chore: add build step to ci

stainless-app[bot] · stainless-app[bot] · commit c957b31381e9 · 2026-01-30T05:54:59.000Z
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -33,6 +33,48 @@ jobs:
       - name: Run lints
         run: ./scripts/lint
 
+  build:
+    timeout-minutes: 10
+    name: build
+    permissions:
+      contents: read
+      id-token: write
+    runs-on: ${{ github.repository == 'stainless-sdks/stainless-v0-cli' && 'depot-ubuntu-24.04' || 'ubuntu-latest' }}
+    if: github.event_name == 'push' || github.event.pull_request.head.repo.fork
+    steps:
+      - uses: actions/checkout@v6
+
+      - name: Setup go
+        uses: actions/setup-go@v5
+        with:
+          go-version-file: ./go.mod
+
+      - name: Bootstrap
+        run: ./scripts/bootstrap
+
+      - name: Run goreleaser
+        uses: goreleaser/goreleaser-action@v6.1.0
+        with:
+          version: latest
+          args: release --snapshot --clean --skip=publish
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Get GitHub OIDC Token
+        if: github.repository == 'stainless-sdks/stainless-v0-cli'
+        id: github-oidc
+        uses: actions/github-script@v8
+        with:
+          script: core.setOutput('github_token', await core.getIDToken());
+
+      - name: Upload tarball
+        if: github.repository == 'stainless-sdks/stainless-v0-cli'
+        env:
+          URL: https://pkg.stainless.com/s
+          AUTH: ${{ steps.github-oidc.outputs.github_token }}
+          SHA: ${{ github.sha }}
+        run: ./scripts/utils/upload-artifact.sh
+
   test:
     timeout-minutes: 10
     name: test
diff --git a/scripts/utils/upload-artifact.sh b/scripts/utils/upload-artifact.sh
@@ -0,0 +1,53 @@
+#!/usr/bin/env bash
+set -exuo pipefail
+
+BINARY_NAME="stl"
+DIST_DIR="dist"
+FILENAME="dist.zip"
+
+mapfile -d '' files < <(
+  find "$DIST_DIR" -regextype posix-extended -type f \
+    -regex ".*/[^/]*(amd64|arm64)[^/]*/${BINARY_NAME}(\\.exe)?$" -print0
+)
+
+if [[ ${#files[@]} -eq 0 ]]; then
+  echo -e "\033[31mNo binaries found for packaging.\033[0m"
+  exit 1
+fi
+
+rm -f "${DIST_DIR}/${FILENAME}"
+
+while IFS= read -r -d '' dir; do
+  printf "Remove the quarantine attribute before running the executable:\n\nxattr -d com.apple.quarantine %s\n" \
+    "$BINARY_NAME" >"${dir}/README.txt"
+done < <(find "$DIST_DIR" -type d -name '*macos*' -print0)
+
+relative_files=()
+for file in "${files[@]}"; do
+  relative_files+=("${file#"${DIST_DIR}"/}")
+done
+
+(cd "$DIST_DIR" && zip -r "$FILENAME" "${relative_files[@]}")
+
+RESPONSE=$(curl -X POST "$URL?filename=$FILENAME" \
+  -H "Authorization: Bearer $AUTH" \
+  -H "Content-Type: application/json")
+
+SIGNED_URL=$(echo "$RESPONSE" | jq -r '.url')
+
+if [[ "$SIGNED_URL" == "null" ]]; then
+  echo -e "\033[31mFailed to get signed URL.\033[0m"
+  exit 1
+fi
+
+UPLOAD_RESPONSE=$(curl -v -X PUT \
+  -H "Content-Type: application/zip" \
+  --data-binary "@${DIST_DIR}/${FILENAME}" "$SIGNED_URL" 2>&1)
+
+if echo "$UPLOAD_RESPONSE" | grep -q "HTTP/[0-9.]* 200"; then
+  echo -e "\033[32mUploaded build to Stainless storage.\033[0m"
+  echo -e "\033[32mInstallation: Download and unzip: 'https://pkg.stainless.com/s/stainless-v0-cli/$SHA/$FILENAME'. On macOS, run `xattr -d com.apple.quarantine {executable name}.`\033[0m"
+else
+  echo -e "\033[31mFailed to upload artifact.\033[0m"
+  exit 1
+fi
