ai-space/goose
3
0
Fork 0
mirror of https://github.com/aaif-goose/goose.git synced 2026-06-02 06:14:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

cleanup: remove current goose2 code (#9368)

Browse Source
This commit is contained in:
Alex Hancock
2026-05-22 14:21:54 -04:00
committed by GitHub
parent 612cd89d51
commit 4a16d7ed4f
725 changed files with 5 additions and 112854 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.github/dependabot.yml
+1 -1
View File
@@ -1,6 +1,6 @@
version: 2
updates:
# pnpm workspace for the UI (desktop, acp, text, sdk, goose-binary/*, goose2).
# pnpm workspace for the UI (desktop, acp, text, sdk, goose-binary/*).
# Point at the workspace ROOT where pnpm-lock.yaml lives so Dependabot updates
# both the child package.json AND ui/pnpm-lock.yaml in one PR.
- package-ecosystem: "npm"
.github/workflows/bundle-goose2-manual.yml
-26
View File
@@ -1,26 +0,0 @@
name: "Manual Goose 2 Bundle (Unsigned)"
on:
workflow_dispatch:
inputs:
branch:
description: "Branch name to bundle app from"
required: true
type: string
cli-run-id:
description: "Run ID of a build-cli workflow to pull the goose binary from (optional, builds from source if empty)"
required: false
type: string
default: ""
jobs:
bundle-goose2:
uses: ./.github/workflows/bundle-goose2.yml
permissions:
id-token: write
contents: read
actions: read
with:
signing: false
ref: ${{ inputs.branch }}
cli-run-id: ${{ inputs.cli-run-id }}
.github/workflows/bundle-goose2.yml
-774
View File
@@ -1,774 +0,0 @@
# Reusable workflow that bundles the Goose 2 (Tauri) desktop app.
# Produces .app / .dmg on macOS and .deb / .AppImage on Linux.
#
# The justfile recipe is: `just bundle` → `pnpm tauri build`
#
# Called from release.yml, canary.yml, or manually via bundle-goose2-manual.yml.
#
# The goose CLI binary can either be built from source (default) or pulled
# from a prior build-cli.yml run by passing `cli-run-id`. This avoids
# redundant ~20min Rust builds during release pipelines.
name: "Bundle Goose 2 Desktop"
on:
workflow_call:
inputs:
version:
description: "Version to set for the build (leave empty to use Cargo.toml default)"
required: false
default: ""
type: string
signing:
description: "Whether to perform Apple signing and notarization (macOS only)"
required: false
default: false
type: boolean
quick_test:
description: "Whether to perform the quick launch test (macOS only)"
required: false
default: true
type: boolean
ref:
description: "Git ref to checkout (branch, tag, or SHA). Defaults to the triggering ref."
required: false
default: ""
type: string
environment:
description: "GitHub Environment containing signing secrets. Leave empty to skip."
required: false
default: ""
type: string
windows-signing:
description: "Whether to perform Windows signing via Azure Trusted Signing"
required: false
default: false
type: boolean
cli-run-id:
description: >
Run ID of a prior build-cli.yml workflow run to download the goose
binary from. When empty, the goose CLI is built from source.
required: false
default: ""
type: string
jobs:
# ───────────────────────────────────────────────
# macOS ARM (Apple Silicon)
# ───────────────────────────────────────────────
bundle-macos-arm:
name: "macOS ARM64"
runs-on: macos-latest
environment: ${{ inputs.environment || '' }}
timeout-minutes: 60
env:
MACOSX_DEPLOYMENT_TARGET: "12.0"
permissions:
id-token: write
contents: read
actions: read
outputs:
artifact-url: ${{ steps.upload.outputs.artifact-url }}
steps:
- name: Debug workflow info
env:
INPUT_REF: ${{ inputs.ref }}
INPUT_VERSION: ${{ inputs.version }}
INPUT_SIGNING: ${{ inputs.signing }}
INPUT_CLI_RUN_ID: ${{ inputs.cli-run-id }}
run: |
echo "=== Goose 2 Bundle (macOS ARM64) ==="
echo "Ref: ${INPUT_REF:-<default>}"
echo "Version: ${INPUT_VERSION:-<from Cargo.toml>}"
echo "Signing: ${INPUT_SIGNING}"
echo "CLI run ID: ${INPUT_CLI_RUN_ID:-<build from source>}"
df -h
- name: Checkout code
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
ref: ${{ inputs.ref != '' && inputs.ref || '' }}
# ── Version stamps ──
- name: Update versions
if: inputs.version != ''
env:
VERSION: ${{ inputs.version }}
run: |
# Root Cargo.toml (workspace version)
sed -i.bak "s/^version = \".*\"/version = \"${VERSION}\"/" Cargo.toml
rm -f Cargo.toml.bak
# Tauri Cargo.toml
sed -i.bak "s/^version = \".*\"/version = \"${VERSION}\"/" ui/goose2/src-tauri/Cargo.toml
rm -f ui/goose2/src-tauri/Cargo.toml.bak
# package.json
source ./bin/activate-hermit
cd ui/goose2
npm pkg set "version=${VERSION}"
# ── Goose CLI: download from prior run OR build from source ──
- name: Download goose CLI from build-cli run
if: inputs.cli-run-id != ''
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
with:
name: goose-aarch64-apple-darwin
run-id: ${{ inputs.cli-run-id }}
github-token: ${{ secrets.GITHUB_TOKEN }}
path: cli-artifact
- name: Extract downloaded goose CLI
if: inputs.cli-run-id != ''
run: |
TRIPLE="aarch64-apple-darwin"
mkdir -p target/release
# The artifact contains goose-<triple>.tar.bz2 with goose inside
tar -xjf "cli-artifact/goose-${TRIPLE}.tar.bz2" -C target/release/
chmod +x target/release/goose
cp target/release/goose "target/release/goose-${TRIPLE}"
ls -lh "target/release/goose-${TRIPLE}"
- name: Cache Rust dependencies
if: inputs.cli-run-id == ''
uses: Swatinem/rust-cache@c19371144df3bb44fab255c43d04cbc2ab54d1c4 # v2.9.1
with:
key: goose2-macos-arm64
- name: Build goose CLI (release)
if: inputs.cli-run-id == ''
run: |
source ./bin/activate-hermit
cargo build --release -p goose-cli --bin goose
- name: Prepare goose binary with target triple
if: inputs.cli-run-id == ''
run: |
TRIPLE=$(rustc --print host-tuple)
cp target/release/goose "target/release/goose-${TRIPLE}"
ls -lh "target/release/goose-${TRIPLE}"
# ── Frontend: pnpm install + SDK build ──
- name: Cache pnpm dependencies
uses: actions/cache@8b402f58fbc84540c8b491a91e594a4576fec3d7 # v5.0.2
with:
path: |
ui/goose2/node_modules
ui/sdk/node_modules
.hermit/node/cache
key: goose2-pnpm-macos-arm64-${{ runner.os }}-${{ hashFiles('ui/pnpm-lock.yaml') }}
restore-keys: |
goose2-pnpm-macos-arm64-${{ runner.os }}-
- name: Install pnpm dependencies
run: |
source ./bin/activate-hermit
cd ui
pnpm install --frozen-lockfile
- name: Build SDK
run: |
source ./bin/activate-hermit
cd ui/sdk
pnpm build
# ── Apple signing ──
- name: Import Apple signing certificate
if: inputs.signing
uses: ./.github/actions/apple-codesign
with:
certificate-base64: ${{ secrets.APPLE_CERTIFICATE_BASE64 }}
certificate-password: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
# ── Tauri bundle ──
- name: Bundle Goose 2 (pnpm tauri build)
env:
APPLE_SIGNING_IDENTITY: ${{ inputs.signing && 'Developer ID Application' || '' }}
APPLE_ID: ${{ inputs.signing && secrets.APPLE_ID || '' }}
APPLE_PASSWORD: ${{ inputs.signing && secrets.APPLE_ID_PASSWORD || '' }}
APPLE_TEAM_ID: ${{ inputs.signing && secrets.APPLE_TEAM_ID || '' }}
working-directory: ui/goose2
run: |
source ../../bin/activate-hermit
pnpm tauri build
- name: Clean up signing keychain
if: always()
run: |
if [ -n "$KEYCHAIN_PATH" ] && [ -f "$KEYCHAIN_PATH" ]; then
security delete-keychain "$KEYCHAIN_PATH" || true
fi
# ── Upload ──
- name: List bundle output
run: |
BUNDLE_DIR="ui/goose2/src-tauri/target/release/bundle"
echo "=== Bundle contents ==="
find "$BUNDLE_DIR" -type f 2>/dev/null || echo "(no bundle output found)"
- name: Upload Goose 2 macOS ARM64 artifact
id: upload
uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
with:
name: Goose2-darwin-arm64
path: |
ui/goose2/src-tauri/target/release/bundle/dmg/*.dmg
ui/goose2/src-tauri/target/release/bundle/macos/*.app
if-no-files-found: error
# ── Smoke test ──
- name: Quick launch test
if: inputs.quick_test
run: |
APP_PATH=$(find ui/goose2/src-tauri/target/release/bundle/macos -maxdepth 1 -name "*.app" | head -1)
if [ -z "$APP_PATH" ]; then
echo "No .app found, skipping launch test"
exit 0
fi
xattr -cr "$APP_PATH"
echo "Opening $APP_PATH..."
open -g "$APP_PATH"
sleep 5
if pgrep -f "Goose.app/Contents/MacOS" > /dev/null; then
echo "✅ App is running"
else
echo "❌ App did not stay open"
exit 1
fi
pkill -f "Goose.app/Contents/MacOS" || true
# ───────────────────────────────────────────────
# macOS Intel (x86_64)
# ───────────────────────────────────────────────
bundle-macos-intel:
name: "macOS x86_64"
runs-on: macos-15-intel
environment: ${{ inputs.environment || '' }}
timeout-minutes: 60
env:
MACOSX_DEPLOYMENT_TARGET: "12.0"
permissions:
id-token: write
contents: read
actions: read
steps:
- name: Checkout code
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
ref: ${{ inputs.ref != '' && inputs.ref || '' }}
- name: Update versions
if: inputs.version != ''
env:
VERSION: ${{ inputs.version }}
run: |
sed -i.bak "s/^version = \".*\"/version = \"${VERSION}\"/" Cargo.toml
rm -f Cargo.toml.bak
sed -i.bak "s/^version = \".*\"/version = \"${VERSION}\"/" ui/goose2/src-tauri/Cargo.toml
rm -f ui/goose2/src-tauri/Cargo.toml.bak
source ./bin/activate-hermit
cd ui/goose2
npm pkg set "version=${VERSION}"
# ── Goose CLI: download from prior run OR build from source ──
- name: Download goose CLI from build-cli run
if: inputs.cli-run-id != ''
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
with:
name: goose-x86_64-apple-darwin
run-id: ${{ inputs.cli-run-id }}
github-token: ${{ secrets.GITHUB_TOKEN }}
path: cli-artifact
- name: Extract downloaded goose CLI
if: inputs.cli-run-id != ''
run: |
TARGET="x86_64-apple-darwin"
mkdir -p target/release
tar -xjf "cli-artifact/goose-${TARGET}.tar.bz2" -C target/release/
chmod +x target/release/goose
cp target/release/goose "target/release/goose-${TARGET}"
ls -lh "target/release/goose-${TARGET}"
- name: Cache Rust dependencies
if: inputs.cli-run-id == ''
uses: Swatinem/rust-cache@c19371144df3bb44fab255c43d04cbc2ab54d1c4 # v2.9.1
with:
key: goose2-macos-x86_64
- name: Install Intel target for both toolchains
if: inputs.cli-run-id == ''
run: |
source ./bin/activate-hermit
rustup target add x86_64-apple-darwin
cd ui/goose2/src-tauri
rustup target add x86_64-apple-darwin
- name: Build goose CLI for Intel (x86_64-apple-darwin)
if: inputs.cli-run-id == ''
run: |
source ./bin/activate-hermit
cargo build --release -p goose-cli --bin goose --target x86_64-apple-darwin
- name: Prepare goose binary with target triple
if: inputs.cli-run-id == ''
run: |
TARGET="x86_64-apple-darwin"
mkdir -p target/release
cp "target/${TARGET}/release/goose" "target/release/goose-${TARGET}"
ls -lh "target/release/goose-${TARGET}"
# ── Intel target still needed for Tauri's own Rust build ──
- name: Install Intel target for Tauri toolchain
run: |
source ./bin/activate-hermit
rustup target add x86_64-apple-darwin
cd ui/goose2/src-tauri
rustup target add x86_64-apple-darwin
# ── Frontend ──
- name: Cache pnpm dependencies
uses: actions/cache@8b402f58fbc84540c8b491a91e594a4576fec3d7 # v5.0.2
with:
path: |
ui/goose2/node_modules
ui/sdk/node_modules
.hermit/node/cache
key: goose2-pnpm-macos-intel-${{ runner.os }}-${{ hashFiles('ui/pnpm-lock.yaml') }}
restore-keys: |
goose2-pnpm-macos-intel-${{ runner.os }}-
- name: Install pnpm dependencies
run: |
source ./bin/activate-hermit
cd ui
pnpm install --frozen-lockfile
- name: Build SDK
run: |
source ./bin/activate-hermit
cd ui/sdk
pnpm build
# ── Apple signing ──
- name: Import Apple signing certificate
if: inputs.signing
uses: ./.github/actions/apple-codesign
with:
certificate-base64: ${{ secrets.APPLE_CERTIFICATE_BASE64 }}
certificate-password: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
# ── Tauri bundle ──
- name: Bundle Goose 2 for Intel
env:
APPLE_SIGNING_IDENTITY: ${{ inputs.signing && 'Developer ID Application' || '' }}
APPLE_ID: ${{ inputs.signing && secrets.APPLE_ID || '' }}
APPLE_PASSWORD: ${{ inputs.signing && secrets.APPLE_ID_PASSWORD || '' }}
APPLE_TEAM_ID: ${{ inputs.signing && secrets.APPLE_TEAM_ID || '' }}
working-directory: ui/goose2
run: |
source ../../bin/activate-hermit
pnpm tauri build --target x86_64-apple-darwin
- name: Clean up signing keychain
if: always()
run: |
if [ -n "$KEYCHAIN_PATH" ] && [ -f "$KEYCHAIN_PATH" ]; then
security delete-keychain "$KEYCHAIN_PATH" || true
fi
# ── Upload ──
- name: List bundle output
run: |
BUNDLE_DIR="ui/goose2/src-tauri/target/x86_64-apple-darwin/release/bundle"
echo "=== Bundle contents ==="
find "$BUNDLE_DIR" -type f 2>/dev/null || echo "(no bundle output found)"
- name: Upload Goose 2 macOS Intel artifact
uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
with:
name: Goose2-darwin-x64
path: |
ui/goose2/src-tauri/target/x86_64-apple-darwin/release/bundle/dmg/*.dmg
ui/goose2/src-tauri/target/x86_64-apple-darwin/release/bundle/macos/*.app
if-no-files-found: error
- name: Quick launch test
if: inputs.quick_test
run: |
APP_PATH=$(find ui/goose2/src-tauri/target/x86_64-apple-darwin/release/bundle/macos -maxdepth 1 -name "*.app" 2>/dev/null | head -1)
if [ -z "$APP_PATH" ]; then
echo "No .app found, skipping launch test"
exit 0
fi
xattr -cr "$APP_PATH"
echo "Opening $APP_PATH..."
open -g "$APP_PATH"
sleep 5
if pgrep -f "Goose.app/Contents/MacOS" > /dev/null; then
echo "✅ App is running"
else
echo "❌ App did not stay open"
exit 1
fi
pkill -f "Goose.app/Contents/MacOS" || true
# ───────────────────────────────────────────────
# Linux x86_64
# ───────────────────────────────────────────────
bundle-linux:
name: "Linux x86_64"
runs-on: ubuntu-24.04
timeout-minutes: 60
permissions:
contents: read
actions: read
steps:
- name: Checkout code
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
ref: ${{ inputs.ref != '' && inputs.ref || '' }}
- name: Install system dependencies
run: |
sudo apt-get update
sudo apt-get install -y \
build-essential \
libgtk-3-dev \
libwebkit2gtk-4.1-dev \
libappindicator3-dev \
librsvg2-dev \
patchelf \
protobuf-compiler \
libvulkan-dev \
libvulkan1 \
glslc
- name: Update versions
if: inputs.version != ''
env:
VERSION: ${{ inputs.version }}
run: |
sed -i.bak "s/^version = \".*\"/version = \"${VERSION}\"/" Cargo.toml
rm -f Cargo.toml.bak
sed -i.bak "s/^version = \".*\"/version = \"${VERSION}\"/" ui/goose2/src-tauri/Cargo.toml
rm -f ui/goose2/src-tauri/Cargo.toml.bak
source ./bin/activate-hermit
cd ui/goose2
npm pkg set "version=${VERSION}"
# ── Goose CLI: download from prior run OR build from source ──
- name: Download goose CLI from build-cli run
if: inputs.cli-run-id != ''
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
with:
name: goose-x86_64-unknown-linux-gnu
run-id: ${{ inputs.cli-run-id }}
github-token: ${{ secrets.GITHUB_TOKEN }}
path: cli-artifact
- name: Extract downloaded goose CLI
if: inputs.cli-run-id != ''
run: |
TRIPLE="x86_64-unknown-linux-gnu"
mkdir -p target/release
tar -xjf "cli-artifact/goose-${TRIPLE}.tar.bz2" -C target/release/
chmod +x target/release/goose
cp target/release/goose "target/release/goose-${TRIPLE}"
ls -lh "target/release/goose-${TRIPLE}"
- name: Cache Rust dependencies
if: inputs.cli-run-id == ''
uses: Swatinem/rust-cache@c19371144df3bb44fab255c43d04cbc2ab54d1c4 # v2.9.1
with:
key: goose2-linux-x86_64
- name: Build goose CLI (release)
if: inputs.cli-run-id == ''
run: |
source ./bin/activate-hermit
cargo build --release -p goose-cli --bin goose --features vulkan
- name: Prepare goose binary with target triple
if: inputs.cli-run-id == ''
run: |
TRIPLE=$(rustc --print host-tuple)
cp target/release/goose "target/release/goose-${TRIPLE}"
ls -lh "target/release/goose-${TRIPLE}"
# ── Frontend ──
- name: Cache pnpm dependencies
uses: actions/cache@8b402f58fbc84540c8b491a91e594a4576fec3d7 # v5.0.2
with:
path: |
ui/goose2/node_modules
ui/sdk/node_modules
.hermit/node/cache
key: goose2-pnpm-linux-${{ runner.os }}-${{ hashFiles('ui/pnpm-lock.yaml') }}
restore-keys: |
goose2-pnpm-linux-${{ runner.os }}-
- name: Install pnpm dependencies
run: |
source ./bin/activate-hermit
cd ui
pnpm install --frozen-lockfile
- name: Build SDK
run: |
source ./bin/activate-hermit
cd ui/sdk
pnpm build
# ── Tauri bundle ──
- name: Bundle Goose 2 (pnpm tauri build)
working-directory: ui/goose2
run: |
source ../../bin/activate-hermit
pnpm tauri build
# ── Upload ──
- name: List bundle output
run: |
BUNDLE_DIR="ui/goose2/src-tauri/target/release/bundle"
echo "=== Bundle contents ==="
find "$BUNDLE_DIR" -type f 2>/dev/null | head -30
echo ""
echo "=== File sizes ==="
find "$BUNDLE_DIR" -type f -exec ls -lh {} \; 2>/dev/null | head -20
- name: Upload .deb package
uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
with:
name: Goose2-linux-x64-deb
path: ui/goose2/src-tauri/target/release/bundle/deb/*.deb
if-no-files-found: warn
- name: Upload AppImage
uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
with:
name: Goose2-linux-x64-appimage
path: ui/goose2/src-tauri/target/release/bundle/appimage/*.AppImage
if-no-files-found: warn
- name: Upload RPM package
uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
with:
name: Goose2-linux-x64-rpm
path: ui/goose2/src-tauri/target/release/bundle/rpm/*.rpm
if-no-files-found: warn
# ───────────────────────────────────────────────
# Windows x86_64
# ───────────────────────────────────────────────
bundle-windows:
name: "Windows x86_64"
runs-on: windows-latest
timeout-minutes: 60
permissions:
id-token: write
contents: read
actions: read
steps:
- name: Checkout code
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
ref: ${{ inputs.ref != '' && inputs.ref || '' }}
# Hermit doesn't work on Windows — install node/pnpm directly
- name: Set up Node.js
uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
with:
node-version: 24
- name: Install pnpm
run: npm install -g pnpm@10.33.0
- name: Update versions
if: inputs.version != ''
shell: bash
env:
VERSION: ${{ inputs.version }}
run: |
sed -i.bak "s/^version = \".*\"/version = \"${VERSION}\"/" Cargo.toml
rm -f Cargo.toml.bak
sed -i.bak "s/^version = \".*\"/version = \"${VERSION}\"/" ui/goose2/src-tauri/Cargo.toml
rm -f ui/goose2/src-tauri/Cargo.toml.bak
cd ui/goose2
npm pkg set "version=${VERSION}"
# ── Goose CLI: download from prior run OR build from source ──
- name: Download goose CLI from build-cli run
if: inputs.cli-run-id != ''
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
with:
name: goose-x86_64-pc-windows-msvc
run-id: ${{ inputs.cli-run-id }}
github-token: ${{ secrets.GITHUB_TOKEN }}
path: cli-artifact
- name: Extract downloaded goose CLI
if: inputs.cli-run-id != ''
shell: bash
run: |
TARGET="x86_64-pc-windows-msvc"
mkdir -p target/release
# The zip contains goose-package/goose.exe
cd cli-artifact
7z x "goose-${TARGET}.zip"
cd ..
cp cli-artifact/goose-package/goose.exe target/release/
# Tauri externalBin appends target triple + .exe on Windows
cp target/release/goose.exe "target/release/goose-${TARGET}.exe"
ls -lh "target/release/goose-${TARGET}.exe"
- name: Cache Rust dependencies
if: inputs.cli-run-id == ''
uses: Swatinem/rust-cache@c19371144df3bb44fab255c43d04cbc2ab54d1c4 # v2.9.1
with:
key: goose2-windows-x86_64
- name: Setup Rust
if: inputs.cli-run-id == ''
shell: bash
run: |
rustup show
rustup target add x86_64-pc-windows-msvc
- name: Build goose CLI (release)
if: inputs.cli-run-id == ''
shell: bash
run: |
cargo build --release --target x86_64-pc-windows-msvc -p goose-cli --bin goose
- name: Prepare goose binary with target triple
if: inputs.cli-run-id == ''
shell: bash
run: |
TARGET="x86_64-pc-windows-msvc"
cp "target/${TARGET}/release/goose.exe" "target/release/goose-${TARGET}.exe"
ls -lh "target/release/goose-${TARGET}.exe"
# ── Frontend ──
- name: Cache pnpm dependencies
uses: actions/cache@8b402f58fbc84540c8b491a91e594a4576fec3d7 # v5.0.2
with:
path: |
ui/goose2/node_modules
ui/sdk/node_modules
key: goose2-pnpm-windows-${{ runner.os }}-${{ hashFiles('ui/pnpm-lock.yaml') }}
restore-keys: |
goose2-pnpm-windows-${{ runner.os }}-
- name: Install pnpm dependencies
shell: bash
run: |
cd ui
pnpm install --frozen-lockfile
- name: Build SDK
shell: bash
run: |
cd ui/sdk
pnpm build
# ── Tauri bundle ──
- name: Bundle Goose 2 (pnpm tauri build)
shell: bash
working-directory: ui/goose2
run: |
pnpm tauri build --target x86_64-pc-windows-msvc
# ── Upload ──
- name: List bundle output
shell: bash
run: |
BUNDLE_DIR="ui/goose2/src-tauri/target/x86_64-pc-windows-msvc/release/bundle"
echo "=== Bundle contents ==="
find "$BUNDLE_DIR" -type f 2>/dev/null || echo "(no bundle output found)"
- name: Upload NSIS installer
uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
with:
name: Goose2-windows-x64-nsis
path: ui/goose2/src-tauri/target/x86_64-pc-windows-msvc/release/bundle/nsis/*.exe
if-no-files-found: warn
- name: Upload MSI installer
uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
with:
name: Goose2-windows-x64-msi
path: ui/goose2/src-tauri/target/x86_64-pc-windows-msvc/release/bundle/msi/*.msi
if-no-files-found: warn
sign-windows:
name: "Sign Windows installers"
needs: bundle-windows
if: inputs.windows-signing
runs-on: windows-latest
environment: signing
permissions:
id-token: write
contents: read
actions: read
steps:
- name: Download NSIS installer
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
with:
name: Goose2-windows-x64-nsis
path: unsigned/nsis
- name: Download MSI installer
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
with:
name: Goose2-windows-x64-msi
path: unsigned/msi
- name: Azure login
uses: azure/login@532459ea530d8321f2fb9bb10d1e0bcf23869a43 # v3.0.0
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
- name: Sign Windows installers with Azure Trusted Signing
uses: azure/trusted-signing-action@c7ab2a863ab5f9a846ddb8265964877ef296ee82 # v1
with:
endpoint: ${{ secrets.AZURE_SIGNING_ENDPOINT }}
trusted-signing-account-name: ${{ secrets.AZURE_SIGNING_ACCOUNT_NAME }}
certificate-profile-name: ${{ secrets.AZURE_CERTIFICATE_PROFILE_NAME }}
files-folder: ${{ github.workspace }}/unsigned
files-folder-filter: exe,msi
files-folder-recurse: true
- name: Verify signed installers
shell: pwsh
run: |
$files = Get-ChildItem -Path unsigned -Recurse -Include *.exe,*.msi
foreach ($file in $files) {
Write-Output "Verifying signature: $($file.FullName)"
$sig = Get-AuthenticodeSignature $file.FullName
if ($sig.Status -ne "Valid") {
throw "Signature invalid for $($file.Name): $($sig.Status)"
}
Write-Output "✅ Signature valid: $($file.Name)"
}
- name: Upload signed NSIS installer
uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6
with:
name: Goose2-windows-x64-nsis-signed
path: unsigned/nsis/*.exe
if-no-files-found: error
- name: Upload signed MSI installer
uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6
with:
name: Goose2-windows-x64-msi-signed
path: unsigned/msi/*.msi
if-no-files-found: error
.github/workflows/goose2-ci.yml
-185
View File
@@ -1,185 +0,0 @@
name: "Goose 2 CI"
on:
push:
branches: [main]
paths:
- "ui/goose2/**"
- "ui/sdk/**"
pull_request:
branches: [main]
paths:
- "ui/goose2/**"
- "ui/sdk/**"
merge_group:
branches: [main]
workflow_dispatch:
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
defaults:
run:
working-directory: ui/goose2
jobs:
lint:
name: Lint & Format
runs-on: ubuntu-latest
timeout-minutes: 10
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- uses: pnpm/action-setup@8912a9102ac27614460f54aedde9e1e7f9aec20d # v6.0.5
with:
version: 10.30.3
- uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
with:
node-version: 24
cache: pnpm
cache-dependency-path: ui/pnpm-lock.yaml
- run: pnpm install --frozen-lockfile
- name: Build SDK
run: pnpm build
working-directory: ui/sdk
- run: pnpm check
- run: pnpm typecheck
test:
name: Unit Tests
runs-on: ubuntu-latest
timeout-minutes: 15
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- uses: pnpm/action-setup@8912a9102ac27614460f54aedde9e1e7f9aec20d # v6.0.5
with:
version: 10.30.3
- uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
with:
node-version: 24
cache: pnpm
cache-dependency-path: ui/pnpm-lock.yaml
- run: pnpm install --frozen-lockfile
- name: Build SDK
run: pnpm build
working-directory: ui/sdk
- run: pnpm test
desktop:
name: Desktop Build & E2E
runs-on: ubuntu-latest
timeout-minutes: 30
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- uses: pnpm/action-setup@8912a9102ac27614460f54aedde9e1e7f9aec20d # v6.0.5
with:
version: 10.30.3
- uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
with:
node-version: 24
cache: pnpm
cache-dependency-path: ui/pnpm-lock.yaml
- name: Install system dependencies
run: |
sudo apt-get update
sudo apt-get install -y \
libgtk-3-dev \
libwebkit2gtk-4.1-dev \
libappindicator3-dev \
librsvg2-dev \
patchelf
- name: Install Rust
uses: actions-rust-lang/setup-rust-toolchain@2b1f5e9b395427c92ee4e3331786ca3c37afe2d7 # v1.16.0
with:
rust-src-dir: ui/goose2
- name: Cache Rust
uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
with:
path: |
~/.cargo/registry
~/.cargo/git
ui/goose2/src-tauri/target
key: ${{ runner.os }}-goose2-cargo-${{ hashFiles('ui/goose2/src-tauri/Cargo.lock') }}
- run: pnpm install --frozen-lockfile
- name: Build SDK
run: pnpm build
working-directory: ui/sdk
- name: Build frontend
run: pnpm build
- name: Mock goose binary
working-directory: .
run: mkdir -p target/release && touch target/release/goose-$(rustc --print host-tuple)
- name: Check Tauri
run: cd src-tauri && cargo check
- name: Clippy
run: cd src-tauri && cargo clippy -- -D warnings
- name: Format check
run: cd src-tauri && cargo fmt --check
- name: Install Playwright Chromium
run: pnpm exec playwright install --with-deps chromium
- name: Run E2E tests
run: pnpm exec playwright test
- name: Upload test artifacts
if: failure()
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
with:
name: playwright-report
path: |
ui/goose2/playwright-report/
ui/goose2/test-results/
retention-days: 7
rust-lint:
name: Rust Lint
runs-on: ubuntu-latest
timeout-minutes: 15
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Install system dependencies
run: |
sudo apt-get update
sudo apt-get install -y \
libgtk-3-dev \
libwebkit2gtk-4.1-dev \
libappindicator3-dev \
librsvg2-dev \
patchelf
- name: Install Rust
uses: actions-rust-lang/setup-rust-toolchain@2b1f5e9b395427c92ee4e3331786ca3c37afe2d7 # v1.16.0
with:
rust-src-dir: ui/goose2
components: rustfmt, clippy
- name: Cache Rust
uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
with:
path: |
~/.cargo/registry
~/.cargo/git
ui/goose2/src-tauri/target
key: ${{ runner.os }}-goose2-cargo-${{ hashFiles('ui/goose2/src-tauri/Cargo.lock') }}
- name: Mock goose binary
working-directory: .
run: mkdir -p target/release && touch target/release/goose-$(rustc --print host-tuple)
- name: Format check
run: cd src-tauri && cargo fmt --check
- name: Clippy
run: cd src-tauri && cargo clippy -- -D warnings
.github/workflows/release-goose2.yml
-192
View File
@@ -1,192 +0,0 @@
on:
push:
tags:
- "v2.*"
workflow_dispatch:
inputs:
version:
description: "Version string (e.g. 2.0.0-rc.1). Used when testing from a branch."
required: true
type: string
cli-run-id:
description: "Run ID of a build-cli workflow to pull goose binaries from (skips CLI build step)"
required: false
type: string
default: ""
name: "Release Goose 2"
permissions:
id-token: write # Sigstore OIDC signing + Azure OIDC (Windows signing)
contents: write # Creating releases + actions/checkout
actions: read # Downloading artifacts across workflow runs
attestations: write # SLSA build provenance attestations
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
prepare-version:
name: Prepare Version
runs-on: ubuntu-latest
outputs:
version: ${{ steps.set-version.outputs.version }}
steps:
- name: Extract version
id: set-version
run: |
if [ -n "${{ inputs.version }}" ]; then
VERSION="${{ inputs.version }}"
else
# Strip the leading "v" from the tag (e.g. v2.0.0 → 2.0.0)
VERSION="${GITHUB_REF_NAME#v}"
fi
echo "version=$VERSION" >> "$GITHUB_OUTPUT"
echo "Release version: $VERSION"
build-cli:
if: inputs.cli-run-id == ''
needs: [prepare-version]
uses: ./.github/workflows/build-cli.yml
with:
version: ${{ needs.prepare-version.outputs.version }}
bundle-goose2:
needs: [prepare-version, build-cli]
if: ${{ !cancelled() && needs.prepare-version.result == 'success' && (needs.build-cli.result == 'success' || needs.build-cli.result == 'skipped') }}
uses: ./.github/workflows/bundle-goose2.yml
permissions:
id-token: write
contents: read
actions: read
with:
version: ${{ needs.prepare-version.outputs.version }}
signing: true
windows-signing: true
environment: signing
cli-run-id: ${{ inputs.cli-run-id != '' && inputs.cli-run-id || github.run_id }}
secrets: inherit
install-script:
name: Upload Install Script
runs-on: ubuntu-latest
if: inputs.cli-run-id == ''
needs: [build-cli]
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
- uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6
with:
name: download_cli.sh
path: download_cli.sh
release:
name: Release
runs-on: ubuntu-latest
needs: [prepare-version, build-cli, install-script, bundle-goose2]
if: ${{ !cancelled() && needs.bundle-goose2.result == 'success' }}
permissions:
contents: write
id-token: write
actions: read
attestations: write
steps:
- name: Download CLI artifacts
if: needs.build-cli.result == 'success'
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
with:
pattern: goose-*
merge-multiple: true
path: release
- name: Download install script
if: needs.install-script.result == 'success'
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
with:
name: download_cli.sh
path: release
- name: Download macOS ARM64
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
with:
name: Goose2-darwin-arm64
path: release
- name: Download macOS Intel
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
with:
name: Goose2-darwin-x64
path: release
- name: Download Linux .deb
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
with:
name: Goose2-linux-x64-deb
path: release
continue-on-error: true
- name: Download Linux AppImage
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
with:
name: Goose2-linux-x64-appimage
path: release
continue-on-error: true
- name: Download Linux RPM
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
with:
name: Goose2-linux-x64-rpm
path: release
continue-on-error: true
- name: Download signed Windows NSIS installer
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
with:
name: Goose2-windows-x64-nsis-signed
path: release
- name: Download signed Windows MSI installer
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
with:
name: Goose2-windows-x64-msi-signed
path: release
- name: List downloaded artifacts
run: |
echo "=== All release artifacts ==="
find release -type f | sort
- name: Attest build provenance
uses: actions/attest-build-provenance@a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32 # v4.1.0
with:
subject-path: |
release/goose-*.tar.bz2
release/goose-*.tar.gz
release/goose-*.zip
release/**/*.dmg
release/*.exe
release/*.msi
release/*.deb
release/*.rpm
release/*.AppImage
release/download_cli.sh
# Create/update the versioned pre-release (e.g. v2.0.0)
- name: Release versioned
uses: ncipollo/release-action@339a81892b84b4eeb0f6e744e4574d79d0d9b8dd # v1
with:
token: ${{ secrets.GITHUB_TOKEN }}
prerelease: true
artifacts: |
release/goose-*.tar.bz2
release/goose-*.tar.gz
release/goose-*.zip
release/**/*.dmg
release/*.exe
release/*.msi
release/*.deb
release/*.rpm
release/*.AppImage
release/download_cli.sh
allowUpdates: true
omitBody: true