bot-build.yml

  1name: "Bot - /build"
  2
  3on:
  4  issue_comment:
  5    types: [created]
  6
  7permissions:
  8  contents: read
  9  pull-requests: write
 10  issues: write
 11
 12jobs:
 13  build:
 14    if: >-
 15      github.event.issue.pull_request &&
 16      contains(github.event.comment.body, '/build')
 17    runs-on: macos-latest
 18    steps:
 19      - name: Check org membership
 20        uses: actions/github-script@v9
 21        with:
 22          github-token: ${{ secrets.HOMEBREW_GITHUB_TOKEN }}
 23          script: |
 24            const user = context.payload.comment.user.login;
 25            try {
 26              const { status } = await github.rest.orgs.checkMembershipForUser({
 27                org: 'floatpane',
 28                username: user
 29              });
 30              if (status !== 204 && status !== 302) {
 31                core.setFailed(`@${user} is not a member of the floatpane org.`);
 32              }
 33            } catch (e) {
 34              await github.rest.reactions.createForIssueComment({
 35                owner: context.repo.owner,
 36                repo: context.repo.repo,
 37                comment_id: context.payload.comment.id,
 38                content: '-1'
 39              });
 40              core.setFailed(`@${user} is not a member of the floatpane org.`);
 41            }
 42
 43      - name: React to comment
 44        uses: actions/github-script@v9
 45        with:
 46          github-token: ${{ secrets.HOMEBREW_GITHUB_TOKEN }}
 47          script: |
 48            await github.rest.reactions.createForIssueComment({
 49              owner: context.repo.owner,
 50              repo: context.repo.repo,
 51              comment_id: context.payload.comment.id,
 52              content: 'rocket'
 53            });
 54
 55      - name: Get PR ref
 56        id: pr
 57        uses: actions/github-script@v9
 58        with:
 59          github-token: ${{ secrets.HOMEBREW_GITHUB_TOKEN }}
 60          script: |
 61            const { data: pr } = await github.rest.pulls.get({
 62              owner: context.repo.owner,
 63              repo: context.repo.repo,
 64              pull_number: context.issue.number
 65            });
 66            core.setOutput('ref', pr.head.ref);
 67            core.setOutput('sha', pr.head.sha);
 68            core.setOutput('repo', pr.head.repo.full_name);
 69
 70      - name: Checkout
 71        uses: actions/checkout@v6
 72        with:
 73          repository: ${{ steps.pr.outputs.repo }}
 74          ref: ${{ steps.pr.outputs.ref }}
 75          fetch-depth: 0
 76
 77      - name: Set up Go
 78        uses: actions/setup-go@v6
 79        with:
 80          go-version: "1.26.4"
 81
 82      - name: Set up Zig
 83        uses: goto-bus-stop/setup-zig@v2
 84
 85      - name: Set up libpcsclite for Linux cross-compilation
 86        run: |
 87          PCSC_DIR="$RUNNER_TEMP/pcsclite"
 88          mkdir -p "$PCSC_DIR/include" "$PCSC_DIR/lib/pkgconfig"
 89
 90          # Download pcsc-lite headers from upstream
 91          PCSC_URL="https://raw.githubusercontent.com/LudovicRousseau/PCSC/master/src/PCSC"
 92          for header in winscard.h wintypes.h; do
 93            curl -fsSL "$PCSC_URL/$header" -o "$PCSC_DIR/include/$header"
 94          done
 95          curl -fsSL "$PCSC_URL/pcsclite.h.in" -o "$PCSC_DIR/include/pcsclite.h"
 96          sed -i '' 's/@VERSION@/1.9.0/' "$PCSC_DIR/include/pcsclite.h"
 97
 98          # Build stub library
 99          cat > "$RUNNER_TEMP/pcsclite_stub.c" << 'STUB'
100          #include <stddef.h>
101          typedef long LONG;
102          typedef unsigned long DWORD;
103          typedef void *LPCVOID;
104          typedef char *LPSTR;
105          typedef const char *LPCSTR;
106          typedef unsigned char *LPBYTE;
107          typedef unsigned char BYTE;
108          typedef LONG SCARDCONTEXT;
109          typedef LONG SCARDHANDLE;
110          typedef struct { DWORD dwProtocol; DWORD cbPciLength; } SCARD_IO_REQUEST;
111          typedef struct { LPCSTR szReader; DWORD dwCurrentState; DWORD dwEventState; DWORD cbAtr; unsigned char rgbAtr[36]; void *pvUserData; } SCARD_READERSTATE;
112          LONG SCardEstablishContext(DWORD s, LPCVOID r1, LPCVOID r2, SCARDCONTEXT *c) { return 0; }
113          LONG SCardReleaseContext(SCARDCONTEXT c) { return 0; }
114          LONG SCardIsValidContext(SCARDCONTEXT c) { return 0; }
115          LONG SCardCancel(SCARDCONTEXT c) { return 0; }
116          LONG SCardConnect(SCARDCONTEXT c, LPCSTR r, DWORD s, DWORD p, SCARDHANDLE *h, DWORD *ap) { return 0; }
117          LONG SCardReconnect(SCARDHANDLE h, DWORD s, DWORD p, DWORD d, DWORD *ap) { return 0; }
118          LONG SCardDisconnect(SCARDHANDLE h, DWORD d) { return 0; }
119          LONG SCardBeginTransaction(SCARDHANDLE h) { return 0; }
120          LONG SCardEndTransaction(SCARDHANDLE h, DWORD d) { return 0; }
121          LONG SCardStatus(SCARDHANDLE h, LPSTR r, DWORD *rl, DWORD *s, DWORD *p, LPBYTE a, DWORD *al) { return 0; }
122          LONG SCardTransmit(SCARDHANDLE h, const SCARD_IO_REQUEST *si, const BYTE *s, DWORD sl, SCARD_IO_REQUEST *ri, BYTE *r, DWORD *rl) { return 0; }
123          LONG SCardControl(SCARDHANDLE h, DWORD c, LPCVOID i, DWORD il, void *o, DWORD ol, DWORD *br) { return 0; }
124          LONG SCardGetAttrib(SCARDHANDLE h, DWORD a, LPBYTE b, DWORD *bl) { return 0; }
125          LONG SCardSetAttrib(SCARDHANDLE h, DWORD a, const BYTE *b, DWORD bl) { return 0; }
126          LONG SCardListReaders(SCARDCONTEXT c, LPCSTR g, LPSTR r, DWORD *rl) { return 0; }
127          LONG SCardListReaderGroups(SCARDCONTEXT c, LPSTR g, DWORD *gl) { return 0; }
128          LONG SCardGetStatusChange(SCARDCONTEXT c, DWORD t, SCARD_READERSTATE *s, DWORD n) { return 0; }
129          LONG SCardFreeMemory(SCARDCONTEXT c, LPCVOID m) { return 0; }
130          const char *pcsc_stringify_error(LONG e) { return "stub"; }
131          STUB
132
133          zig cc -c -target x86_64-linux-musl -o "$RUNNER_TEMP/pcsclite_stub_amd64.o" "$RUNNER_TEMP/pcsclite_stub.c"
134          zig cc -c -target aarch64-linux-musl -o "$RUNNER_TEMP/pcsclite_stub_arm64.o" "$RUNNER_TEMP/pcsclite_stub.c"
135
136          mkdir -p "$PCSC_DIR/lib/amd64" "$PCSC_DIR/lib/arm64"
137          ar rcs "$PCSC_DIR/lib/amd64/libpcsclite.a" "$RUNNER_TEMP/pcsclite_stub_amd64.o"
138          ar rcs "$PCSC_DIR/lib/arm64/libpcsclite.a" "$RUNNER_TEMP/pcsclite_stub_arm64.o"
139
140          cat > "$PCSC_DIR/lib/pkgconfig/libpcsclite.pc" << EOF
141          Name: libpcsclite
142          Description: PC/SC Lite
143          Version: 1.9.0
144          Cflags: -I$PCSC_DIR/include
145          Libs: -L$PCSC_DIR/lib/amd64 -lpcsclite
146          EOF
147
148          echo "PKG_CONFIG_PATH=$PCSC_DIR/lib/pkgconfig" >> $GITHUB_ENV
149          echo "PCSC_DIR=$PCSC_DIR" >> $GITHUB_ENV
150
151      - name: Get macOS SDK path
152        id: macos_sdk
153        run: echo "path=$(xcrun --show-sdk-path)" >> $GITHUB_OUTPUT
154
155      - name: Build with GoReleaser (snapshot)
156        uses: goreleaser/goreleaser-action@v7
157        with:
158          version: latest
159          args: release --snapshot --clean --config .goreleaser.preview.yml
160        env:
161          SDK_PATH: ${{ steps.macos_sdk.outputs.path }}
162
163      - name: Create preview release and upload assets
164        id: release
165        env:
166          GH_TOKEN: ${{ secrets.HOMEBREW_GITHUB_TOKEN }}
167        run: |
168          TAG="preview-pr${{ github.event.issue.number }}"
169          SHA="${{ steps.pr.outputs.sha }}"
170          SHORT_SHA="${SHA:0:7}"
171
172          # Delete existing preview release for this PR
173          gh release delete "$TAG" --yes --cleanup-tag -R "${{ github.repository }}" 2>/dev/null || true
174
175          # Create prerelease
176          gh release create "$TAG" dist/*.tar.gz dist/*.zip dist/checksums.txt \
177            --title "Preview Build (PR #${{ github.event.issue.number }} @ ${SHORT_SHA})" \
178            --notes "Preview build from PR #${{ github.event.issue.number }} at commit ${SHORT_SHA}. **Not for production use.**" \
179            --prerelease \
180            -R "${{ github.repository }}"
181
182          echo "tag=$TAG" >> $GITHUB_OUTPUT
183
184      - name: Post comment with download links
185        uses: actions/github-script@v9
186        with:
187          github-token: ${{ secrets.HOMEBREW_GITHUB_TOKEN }}
188          script: |
189            const sha = '${{ steps.pr.outputs.sha }}'.slice(0, 7);
190            const tag = '${{ steps.release.outputs.tag }}';
191            const base = `${context.serverUrl}/${context.repo.owner}/${context.repo.repo}/releases/download/${tag}`;
192
193            const files = [
194              ['Linux', 'amd64', 'matcha_preview_linux_amd64.tar.gz'],
195              ['Linux', 'arm64', 'matcha_preview_linux_arm64.tar.gz'],
196              ['macOS', 'amd64', 'matcha_preview_darwin_amd64.tar.gz'],
197              ['macOS', 'arm64', 'matcha_preview_darwin_arm64.tar.gz'],
198              ['Windows', 'amd64', 'matcha_preview_windows_amd64.zip'],
199              ['Windows', 'arm64', 'matcha_preview_windows_arm64.zip'],
200            ];
201
202            const rows = files.map(([os, arch, file]) =>
203              `| ${os} | ${arch} | [${file}](${base}/${file}) |`
204            ).join('\n');
205
206            const body = [
207              `### Build complete (\`${sha}\`)`,
208              '',
209              '> [!WARNING]',
210              '> This is an **unreviewed PR build** and has not been security audited. It may contain bugs, vulnerabilities, or malicious code. **Do not use for daily use.** Only use for testing purposes.',
211              '',
212              '| OS | Arch | Download |',
213              '|---|---|---|',
214              rows,
215            ].join('\n');
216
217            await github.rest.issues.createComment({
218              owner: context.repo.owner,
219              repo: context.repo.repo,
220              issue_number: context.issue.number,
221              body
222            });