diff --git a/.github/workflows/publish-release.yml b/.github/workflows/publish-release.yml index cb62442..623da85 100644 --- a/.github/workflows/publish-release.yml +++ b/.github/workflows/publish-release.yml @@ -15,12 +15,27 @@ env: NUGET_SOURCE: https://api.nuget.org/v3/index.json jobs: - nuget: + metadata: runs-on: ubuntu-latest outputs: version: ${{ steps.version.outputs.version }} + steps: + - name: Checkout + uses: actions/checkout@v5 + + - name: Extract version + id: version + shell: bash + run: | + version="$(grep -oPm1 '(?<=)[^<]+' "${{ env.CLI_PROJECT }}")" + echo "version=$version" >> "$GITHUB_OUTPUT" + + nuget-base: + needs: metadata + runs-on: ubuntu-latest + steps: - name: Checkout uses: actions/checkout@v5 @@ -58,42 +73,158 @@ jobs: printf '%s' "$SNK" | base64 --decode > "$key_path" echo "STRONG_NAME_KEY_PATH=$key_path" >> "$GITHUB_ENV" - - name: Extract version - id: version + - name: Restore + run: dotnet restore ${{ env.CLI_PROJECT }} + + - name: Pack top-level tool package shell: bash run: | - version="$(grep -oPm1 '(?<=)[^<]+' "${{ env.CLI_PROJECT }}")" - echo "version=$version" >> "$GITHUB_OUTPUT" + dotnet pack ${{ env.CLI_PROJECT }} \ + -c Release \ + --no-restore \ + --nologo \ + -p:ContinuousIntegrationBuild=true \ + -p:CreateRidSpecificToolPackages=false \ + -p:StrongNameKeyPath="$STRONG_NAME_KEY_PATH" \ + -p:PublishAot=false \ + -o artifacts/nuget + + - name: Restore fallback tool package assets + run: dotnet restore ${{ env.CLI_PROJECT }} -r any + + - name: Pack framework-dependent fallback tool package (any) + shell: bash + run: | + dotnet pack ${{ env.CLI_PROJECT }} \ + -c Release \ + --no-restore \ + --nologo \ + -r any \ + -p:ContinuousIntegrationBuild=true \ + -p:StrongNameKeyPath="$STRONG_NAME_KEY_PATH" \ + -p:PublishAot=false \ + -o artifacts/nuget + + - name: Upload package artifacts + uses: actions/upload-artifact@v6 + with: + name: nuget-packages-base + path: artifacts/nuget/* + if-no-files-found: error + + nuget-rid: + needs: metadata + runs-on: ${{ matrix.os }} + + strategy: + fail-fast: false + matrix: + include: + - os: windows-latest + rid: win-x64 + - os: windows-latest + rid: win-arm64 + - os: ubuntu-latest + rid: linux-x64 + - os: ubuntu-latest + rid: linux-arm64 + - os: macos-latest + rid: osx-x64 + - os: macos-latest + rid: osx-arm64 + + steps: + - name: Checkout + uses: actions/checkout@v5 + + - name: Setup .NET 10 + uses: actions/setup-dotnet@v5 + with: + dotnet-version: 10.0.x + + - name: Validate signing secret + shell: bash + env: + SNK: ${{ secrets.SNK }} + run: | + if [ -z "$SNK" ]; then + echo "Missing required secret: SNK" >&2 + exit 1 + fi + + - name: Materialize strong-name key + shell: bash + env: + SNK: ${{ secrets.SNK }} + run: | + key_path="$RUNNER_TEMP/Seek.snk" + printf '%s' "$SNK" | base64 --decode > "$key_path" + echo "STRONG_NAME_KEY_PATH=$key_path" >> "$GITHUB_ENV" - name: Restore - run: dotnet restore ${{ env.CLI_PROJECT }} + run: dotnet restore ${{ env.CLI_PROJECT }} -r ${{ matrix.rid }} - - name: Pack tool package + - name: Pack RID-specific AOT tool package shell: bash run: | dotnet pack ${{ env.CLI_PROJECT }} \ -c Release \ --no-restore \ --nologo \ + -r ${{ matrix.rid }} \ -p:ContinuousIntegrationBuild=true \ -p:StrongNameKeyPath="$STRONG_NAME_KEY_PATH" \ + -p:PublishAot=true \ -o artifacts/nuget - name: Upload package artifacts uses: actions/upload-artifact@v6 with: - name: nuget-packages + name: nuget-package-${{ matrix.rid }} path: artifacts/nuget/* if-no-files-found: error - - name: Push package to NuGet.org + nuget-publish: + needs: + - metadata + - nuget-base + - nuget-rid + runs-on: ubuntu-latest + + steps: + - name: Setup .NET 10 + uses: actions/setup-dotnet@v5 + with: + dotnet-version: 10.0.x + + - name: Download base package artifacts + uses: actions/download-artifact@v6 + with: + name: nuget-packages-base + path: artifacts/nuget + + - name: Download RID package artifacts + uses: actions/download-artifact@v6 + with: + pattern: nuget-package-* + path: artifacts/nuget-rid + merge-multiple: true + + - name: Flatten package artifacts + shell: bash + run: | + mkdir -p artifacts/all-packages + find artifacts/nuget -type f \( -name '*.nupkg' -o -name '*.snupkg' \) -exec cp {} artifacts/all-packages/ \; + find artifacts/nuget-rid -type f \( -name '*.nupkg' -o -name '*.snupkg' \) -exec cp {} artifacts/all-packages/ \; + + - name: Push packages to NuGet.org shell: bash env: NUGET_API_KEY: ${{ secrets.NUGET_API_KEY }} run: | shopt -s nullglob - for package in artifacts/nuget/*.nupkg; do + for package in artifacts/all-packages/*.nupkg; do file_name="$(basename "$package")" if [[ "$file_name" == *.snupkg ]]; then continue @@ -105,25 +236,8 @@ jobs: --skip-duplicate done - - name: Create or update GitHub release - shell: bash - env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: | - tag="${{ steps.version.outputs.version }}" - - if gh release view "$tag" >/dev/null 2>&1; then - gh release edit "$tag" \ - --title "Release $tag" \ - --notes-file CHANGELOG.md - else - gh release create "$tag" \ - --title "Release $tag" \ - --notes-file CHANGELOG.md - fi - binaries: - needs: nuget + needs: metadata runs-on: ${{ matrix.os }} permissions: contents: write @@ -136,21 +250,19 @@ jobs: matrix: include: - os: windows-latest - arch: x86 + rid: win-x86 - os: windows-latest - arch: x64 + rid: win-x64 - os: windows-latest - arch: arm64 + rid: win-arm64 - os: ubuntu-latest - arch: x86 + rid: linux-x64 - os: ubuntu-latest - arch: x64 - - os: ubuntu-latest - arch: arm64 + rid: linux-arm64 - os: macos-latest - arch: x64 + rid: osx-x64 - os: macos-latest - arch: arm64 + rid: osx-arm64 steps: - name: Checkout @@ -165,7 +277,7 @@ jobs: uses: sigstore/cosign-installer@v4.0.0 - name: Restore - run: dotnet restore ${{ env.CLI_PROJECT }} --use-current-runtime + run: dotnet restore ${{ env.CLI_PROJECT }} -r ${{ matrix.rid }} - name: Validate signing secret shell: bash @@ -193,6 +305,7 @@ jobs: -c Release \ --no-restore \ --nologo \ + -r ${{ matrix.rid }} \ -p:ContinuousIntegrationBuild=true \ -p:StrongNameKeyPath="$STRONG_NAME_KEY_PATH" \ -o publish @@ -202,50 +315,81 @@ jobs: shell: bash run: | cd publish - zip -r "../seek-${{ matrix.os }}-${{ matrix.arch }}.zip" Seek + zip -r "../seek-${{ matrix.rid }}.zip" Seek - name: Package binary (Windows) if: runner.os == 'Windows' shell: pwsh run: | - Compress-Archive -Path "publish\Seek.exe" -DestinationPath "seek-${{ matrix.os }}-${{ matrix.arch }}.zip" + Compress-Archive -Path "publish\Seek.exe" -DestinationPath "seek-${{ matrix.rid }}.zip" - name: Generate artifact attestation uses: actions/attest-build-provenance@v3 with: - subject-path: seek-${{ matrix.os }}-${{ matrix.arch }}.zip + subject-path: seek-${{ matrix.rid }}.zip - name: Sigstore sign release zip shell: bash run: | cosign sign-blob --yes \ - --bundle "seek-${{ matrix.os }}-${{ matrix.arch }}.zip.sigstore.json" \ - "seek-${{ matrix.os }}-${{ matrix.arch }}.zip" + --bundle "seek-${{ matrix.rid }}.zip.sigstore.json" \ + "seek-${{ matrix.rid }}.zip" - name: Upload binary artifact uses: actions/upload-artifact@v6 with: - name: seek-${{ matrix.os }}-${{ matrix.arch }}.zip - path: seek-${{ matrix.os }}-${{ matrix.arch }}.zip + name: seek-${{ matrix.rid }}.zip + path: seek-${{ matrix.rid }}.zip if-no-files-found: error - name: Upload Sigstore bundle artifact uses: actions/upload-artifact@v6 with: - name: seek-${{ matrix.os }}-${{ matrix.arch }}.zip.sigstore.json - path: seek-${{ matrix.os }}-${{ matrix.arch }}.zip.sigstore.json + name: seek-${{ matrix.rid }}.zip.sigstore.json + path: seek-${{ matrix.rid }}.zip.sigstore.json if-no-files-found: error - - name: Upload binary to GitHub release + github-release: + needs: + - metadata + - binaries + runs-on: ubuntu-latest + + steps: + - name: Checkout + uses: actions/checkout@v5 + + - name: Download binary artifacts + uses: actions/download-artifact@v6 + with: + pattern: seek-* + path: release-artifacts + merge-multiple: true + + - name: Create or update GitHub release shell: bash env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | - gh release upload "${{ needs.nuget.outputs.version }}" "seek-${{ matrix.os }}-${{ matrix.arch }}.zip" --clobber + tag="${{ needs.metadata.outputs.version }}" - - name: Upload Sigstore bundle to GitHub release + if gh release view "$tag" >/dev/null 2>&1; then + gh release edit "$tag" \ + --title "Release $tag" \ + --notes-file CHANGELOG.md + else + gh release create "$tag" \ + --title "Release $tag" \ + --notes-file CHANGELOG.md + fi + + - name: Upload binaries to GitHub release shell: bash env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | - gh release upload "${{ needs.nuget.outputs.version }}" "seek-${{ matrix.os }}-${{ matrix.arch }}.zip.sigstore.json" --clobber + shopt -s nullglob + + for file in release-artifacts/*; do + gh release upload "${{ needs.metadata.outputs.version }}" "$file" --clobber + done diff --git a/CHANGELOG.md b/CHANGELOG.md index dab59fd..4c32819 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,10 @@ # Changelog -Initial release +## Unreleased + +- Publish runtime-specific native AOT NuGet tool packages for `win-x64`, `win-arm64`, `linux-x64`, `linux-arm64`, `osx-x64`, and `osx-arm64`. +- Publish a framework-dependent `Seek.any` NuGet tool package as a fallback for unsupported or generic environments. + +## 1.0.0 + +- Initial release diff --git a/README.md b/README.md index 7a3e1d2..9528a26 100644 --- a/README.md +++ b/README.md @@ -33,6 +33,8 @@ From NuGet: dotnet tool install --global Seek ``` +On supported runtimes, NuGet will resolve Seek's native AOT runtime package for the current machine automatically. A framework-dependent `Seek.any` fallback package is also published for unsupported or generic environments. + Precompiled binaries are also available in GitHub Releases. ## Agent Skill diff --git a/src/Seek.Cli/Seek.Cli.csproj b/src/Seek.Cli/Seek.Cli.csproj index 28629ba..aa836c6 100644 --- a/src/Seek.Cli/Seek.Cli.csproj +++ b/src/Seek.Cli/Seek.Cli.csproj @@ -3,19 +3,19 @@ Exe Seek net10.0 + 10.0.0 enable enable full preview Speed - false - false All true true true true true + true false true false @@ -27,7 +27,7 @@ https://github.com/dusrdev/Seek git true - CA1031;CA2007;CA2208 + CA1031;CA2007;CA2208;NU5119 @@ -39,6 +39,9 @@ Seek true ../.././nupkg + + win-x64;win-arm64;linux-x64;linux-arm64;osx-x64;osx-arm64;any + diff --git a/src/Seek.Core/Seek.Core.csproj b/src/Seek.Core/Seek.Core.csproj index daf519a..4fa6922 100644 --- a/src/Seek.Core/Seek.Core.csproj +++ b/src/Seek.Core/Seek.Core.csproj @@ -1,9 +1,11 @@  net10.0 + 10.0.0 enable enable true + true