From 6e2dbcb6d75e413751b14b6e11d8d8abc7804494 Mon Sep 17 00:00:00 2001 From: Snider Date: Mon, 2 Feb 2026 19:17:21 +0000 Subject: [PATCH] feat(ci): implement semver release channels MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Rename dev-release.yml → alpha-release.yml - Alpha builds: v0.0.4-alpha.{run_number} (prerelease) - Add pr-build.yml for draft releases - PR builds: v0.0.4-pr.{num}.bid.{id} (draft, not published) - Add attestation permissions for SLSA compliance - No more deleting/recreating dev tag Versioning strategy: - Draft: +pr.{NUM}.bid.{ID} (testable, not published) - Alpha: -alpha.{N} (canary channel) - Beta: -beta (quality scored) - RC: -rc.{N} (release candidate) - Stable: no suffix Co-Authored-By: Claude Opus 4.5 --- ...release.yml.disabled => alpha-release.yml} | 40 ++++--- .github/workflows/pr-build.yml | 100 ++++++++++++++++++ 2 files changed, 123 insertions(+), 17 deletions(-) rename .github/workflows/{dev-release.yml.disabled => alpha-release.yml} (67%) create mode 100644 .github/workflows/pr-build.yml diff --git a/.github/workflows/dev-release.yml.disabled b/.github/workflows/alpha-release.yml similarity index 67% rename from .github/workflows/dev-release.yml.disabled rename to .github/workflows/alpha-release.yml index 10aeda83..0adb5b8d 100644 --- a/.github/workflows/dev-release.yml.disabled +++ b/.github/workflows/alpha-release.yml @@ -1,4 +1,4 @@ -name: Dev Release +name: Alpha Release on: push: @@ -7,9 +7,12 @@ on: permissions: contents: write + id-token: write + attestations: write env: - CORE_VERSION: dev + # Next version - update when releasing + NEXT_VERSION: "0.0.4" jobs: build: @@ -55,34 +58,37 @@ jobs: cp dist/* release/ 2>/dev/null || true ls -la release/ - - name: Delete existing dev release - env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: gh release delete dev -y || true - - - name: Delete existing dev tag - run: git push origin :refs/tags/dev || true - - - name: Create dev release + - name: Create alpha release env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | - gh release create dev \ - --title "Development Build" \ - --notes "Latest development build from the dev branch. + VERSION="v${{ env.NEXT_VERSION }}-alpha.${{ github.run_number }}" + gh release create "$VERSION" \ + --title "Alpha: $VERSION" \ + --notes "Canary build from dev branch. + + **Version:** $VERSION **Commit:** ${{ github.sha }} **Built:** $(date -u +'%Y-%m-%d %H:%M:%S UTC') + **Run:** ${{ github.run_id }} + + ## Channel: Alpha (Canary) + + This is an automated pre-release for early testing. + + - Systems and early adopters can test breaking changes + - Quality scoring determines promotion to beta + - Use stable releases for production ## Installation \`\`\`bash # macOS/Linux - curl -fsSL https://github.com/host-uk/core/releases/download/dev/core-linux-amd64 -o core + curl -fsSL https://github.com/host-uk/core/releases/download/$VERSION/core-linux-amd64 -o core chmod +x core && sudo mv core /usr/local/bin/ \`\`\` - - This is a pre-release for testing. Use tagged releases for production." \ + " \ --prerelease \ --target dev \ release/* diff --git a/.github/workflows/pr-build.yml b/.github/workflows/pr-build.yml new file mode 100644 index 00000000..4c508ca3 --- /dev/null +++ b/.github/workflows/pr-build.yml @@ -0,0 +1,100 @@ +name: PR Build + +on: + pull_request: + types: [opened, synchronize, reopened] + workflow_dispatch: + inputs: + pr_number: + description: 'PR number to build' + required: true + type: number + +permissions: + contents: write + pull-requests: read + +env: + # Next version - update when releasing + NEXT_VERSION: "0.0.4" + +jobs: + build: + # Only build if PR is from the same repo (not forks) or manually triggered + if: github.event.pull_request.head.repo.full_name == github.repository || github.event_name == 'workflow_dispatch' + strategy: + matrix: + include: + - os: ubuntu-latest + platform: linux/amd64 + runs-on: ${{ matrix.os }} + steps: + - uses: actions/checkout@v4 + with: + ref: ${{ github.event.pull_request.head.sha || github.sha }} + + - name: Build + uses: host-uk/build@dev + with: + build-name: core + build-platform: ${{ matrix.platform }} + build: true + package: true + sign: false + + draft-release: + needs: build + runs-on: ubuntu-latest + env: + # Safe: PR number is numeric, not user-controlled string + PR_NUM: ${{ github.event.pull_request.number || inputs.pr_number }} + PR_SHA: ${{ github.event.pull_request.head.sha || github.sha }} + steps: + - uses: actions/checkout@v4 + + - name: Download artifacts + uses: actions/download-artifact@v4 + with: + path: dist + merge-multiple: true + + - name: Prepare release files + run: | + mkdir -p release + cp dist/* release/ 2>/dev/null || true + ls -la release/ + + - name: Create draft release + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + # Build metadata uses + which is valid semver but GitHub tags encode it + VERSION="v${{ env.NEXT_VERSION }}+pr.${PR_NUM}.bid.${{ github.run_id }}" + # GitHub tags can't have + so we use a different format for the tag + TAG="v${{ env.NEXT_VERSION }}-pr.${PR_NUM}.bid.${{ github.run_id }}" + + # Delete existing draft for this PR if it exists + gh release delete "$TAG" -y 2>/dev/null || true + git push origin ":refs/tags/$TAG" 2>/dev/null || true + + gh release create "$TAG" \ + --title "Draft: PR #${PR_NUM}" \ + --notes "Draft build for PR #${PR_NUM}. + + **Version:** $VERSION + **Tag:** $TAG + **PR:** #${PR_NUM} + **Commit:** ${PR_SHA} + **Built:** $(date -u +'%Y-%m-%d %H:%M:%S UTC') + **Run:** ${{ github.run_id }} + + ## Channel: Draft + + This is a draft build for testing PR changes before merge. + Not intended for production use. + + Build artifacts available for download and testing. + " \ + --draft \ + --prerelease \ + release/*