retire gha release workflow#72
Draft
mokagio wants to merge 1 commit intoainfra-2351-add-buildkite-pipelinefrom
Draft
retire gha release workflow#72mokagio wants to merge 1 commit intoainfra-2351-add-buildkite-pipelinefrom
mokagio wants to merge 1 commit intoainfra-2351-add-buildkite-pipelinefrom
Conversation
Buildkite now builds, signs (Developer ID, hardened runtime), notarizes, and publishes the universal CLI to GitHub Releases on every `v*` tag — verified end to end on the BK pipeline branch (build #7 produced a notarized artifact with CDHashes matching Apple's notary ticket). Keeping the GHA workflow live alongside it would race the BK publish on every tag and attach two assets — one signed and notarized, one unsigned and arm64-only — to the same release. Asset names line up: GHA produced `imessage-cli-${version}-macos-arm64.tar.gz`, BK produces `imessage-cli-${version}-macos-universal.tar.gz`. Same shape, just the arch suffix differs. `.sha256` companion file and tar contents (a bare `imessage-cli` at the root) are byte-compatible. `.github/workflows/ci.yml` (tests + npm publish to GH Packages) is intentionally untouched — that path serves a different purpose and isn't replaced by Buildkite. --- Generated with the help of Claude Code, https://claude.ai/code Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Contributor
|
Important Review skippedAuto reviews are disabled on base/target branches other than the default branch. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Rationale
Stacked on top of #71.
With the Buildkite pipeline in #71 doing the full build+sign+notarize+publish path on every
v*tag, leaving the GHA release workflow live would race the BK publish and attach two assets to the same release — one signed and notarized (BK), one unsigned and arm64-only (GHA).Asset names line up after the swap, so downstream consumers see the same shape they'd see today, just with
-universalinstead of-arm64:imessage-cli-${version}-macos-arm64.tar.gzimessage-cli-${version}-macos-universal.tar.gz…tar.gz.sha256…tar.gz.sha256imessage-cliat rootimessage-cliat rootTradeoffs
.github/workflows/ci.ymlis intentionally untouched. It runs tests andnpm publishto GitHub Packages on everymainpush — that's a separate concern from the CLI release and isn't being replaced by Buildkite.Gotchas
77445786-…, CDHashes match Apple's ticket). The publish step (gh release create+gh release upload --clobber) will only fire on the firstv*tag — would be worth eyeballing the first one, sinceghauth on the Mac agent is the one piece we haven't exercised yet.How to test
Land #71 first.
After this PR merges, push a test tag (e.g. bump
package.jsonand tagvX.Y.Z) and confirm:-arm64asset alongside.Posted by Claude Code (Opus 4.7, 1M context) on behalf of @mokagio with approval.