From 85ae08bac0a34f6bda8b6de26bfa53d061527552 Mon Sep 17 00:00:00 2001 From: &mile Date: Tue, 19 May 2026 20:44:12 +0200 Subject: [PATCH 1/3] refactor(cli): replace SEA binary build with plain shell script release The CLI is a pure POSIX sh script (arrhes.sh), so: - Remove 4-OS matrix build, pnpm install, metadata build, SEA blob generation, UPX compression, and npm publish from the release workflow - Upload arrhes.sh, install.sh, install.ps1 directly as release assets using gh CLI - install.sh: remove platform/arch detection, download arrhes.sh directly - install.ps1: remove .exe download, install arrhes.sh (requires Git Bash/WSL) - package.json: strip bin, main, files, postject devDependency - Remove sea-config.json --- .github/workflows/cli-release.yml | 160 ++---------------------------- packages/cli/install.ps1 | 14 +-- packages/cli/install.sh | 12 +-- packages/cli/package.json | 17 +--- packages/cli/sea-config.json | 5 - 5 files changed, 18 insertions(+), 190 deletions(-) delete mode 100644 packages/cli/sea-config.json diff --git a/.github/workflows/cli-release.yml b/.github/workflows/cli-release.yml index ddd0a8b4..f233182c 100644 --- a/.github/workflows/cli-release.yml +++ b/.github/workflows/cli-release.yml @@ -3,165 +3,21 @@ name: Release CLI on: release: types: [published] - workflow_dispatch: - inputs: - publish_npm: - description: "Publish to npm" - type: boolean - default: false jobs: - build-binaries: - name: Build binary (${{ matrix.asset_name }}) - runs-on: ${{ matrix.os }} - strategy: - matrix: - include: - - os: ubuntu-22.04 - asset_name: arrhes-linux-x64 - node_version: 22 - - os: macos-13 - asset_name: arrhes-macos-x64 - node_version: 22 - - os: macos-15 - asset_name: arrhes-macos-arm64 - node_version: 22 - - os: windows-2025 - asset_name: arrhes-windows-x64.exe - node_version: 22 - - steps: - - name: Checkout - uses: actions/checkout@v5 - - - name: Set up Node.js - uses: actions/setup-node@v5 - with: - node-version: ${{ matrix.node_version }} - - - name: Install pnpm - run: npm install -g pnpm - - - name: Install dependencies - run: CI=true pnpm install --no-frozen-lockfile - - - name: Build metadata - run: pnpm --filter @arrhes/application-metadata build - - - name: Generate SEA blob - working-directory: packages/cli - run: node --experimental-sea-config sea-config.json - - - name: Create standalone binary (Linux / macOS) - if: runner.os != 'Windows' - working-directory: packages/cli - run: | - mkdir -p binaries - cp $(which node) binaries/${{ matrix.asset_name }} - node_modules/.bin/postject binaries/${{ matrix.asset_name }} NODE_SEA_BLOB sea-prep.blob \ - --sentinel-fuse NODE_SEA_FUSE_fce680ab2cc467b6e072b8b5df1996b2 - if [[ "$RUNNER_OS" == "macOS" ]]; then - # macOS: codesign BEFORE UPX (UPX is skipped on macOS — breaks signing) - codesign --sign - binaries/${{ matrix.asset_name }} - fi - - - name: Create standalone binary (Windows) - if: runner.os == 'Windows' - working-directory: packages/cli - shell: pwsh - run: | - New-Item -ItemType Directory -Force -Path binaries - $nodePath = (Get-Command node).Source - Copy-Item $nodePath binaries\${{ matrix.asset_name }} - node_modules\.bin\postject binaries\${{ matrix.asset_name }} NODE_SEA_BLOB sea-prep.blob ` - --sentinel-fuse NODE_SEA_FUSE_fce680ab2cc467b6e072b8b5df1996b2 - - # UPX compresses ~60-65% (123 MB → ~40 MB). - # Skipped on macOS: UPX invalidates the codesignature and Gatekeeper rejects the binary. - - name: Compress binary with UPX (Linux) - if: runner.os == 'Linux' - working-directory: packages/cli - run: | - sudo apt-get install -y upx-ucl -q - upx --best --lzma binaries/${{ matrix.asset_name }} - - - name: Compress binary with UPX (Windows) - if: runner.os == 'Windows' - working-directory: packages/cli - shell: pwsh - run: | - choco install upx -y --no-progress - upx --best --lzma binaries\${{ matrix.asset_name }} - - - name: Upload binary to release - if: github.event_name == 'release' - uses: actions/upload-release-asset@v1 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - upload_url: ${{ github.event.release.upload_url }} - asset_path: packages/cli/binaries/${{ matrix.asset_name }} - asset_name: ${{ matrix.asset_name }} - asset_content_type: application/octet-stream - - # Upload install scripts once (only from the Linux runner to avoid duplicates) - - name: Upload install.sh to release - if: github.event_name == 'release' && runner.os == 'Linux' - uses: actions/upload-release-asset@v1 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - upload_url: ${{ github.event.release.upload_url }} - asset_path: packages/cli/install.sh - asset_name: install.sh - asset_content_type: text/plain - - - name: Upload install.ps1 to release - if: github.event_name == 'release' && runner.os == 'Linux' - uses: actions/upload-release-asset@v1 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - upload_url: ${{ github.event.release.upload_url }} - asset_path: packages/cli/install.ps1 - asset_name: install.ps1 - asset_content_type: text/plain - - publish-npm: - name: Publish to npm + upload-assets: + name: Upload CLI scripts runs-on: ubuntu-22.04 - needs: build-binaries - if: github.event_name == 'release' || inputs.publish_npm steps: - name: Checkout uses: actions/checkout@v5 - - name: Set up Node.js - uses: actions/setup-node@v5 - with: - node-version: 22 - registry-url: https://registry.npmjs.org - - - name: Install pnpm - run: npm install -g pnpm - - - name: Install dependencies - run: CI=true pnpm install --no-frozen-lockfile - - - name: Build metadata - run: pnpm --filter @arrhes/application-metadata build - - - name: Set version from release tag - if: github.event_name == 'release' - working-directory: packages/cli + - name: Upload release assets run: | - VERSION="${{ github.event.release.tag_name }}" - VERSION="${VERSION#v}" # strip leading 'v' - npm pkg set version="$VERSION" - - - name: Publish - working-directory: packages/cli - run: npm publish --access public + gh release upload "${{ github.event.release.tag_name }}" \ + packages/cli/arrhes.sh \ + packages/cli/install.sh \ + packages/cli/install.ps1 env: - NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/packages/cli/install.ps1 b/packages/cli/install.ps1 index 2602c479..b937ca72 100644 --- a/packages/cli/install.ps1 +++ b/packages/cli/install.ps1 @@ -1,19 +1,21 @@ -# Arrhes CLI installer for Windows +# Arrhes CLI installer for Windows (Git Bash / WSL) # Usage: irm https://arrhes.com/cli/install.ps1 | iex $ErrorActionPreference = "Stop" $REPO = "arrhes/application" -$INSTALL_DIR = if ($env:ARRHES_INSTALL_DIR) { $env:ARRHES_INSTALL_DIR } else { "$env:LOCALAPPDATA\Programs\arrhes" } -$DEST = "$INSTALL_DIR\arrhes.exe" +$INSTALL_DIR = if ($env:ARRHES_INSTALL_DIR) { $env:ARRHES_INSTALL_DIR } else { "$env:USERPROFILE\.local\bin" } +$DEST = "$INSTALL_DIR\arrhes" -$URL = "https://github.com/$REPO/releases/latest/download/arrhes-windows-x64.exe" +$URL = "https://github.com/$REPO/releases/latest/download/arrhes.sh" Write-Host "Downloading arrhes CLI..." New-Item -ItemType Directory -Force -Path $INSTALL_DIR | Out-Null Invoke-WebRequest -Uri $URL -OutFile $DEST Write-Host "Installed: $DEST" -Write-Host "Version: $(& $DEST --version)" +Write-Host "" +Write-Host "Note: arrhes requires Git Bash or WSL to run." +Write-Host "From Git Bash / WSL, run: arrhes --help" # PATH hint $userPath = [Environment]::GetEnvironmentVariable("PATH", "User") @@ -23,6 +25,4 @@ if ($INSTALL_DIR -notin $paths) { Write-Host "Add to PATH by running:" Write-Host " [Environment]::SetEnvironmentVariable('PATH', `$env:PATH + ';$INSTALL_DIR', 'User')" Write-Host "Then restart your terminal." -} else { - Write-Host "Run: arrhes --help" } diff --git a/packages/cli/install.sh b/packages/cli/install.sh index f60e380c..1c4b6bc5 100644 --- a/packages/cli/install.sh +++ b/packages/cli/install.sh @@ -9,17 +9,7 @@ DEST="${INSTALL_DIR}/arrhes" command -v curl >/dev/null 2>&1 || { echo "Error: curl is required."; exit 1; } -# Detect platform -OS="$(uname -s)" -ARCH="$(uname -m)" -case "${OS}-${ARCH}" in - Linux-x86_64) ASSET="arrhes-linux-x64" ;; - Darwin-x86_64) ASSET="arrhes-macos-x64" ;; - Darwin-arm64) ASSET="arrhes-macos-arm64" ;; - *) echo "Unsupported platform: ${OS}-${ARCH}"; exit 1 ;; -esac - -URL="https://github.com/${REPO}/releases/latest/download/${ASSET}" +URL="https://github.com/${REPO}/releases/latest/download/arrhes.sh" echo "Downloading arrhes CLI (${ASSET})..." mkdir -p "$INSTALL_DIR" diff --git a/packages/cli/package.json b/packages/cli/package.json index 395319f1..5b36759c 100644 --- a/packages/cli/package.json +++ b/packages/cli/package.json @@ -1,17 +1,4 @@ { "name": "@arrhes/cli", - "version": "0.1.0", - "bin": { - "arrhes": "dist/index.cjs" - }, - "main": "dist/index.cjs", - "files": [ - "dist" - ], - "publishConfig": { - "access": "public" - }, - "devDependencies": { - "postject": "1.0.0-alpha.6" - } -} + "version": "0.1.0" +} \ No newline at end of file diff --git a/packages/cli/sea-config.json b/packages/cli/sea-config.json deleted file mode 100644 index 887eb2d8..00000000 --- a/packages/cli/sea-config.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "main": "dist/index.cjs", - "output": "sea-prep.blob", - "disableExperimentalSEAWarning": true -} From 9d38ff769f1ed90aa1555a20b48ac601174ef4f5 Mon Sep 17 00:00:00 2001 From: &mile Date: Tue, 19 May 2026 20:46:20 +0200 Subject: [PATCH 2/3] chore(release): v1.3.2 --- VERSION | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERSION b/VERSION index 23c38c24..bb8edae9 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -v1.3.1 \ No newline at end of file +v1.3.2 \ No newline at end of file From 1b610e50ae98b69a0688d43fc3605ba2bc2bbc9f Mon Sep 17 00:00:00 2001 From: &mile Date: Tue, 19 May 2026 21:00:24 +0200 Subject: [PATCH 3/3] chore: remove --frozen-lockfile from build Dockerfiles --- .workflows/build/packages/api/Dockerfile | 2 +- .workflows/build/packages/ci/Dockerfile | 2 +- .workflows/build/packages/website/Dockerfile | 2 +- .workflows/build/packages/worker/Dockerfile | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.workflows/build/packages/api/Dockerfile b/.workflows/build/packages/api/Dockerfile index 8128fe71..e8d0297a 100644 --- a/.workflows/build/packages/api/Dockerfile +++ b/.workflows/build/packages/api/Dockerfile @@ -7,7 +7,7 @@ RUN npm install -g pnpm@10.26.1 FROM base AS build WORKDIR /root COPY . . -RUN pnpm install --frozen-lockfile +RUN pnpm install RUN pnpm --filter @arrhes/application-api... run build # Create a self-contained deploy output with production dependencies only diff --git a/.workflows/build/packages/ci/Dockerfile b/.workflows/build/packages/ci/Dockerfile index 7186f5e7..ee105cb7 100644 --- a/.workflows/build/packages/ci/Dockerfile +++ b/.workflows/build/packages/ci/Dockerfile @@ -21,7 +21,7 @@ COPY packages/ ./packages/ COPY tests/ ./tests/ # Install dependencies -RUN pnpm install --frozen-lockfile +RUN pnpm install # Build all packages (must run before tests so workspace deps are compiled) RUN pnpm run build diff --git a/.workflows/build/packages/website/Dockerfile b/.workflows/build/packages/website/Dockerfile index 79010cd7..7e5e1ea1 100644 --- a/.workflows/build/packages/website/Dockerfile +++ b/.workflows/build/packages/website/Dockerfile @@ -12,7 +12,7 @@ ARG VITE_API_BASE_URL WORKDIR /root COPY . . -RUN pnpm install --frozen-lockfile +RUN pnpm install # Write VITE_* build args to .env so Vite can read them during build. # Vite reads import.meta.env from .env files, not from process.env. diff --git a/.workflows/build/packages/worker/Dockerfile b/.workflows/build/packages/worker/Dockerfile index cf50b47a..6a438b13 100644 --- a/.workflows/build/packages/worker/Dockerfile +++ b/.workflows/build/packages/worker/Dockerfile @@ -7,7 +7,7 @@ RUN npm install -g pnpm@10.26.1 FROM base AS build WORKDIR /root COPY . . -RUN pnpm install --frozen-lockfile +RUN pnpm install RUN pnpm --filter @evidensy/worker... run build # Create a self-contained deploy output with production dependencies only