549727d681
All checks were successful
Build AppImage / build (push) Successful in 9m33s
Die ntfy-action ueber data/ntfy-action@main definiert ihre Inputs als ntfy_auth (siehe action.yml). Mit auth: kam keine Notification durch. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
281 lines
11 KiB
YAML
281 lines
11 KiB
YAML
# Claude Desktop — AppImage Build Pipeline
|
|
# Triggert bei [appimage] im Commit oder bei Release-Tags (v*)
|
|
# Runner: data-it/forgejo-runner mit Rust + GTK vorinstalliert
|
|
|
|
name: Build AppImage
|
|
|
|
on:
|
|
push:
|
|
tags:
|
|
- 'v*'
|
|
branches:
|
|
- main
|
|
|
|
jobs:
|
|
build:
|
|
# Laeuft auf dem Debian-Runner (16-Forgejo-Runner-AppImage) - glibc fuer linuxdeploy
|
|
runs-on: appimage
|
|
if: contains(github.event.head_commit.message, '[appimage]') || startsWith(github.ref, 'refs/tags/v')
|
|
|
|
steps:
|
|
- name: Notify start
|
|
uses: https://git.data-it-solution.de/data/ntfy-action@main
|
|
with:
|
|
status: start
|
|
project: claude-desktop
|
|
ntfy_auth: ${{ secrets.NTFY_AUTH }}
|
|
|
|
- name: Checkout
|
|
run: |
|
|
git clone --depth 1 --branch "${GITHUB_REF_NAME}" \
|
|
"https://oauth2:${{ secrets.REGISTRY_TOKEN }}@git.data-it-solution.de/${GITHUB_REPOSITORY}.git" .
|
|
|
|
- name: Show Rust Version
|
|
run: |
|
|
rustc --version
|
|
cargo --version
|
|
|
|
- name: App-Version festlegen
|
|
# Version EINMAL am Anfang festlegen (KB #160) — wird als Env an alle Folge-Steps durchgereicht
|
|
run: |
|
|
APP_VERSION="$(date +%Y%m%d-%H%M)"
|
|
echo "APP_VERSION=${APP_VERSION}" >> $GITHUB_ENV
|
|
echo "App-Version: ${APP_VERSION}"
|
|
|
|
- name: Install npm packages
|
|
run: npm ci
|
|
|
|
- name: Build Tauri App
|
|
env:
|
|
APP_VERSION: ${{ env.APP_VERSION }}
|
|
# Wird als Basic-Auth (user: "data") fuer /api/packages gebraucht.
|
|
# REGISTRY_TOKEN hat Package-Read-Rechte und ist im Repo bereits gesetzt.
|
|
UPDATE_TOKEN: ${{ secrets.REGISTRY_TOKEN }}
|
|
run: |
|
|
npm run tauri build -- --bundles appimage
|
|
ls -la src-tauri/target/release/bundle/appimage/
|
|
|
|
- name: Patch AppRun fuer NixOS-Support + Re-Bundle
|
|
run: |
|
|
set -e
|
|
BUNDLE_DIR=src-tauri/target/release/bundle/appimage
|
|
APPDIR=$(ls -d "$BUNDLE_DIR"/*.AppDir | head -1)
|
|
OLD_APPIMAGE=$(ls "$BUNDLE_DIR"/*.AppImage | head -1)
|
|
OLD_NAME=$(basename "$OLD_APPIMAGE")
|
|
|
|
echo "AppDir: $APPDIR"
|
|
echo "Original AppImage: $OLD_NAME"
|
|
|
|
# Original AppRun sichern + ueberhaupt: das linuxdeploy-Original
|
|
# ist sehr klein, laedt einen Hook (linuxdeploy-plugin-gtk.sh) der
|
|
# ALLE ENV-Vars korrekt setzt (LD_LIBRARY_PATH, WEBKIT_EXEC_PATH,
|
|
# GDK_PIXBUF etc.), dann ruft es AppRun.wrapped auf.
|
|
# Wir ergaenzen davor nur unsere NixOS+WebKit-Workarounds.
|
|
cp "$APPDIR/AppRun" "$APPDIR/AppRun.original"
|
|
|
|
cat > "$APPDIR/AppRun" << 'APPRUN_EOF'
|
|
#!/bin/bash
|
|
HERE="$(readlink -f "$(dirname "$0")")"
|
|
|
|
# --- NixOS-Detection ---
|
|
# Host-Mesa unter /run/opengl-driver bevorzugen,
|
|
# weil bundled Mesa gegen NixOS-Treiber kollidiert
|
|
if [ -d /run/opengl-driver/lib ]; then
|
|
export LD_LIBRARY_PATH="/run/opengl-driver/lib:${LD_LIBRARY_PATH}"
|
|
fi
|
|
|
|
# --- WebKit-Workarounds ---
|
|
# fuer problematische GPU/Compositor-Stacks (Wayland-Bugs, NVIDIA, etc.)
|
|
# Nur setzen wenn User nichts vorgegeben hat (override moeglich).
|
|
: "${WEBKIT_DISABLE_DMABUF_RENDERER:=1}"
|
|
: "${WEBKIT_DISABLE_COMPOSITING_MODE:=1}"
|
|
export WEBKIT_DISABLE_DMABUF_RENDERER WEBKIT_DISABLE_COMPOSITING_MODE
|
|
|
|
# --- Original linuxdeploy-Logik (1:1 wie AppRun.original) ---
|
|
set -e
|
|
source "$HERE"/apprun-hooks/linuxdeploy-plugin-gtk.sh
|
|
exec "$HERE"/AppRun.wrapped "$@"
|
|
APPRUN_EOF
|
|
chmod +x "$APPDIR/AppRun"
|
|
|
|
echo "--- neuer AppRun ---"
|
|
cat "$APPDIR/AppRun"
|
|
|
|
# Altes AppImage weg, neu packen mit appimagetool
|
|
rm "$OLD_APPIMAGE"
|
|
appimagetool --no-appstream "$APPDIR" "$BUNDLE_DIR/$OLD_NAME"
|
|
|
|
ls -la "$BUNDLE_DIR/"
|
|
|
|
- name: Upload to Package Registry
|
|
run: |
|
|
set -e
|
|
# --- AppImage vorbereiten ---
|
|
ORIG=$(ls src-tauri/target/release/bundle/appimage/*.AppImage | head -1)
|
|
# Tauri benennt mit "Claude Desktop_..." (Leerzeichen) -> URL-unsicher.
|
|
SAFE_NAME=$(basename "$ORIG" | tr ' ' '-')
|
|
APPIMAGE="$(dirname "$ORIG")/$SAFE_NAME"
|
|
mv "$ORIG" "$APPIMAGE"
|
|
FILENAME="$SAFE_NAME"
|
|
|
|
# --- Natives Binary fuer Nix-Wrapper-Installationen vorbereiten ---
|
|
# Cargo legt's unter target/release/claude-desktop (ohne CARGO_TARGET_DIR)
|
|
BINARY_SRC="src-tauri/target/release/claude-desktop"
|
|
if [ ! -x "$BINARY_SRC" ]; then
|
|
echo "❌ Erwartetes Binary nicht gefunden: $BINARY_SRC" >&2
|
|
exit 1
|
|
fi
|
|
BINARY_NAME="claude-desktop_${APP_VERSION}_linux-x86_64"
|
|
cp "$BINARY_SRC" "/tmp/${BINARY_NAME}"
|
|
|
|
# --- Scripts-Bundle fuer Nix-Wrapper vorbereiten ---
|
|
# Enthaelt claude-bridge.js, package.json und package-lock.json.
|
|
# Der Client fuehrt nach dem Extract `npm ci --omit=dev` aus → node_modules.
|
|
BUNDLE_NAME="claude-desktop-bundle_${APP_VERSION}.tar.gz"
|
|
tar -czf "/tmp/${BUNDLE_NAME}" \
|
|
--transform='s,^,,' \
|
|
scripts/claude-bridge.js \
|
|
package.json \
|
|
package-lock.json
|
|
|
|
echo "Lade $FILENAME + $BINARY_NAME + $BUNDLE_NAME (v${APP_VERSION}) in Package Registry..."
|
|
|
|
BASE="https://git.data-it-solution.de/api/packages/data/generic/claude-desktop"
|
|
|
|
# SHA256-Hashes fuer Integritaets-Check in update.json
|
|
SHA256=$(sha256sum "$APPIMAGE" | awk '{print $1}')
|
|
BINARY_SHA256=$(sha256sum "/tmp/${BINARY_NAME}" | awk '{print $1}')
|
|
BUNDLE_SHA256=$(sha256sum "/tmp/${BUNDLE_NAME}" | awk '{print $1}')
|
|
NOTES=$(git log -1 --pretty=%s)
|
|
RELEASED_AT=$(date -Iseconds)
|
|
|
|
# update.json-Manifest bauen — wird vom Client-Updater (update.rs) gelesen.
|
|
# binary_*/bundle_* werden im Nix-Wrapper-Modus verwendet (siehe nix/default.nix).
|
|
cat > /tmp/update.json <<EOF
|
|
{
|
|
"version": "${APP_VERSION}",
|
|
"filename": "${FILENAME}",
|
|
"sha256": "${SHA256}",
|
|
"binary_filename": "${BINARY_NAME}",
|
|
"binary_sha256": "${BINARY_SHA256}",
|
|
"bundle_filename": "${BUNDLE_NAME}",
|
|
"bundle_sha256": "${BUNDLE_SHA256}",
|
|
"notes": $(printf '%s' "$NOTES" | jq -Rs .),
|
|
"released_at": "${RELEASED_AT}"
|
|
}
|
|
EOF
|
|
|
|
echo "--- update.json ---"
|
|
cat /tmp/update.json
|
|
|
|
# Alte Dateien loeschen (Forgejo weist PUT auf existierende Pfade mit 409 ab)
|
|
for PATH_SUFFIX in \
|
|
"latest/${FILENAME}" "${APP_VERSION}/${FILENAME}" \
|
|
"latest/${BINARY_NAME}" "${APP_VERSION}/${BINARY_NAME}" \
|
|
"latest/${BUNDLE_NAME}" "${APP_VERSION}/${BUNDLE_NAME}" \
|
|
"latest/update.json" "${APP_VERSION}/update.json"; do
|
|
curl -sS -X DELETE \
|
|
--user "data:${{ secrets.REGISTRY_TOKEN }}" \
|
|
"${BASE}/${PATH_SUFFIX}" >/dev/null 2>&1 || true
|
|
done
|
|
|
|
# AppImage versioniert + latest hochladen
|
|
curl --fail -sS -X PUT \
|
|
--user "data:${{ secrets.REGISTRY_TOKEN }}" \
|
|
--upload-file "$APPIMAGE" \
|
|
"${BASE}/${APP_VERSION}/${FILENAME}"
|
|
|
|
curl --fail -sS -X PUT \
|
|
--user "data:${{ secrets.REGISTRY_TOKEN }}" \
|
|
--upload-file "$APPIMAGE" \
|
|
"${BASE}/latest/${FILENAME}"
|
|
|
|
# Natives Binary versioniert + latest hochladen
|
|
curl --fail -sS -X PUT \
|
|
--user "data:${{ secrets.REGISTRY_TOKEN }}" \
|
|
--upload-file "/tmp/${BINARY_NAME}" \
|
|
"${BASE}/${APP_VERSION}/${BINARY_NAME}"
|
|
|
|
curl --fail -sS -X PUT \
|
|
--user "data:${{ secrets.REGISTRY_TOKEN }}" \
|
|
--upload-file "/tmp/${BINARY_NAME}" \
|
|
"${BASE}/latest/${BINARY_NAME}"
|
|
|
|
# Scripts-Bundle versioniert + latest hochladen
|
|
curl --fail -sS -X PUT \
|
|
--user "data:${{ secrets.REGISTRY_TOKEN }}" \
|
|
--upload-file "/tmp/${BUNDLE_NAME}" \
|
|
"${BASE}/${APP_VERSION}/${BUNDLE_NAME}"
|
|
|
|
curl --fail -sS -X PUT \
|
|
--user "data:${{ secrets.REGISTRY_TOKEN }}" \
|
|
--upload-file "/tmp/${BUNDLE_NAME}" \
|
|
"${BASE}/latest/${BUNDLE_NAME}"
|
|
|
|
# update.json versioniert + latest hochladen
|
|
curl --fail -sS -X PUT \
|
|
--user "data:${{ secrets.REGISTRY_TOKEN }}" \
|
|
--upload-file /tmp/update.json \
|
|
"${BASE}/${APP_VERSION}/update.json"
|
|
|
|
curl --fail -sS -X PUT \
|
|
--user "data:${{ secrets.REGISTRY_TOKEN }}" \
|
|
--upload-file /tmp/update.json \
|
|
"${BASE}/latest/update.json"
|
|
|
|
echo "Upload abgeschlossen: ${FILENAME} + ${BINARY_NAME} + ${BUNDLE_NAME} (v${APP_VERSION})"
|
|
echo " AppImage SHA256: ${SHA256}"
|
|
echo " Bundle SHA256: ${BUNDLE_SHA256}"
|
|
echo " Binary SHA256: ${BINARY_SHA256}"
|
|
|
|
- name: Upload to Release
|
|
if: startsWith(github.ref, 'refs/tags/v')
|
|
run: |
|
|
set -e
|
|
# AppImage wurde im vorherigen Step schon umbenannt (Leerzeichen -> -)
|
|
APPIMAGE=$(ls src-tauri/target/release/bundle/appimage/*.AppImage | head -1)
|
|
FILENAME=$(basename "$APPIMAGE")
|
|
TAG="${GITHUB_REF#refs/tags/}"
|
|
|
|
echo "Lade $FILENAME zu Release $TAG hoch..."
|
|
|
|
# Release erstellen falls nicht vorhanden
|
|
curl -s -X POST \
|
|
-H "Authorization: token ${{ secrets.REGISTRY_TOKEN }}" \
|
|
-H "Content-Type: application/json" \
|
|
"https://git.data-it-solution.de/api/v1/repos/${GITHUB_REPOSITORY}/releases" \
|
|
-d "{\"tag_name\":\"${TAG}\",\"name\":\"${TAG}\",\"body\":\"Release ${TAG}\"}" || true
|
|
|
|
# Release-ID holen
|
|
RELEASE_ID=$(curl -s \
|
|
-H "Authorization: token ${{ secrets.REGISTRY_TOKEN }}" \
|
|
"https://git.data-it-solution.de/api/v1/repos/${GITHUB_REPOSITORY}/releases/tags/${TAG}" \
|
|
| grep -o '"id":[0-9]*' | head -1 | sed 's/"id"://')
|
|
|
|
echo "Release-ID: $RELEASE_ID"
|
|
|
|
# AppImage hochladen
|
|
curl -s -X POST \
|
|
-H "Authorization: token ${{ secrets.REGISTRY_TOKEN }}" \
|
|
-H "Content-Type: application/octet-stream" \
|
|
"https://git.data-it-solution.de/api/v1/repos/${GITHUB_REPOSITORY}/releases/${RELEASE_ID}/assets?name=${FILENAME}" \
|
|
--data-binary "@${APPIMAGE}"
|
|
|
|
echo "Upload abgeschlossen: ${FILENAME}"
|
|
|
|
- name: Notify success
|
|
if: success()
|
|
uses: https://git.data-it-solution.de/data/ntfy-action@main
|
|
with:
|
|
status: success
|
|
project: claude-desktop
|
|
message: "Version ${{ env.APP_VERSION }} verfuegbar — AppImage + Nix-Binary in Package Registry"
|
|
ntfy_auth: ${{ secrets.NTFY_AUTH }}
|
|
|
|
- name: Notify failure
|
|
if: failure()
|
|
uses: https://git.data-it-solution.de/data/ntfy-action@main
|
|
with:
|
|
status: failure
|
|
project: claude-desktop
|
|
ntfy_auth: ${{ secrets.NTFY_AUTH }}
|