1- name : Release CLI (test)
1+ name : Release CLI
22
33on :
4- workflow_dispatch :
5- inputs :
6- publish_release :
7- description : " Publish / update the test prerelease (v0.0.0-test)"
8- type : boolean
9- required : false
10- default : true
11-
124 push :
13- branches :
14- - feature/cli-0.2.0
5+ tags :
6+ - " v* "
157
168concurrency :
17- group : release-test
9+ group : release
1810 cancel-in-progress : true
1911
2012jobs :
@@ -42,15 +34,17 @@ jobs:
4234 cp src/complete/ek.bash dist/bin/
4335 cp src/complete/ek.zsh dist/bin/
4436
45- tar -czf dist/archives/enkryptify_Linux_x86_64.tar.gz -C dist/bin ek ek.bash ek.zsh
37+ # Create deterministic tarball (fixed mtime, owner, group)
38+ tar --mtime='2020-01-01 00:00:00' --owner=0 --group=0 -czf dist/archives/enkryptify_Linux_x86_64.tar.gz -C dist/bin ek ek.bash ek.zsh
4639
4740 bun build src/cli.ts --compile --target=bun-linux-arm64 --outfile=dist/bin/ek
4841
4942 # ✅ COPY COMPLETION FILES (again for arm64)
5043 cp src/complete/ek.bash dist/bin/
5144 cp src/complete/ek.zsh dist/bin/
5245
53- tar -czf dist/archives/enkryptify_Linux_arm64.tar.gz -C dist/bin ek ek.bash ek.zsh
46+ # Create deterministic tarball (fixed mtime, owner, group)
47+ tar --mtime='2020-01-01 00:00:00' --owner=0 --group=0 -czf dist/archives/enkryptify_Linux_arm64.tar.gz -C dist/bin ek ek.bash ek.zsh
5448
5549uses : actions/upload-artifact@v4
5650 with :
8377 cp src/complete/ek.bash dist/bin/
8478 cp src/complete/ek.zsh dist/bin/
8579
86- # Package
87- tar -czf dist/archives/enkryptify_Darwin_x86_64.tar.gz -C dist/bin ek ek.bash ek.zsh
88- tar -czf dist/archives/enkryptify_Darwin_arm64.tar.gz -C dist/bin ek ek.bash ek.zsh
80+ tar --mtime='2020-01-01 00:00:00' --owner=0 --group=0 -czf dist/archives/enkryptify_Darwin_x86_64.tar.gz -C dist/bin ek ek.bash ek.zsh
81+ tar --mtime='2020-01-01 00:00:00' --owner=0 --group=0 -czf dist/archives/enkryptify_Darwin_arm64.tar.gz -C dist/bin ek ek.bash ek.zsh
8982
9083uses : actions/upload-artifact@v4
9184 with :
@@ -115,12 +108,20 @@ jobs:
115108 # Copy PowerShell module INTO A FOLDER
116109 Copy-Item src\complete\enkryptify-completion.psm1 dist\bin\enkryptify-completion\
117110
111+ # Set fixed timestamps for deterministic zip (PowerShell)
112+ $fixedDate = Get-Date "2020-01-01 00:00:00"
113+ (Get-Item dist\bin\ek.exe).LastWriteTime = $fixedDate
114+ (Get-Item dist\bin\enkryptify-completion).LastWriteTime = $fixedDate
115+ (Get-Item dist\bin\enkryptify-completion\enkryptify-completion.psm1).LastWriteTime = $fixedDate
116+
118117 # Zip layout MUST contain:
119118 # ek.exe
120119 # enkryptify-completion/enkryptify-completion.psm1
120+ # Use -CompressionLevel Optimal for consistency
121121 Compress-Archive `
122122 -Path dist\bin\ek.exe, dist\bin\enkryptify-completion `
123- -DestinationPath dist\archives\enkryptify_Windows_x86_64.zip
123+ -DestinationPath dist\archives\enkryptify_Windows_x86_64.zip `
124+ -CompressionLevel Optimal
124125
125126uses : actions/upload-artifact@v4
126127 with :
@@ -137,12 +138,14 @@ jobs:
137138 - uses : actions/checkout@v4
138139 with :
139140 fetch-depth : 0
141+ ref : ${{ github.ref }}
140142
141- - name : Get version from package.json
143+ - name : Get version from git tag
142144 id : version
143145 run : |
144- VERSION=$(node -p "require('./package.json').version")
145- TAG="v${VERSION}-test"
146+ # Extract version from git tag (e.g., v1.0.0 -> 1.0.0)
147+ TAG="${GITHUB_REF#refs/tags/}"
148+ VERSION="${TAG#v}"
146149 echo "version=$VERSION" >> $GITHUB_OUTPUT
147150 echo "tag=$TAG" >> $GITHUB_OUTPUT
148151
@@ -160,34 +163,22 @@ jobs:
160163 # Sort alphabetically by filename (matching GoReleaser behavior)
161164 sort checksums.txt -o checksums.txt
162165
163- name : Move test tag
164- if : ${{ github.event_name == 'push' || inputs.publish_release }}
165- run : |
166- git config user.name "Enkryptify Bot"
167- git config user.email "bot@enkryptify.com"
168- git tag -f ${{ steps.version.outputs.tag }}
169- git push -f origin ${{ steps.version.outputs.tag }}
170-
171- name : Publish GitHub prerelease
172- if : ${{ github.event_name == 'push' || inputs.publish_release }}
166+ name : Publish GitHub release
173167 uses : softprops/action-gh-release@v2
174168 with :
175169 tag_name : ${{ steps.version.outputs.tag }}
176- prerelease : true
177- overwrite_files : true
178170 files : dist/archives/*
179171 env :
180172 GITHUB_TOKEN : ${{ secrets.GITHUB_TOKEN }}
181173
182- - name : Update Homebrew test tap
183- if : ${{ github.event_name == 'push' || inputs.publish_release }}
174+ - name : Update Homebrew tap
184175 env :
185176 TAP_TOKEN : ${{ secrets.GH_TOKEN }}
186177 run : |
187178 set -euo pipefail
188179
189- git clone https://x-access-token:${TAP_TOKEN}@github.com/Enkryptify/homebrew-enkryptify-test .git
190- cd homebrew-enkryptify-test
180+ git clone https://x-access-token:${TAP_TOKEN}@github.com/Enkryptify/homebrew-enkryptify.git
181+ cd homebrew-enkryptify
191182
192183 git config user.name "Enkryptify Bot"
193184 git config user.email "bot@enkryptify.com"
@@ -199,9 +190,9 @@ jobs:
199190
200191 cat > Formula/enkryptify.rb <<EOF
201192 class Enkryptify < Formula
202- desc "Enkryptify CLI (test) "
193+ desc "Official Enkryptify CLI for injecting secrets into your codebase "
203194 homepage "https://enkryptify.com"
204- version "${VERSION}-test "
195+ version "${VERSION}"
205196
206197 on_macos do
207198 if Hardware::CPU.arm?
@@ -220,29 +211,28 @@ jobs:
220211 end
221212
222213 test do
223- system "#{bin}/ek", "--help "
214+ system "#{bin}/ek", "--version "
224215 end
225216 end
226217 EOF
227218
228219 git add Formula/enkryptify.rb
229- git commit -m "Update test formula ${{ steps.version.outputs.tag } }"
220+ git commit -m "Update formula ${TAG }"
230221 git push
231222
232- name : Update Scoop test bucket
233- if : ${{ github.event_name == 'push' || inputs.publish_release }}
223+ name : Update Scoop bucket
234224 env :
235225 SCOOP_TOKEN : ${{ secrets.GH_TOKEN }}
236226 run : |
237227 set -euo pipefail
238228
239- git clone https://x-access-token:${SCOOP_TOKEN}@github.com/Enkryptify/scoop-enkryptify-test .git
240- cd scoop-enkryptify-test
229+ git clone https://x-access-token:${SCOOP_TOKEN}@github.com/Enkryptify/scoop-enkryptify.git
230+ cd scoop-enkryptify
241231
242232 git config user.name "Enkryptify Bot"
243233 git config user.email "bot@enkryptify.com"
244234
245- VERSION="${{ steps.version.outputs.version }}-test "
235+ VERSION="${{ steps.version.outputs.version }}"
246236 TAG="${{ steps.version.outputs.tag }}"
247237
248238 ZIP="enkryptify_Windows_x86_64.zip"
@@ -264,11 +254,13 @@ jobs:
264254 "psmodule": {
265255 "name": "enkryptify-completion",
266256 "root": "enkryptify-completion"
267- }
257+ },
258+ "homepage": "https://enkryptify.com",
259+ "description": "Official Enkryptify CLI for injecting secrets into your codebase",
260+ "license": "GPL-3.0-only"
268261 }
269262 EOF
270263
271-
272264 git add enkryptify.json
273- git commit -m "Update enkryptify ${VERSION }"
265+ git commit -m "Update enkryptify ${TAG }"
274266 git push
0 commit comments