SHA"; do
	if ! grep -q "sha256 \"$sha\"" Formula/roborev.rb; then
	echo "ERROR: sha256 $sha not found in formula"
	ERRORS=$((ERRORS + 1))
	fi
	done

	if [ $ERRORS -gt 0 ]; then
	echo "Checksum verification failed"
	exit 1
	fi
	echo "All checksums verified"

	- name: Commit and push
	run: \|
	cd homebrew-tap
	git config user.name "github-actions[bot]"
	git config user.email "github-actions[bot]@users.noreply.github.com"

	# Check if there are changes to commit (handles re-runs)
	if git diff --quiet Formula/roborev.rb; then
	echo "No changes to formula, skipping commit"
	exit 0
	fi

	git add Formula/roborev.rb
	git commit -m "Update roborev to v${{ steps.sha256.outputs.version }}"
	git push

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Codex: strengthen codex FIFO pairing test and add merge guard (#238) #61

Workflow file

Codex: strengthen codex FIFO pairing test and add merge guard (#238) #61

Uh oh!

Workflow file for this run