feat(pi-extension): blocklist-only bash safety + interactive plan file path #133
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release | |
| on: | |
| push: | |
| tags: | |
| - 'v*' | |
| pull_request: | |
| branches: | |
| - main | |
| workflow_dispatch: | |
| inputs: | |
| dry-run: | |
| description: Validate build and npm publish without uploading | |
| type: boolean | |
| default: true | |
| permissions: | |
| contents: write | |
| id-token: write | |
| env: | |
| DRY_RUN: ${{ !(startsWith(github.ref, 'refs/tags/') || inputs.dry-run == 'false') }} | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - uses: oven-sh/setup-bun@3d267786b128fe76c2f16a390aa2448b815359f3 # v2.1.2 | |
| with: | |
| bun-version: latest | |
| - name: Install dependencies | |
| run: bun install | |
| - name: Build UI | |
| run: | | |
| bun run build:review | |
| bun run build:hook | |
| - name: Compile binaries (cross-compile all targets) | |
| run: | | |
| # macOS ARM64 | |
| bun build apps/hook/server/index.ts --compile --target=bun-darwin-arm64 --outfile plannotator-darwin-arm64 | |
| sha256sum plannotator-darwin-arm64 > plannotator-darwin-arm64.sha256 | |
| # macOS x64 | |
| bun build apps/hook/server/index.ts --compile --target=bun-darwin-x64 --outfile plannotator-darwin-x64 | |
| sha256sum plannotator-darwin-x64 > plannotator-darwin-x64.sha256 | |
| # Linux x64 | |
| bun build apps/hook/server/index.ts --compile --target=bun-linux-x64 --outfile plannotator-linux-x64 | |
| sha256sum plannotator-linux-x64 > plannotator-linux-x64.sha256 | |
| # Linux ARM64 | |
| bun build apps/hook/server/index.ts --compile --target=bun-linux-arm64 --outfile plannotator-linux-arm64 | |
| sha256sum plannotator-linux-arm64 > plannotator-linux-arm64.sha256 | |
| # Windows x64 | |
| bun build apps/hook/server/index.ts --compile --target=bun-windows-x64 --outfile plannotator-win32-x64.exe | |
| sha256sum plannotator-win32-x64.exe > plannotator-win32-x64.exe.sha256 | |
| # Paste service binaries | |
| bun build apps/paste-service/targets/bun.ts --compile --target=bun-darwin-arm64 --outfile plannotator-paste-darwin-arm64 | |
| sha256sum plannotator-paste-darwin-arm64 > plannotator-paste-darwin-arm64.sha256 | |
| bun build apps/paste-service/targets/bun.ts --compile --target=bun-darwin-x64 --outfile plannotator-paste-darwin-x64 | |
| sha256sum plannotator-paste-darwin-x64 > plannotator-paste-darwin-x64.sha256 | |
| bun build apps/paste-service/targets/bun.ts --compile --target=bun-linux-x64 --outfile plannotator-paste-linux-x64 | |
| sha256sum plannotator-paste-linux-x64 > plannotator-paste-linux-x64.sha256 | |
| bun build apps/paste-service/targets/bun.ts --compile --target=bun-linux-arm64 --outfile plannotator-paste-linux-arm64 | |
| sha256sum plannotator-paste-linux-arm64 > plannotator-paste-linux-arm64.sha256 | |
| bun build apps/paste-service/targets/bun.ts --compile --target=bun-windows-x64 --outfile plannotator-paste-win32-x64.exe | |
| sha256sum plannotator-paste-win32-x64.exe > plannotator-paste-win32-x64.exe.sha256 | |
| - name: Upload artifacts | |
| uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 | |
| with: | |
| name: binaries | |
| path: | | |
| plannotator-* | |
| !*.ts | |
| release: | |
| needs: build | |
| if: startsWith(github.ref, 'refs/tags/') | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - name: Download artifacts | |
| uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 | |
| with: | |
| name: binaries | |
| path: artifacts | |
| - name: List artifacts | |
| run: ls -la artifacts/ | |
| - name: Create GitHub Release | |
| uses: softprops/action-gh-release@a06a81a03ee405af7f2048a818ed3f03bbf83c7b # v2.5.0 | |
| with: | |
| files: artifacts/* | |
| generate_release_notes: true | |
| draft: false | |
| prerelease: ${{ contains(github.ref, '-') }} | |
| npm-publish: | |
| needs: build | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| id-token: write | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - uses: oven-sh/setup-bun@3d267786b128fe76c2f16a390aa2448b815359f3 # v2.1.2 | |
| with: | |
| bun-version: latest | |
| - uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0 | |
| with: | |
| node-version: 22 | |
| registry-url: https://registry.npmjs.org | |
| - name: Install dependencies | |
| run: bun install | |
| - name: Build packages | |
| run: | | |
| bun run build:review | |
| bun run build:hook | |
| bun run build:opencode | |
| bun run build:pi | |
| - name: Publish @plannotator/opencode | |
| working-directory: apps/opencode-plugin | |
| env: | |
| NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} | |
| run: | | |
| bun pm pack | |
| if [[ "$DRY_RUN" == "false" ]]; then | |
| npm publish *.tgz --provenance --access public | |
| fi | |
| - name: Publish @plannotator/pi-extension | |
| working-directory: apps/pi-extension | |
| env: | |
| NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} | |
| run: | | |
| bun pm pack | |
| if [[ "$DRY_RUN" == "false" ]]; then | |
| npm publish *.tgz --provenance --access public | |
| fi |