From b4d3955eb6c483633a8a18ccdd78a32ec2184c58 Mon Sep 17 00:00:00 2001 From: Jack Amadeo Date: Fri, 1 Aug 2025 14:07:20 -0400 Subject: [PATCH 01/14] Add a workflow to build an app bundle on all release branches --- .github/workflows/bundle-desktop.yml | 3 +++ .github/workflows/release-branches.yml | 31 ++++++++++++++++++++++++++ 2 files changed, 34 insertions(+) create mode 100644 .github/workflows/release-branches.yml diff --git a/.github/workflows/bundle-desktop.yml b/.github/workflows/bundle-desktop.yml index 8f4543a60cd8..24043d970dfc 100644 --- a/.github/workflows/bundle-desktop.yml +++ b/.github/workflows/bundle-desktop.yml @@ -39,6 +39,8 @@ jobs: permissions: id-token: write contents: read + outputs: + artifact-url: ${{ steps.output-app-bundle.artifact-url }} steps: # Debug information about the workflow and inputs - name: Debug workflow info @@ -294,6 +296,7 @@ jobs: df -h - name: Upload Desktop artifact + id: upload-app-bundle uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # pin@v4 with: name: Goose-darwin-arm64 diff --git a/.github/workflows/release-branches.yml b/.github/workflows/release-branches.yml new file mode 100644 index 000000000000..e4d801da239d --- /dev/null +++ b/.github/workflows/release-branches.yml @@ -0,0 +1,31 @@ +name: Release Branches + +on: + pull_request: + branches: + - 'release/v[0-9].[0-9]+.[0-9]+' + +jobs: + bundle-desktop: + runs-on: ubuntu-latest + permissions: + id-token: write + contents: read + steps: + - name: Create macOS app bundle + id: create-bundle + uses: ./.github/workflows/bundle-desktop.yml + with: + signing: false + + - name: Comment with download link + uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # pin@v4 + with: + issue-number: ${{ github.event.number }} + body: | + ### macOS ARM64 Desktop App (Apple Silicon) + + [📱 Download macOS Desktop App (arm64, signed)](${{ steps.create-bundle.outputs.artifact-url }}) + + **Instructions:** + After downloading, unzip the file and drag the Goose.app to your Applications folder. The app is signed and notarized for macOS. \ No newline at end of file From 45d10fe244dc499165c42aec0662d965c482a72b Mon Sep 17 00:00:00 2001 From: Jack Amadeo Date: Fri, 1 Aug 2025 15:13:09 -0400 Subject: [PATCH 02/14] Separate job --- .github/workflows/release-branches.yml | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/.github/workflows/release-branches.yml b/.github/workflows/release-branches.yml index e4d801da239d..b5e5e37eb3d2 100644 --- a/.github/workflows/release-branches.yml +++ b/.github/workflows/release-branches.yml @@ -1,4 +1,4 @@ -name: Release Branches +name: Build Goose Release Candidate on: pull_request: @@ -7,17 +7,15 @@ on: jobs: bundle-desktop: + uses: ./.github/workflows/bundle-desktop.yml + + comment-on-pr: + needs: bundle-desktop runs-on: ubuntu-latest permissions: id-token: write contents: read steps: - - name: Create macOS app bundle - id: create-bundle - uses: ./.github/workflows/bundle-desktop.yml - with: - signing: false - - name: Comment with download link uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # pin@v4 with: @@ -25,7 +23,7 @@ jobs: body: | ### macOS ARM64 Desktop App (Apple Silicon) - [📱 Download macOS Desktop App (arm64, signed)](${{ steps.create-bundle.outputs.artifact-url }}) + [📱 Download macOS Desktop App (arm64, signed)](${{ needs.bundle-desktop.outputs.artifact-url }}) **Instructions:** - After downloading, unzip the file and drag the Goose.app to your Applications folder. The app is signed and notarized for macOS. \ No newline at end of file + After downloading, unzip the file and drag the Goose.app to your Applications folder. The app is signed and notarized for macOS. From 89efcc7045e40e4e49eabc19ae57da36b4c84cb9 Mon Sep 17 00:00:00 2001 From: Jack Amadeo Date: Fri, 1 Aug 2025 15:26:50 -0400 Subject: [PATCH 03/14] REVERT ME: add workflow_dispatch to see if we can test that --- .github/workflows/release-branches.yml | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/.github/workflows/release-branches.yml b/.github/workflows/release-branches.yml index b5e5e37eb3d2..c2d45157001a 100644 --- a/.github/workflows/release-branches.yml +++ b/.github/workflows/release-branches.yml @@ -4,10 +4,23 @@ on: pull_request: branches: - 'release/v[0-9].[0-9]+.[0-9]+' + workflow_dispatch: + inputs: + pr_number: + description: 'PR number to comment on' + required: true + type: string + ref: + description: 'The ref to build' + required: true + type: string jobs: bundle-desktop: uses: ./.github/workflows/bundle-desktop.yml + with: + signing: true + ref: ${{ github.event.inputs && github.event.inputs.ref || '' }} comment-on-pr: needs: bundle-desktop @@ -19,7 +32,7 @@ jobs: - name: Comment with download link uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # pin@v4 with: - issue-number: ${{ github.event.number }} + issue-number: ${{ github.event.number || github.event.inputs.pr_number }} body: | ### macOS ARM64 Desktop App (Apple Silicon) From e346d37d6fbcc3738cf109768dade37101acdfbe Mon Sep 17 00:00:00 2001 From: Jack Amadeo Date: Fri, 1 Aug 2025 15:39:15 -0400 Subject: [PATCH 04/14] REVERT ME: does this help --- .github/workflows/release-branches.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/release-branches.yml b/.github/workflows/release-branches.yml index c2d45157001a..353681c33eaf 100644 --- a/.github/workflows/release-branches.yml +++ b/.github/workflows/release-branches.yml @@ -2,8 +2,6 @@ name: Build Goose Release Candidate on: pull_request: - branches: - - 'release/v[0-9].[0-9]+.[0-9]+' workflow_dispatch: inputs: pr_number: From d0a8ae80e94ffaa27d0f9905daf6a27960a5fe92 Mon Sep 17 00:00:00 2001 From: Jack Amadeo Date: Fri, 1 Aug 2025 15:40:52 -0400 Subject: [PATCH 05/14] Revert "REVERT ME: does this help" This reverts commit e346d37d6fbcc3738cf109768dade37101acdfbe. --- .github/workflows/release-branches.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/release-branches.yml b/.github/workflows/release-branches.yml index 353681c33eaf..c2d45157001a 100644 --- a/.github/workflows/release-branches.yml +++ b/.github/workflows/release-branches.yml @@ -2,6 +2,8 @@ name: Build Goose Release Candidate on: pull_request: + branches: + - 'release/v[0-9].[0-9]+.[0-9]+' workflow_dispatch: inputs: pr_number: From 1c041715fcbfb0b32f57933903d349b70b9a1cce Mon Sep 17 00:00:00 2001 From: Jack Amadeo Date: Fri, 1 Aug 2025 15:40:59 -0400 Subject: [PATCH 06/14] Revert "REVERT ME: add workflow_dispatch to see if we can test that" This reverts commit 89efcc7045e40e4e49eabc19ae57da36b4c84cb9. --- .github/workflows/release-branches.yml | 15 +-------------- 1 file changed, 1 insertion(+), 14 deletions(-) diff --git a/.github/workflows/release-branches.yml b/.github/workflows/release-branches.yml index c2d45157001a..b5e5e37eb3d2 100644 --- a/.github/workflows/release-branches.yml +++ b/.github/workflows/release-branches.yml @@ -4,23 +4,10 @@ on: pull_request: branches: - 'release/v[0-9].[0-9]+.[0-9]+' - workflow_dispatch: - inputs: - pr_number: - description: 'PR number to comment on' - required: true - type: string - ref: - description: 'The ref to build' - required: true - type: string jobs: bundle-desktop: uses: ./.github/workflows/bundle-desktop.yml - with: - signing: true - ref: ${{ github.event.inputs && github.event.inputs.ref || '' }} comment-on-pr: needs: bundle-desktop @@ -32,7 +19,7 @@ jobs: - name: Comment with download link uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # pin@v4 with: - issue-number: ${{ github.event.number || github.event.inputs.pr_number }} + issue-number: ${{ github.event.number }} body: | ### macOS ARM64 Desktop App (Apple Silicon) From 485759e789101fa2734d57140b4d775a3e4e8b4c Mon Sep 17 00:00:00 2001 From: Jack Amadeo Date: Fri, 1 Aug 2025 15:46:31 -0400 Subject: [PATCH 07/14] Aha, that's the target branch --- .github/workflows/release-branches.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/release-branches.yml b/.github/workflows/release-branches.yml index b5e5e37eb3d2..f9526ffa8dba 100644 --- a/.github/workflows/release-branches.yml +++ b/.github/workflows/release-branches.yml @@ -2,11 +2,10 @@ name: Build Goose Release Candidate on: pull_request: - branches: - - 'release/v[0-9].[0-9]+.[0-9]+' jobs: bundle-desktop: + if: startsWith(github.head_ref, 'release/') uses: ./.github/workflows/bundle-desktop.yml comment-on-pr: From 3a1465726977776b5c741dff274fee7fe0a3cd9d Mon Sep 17 00:00:00 2001 From: Jack Amadeo Date: Fri, 1 Aug 2025 15:59:24 -0400 Subject: [PATCH 08/14] ugh --- .github/workflows/bundle-desktop.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/bundle-desktop.yml b/.github/workflows/bundle-desktop.yml index 24043d970dfc..5023f988a643 100644 --- a/.github/workflows/bundle-desktop.yml +++ b/.github/workflows/bundle-desktop.yml @@ -40,7 +40,7 @@ jobs: id-token: write contents: read outputs: - artifact-url: ${{ steps.output-app-bundle.artifact-url }} + artifact-url: ${{ steps.upload-app-bundle.outputs.artifact-url }} steps: # Debug information about the workflow and inputs - name: Debug workflow info From 09c0a4e7745bd39bea5df72d375921e27885d524 Mon Sep 17 00:00:00 2001 From: Jack Amadeo Date: Fri, 1 Aug 2025 16:00:27 -0400 Subject: [PATCH 09/14] REVERT ME: lets test this again --- .github/workflows/release-branches.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/release-branches.yml b/.github/workflows/release-branches.yml index f9526ffa8dba..a92402892f5d 100644 --- a/.github/workflows/release-branches.yml +++ b/.github/workflows/release-branches.yml @@ -5,7 +5,6 @@ on: jobs: bundle-desktop: - if: startsWith(github.head_ref, 'release/') uses: ./.github/workflows/bundle-desktop.yml comment-on-pr: From bd7973b133835bece0020e24aa08430fc0b1fedd Mon Sep 17 00:00:00 2001 From: Jack Amadeo Date: Fri, 1 Aug 2025 16:26:12 -0400 Subject: [PATCH 10/14] More permissions --- .github/workflows/release-branches.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/release-branches.yml b/.github/workflows/release-branches.yml index a92402892f5d..f30aac602674 100644 --- a/.github/workflows/release-branches.yml +++ b/.github/workflows/release-branches.yml @@ -3,6 +3,11 @@ name: Build Goose Release Candidate on: pull_request: +# permissions needed for reacting to IssueOps commands on PRs +permissions: + pull-requests: write + checks: read + jobs: bundle-desktop: uses: ./.github/workflows/bundle-desktop.yml From 9b131cfc7eb6dc082a48e3cd5a882bcb5e7338fb Mon Sep 17 00:00:00 2001 From: Jack Amadeo Date: Fri, 1 Aug 2025 17:01:45 -0400 Subject: [PATCH 11/14] More permissions --- .github/workflows/release-branches.yml | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/.github/workflows/release-branches.yml b/.github/workflows/release-branches.yml index f30aac602674..6c9746a3fb9b 100644 --- a/.github/workflows/release-branches.yml +++ b/.github/workflows/release-branches.yml @@ -3,21 +3,18 @@ name: Build Goose Release Candidate on: pull_request: -# permissions needed for reacting to IssueOps commands on PRs -permissions: - pull-requests: write - checks: read - jobs: bundle-desktop: uses: ./.github/workflows/bundle-desktop.yml + permissions: + id-token: write + contents: read comment-on-pr: needs: bundle-desktop runs-on: ubuntu-latest permissions: - id-token: write - contents: read + pull-requests: write steps: - name: Comment with download link uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # pin@v4 From 6b6ce77320f12259993bb9e159874961ba79184c Mon Sep 17 00:00:00 2001 From: Jack Amadeo Date: Fri, 1 Aug 2025 16:00:46 -0400 Subject: [PATCH 12/14] Revert "REVERT ME: lets test this again" This reverts commit 09c0a4e7745bd39bea5df72d375921e27885d524. --- .github/workflows/release-branches.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/release-branches.yml b/.github/workflows/release-branches.yml index 6c9746a3fb9b..fdb2228375a9 100644 --- a/.github/workflows/release-branches.yml +++ b/.github/workflows/release-branches.yml @@ -5,6 +5,7 @@ on: jobs: bundle-desktop: + if: startsWith(github.head_ref, 'release/') uses: ./.github/workflows/bundle-desktop.yml permissions: id-token: write From 6817ad35b1172a846abd06ce1dadc67caa375167 Mon Sep 17 00:00:00 2001 From: Jack Amadeo Date: Fri, 1 Aug 2025 16:25:57 -0400 Subject: [PATCH 13/14] Update the docs --- RELEASE.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/RELEASE.md b/RELEASE.md index 0911c672cda0..954cbb893d73 100644 --- a/RELEASE.md +++ b/RELEASE.md @@ -7,7 +7,7 @@ You'll generally create one of two release types: a regular feature release (min 1. Check out the main branch. 2. Pick the new version. Use a new minor version (e.g. if the current latest release is 1.2.3, use 1.3.0). Save it using `export VERSION=` 3. Run `just prepare-release $VERSION`. This will create a branch `release/`. Push this branch and open a PR into main. The diff should show version updates to Cargo.toml/package.json and their lock files. -4. Test this build. When ready to make the release, proceed to the next step. +4. This should trigger a signed macOS build -- Github actions will comment on the PR when it's ready. Test this build. When ready to make the release, proceed to the next step. 5. Tag the release: run `just tag-push` to create the tag and push it. This will start the build process for your new release. 6. Merge the PR you created in step 2. 7. Once the release is created on [Github](https://github.com/block/goose/releases), run `just release-notes ` to generate release notes. Copy these into the release description. From d5e0a1cf90317a3cc69edabc7dca69a1a0fceef2 Mon Sep 17 00:00:00 2001 From: Jack Amadeo Date: Fri, 1 Aug 2025 17:37:16 -0400 Subject: [PATCH 14/14] That URL should have worked... --- .github/workflows/release-branches.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.github/workflows/release-branches.yml b/.github/workflows/release-branches.yml index fdb2228375a9..3c1bc7201fab 100644 --- a/.github/workflows/release-branches.yml +++ b/.github/workflows/release-branches.yml @@ -10,6 +10,8 @@ jobs: permissions: id-token: write contents: read + with: + signing: true comment-on-pr: needs: bundle-desktop @@ -24,7 +26,9 @@ jobs: body: | ### macOS ARM64 Desktop App (Apple Silicon) - [📱 Download macOS Desktop App (arm64, signed)](${{ needs.bundle-desktop.outputs.artifact-url }}) + [📱 Download macOS Desktop App (arm64, signed)](https://nightly.link/${{ github.repository }}/actions/runs/${{ github.run_id }}/Goose-darwin-arm64.zip) **Instructions:** After downloading, unzip the file and drag the Goose.app to your Applications folder. The app is signed and notarized for macOS. + + This link is provided by nightly.link and will work even if you're not logged into GitHub.