chore: regenerate types and update recall AI package (#111) #27
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Publish Release | |
| on: | |
| push: | |
| branches: | |
| - main | |
| workflow_dispatch: | |
| inputs: | |
| tag: | |
| description: "Version tag (e.g. v0.1.0). Leave empty to reuse package.json." | |
| required: false | |
| type: string | |
| permissions: | |
| contents: write | |
| jobs: | |
| determine-version: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| should_publish: ${{ steps.detect.outputs.should_publish || steps.manual.outputs.should_publish }} | |
| version: ${{ steps.detect.outputs.version || steps.manual.outputs.version }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v5 | |
| with: | |
| fetch-depth: 0 | |
| - name: Manual version input | |
| if: github.event_name == 'workflow_dispatch' | |
| id: manual | |
| run: | | |
| VERSION="${{ inputs.tag }}" | |
| if [ -z "$VERSION" ]; then | |
| VERSION=$(jq -r .version package.json) | |
| fi | |
| VERSION="${VERSION#v}" | |
| if [ -z "$VERSION" ]; then | |
| echo "Failed to determine version for manual publish." | |
| exit 1 | |
| fi | |
| echo "Using manual version $VERSION" | |
| echo "should_publish=true" >> "$GITHUB_OUTPUT" | |
| echo "version=$VERSION" >> "$GITHUB_OUTPUT" | |
| - name: Detect version change on main | |
| if: github.event_name != 'workflow_dispatch' | |
| id: detect | |
| run: | | |
| if ! git rev-parse HEAD~1 >/dev/null 2>&1; then | |
| echo "Initial commit detected, skipping publish." | |
| echo "should_publish=false" >> "$GITHUB_OUTPUT" | |
| exit 0 | |
| fi | |
| CURRENT_VERSION=$(jq -r .version package.json) | |
| PREVIOUS_VERSION=$(git show HEAD~1:package.json | jq -r .version) | |
| if [ "$CURRENT_VERSION" = "$PREVIOUS_VERSION" ]; then | |
| echo "Version unchanged ($CURRENT_VERSION), skipping publish." | |
| echo "should_publish=false" >> "$GITHUB_OUTPUT" | |
| exit 0 | |
| fi | |
| echo "Detected version bump from $PREVIOUS_VERSION to $CURRENT_VERSION" | |
| echo "should_publish=true" >> "$GITHUB_OUTPUT" | |
| echo "version=$CURRENT_VERSION" >> "$GITHUB_OUTPUT" | |
| publish: | |
| needs: determine-version | |
| if: needs.determine-version.outputs.should_publish == 'true' | |
| runs-on: macos-latest | |
| env: | |
| GH_TOKEN: ${{ secrets.GH_PUBLISH_TOKEN }} | |
| GITHUB_TOKEN: ${{ secrets.GH_PUBLISH_TOKEN }} | |
| NODE_ENV: production | |
| APP_VERSION: ${{ needs.determine-version.outputs.version }} | |
| APPLE_CODESIGN_IDENTITY: ${{ secrets.APPLE_CODESIGN_IDENTITY }} | |
| APPLE_ID: ${{ secrets.APPLE_ID }} | |
| APPLE_APP_SPECIFIC_PASSWORD: ${{ secrets.APPLE_APP_SPECIFIC_PASSWORD }} | |
| APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} | |
| APPLE_CODESIGN_CERT_BASE64: ${{ secrets.APPLE_CODESIGN_CERT_BASE64 }} | |
| APPLE_CODESIGN_CERT_PASSWORD: ${{ secrets.APPLE_CODESIGN_CERT_PASSWORD }} | |
| APPLE_CODESIGN_KEYCHAIN_PASSWORD: ${{ secrets.APPLE_CODESIGN_KEYCHAIN_PASSWORD }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v5 | |
| with: | |
| fetch-depth: 0 | |
| - name: Setup pnpm | |
| uses: pnpm/action-setup@v4 | |
| with: | |
| version: 10.14.0 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: 22 | |
| cache: "pnpm" | |
| - name: Install dependencies | |
| run: pnpm install --frozen-lockfile | |
| - name: Import code signing certificate | |
| if: env.APPLE_CODESIGN_IDENTITY != '' | |
| env: | |
| CERT_BASE64: ${{ env.APPLE_CODESIGN_CERT_BASE64 }} | |
| CERT_PASSWORD: ${{ env.APPLE_CODESIGN_CERT_PASSWORD }} | |
| KEYCHAIN_PASSWORD: ${{ env.APPLE_CODESIGN_KEYCHAIN_PASSWORD }} | |
| run: | | |
| if [ -z "$CERT_BASE64" ] || [ -z "$CERT_PASSWORD" ] || [ -z "$KEYCHAIN_PASSWORD" ]; then | |
| echo "Missing code signing certificate secrets" | |
| exit 1 | |
| fi | |
| KEYCHAIN="$RUNNER_TEMP/codesign.keychain-db" | |
| echo "$CERT_BASE64" | base64 --decode > "$RUNNER_TEMP/certificate.p12" | |
| security create-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN" | |
| security set-keychain-settings -lut 21600 "$KEYCHAIN" | |
| security unlock-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN" | |
| security import "$RUNNER_TEMP/certificate.p12" -k "$KEYCHAIN" -P "$CERT_PASSWORD" -T /usr/bin/codesign -T /usr/bin/security | |
| security list-keychains -d user -s "$KEYCHAIN" $(security list-keychains -d user | tr -d '"') | |
| security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$KEYCHAIN_PASSWORD" "$KEYCHAIN" | |
| rm "$RUNNER_TEMP/certificate.p12" | |
| - name: Verify package version | |
| run: | | |
| PACKAGE_VERSION=$(jq -r .version package.json) | |
| if [ "$PACKAGE_VERSION" != "$APP_VERSION" ]; then | |
| echo "Package version $PACKAGE_VERSION does not match expected $APP_VERSION" | |
| exit 1 | |
| fi | |
| - name: Create or reuse tag | |
| run: | | |
| TAG="v$APP_VERSION" | |
| git fetch --tags | |
| if git rev-parse "refs/tags/$TAG" >/dev/null 2>&1; then | |
| echo "Tag $TAG already exists, reusing it." | |
| else | |
| git config user.name "posthog-bot" | |
| git config user.email "infra@posthog.com" | |
| git tag -a "$TAG" -m "Release $TAG" | |
| git push https://x-access-token:${GH_TOKEN}@github.com/${{ github.repository }} "$TAG" | |
| fi | |
| - name: Build native modules | |
| run: pnpm run build-native | |
| - name: Publish with Electron Forge | |
| run: pnpm run publish |