[codex] Fix desktop release workflow CI#6
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What this PR does
Fixes the desktop release workflow so the cross-platform build jobs can rerun successfully after the initial
0.0.2release attempt failed. The build matrix now uses bash consistently for shell expansion, signing secrets are only injected when a signing certificate is configured, generated release branches can be safely retried, and draft releases no longer open/auto-merge the version sync PR.Why it's needed
The failed run showed two concrete CI issues: Windows ran
bun run bump-desktop-version "$RELEASE_VERSION"under PowerShell, so the script received no version argument, and macOS unsigned builds still entered electron-builder's signing path because empty signing variables were present. The failed non-dry-run also leftrelease/desktop-v0.0.2behind, so rerunning the same release needs to update the generated branch instead of failing on branch creation.Reviewer Test Plan
How to verify
Re-run the Desktop Release workflow for version
0.0.2. A dry run should build installers only. A non-dry-run frommainshould push or updaterelease/desktop-v0.0.2, build macOS/Windows/Linux installers, publish the release assets, and only create the version sync PR when Draft is unchecked.Evidence (Before & After)
Before: GitHub Actions run https://github.com/modelstudioai/openwork/actions/runs/27129329184 failed in Build Windows because
Release version is required, and failed in Build macOS with electron-builder signing output ending in/Users/runner/work/openwork/openwork/apps/electron not a file.After: Local workflow validation passed with
actionlint, YAML parsing,git diff --check, and an isolated temp-worktree version bump/check for0.0.2.Tested on
Environment (optional)
Local macOS shell in
/Users/dragon/Documents/openwork; GitHub Actions logs inspected withgh.Risk & Scope
CSC_LINKis configured, so signed releases depend on the signing secrets being present.main; run the workflow with Draft unchecked for the final public release.Linked Issues
References https://github.com/modelstudioai/openwork/actions/runs/27129329184
中文说明
What this PR does
这个 PR 修复 desktop release workflow,让第一次
0.0.2发版失败之后可以正常重跑。build matrix 现在统一用 bash 做 shell 展开,签名 secret 只有在配置了签名证书时才注入,自动生成的 release 分支可以安全重试更新,并且 draft release 不再创建或自动合并版本同步 PR。Why it's needed
失败日志里有两个明确问题:Windows 在 PowerShell 下执行
bun run bump-desktop-version "$RELEASE_VERSION",导致脚本没有收到版本号;macOS unsigned build 因为空签名变量存在,仍然进入 electron-builder 的签名逻辑,最后报/Users/runner/work/openwork/openwork/apps/electron not a file。这次非 dry-run 失败还留下了release/desktop-v0.0.2分支,所以同版本重跑需要更新这个生成分支,而不是卡在创建分支上。Reviewer Test Plan
How to verify
重新运行 Desktop Release workflow,版本填
0.0.2。dry run 应该只构建安装包;从main执行非 dry-run 应该 push 或更新release/desktop-v0.0.2,构建 macOS/Windows/Linux 安装包,发布 release assets,并且只有在 Draft 取消勾选时才创建版本同步 PR。Evidence (Before & After)
Before: GitHub Actions run https://github.com/modelstudioai/openwork/actions/runs/27129329184 里 Build Windows 因为
Release version is required失败,Build macOS 在 electron-builder 签名阶段输出/Users/runner/work/openwork/openwork/apps/electron not a file后失败。After: 本地已通过
actionlint、YAML 解析、git diff --check,并在临时 git worktree 中验证了0.0.2的实际 bump 再 check 链路。Tested on
Environment (optional)
本地 macOS shell,目录
/Users/dragon/Documents/openwork;失败日志通过gh查看。Risk & Scope
CSC_LINK时显式关闭证书自动发现,所以真正签名发版依赖签名 secrets 已配置完整。main;最终公开发版时需要在 workflow 里取消勾选 Draft。Linked Issues
References https://github.com/modelstudioai/openwork/actions/runs/27129329184