From 9f4867ca5716c13f1b506bd500b70c3e091cd889 Mon Sep 17 00:00:00 2001 From: Johan Carlin Date: Thu, 2 Apr 2026 20:44:16 +0200 Subject: [PATCH 1/2] Publish standalone matrix artifacts to tagged GitHub releases --- .github/workflows/standalone-release.yml | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/.github/workflows/standalone-release.yml b/.github/workflows/standalone-release.yml index 899c841a4..7ea3b5219 100644 --- a/.github/workflows/standalone-release.yml +++ b/.github/workflows/standalone-release.yml @@ -9,7 +9,7 @@ on: jobs: standalone: permissions: - contents: read + contents: write id-token: write strategy: fail-fast: false @@ -18,7 +18,7 @@ jobs: - target: linux-x64 runner: ubuntu-22.04 - target: darwin-x64 - runner: macos-13 + runner: macos-15-intel - target: darwin-arm64 runner: macos-14 runs-on: ${{ matrix.runner }} @@ -67,3 +67,13 @@ jobs: ${{ env.ARTIFACT }}.sha256 ${{ env.ARTIFACT }}.sha256.sig ${{ env.ARTIFACT }}.sha256.pem + + - name: Publish standalone assets to GitHub Release + if: startsWith(github.ref, 'refs/tags/') + uses: softprops/action-gh-release@v2 + with: + files: | + ${{ env.ARTIFACT }} + ${{ env.ARTIFACT }}.sha256 + ${{ env.ARTIFACT }}.sha256.sig + ${{ env.ARTIFACT }}.sha256.pem From 4e099a91219417b487f2c12449d07144cad623d1 Mon Sep 17 00:00:00 2001 From: Johan Carlin Date: Thu, 2 Apr 2026 21:30:47 +0200 Subject: [PATCH 2/2] CI: publish standalone runtime bundle in release assets --- .github/workflows/standalone-release.yml | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) diff --git a/.github/workflows/standalone-release.yml b/.github/workflows/standalone-release.yml index 7ea3b5219..4555aef92 100644 --- a/.github/workflows/standalone-release.yml +++ b/.github/workflows/standalone-release.yml @@ -27,6 +27,7 @@ jobs: NODE_VERSION: '20.19.1' TARGET: ${{ matrix.target }} ARTIFACT: dist/standalone/devcontainer-${{ matrix.target }} + RUNTIME_BUNDLE: dist/standalone/devcontainer-${{ matrix.target }}-runtime.tar.gz steps: - uses: actions/checkout@v4 @@ -48,14 +49,23 @@ jobs: - name: Standalone smoke tests run: scripts/standalone/smoke.sh "$ARTIFACT" + - name: Package standalone runtime payload + run: tar -czf "$RUNTIME_BUNDLE" -C dist/standalone "$(basename "$ARTIFACT")" spec-node + - name: Create checksums - run: shasum -a 256 "$ARTIFACT" > "$ARTIFACT.sha256" + run: | + for file in "$ARTIFACT" "$RUNTIME_BUNDLE"; do + shasum -a 256 "$file" > "$file.sha256" + done - name: Install Cosign uses: sigstore/cosign-installer@v3.8.1 - name: Sign checksums with cosign (keyless) - run: cosign sign-blob --yes "$ARTIFACT.sha256" --output-signature "$ARTIFACT.sha256.sig" --output-certificate "$ARTIFACT.sha256.pem" + run: | + for file in "$ARTIFACT" "$RUNTIME_BUNDLE"; do + cosign sign-blob --yes "$file.sha256" --output-signature "$file.sha256.sig" --output-certificate "$file.sha256.pem" + done - name: Upload standalone artifacts uses: actions/upload-artifact@v4 @@ -64,9 +74,13 @@ jobs: path: | ${{ env.ARTIFACT }} dist/standalone/spec-node/** + ${{ env.RUNTIME_BUNDLE }} ${{ env.ARTIFACT }}.sha256 ${{ env.ARTIFACT }}.sha256.sig ${{ env.ARTIFACT }}.sha256.pem + ${{ env.RUNTIME_BUNDLE }}.sha256 + ${{ env.RUNTIME_BUNDLE }}.sha256.sig + ${{ env.RUNTIME_BUNDLE }}.sha256.pem - name: Publish standalone assets to GitHub Release if: startsWith(github.ref, 'refs/tags/') @@ -74,6 +88,10 @@ jobs: with: files: | ${{ env.ARTIFACT }} + ${{ env.RUNTIME_BUNDLE }} ${{ env.ARTIFACT }}.sha256 ${{ env.ARTIFACT }}.sha256.sig ${{ env.ARTIFACT }}.sha256.pem + ${{ env.RUNTIME_BUNDLE }}.sha256 + ${{ env.RUNTIME_BUNDLE }}.sha256.sig + ${{ env.RUNTIME_BUNDLE }}.sha256.pem