From 8eb6b2edfe9fc2a10c1143bda5ee42e6dc5dad10 Mon Sep 17 00:00:00 2001 From: Daniel Binyamin Date: Wed, 28 Jan 2026 16:35:50 +0200 Subject: [PATCH 1/6] release github action --- .github/workflows/release.yaml | 50 ++++++++++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) create mode 100644 .github/workflows/release.yaml diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml new file mode 100644 index 0000000..cee6e55 --- /dev/null +++ b/.github/workflows/release.yaml @@ -0,0 +1,50 @@ +name: Release Homecli + +on: + workflow_dispatch: + inputs: + version: + description: "Release version" + required: true + type: string + +jobs: + release: + runs-on: ubuntu-latest + permissions: + contents: write + + steps: + - name: Checkout release branch + uses: actions/checkout@v4 + with: + ref: release/v0.4 + fetch-depth: 0 + + - name: Set up Go + uses: actions/setup-go@v5 + with: + go-version: "1.23" + + - name: Create and push tag + run: | + git config user.name "github-actions[bot]" + git config user.email "github-actions[bot]@users.noreply.github.com" + git tag "v${{ inputs.version }}" -m "v${{ inputs.version }}" + git push origin "v${{ inputs.version }}" + + - name: Build binaries + run: | + chmod +x ./build.sh + ./build.sh "${{ inputs.version }}" + + - name: Create GitHub Release + uses: softprops/action-gh-release@v2 + with: + tag_name: "v${{ inputs.version }}" + name: "v${{ inputs.version }}" + draft: false + generate_release_notes: true + files: | + bin/homecli_linux_amd64 + bin/homecli_darwin_amd64 From 30be4d084b9d1ef36c2360d4b15df3d099b24304 Mon Sep 17 00:00:00 2001 From: Daniel Binyamin Date: Wed, 28 Jan 2026 16:44:05 +0200 Subject: [PATCH 2/6] updates --- .github/workflows/release.yaml | 27 +++++++++++++++------------ 1 file changed, 15 insertions(+), 12 deletions(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index cee6e55..8ccf48e 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -1,48 +1,51 @@ -name: Release Homecli +name: release-homecli on: workflow_dispatch: inputs: version: - description: "Release version" + description: "Release version (e.g., 0.4.25)" required: true type: string jobs: release: runs-on: ubuntu-latest + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} permissions: - contents: write + contents: write # to create tags and github releases steps: - name: Checkout release branch - uses: actions/checkout@v4 + uses: actions/checkout@v4.1.1 with: ref: release/v0.4 fetch-depth: 0 - - name: Set up Go + - name: Setup Golang uses: actions/setup-go@v5 with: - go-version: "1.23" + go-version-file: go.mod + cache-dependency-path: go.sum - name: Create and push tag run: | git config user.name "github-actions[bot]" git config user.email "github-actions[bot]@users.noreply.github.com" - git tag "v${{ inputs.version }}" -m "v${{ inputs.version }}" - git push origin "v${{ inputs.version }}" + git tag "v${{ github.event.inputs.version }}" -m "v${{ github.event.inputs.version }}" + git push origin "v${{ github.event.inputs.version }}" - name: Build binaries run: | chmod +x ./build.sh - ./build.sh "${{ inputs.version }}" + ./build.sh "${{ github.event.inputs.version }}" - name: Create GitHub Release - uses: softprops/action-gh-release@v2 + uses: softprops/action-gh-release@4634c16e79c963813287e889244c50009e7f0981 with: - tag_name: "v${{ inputs.version }}" - name: "v${{ inputs.version }}" + tag_name: "v${{ github.event.inputs.version }}" + name: "v${{ github.event.inputs.version }}" draft: false generate_release_notes: true files: | From 9de297bb5ccdae8524bc17ba6e7540e5250388e2 Mon Sep 17 00:00:00 2001 From: Daniel Binyamin Date: Sun, 1 Feb 2026 12:04:38 +0200 Subject: [PATCH 3/6] adjustments --- .github/workflows/release.yaml | 28 ++++++++++++++++++++-------- build.sh | 31 ++++++++++++++++++++++++------- 2 files changed, 44 insertions(+), 15 deletions(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 8ccf48e..0e144fe 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -7,6 +7,16 @@ on: description: "Release version (e.g., 0.4.25)" required: true type: string + branch: + description: "Release branch" + required: true + type: choice + default: release/v0.4 + options: + - release/v0.1 + - release/v0.2 + - release/v0.3 + - release/v0.4 jobs: release: @@ -17,10 +27,18 @@ jobs: contents: write # to create tags and github releases steps: + - name: Validate version format + run: | + VERSION="${{ github.event.inputs.version }}" + if [[ ! "$VERSION" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then + echo "::error::Version must be in format X.Y.Z (e.g., 0.4.25)" + exit 1 + fi + - name: Checkout release branch uses: actions/checkout@v4.1.1 with: - ref: release/v0.4 + ref: ${{ github.event.inputs.branch }} fetch-depth: 0 - name: Setup Golang @@ -29,13 +47,6 @@ jobs: go-version-file: go.mod cache-dependency-path: go.sum - - name: Create and push tag - run: | - git config user.name "github-actions[bot]" - git config user.email "github-actions[bot]@users.noreply.github.com" - git tag "v${{ github.event.inputs.version }}" -m "v${{ github.event.inputs.version }}" - git push origin "v${{ github.event.inputs.version }}" - - name: Build binaries run: | chmod +x ./build.sh @@ -46,6 +57,7 @@ jobs: with: tag_name: "v${{ github.event.inputs.version }}" name: "v${{ github.event.inputs.version }}" + target_commitish: ${{ github.event.inputs.branch }} draft: false generate_release_notes: true files: | diff --git a/build.sh b/build.sh index 4c1e424..aa025cc 100755 --- a/build.sh +++ b/build.sh @@ -2,19 +2,36 @@ BUILD_VERSION=$1 BUILD_TIME=$(date +'%Y-%m-%d_%T') + +echo "Building homecli version: ${BUILD_VERSION:-}" + LD_FLAGS="-X main.BuildVersion=$BUILD_VERSION -X main.BuildTime=$BUILD_TIME" LD_FLAGS="$LD_FLAGS -s -w" + +echo "Building Linux amd64 binary..." CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -ldflags="$LD_FLAGS" -o bin/homecli_linux_amd64 cmd/homecli/*.go + +echo "Building macOS amd64 binary..." CGO_ENABLED=0 GOOS=darwin GOARCH=amd64 go build -ldflags="$LD_FLAGS" -o bin/homecli_darwin_amd64 cmd/homecli/*.go -# Add UPX compression +# Add UPX compression (only on Linux, only for Linux binary) +# UPX doesn't support macOS binaries and the Linux UPX binary can't run on macOS + +if [ "$(uname)" = "Linux" ]; then + echo "Compressing Linux binary with UPX..." + UPX_VERSION="${UPX_VERSION:-4.2.2}" + UPX_PLATFORM="${UPX_PLATFORM:-amd64_linux}" -UPX_VERSION="${UPX_VERSION:-4.2.2}" -UPX_PLATFORM="${UPX_PLATFORM:-amd64_linux}" + if [ ! -d "upx-${UPX_VERSION}-${UPX_PLATFORM}" ]; then + echo "Downloading UPX ${UPX_VERSION}..." + wget -q "https://github.com/upx/upx/releases/download/v${UPX_VERSION}/upx-${UPX_VERSION}-${UPX_PLATFORM}.tar.xz" + tar xf "upx-${UPX_VERSION}-${UPX_PLATFORM}.tar.xz" "upx-${UPX_VERSION}-${UPX_PLATFORM}/upx" + fi -if [ ! -d "upx-${UPX_VERSION}-${UPX_PLATFORM}" ]; then - wget "https://github.com/upx/upx/releases/download/v${UPX_VERSION}/upx-${UPX_VERSION}-${UPX_PLATFORM}.tar.xz" - tar xf "upx-${UPX_VERSION}-${UPX_PLATFORM}.tar.xz" "upx-${UPX_VERSION}-${UPX_PLATFORM}/upx" + "upx-${UPX_VERSION}-${UPX_PLATFORM}/upx" bin/homecli_linux_amd64 +else + echo "Skipping UPX compression (not running on Linux)" fi -"upx-${UPX_VERSION}-${UPX_PLATFORM}/upx" bin/* +echo "" +echo "Build completed successfully!" From e90274c82d44aae6cfe8a7fadd7e08755dce302a Mon Sep 17 00:00:00 2001 From: Daniel Binyamin Date: Sun, 1 Feb 2026 12:06:24 +0200 Subject: [PATCH 4/6] only release/v.0.4 --- .github/workflows/release.yaml | 3 --- 1 file changed, 3 deletions(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 0e144fe..ad1ab1b 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -13,9 +13,6 @@ on: type: choice default: release/v0.4 options: - - release/v0.1 - - release/v0.2 - - release/v0.3 - release/v0.4 jobs: From e130cb8cbd42cce7eed85727058b8af5b1ce810a Mon Sep 17 00:00:00 2001 From: Daniel Binyamin Date: Sun, 1 Feb 2026 12:22:51 +0200 Subject: [PATCH 5/6] fix vulnerability --- .github/workflows/release.yaml | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index ad1ab1b..abb35b4 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -25,8 +25,9 @@ jobs: steps: - name: Validate version format + env: + VERSION: ${{ github.event.inputs.version }} run: | - VERSION="${{ github.event.inputs.version }}" if [[ ! "$VERSION" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then echo "::error::Version must be in format X.Y.Z (e.g., 0.4.25)" exit 1 @@ -45,9 +46,11 @@ jobs: cache-dependency-path: go.sum - name: Build binaries + env: + VERSION: ${{ github.event.inputs.version }} run: | chmod +x ./build.sh - ./build.sh "${{ github.event.inputs.version }}" + ./build.sh "$VERSION" - name: Create GitHub Release uses: softprops/action-gh-release@4634c16e79c963813287e889244c50009e7f0981 From 76c9fd950f8cabb5c22318ae6903dfecaa7f5201 Mon Sep 17 00:00:00 2001 From: Daniel Binyamin Date: Sun, 1 Feb 2026 12:36:07 +0200 Subject: [PATCH 6/6] copilot fixes --- .github/workflows/release.yaml | 10 ++++++++ build.sh | 43 ++++++++++++++++++++++++++++++---- 2 files changed, 48 insertions(+), 5 deletions(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index abb35b4..a72b061 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -39,6 +39,16 @@ jobs: ref: ${{ github.event.inputs.branch }} fetch-depth: 0 + - name: Check if tag already exists + env: + VERSION: ${{ github.event.inputs.version }} + run: | + if git rev-parse "v$VERSION" >/dev/null 2>&1; then + echo "::error::Tag v$VERSION already exists. Please use a different version." + exit 1 + fi + echo "Tag v$VERSION does not exist, proceeding with release." + - name: Setup Golang uses: actions/setup-go@v5 with: diff --git a/build.sh b/build.sh index aa025cc..2b41d1a 100755 --- a/build.sh +++ b/build.sh @@ -1,5 +1,7 @@ #!/usr/bin/env sh +set -e # Exit on any error + BUILD_VERSION=$1 BUILD_TIME=$(date +'%Y-%m-%d_%T') @@ -9,10 +11,16 @@ LD_FLAGS="-X main.BuildVersion=$BUILD_VERSION -X main.BuildTime=$BUILD_TIME" LD_FLAGS="$LD_FLAGS -s -w" echo "Building Linux amd64 binary..." -CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -ldflags="$LD_FLAGS" -o bin/homecli_linux_amd64 cmd/homecli/*.go +if ! CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -ldflags="$LD_FLAGS" -o bin/homecli_linux_amd64 cmd/homecli/*.go; then + echo "::error::Failed to build Linux binary" + exit 1 +fi echo "Building macOS amd64 binary..." -CGO_ENABLED=0 GOOS=darwin GOARCH=amd64 go build -ldflags="$LD_FLAGS" -o bin/homecli_darwin_amd64 cmd/homecli/*.go +if ! CGO_ENABLED=0 GOOS=darwin GOARCH=amd64 go build -ldflags="$LD_FLAGS" -o bin/homecli_darwin_amd64 cmd/homecli/*.go; then + echo "::error::Failed to build macOS binary" + exit 1 +fi # Add UPX compression (only on Linux, only for Linux binary) # UPX doesn't support macOS binaries and the Linux UPX binary can't run on macOS @@ -21,14 +29,39 @@ if [ "$(uname)" = "Linux" ]; then echo "Compressing Linux binary with UPX..." UPX_VERSION="${UPX_VERSION:-4.2.2}" UPX_PLATFORM="${UPX_PLATFORM:-amd64_linux}" + # SHA256 checksum verified from official UPX 4.2.2 release + UPX_SHA256="915c8e844f835de03b9cc311ff185aedec79d757aee9d7133a528b9e89c463bb" + + UPX_ARCHIVE="upx-${UPX_VERSION}-${UPX_PLATFORM}.tar.xz" if [ ! -d "upx-${UPX_VERSION}-${UPX_PLATFORM}" ]; then echo "Downloading UPX ${UPX_VERSION}..." - wget -q "https://github.com/upx/upx/releases/download/v${UPX_VERSION}/upx-${UPX_VERSION}-${UPX_PLATFORM}.tar.xz" - tar xf "upx-${UPX_VERSION}-${UPX_PLATFORM}.tar.xz" "upx-${UPX_VERSION}-${UPX_PLATFORM}/upx" + if ! wget -q "https://github.com/upx/upx/releases/download/v${UPX_VERSION}/${UPX_ARCHIVE}"; then + echo "::error::Failed to download UPX" + exit 1 + fi + + echo "Verifying UPX checksum..." + ACTUAL_SHA256=$(sha256sum "$UPX_ARCHIVE" | cut -d' ' -f1) + if [ "$ACTUAL_SHA256" != "$UPX_SHA256" ]; then + echo "::error::UPX checksum verification failed!" + echo "Expected: $UPX_SHA256" + echo "Actual: $ACTUAL_SHA256" + rm -f "$UPX_ARCHIVE" + exit 1 + fi + echo "Checksum verified." + + if ! tar xf "$UPX_ARCHIVE" "upx-${UPX_VERSION}-${UPX_PLATFORM}/upx"; then + echo "::error::Failed to extract UPX" + exit 1 + fi fi - "upx-${UPX_VERSION}-${UPX_PLATFORM}/upx" bin/homecli_linux_amd64 + if ! "upx-${UPX_VERSION}-${UPX_PLATFORM}/upx" bin/homecli_linux_amd64; then + echo "::error::Failed to compress Linux binary with UPX" + exit 1 + fi else echo "Skipping UPX compression (not running on Linux)" fi