core/cli
8
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions 1
cli/pkg/release/release.go
Snider 5e2765fd5f feat: wire release command, add tar.xz support, unified installers (#277) 
* feat(cli): wire release command and add installer scripts

- Wire up `core build release` subcommand (was orphaned)
- Wire up `core monitor` command (missing import in full variant)
- Add installer scripts for Unix (.sh) and Windows (.bat)
  - setup: Interactive with variant selection
  - ci: Minimal for CI/CD environments
  - dev: Full development variant
  - go/php/agent: Targeted development variants
- All scripts include security hardening:
  - Secure temp directories (mktemp -d)
  - Architecture validation
  - Version validation after GitHub API call
  - Proper cleanup on exit
  - PowerShell PATH updates on Windows (avoids setx truncation)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* feat(build): add tar.xz support and unified installer scripts

- Add tar.xz archive support using Borg's compress package
  - ArchiveXZ() and ArchiveWithFormat() for configurable compression
  - Better compression ratio than gzip for release artifacts
- Consolidate 12 installer scripts into 2 unified scripts
  - install.sh and install.bat with BunnyCDN edge variable support
  - Subdomains: setup.core.help, ci.core.help, dev.core.help, etc.
  - MODE and VARIANT transformed at edge based on subdomain
- Installers prefer tar.xz with automatic fallback to tar.gz
- Fixed CodeRabbit issues: HTTP status patterns, tar error handling,
  verify_install params, VARIANT validation, CI PATH persistence

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* chore: add build and release config files

- .core/build.yaml - cross-platform build configuration
- .core/release.yaml - release workflow configuration

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* chore: move plans from docs/ to tasks/

Consolidate planning documents in tasks/plans/ directory.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* fix(install): address CodeRabbit review feedback

- Add curl timeout (--max-time) to prevent hanging on slow networks
- Rename TMPDIR to WORK_DIR to avoid clobbering system env var
- Add chmod +x to ensure binary has execute permissions
- Add error propagation after subroutine calls in batch file
- Remove System32 install attempt in CI mode (use consistent INSTALL_DIR)
- Fix HTTP status regex for HTTP/2 compatibility

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* feat(rag): add Go RAG implementation with Qdrant + Ollama

Add RAG (Retrieval Augmented Generation) tools for storing documentation
in Qdrant vector database and querying with semantic search. This replaces
the Python tools/rag implementation with a native Go solution.

New commands:
- core rag ingest [directory] - Ingest markdown files into Qdrant
- core rag query [question] - Query vector database with semantic search
- core rag collections - List and manage Qdrant collections

Features:
- Markdown chunking by sections and paragraphs with overlap
- UTF-8 safe text handling for international content
- Automatic category detection from file paths
- Multiple output formats: text, JSON, LLM context injection
- Environment variable support for host configuration

Dependencies:
- github.com/qdrant/go-client (gRPC client)
- github.com/ollama/ollama/api (embeddings API)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* feat(deploy): add pure-Go Ansible executor and Coolify API integration

Implement infrastructure deployment system with:

- pkg/ansible: Pure Go Ansible executor
  - Playbook/inventory parsing (types.go, parser.go)
  - Full execution engine with variable templating, loops, blocks,
    conditionals, handlers, and fact gathering (executor.go)
  - SSH client with key/password auth and privilege escalation (ssh.go)
  - 35+ module implementations: shell, command, copy, template, file,
    apt, service, systemd, user, group, git, docker_compose, etc. (modules.go)

- pkg/deploy/coolify: Coolify API client wrapping Python swagger client
  - List/get servers, projects, applications, databases, services
  - Generic Call() for any OpenAPI operation

- pkg/deploy/python: Embedded Python runtime for swagger client integration

- internal/cmd/deploy: CLI commands
  - core deploy servers/projects/apps/databases/services/team
  - core deploy call <operation> [params-json]

This enables Docker-free infrastructure deployment with Ansible-compatible
playbooks executed natively in Go.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* fix(deploy): address linter warnings and build errors

- Fix fmt.Sprintf format verb error in ssh.go (remove unused stat command)
- Fix errcheck warnings by explicitly ignoring best-effort operations
- Fix ineffassign warning in cmd_ansible.go

All golangci-lint checks now pass for deploy packages.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* style(deploy): fix gofmt formatting

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* fix(deploy): use known_hosts for SSH host key verification

Address CodeQL security alert by using the user's known_hosts file
for SSH host key verification when available. Falls back to accepting
any key only when known_hosts doesn't exist (common in containerized
or ephemeral environments).

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* feat(ai,security,ide): add agentic MVP, security jobs, and Core IDE desktop app

Wire up AI infrastructure with unified pkg/ai package (metrics JSONL,
RAG integration), move RAG under `core ai rag`, add `core ai metrics`
command, and enrich task context with Qdrant documentation.

Add `--target` flag to all security commands for external repo scanning,
`core security jobs` for distributing findings as GitHub Issues, and
consistent error logging across scan/deps/alerts/secrets commands.

Add Core IDE Wails v3 desktop app with Angular 20 frontend, MCP bridge
(loopback-only HTTP server), WebSocket hub, and Claude Code bridge.
Production-ready with Lethean CIC branding, macOS code signing support,
and security hardening (origin validation, body size limits, URL scheme
checks, memory leak prevention, XSS mitigation).

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* fix: address PR review comments from CodeRabbit, Copilot, and Gemini

Fixes across 25 files addressing 46+ review comments:

- pkg/ai/metrics.go: handle error from Close() on writable file handle
- pkg/ansible: restore loop vars after loop, restore become settings,
  fix Upload with become=true and no password (use sudo -n), honour
  SSH timeout config, use E() helper for contextual errors, quote git
  refs in checkout commands
- pkg/rag: validate chunk config, guard negative-to-uint64 conversion,
  use E() helper for errors, add context timeout to Ollama HTTP calls
- pkg/deploy/python: fix exec.ExitError type assertion (was os.PathError),
  handle os.UserHomeDir() error
- pkg/build/buildcmd: use cmd.Context() instead of context.Background()
  for proper Ctrl+C cancellation
- install.bat: add curl timeouts, CRLF line endings, use --connect-timeout
  for archive downloads
- install.sh: use absolute path for version check in CI mode
- tools/rag: fix broken ingest.py function def, escape HTML in query.py,
  pin qdrant-client version, add markdown code block languages
- internal/cmd/rag: add chunk size validation, env override handling

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* fix(build): make release dry-run by default and remove darwin/amd64 target

Replace --dry-run (default false) with --we-are-go-for-launch (default
false) so `core build release` is safe by default. Remove darwin/amd64
from default build targets (arm64 only for macOS). Fix cmd_project.go
to use command context instead of context.Background().

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-04 00:49:57 +00:00

430 lines
12 KiB
Go
Raw Blame History

// Package release provides release automation with changelog generation and publishing.
// It orchestrates the build system, changelog generation, and publishing to targets
// like GitHub Releases.
package release
import (
"context"
"fmt"
"path/filepath"
"strings"
"github.com/host-uk/core/pkg/build"
"github.com/host-uk/core/pkg/build/builders"
"github.com/host-uk/core/pkg/io"
"github.com/host-uk/core/pkg/release/publishers"
)
// Release represents a release with its version, artifacts, and changelog.
type Release struct {
// Version is the semantic version string (e.g., "v1.2.3").
Version string
// Artifacts are the built release artifacts (archives with checksums).
Artifacts []build.Artifact
// Changelog is the generated markdown changelog.
Changelog string
// ProjectDir is the root directory of the project.
ProjectDir string
}
// Publish publishes pre-built artifacts from dist/ to configured targets.
// Use this after `core build` to separate build and publish concerns.
// If dryRun is true, it will show what would be done without actually publishing.
func Publish(ctx context.Context, cfg *Config, dryRun bool) (*Release, error) {
if cfg == nil {
return nil, fmt.Errorf("release.Publish: config is nil")
}
projectDir := cfg.projectDir
if projectDir == "" {
projectDir = "."
}
// Resolve to absolute path
absProjectDir, err := filepath.Abs(projectDir)
if err != nil {
return nil, fmt.Errorf("release.Publish: failed to resolve project directory: %w", err)
}
// Step 1: Determine version
version := cfg.version
if version == "" {
version, err = DetermineVersion(absProjectDir)
if err != nil {
return nil, fmt.Errorf("release.Publish: failed to determine version: %w", err)
}
}
// Step 2: Find pre-built artifacts in dist/
distDir := filepath.Join(absProjectDir, "dist")
artifacts, err := findArtifacts(distDir)
if err != nil {
return nil, fmt.Errorf("release.Publish: %w", err)
}
if len(artifacts) == 0 {
return nil, fmt.Errorf("release.Publish: no artifacts found in dist/\nRun 'core build' first to create artifacts")
}
// Step 3: Generate changelog
changelog, err := Generate(absProjectDir, "", version)
if err != nil {
// Non-fatal: continue with empty changelog
changelog = fmt.Sprintf("Release %s", version)
}
release := &Release{
Version: version,
Artifacts: artifacts,
Changelog: changelog,
ProjectDir: absProjectDir,
}
// Step 4: Publish to configured targets
if len(cfg.Publishers) > 0 {
pubRelease := publishers.NewRelease(release.Version, release.Artifacts, release.Changelog, release.ProjectDir)
for _, pubCfg := range cfg.Publishers {
publisher, err := getPublisher(pubCfg.Type)
if err != nil {
return release, fmt.Errorf("release.Publish: %w", err)
}
extendedCfg := buildExtendedConfig(pubCfg)
publisherCfg := publishers.NewPublisherConfig(pubCfg.Type, pubCfg.Prerelease, pubCfg.Draft, extendedCfg)
if err := publisher.Publish(ctx, pubRelease, publisherCfg, cfg, dryRun); err != nil {
return release, fmt.Errorf("release.Publish: publish to %s failed: %w", pubCfg.Type, err)
}
}
}
return release, nil
}
// findArtifacts discovers pre-built artifacts in the dist directory.
func findArtifacts(distDir string) ([]build.Artifact, error) {
if !io.Local.IsDir(distDir) {
return nil, fmt.Errorf("dist/ directory not found")
}
var artifacts []build.Artifact
entries, err := io.Local.List(distDir)
if err != nil {
return nil, fmt.Errorf("failed to read dist/: %w", err)
}
for _, entry := range entries {
if entry.IsDir() {
continue
}
name := entry.Name()
path := filepath.Join(distDir, name)
// Include archives and checksums
if strings.HasSuffix(name, ".tar.gz") ||
strings.HasSuffix(name, ".zip") ||
strings.HasSuffix(name, ".txt") ||
strings.HasSuffix(name, ".sig") {
artifacts = append(artifacts, build.Artifact{Path: path})
}
}
return artifacts, nil
}
// Run executes the full release process: determine version, build artifacts,
// generate changelog, and publish to configured targets.
// For separated concerns, prefer using `core build` then `core ci` (Publish).
// If dryRun is true, it will show what would be done without actually publishing.
func Run(ctx context.Context, cfg *Config, dryRun bool) (*Release, error) {
if cfg == nil {
return nil, fmt.Errorf("release.Run: config is nil")
}
projectDir := cfg.projectDir
if projectDir == "" {
projectDir = "."
}
// Resolve to absolute path
absProjectDir, err := filepath.Abs(projectDir)
if err != nil {
return nil, fmt.Errorf("release.Run: failed to resolve project directory: %w", err)
}
// Step 1: Determine version
version := cfg.version
if version == "" {
version, err = DetermineVersion(absProjectDir)
if err != nil {
return nil, fmt.Errorf("release.Run: failed to determine version: %w", err)
}
}
// Step 2: Generate changelog
changelog, err := Generate(absProjectDir, "", version)
if err != nil {
// Non-fatal: continue with empty changelog
changelog = fmt.Sprintf("Release %s", version)
}
// Step 3: Build artifacts
artifacts, err := buildArtifacts(ctx, cfg, absProjectDir, version)
if err != nil {
return nil, fmt.Errorf("release.Run: build failed: %w", err)
}
release := &Release{
Version: version,
Artifacts: artifacts,
Changelog: changelog,
ProjectDir: absProjectDir,
}
// Step 4: Publish to configured targets
if len(cfg.Publishers) > 0 {
// Convert to publisher types
pubRelease := publishers.NewRelease(release.Version, release.Artifacts, release.Changelog, release.ProjectDir)
for _, pubCfg := range cfg.Publishers {
publisher, err := getPublisher(pubCfg.Type)
if err != nil {
return release, fmt.Errorf("release.Run: %w", err)
}
// Build extended config for publisher-specific settings
extendedCfg := buildExtendedConfig(pubCfg)
publisherCfg := publishers.NewPublisherConfig(pubCfg.Type, pubCfg.Prerelease, pubCfg.Draft, extendedCfg)
if err := publisher.Publish(ctx, pubRelease, publisherCfg, cfg, dryRun); err != nil {
return release, fmt.Errorf("release.Run: publish to %s failed: %w", pubCfg.Type, err)
}
}
}
return release, nil
}
// buildArtifacts builds all artifacts for the release.
func buildArtifacts(ctx context.Context, cfg *Config, projectDir, version string) ([]build.Artifact, error) {
// Load build configuration
buildCfg, err := build.LoadConfig(projectDir)
if err != nil {
return nil, fmt.Errorf("failed to load build config: %w", err)
}
// Determine targets
var targets []build.Target
if len(cfg.Build.Targets) > 0 {
for _, t := range cfg.Build.Targets {
targets = append(targets, build.Target{OS: t.OS, Arch: t.Arch})
}
} else if len(buildCfg.Targets) > 0 {
targets = buildCfg.ToTargets()
} else {
// Default targets
targets = []build.Target{
{OS: "linux", Arch: "amd64"},
{OS: "linux", Arch: "arm64"},
{OS: "darwin", Arch: "arm64"},
{OS: "windows", Arch: "amd64"},
}
}
// Determine binary name
binaryName := cfg.Project.Name
if binaryName == "" {
binaryName = buildCfg.Project.Binary
}
if binaryName == "" {
binaryName = buildCfg.Project.Name
}
if binaryName == "" {
binaryName = filepath.Base(projectDir)
}
// Determine output directory
outputDir := filepath.Join(projectDir, "dist")
// Get builder (detect project type)
projectType, err := build.PrimaryType(projectDir)
if err != nil {
return nil, fmt.Errorf("failed to detect project type: %w", err)
}
builder, err := getBuilder(projectType)
if err != nil {
return nil, err
}
// Build configuration
buildConfig := &build.Config{
ProjectDir: projectDir,
OutputDir: outputDir,
Name: binaryName,
Version: version,
LDFlags: buildCfg.Build.LDFlags,
}
// Build
artifacts, err := builder.Build(ctx, buildConfig, targets)
if err != nil {
return nil, fmt.Errorf("build failed: %w", err)
}
// Archive artifacts
archivedArtifacts, err := build.ArchiveAll(artifacts)
if err != nil {
return nil, fmt.Errorf("archive failed: %w", err)
}
// Compute checksums
checksummedArtifacts, err := build.ChecksumAll(archivedArtifacts)
if err != nil {
return nil, fmt.Errorf("checksum failed: %w", err)
}
// Write CHECKSUMS.txt
checksumPath := filepath.Join(outputDir, "CHECKSUMS.txt")
if err := build.WriteChecksumFile(checksummedArtifacts, checksumPath); err != nil {
return nil, fmt.Errorf("failed to write checksums file: %w", err)
}
// Add CHECKSUMS.txt as an artifact
checksumArtifact := build.Artifact{
Path: checksumPath,
}
checksummedArtifacts = append(checksummedArtifacts, checksumArtifact)
return checksummedArtifacts, nil
}
// getBuilder returns the appropriate builder for the project type.
func getBuilder(projectType build.ProjectType) (build.Builder, error) {
switch projectType {
case build.ProjectTypeWails:
return builders.NewWailsBuilder(), nil
case build.ProjectTypeGo:
return builders.NewGoBuilder(), nil
case build.ProjectTypeNode:
return nil, fmt.Errorf("Node.js builder not yet implemented")
case build.ProjectTypePHP:
return nil, fmt.Errorf("PHP builder not yet implemented")
default:
return nil, fmt.Errorf("unsupported project type: %s", projectType)
}
}
// getPublisher returns the publisher for the given type.
func getPublisher(pubType string) (publishers.Publisher, error) {
switch pubType {
case "github":
return publishers.NewGitHubPublisher(), nil
case "linuxkit":
return publishers.NewLinuxKitPublisher(), nil
case "docker":
return publishers.NewDockerPublisher(), nil
case "npm":
return publishers.NewNpmPublisher(), nil
case "homebrew":
return publishers.NewHomebrewPublisher(), nil
case "scoop":
return publishers.NewScoopPublisher(), nil
case "aur":
return publishers.NewAURPublisher(), nil
case "chocolatey":
return publishers.NewChocolateyPublisher(), nil
default:
return nil, fmt.Errorf("unsupported publisher type: %s", pubType)
}
}
// buildExtendedConfig builds a map of extended configuration for a publisher.
func buildExtendedConfig(pubCfg PublisherConfig) map[string]any {
ext := make(map[string]any)
// LinuxKit-specific config
if pubCfg.Config != "" {
ext["config"] = pubCfg.Config
}
if len(pubCfg.Formats) > 0 {
ext["formats"] = toAnySlice(pubCfg.Formats)
}
if len(pubCfg.Platforms) > 0 {
ext["platforms"] = toAnySlice(pubCfg.Platforms)
}
// Docker-specific config
if pubCfg.Registry != "" {
ext["registry"] = pubCfg.Registry
}
if pubCfg.Image != "" {
ext["image"] = pubCfg.Image
}
if pubCfg.Dockerfile != "" {
ext["dockerfile"] = pubCfg.Dockerfile
}
if len(pubCfg.Tags) > 0 {
ext["tags"] = toAnySlice(pubCfg.Tags)
}
if len(pubCfg.BuildArgs) > 0 {
args := make(map[string]any)
for k, v := range pubCfg.BuildArgs {
args[k] = v
}
ext["build_args"] = args
}
// npm-specific config
if pubCfg.Package != "" {
ext["package"] = pubCfg.Package
}
if pubCfg.Access != "" {
ext["access"] = pubCfg.Access
}
// Homebrew-specific config
if pubCfg.Tap != "" {
ext["tap"] = pubCfg.Tap
}
if pubCfg.Formula != "" {
ext["formula"] = pubCfg.Formula
}
// Scoop-specific config
if pubCfg.Bucket != "" {
ext["bucket"] = pubCfg.Bucket
}
// AUR-specific config
if pubCfg.Maintainer != "" {
ext["maintainer"] = pubCfg.Maintainer
}
// Chocolatey-specific config
if pubCfg.Push {
ext["push"] = pubCfg.Push
}
// Official repo config (shared by multiple publishers)
if pubCfg.Official != nil {
official := make(map[string]any)
official["enabled"] = pubCfg.Official.Enabled
if pubCfg.Official.Output != "" {
official["output"] = pubCfg.Official.Output
}
ext["official"] = official
}
return ext
}
// toAnySlice converts a string slice to an any slice.
func toAnySlice(s []string) []any {
result := make([]any, len(s))
for i, v := range s {
result[i] = v
}
return result
}
Reference in a new issue View git blame Copy permalink