feat: dedicated CLI release workflow (macOS binaries + Linux docker)#16
Closed
d-g-town wants to merge 1 commit into
Closed
feat: dedicated CLI release workflow (macOS binaries + Linux docker)#16d-g-town wants to merge 1 commit into
d-g-town wants to merge 1 commit into
Conversation
The porter CLI now builds its darwin binaries with CGO_ENABLED=1 so 99designs/keyring can use the real macOS Keychain backend. darwin+CGO can't cross-compile from Linux, so the shared release-from-tag.yaml (single Linux job) would fail on the next porter-v* tag. This adds a dedicated workflow: - build-binaries (macos-15-large): full goreleaser release — darwin natively with CGO, linux/windows via pure-Go cross-compile, plus archives, checksums, R2 blobs, Homebrew formula, GitHub release. - build-docker (ubuntu-latest, needs build-binaries): builds the linux/amd64 binary, the porter-cli image, and the :version/:latest manifests goreleaser's docker pipes used to produce. Also publishes the R2 latest pointer (macOS runners lack the AWS CLI). GHCR login uses secrets.GITHUB_TOKEN, matching the proven shared workflow (the app-token variant in #14 was reverted in 97ad992). The shared release-from-tag.yaml is left untouched so monolith/agent releases are unaffected. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
|
Cross-compilation for Darwin/macOS works on Linux with this change since it only requires dynamically linking to the CoreFoundation and Security.framework libraries, which Go can do without the libraries being present on the machine where the Darwin binary is being built. A full explanation can be found here: https://github.com/porter-dev/code/pull/5903#issuecomment-4606008125. CC: @d-g-town |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Why
legacy-backend/cli/.goreleaser.yamlnow builds the darwin targets withCGO_ENABLED=1so99designs/keyringcan use the real macOS Keychain backend (gated behind//go:build darwin && cgo). darwin+CGO can't cross-compile from Linux, so the shared single-Linux-jobrelease-from-tag.yamlwould fail on the nextporter-v*tag.A macOS runner, by contrast, can build every binary target — darwin natively with CGO, and linux/windows via pure-Go
CGO_ENABLED=0cross-compile. The only thing it can't do is build the linux Docker image (no Docker daemon). So this runs the whole goreleaser release on macOS and moves only the image to a Linux job. No goreleaser Pro.Jobs
build-binaries(macos-15-large):goreleaser release --clean --parallelism=4 --skip=validate— all binaries, archives, checksums, R2 blobs (goreleaser's native S3 uploader), Homebrew formula, and the GitHub release.build-docker(ubuntu-latest,needs: build-binaries): builds the linux/amd64 binary (CGO_ENABLED=0), theporter-cliimage, and recreates the:<ver>/:latestmanifests the olddocker_manifestspipe produced. Publishes the R2latestpointer here too (macOS runners don't ship the AWS CLI).Notes
secrets.GITHUB_TOKEN, matching the proven shared workflow — the app-token variant (use GitHub app token for GHCR push #14) was reverted in97ad992.v(tagVersion=v1.2.3→1.2.3-amd64/1.2.3/latest) to match what goreleaser's{{ .Version }}produced.release-from-tag.yamlis untouched — monolith/agent releases are unaffected.Companion change
Depends on porter-dev/code#5903, which removes the
dockers:/docker_manifests:sections from the CLI's.goreleaser.yamland routesporter-v*tags here. Both must ship together — this workflow only works at a code tag that has those goreleaser sections removed.First-run verification
porter-cliimage +:latest/:versionmanifests from the Linux job; latest pointer updated.macos-15-largehost (relies on the universal macOS SDK).🤖 Generated with Claude Code