data/claude-desktop
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
claude-desktop/.forgejo/workflows/build-appimage.yml
Eddy ed089c1e1c
Some checks failed
Build AppImage / build (push) Has been cancelled
Details
ci: Ntfy-Benachrichtigungen aus der Pipeline (start/success/failure) [appimage] 
Bisher kamen Build-Statusmeldungen vom /deploy-Polling. Das ist redundant —
die Pipeline kann selbst auf Topic vk-builds pingen, dann brauchen wir kein
Claude-Polling mehr (spart Tokens, vermeidet doppelte Pings).

- Notify start: grauer Hammer am Anfang
- Notify success: gruener Haken (mit Versionsnummer)
- Notify failure: rote Lampe + Priority high

Voraussetzung: Repo-Secret NTFY_AUTH ist gesetzt (siehe globales CLAUDE.md).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-27 14:34:06 +02:00

281 lines
11 KiB
YAML
Raw Blame History

# Claude Desktop — AppImage Build Pipeline
# Triggert bei [appimage] im Commit oder bei Release-Tags (v*)
# Runner: data-it/forgejo-runner mit Rust + GTK vorinstalliert
name: Build AppImage
on:
push:
tags:
- 'v*'
branches:
- main
jobs:
build:
# Laeuft auf dem Debian-Runner (16-Forgejo-Runner-AppImage) - glibc fuer linuxdeploy
runs-on: appimage
if: contains(github.event.head_commit.message, '[appimage]') || startsWith(github.ref, 'refs/tags/v')
steps:
- name: Notify start
uses: https://git.data-it-solution.de/data/ntfy-action@main
with:
status: start
project: claude-desktop
auth: ${{ secrets.NTFY_AUTH }}
- name: Checkout
run: |
git clone --depth 1 --branch "${GITHUB_REF_NAME}" \
"https://oauth2:${{ secrets.REGISTRY_TOKEN }}@git.data-it-solution.de/${GITHUB_REPOSITORY}.git" .
- name: Show Rust Version
run: |
rustc --version
cargo --version
- name: App-Version festlegen
# Version EINMAL am Anfang festlegen (KB #160) — wird als Env an alle Folge-Steps durchgereicht
run: |
APP_VERSION="$(date +%Y%m%d-%H%M)"
echo "APP_VERSION=${APP_VERSION}" >> $GITHUB_ENV
echo "App-Version: ${APP_VERSION}"
- name: Install npm packages
run: npm ci
- name: Build Tauri App
env:
APP_VERSION: ${{ env.APP_VERSION }}
# Wird als Basic-Auth (user: "data") fuer /api/packages gebraucht.
# REGISTRY_TOKEN hat Package-Read-Rechte und ist im Repo bereits gesetzt.
UPDATE_TOKEN: ${{ secrets.REGISTRY_TOKEN }}
run: |
npm run tauri build -- --bundles appimage
ls -la src-tauri/target/release/bundle/appimage/
- name: Patch AppRun fuer NixOS-Support + Re-Bundle
run: |
set -e
BUNDLE_DIR=src-tauri/target/release/bundle/appimage
APPDIR=$(ls -d "$BUNDLE_DIR"/*.AppDir | head -1)
OLD_APPIMAGE=$(ls "$BUNDLE_DIR"/*.AppImage | head -1)
OLD_NAME=$(basename "$OLD_APPIMAGE")
echo "AppDir: $APPDIR"
echo "Original AppImage: $OLD_NAME"
# Original AppRun sichern + ueberhaupt: das linuxdeploy-Original
# ist sehr klein, laedt einen Hook (linuxdeploy-plugin-gtk.sh) der
# ALLE ENV-Vars korrekt setzt (LD_LIBRARY_PATH, WEBKIT_EXEC_PATH,
# GDK_PIXBUF etc.), dann ruft es AppRun.wrapped auf.
# Wir ergaenzen davor nur unsere NixOS+WebKit-Workarounds.
cp "$APPDIR/AppRun" "$APPDIR/AppRun.original"
cat > "$APPDIR/AppRun" << 'APPRUN_EOF'
#!/bin/bash
HERE="$(readlink -f "$(dirname "$0")")"
# --- NixOS-Detection ---
# Host-Mesa unter /run/opengl-driver bevorzugen,
# weil bundled Mesa gegen NixOS-Treiber kollidiert
if [ -d /run/opengl-driver/lib ]; then
export LD_LIBRARY_PATH="/run/opengl-driver/lib:${LD_LIBRARY_PATH}"
fi
# --- WebKit-Workarounds ---
# fuer problematische GPU/Compositor-Stacks (Wayland-Bugs, NVIDIA, etc.)
# Nur setzen wenn User nichts vorgegeben hat (override moeglich).
: "${WEBKIT_DISABLE_DMABUF_RENDERER:=1}"
: "${WEBKIT_DISABLE_COMPOSITING_MODE:=1}"
export WEBKIT_DISABLE_DMABUF_RENDERER WEBKIT_DISABLE_COMPOSITING_MODE
# --- Original linuxdeploy-Logik (1:1 wie AppRun.original) ---
set -e
source "$HERE"/apprun-hooks/linuxdeploy-plugin-gtk.sh
exec "$HERE"/AppRun.wrapped "$@"
APPRUN_EOF
chmod +x "$APPDIR/AppRun"
echo "--- neuer AppRun ---"
cat "$APPDIR/AppRun"
# Altes AppImage weg, neu packen mit appimagetool
rm "$OLD_APPIMAGE"
appimagetool --no-appstream "$APPDIR" "$BUNDLE_DIR/$OLD_NAME"
ls -la "$BUNDLE_DIR/"
- name: Upload to Package Registry
run: |
set -e
# --- AppImage vorbereiten ---
ORIG=$(ls src-tauri/target/release/bundle/appimage/*.AppImage | head -1)
# Tauri benennt mit "Claude Desktop_..." (Leerzeichen) -> URL-unsicher.
SAFE_NAME=$(basename "$ORIG" | tr ' ' '-')
APPIMAGE="$(dirname "$ORIG")/$SAFE_NAME"
mv "$ORIG" "$APPIMAGE"
FILENAME="$SAFE_NAME"
# --- Natives Binary fuer Nix-Wrapper-Installationen vorbereiten ---
# Cargo legt's unter target/release/claude-desktop (ohne CARGO_TARGET_DIR)
BINARY_SRC="src-tauri/target/release/claude-desktop"
if [ ! -x "$BINARY_SRC" ]; then
echo "❌ Erwartetes Binary nicht gefunden: $BINARY_SRC" >&2
exit 1
fi
BINARY_NAME="claude-desktop_${APP_VERSION}_linux-x86_64"
cp "$BINARY_SRC" "/tmp/${BINARY_NAME}"
# --- Scripts-Bundle fuer Nix-Wrapper vorbereiten ---
# Enthaelt claude-bridge.js, package.json und package-lock.json.
# Der Client fuehrt nach dem Extract `npm ci --omit=dev` aus → node_modules.
BUNDLE_NAME="claude-desktop-bundle_${APP_VERSION}.tar.gz"
tar -czf "/tmp/${BUNDLE_NAME}" \
--transform='s,^,,' \
scripts/claude-bridge.js \
package.json \
package-lock.json
echo "Lade $FILENAME + $BINARY_NAME + $BUNDLE_NAME (v${APP_VERSION}) in Package Registry..."
BASE="https://git.data-it-solution.de/api/packages/data/generic/claude-desktop"
# SHA256-Hashes fuer Integritaets-Check in update.json
SHA256=$(sha256sum "$APPIMAGE" | awk '{print $1}')
BINARY_SHA256=$(sha256sum "/tmp/${BINARY_NAME}" | awk '{print $1}')
BUNDLE_SHA256=$(sha256sum "/tmp/${BUNDLE_NAME}" | awk '{print $1}')
NOTES=$(git log -1 --pretty=%s)
RELEASED_AT=$(date -Iseconds)
# update.json-Manifest bauen — wird vom Client-Updater (update.rs) gelesen.
# binary_*/bundle_* werden im Nix-Wrapper-Modus verwendet (siehe nix/default.nix).
cat > /tmp/update.json <<EOF
{
"version": "${APP_VERSION}",
"filename": "${FILENAME}",
"sha256": "${SHA256}",
"binary_filename": "${BINARY_NAME}",
"binary_sha256": "${BINARY_SHA256}",
"bundle_filename": "${BUNDLE_NAME}",
"bundle_sha256": "${BUNDLE_SHA256}",
"notes": $(printf '%s' "$NOTES" | jq -Rs .),
"released_at": "${RELEASED_AT}"
}
EOF
echo "--- update.json ---"
cat /tmp/update.json
# Alte Dateien loeschen (Forgejo weist PUT auf existierende Pfade mit 409 ab)
for PATH_SUFFIX in \
"latest/${FILENAME}" "${APP_VERSION}/${FILENAME}" \
"latest/${BINARY_NAME}" "${APP_VERSION}/${BINARY_NAME}" \
"latest/${BUNDLE_NAME}" "${APP_VERSION}/${BUNDLE_NAME}" \
"latest/update.json" "${APP_VERSION}/update.json"; do
curl -sS -X DELETE \
--user "data:${{ secrets.REGISTRY_TOKEN }}" \
"${BASE}/${PATH_SUFFIX}" >/dev/null 2>&1 || true
done
# AppImage versioniert + latest hochladen
curl --fail -sS -X PUT \
--user "data:${{ secrets.REGISTRY_TOKEN }}" \
--upload-file "$APPIMAGE" \
"${BASE}/${APP_VERSION}/${FILENAME}"
curl --fail -sS -X PUT \
--user "data:${{ secrets.REGISTRY_TOKEN }}" \
--upload-file "$APPIMAGE" \
"${BASE}/latest/${FILENAME}"
# Natives Binary versioniert + latest hochladen
curl --fail -sS -X PUT \
--user "data:${{ secrets.REGISTRY_TOKEN }}" \
--upload-file "/tmp/${BINARY_NAME}" \
"${BASE}/${APP_VERSION}/${BINARY_NAME}"
curl --fail -sS -X PUT \
--user "data:${{ secrets.REGISTRY_TOKEN }}" \
--upload-file "/tmp/${BINARY_NAME}" \
"${BASE}/latest/${BINARY_NAME}"
# Scripts-Bundle versioniert + latest hochladen
curl --fail -sS -X PUT \
--user "data:${{ secrets.REGISTRY_TOKEN }}" \
--upload-file "/tmp/${BUNDLE_NAME}" \
"${BASE}/${APP_VERSION}/${BUNDLE_NAME}"
curl --fail -sS -X PUT \
--user "data:${{ secrets.REGISTRY_TOKEN }}" \
--upload-file "/tmp/${BUNDLE_NAME}" \
"${BASE}/latest/${BUNDLE_NAME}"
# update.json versioniert + latest hochladen
curl --fail -sS -X PUT \
--user "data:${{ secrets.REGISTRY_TOKEN }}" \
--upload-file /tmp/update.json \
"${BASE}/${APP_VERSION}/update.json"
curl --fail -sS -X PUT \
--user "data:${{ secrets.REGISTRY_TOKEN }}" \
--upload-file /tmp/update.json \
"${BASE}/latest/update.json"
echo "Upload abgeschlossen: ${FILENAME} + ${BINARY_NAME} + ${BUNDLE_NAME} (v${APP_VERSION})"
echo " AppImage SHA256: ${SHA256}"
echo " Bundle SHA256: ${BUNDLE_SHA256}"
echo " Binary SHA256: ${BINARY_SHA256}"
- name: Upload to Release
if: startsWith(github.ref, 'refs/tags/v')
run: |
set -e
# AppImage wurde im vorherigen Step schon umbenannt (Leerzeichen -> -)
APPIMAGE=$(ls src-tauri/target/release/bundle/appimage/*.AppImage | head -1)
FILENAME=$(basename "$APPIMAGE")
TAG="${GITHUB_REF#refs/tags/}"
echo "Lade $FILENAME zu Release $TAG hoch..."
# Release erstellen falls nicht vorhanden
curl -s -X POST \
-H "Authorization: token ${{ secrets.REGISTRY_TOKEN }}" \
-H "Content-Type: application/json" \
"https://git.data-it-solution.de/api/v1/repos/${GITHUB_REPOSITORY}/releases" \
-d "{\"tag_name\":\"${TAG}\",\"name\":\"${TAG}\",\"body\":\"Release ${TAG}\"}" || true
# Release-ID holen
RELEASE_ID=$(curl -s \
-H "Authorization: token ${{ secrets.REGISTRY_TOKEN }}" \
"https://git.data-it-solution.de/api/v1/repos/${GITHUB_REPOSITORY}/releases/tags/${TAG}" \
| grep -o '"id":[0-9]*' | head -1 | sed 's/"id"://')
echo "Release-ID: $RELEASE_ID"
# AppImage hochladen
curl -s -X POST \
-H "Authorization: token ${{ secrets.REGISTRY_TOKEN }}" \
-H "Content-Type: application/octet-stream" \
"https://git.data-it-solution.de/api/v1/repos/${GITHUB_REPOSITORY}/releases/${RELEASE_ID}/assets?name=${FILENAME}" \
--data-binary "@${APPIMAGE}"
echo "Upload abgeschlossen: ${FILENAME}"
- name: Notify success
if: success()
uses: https://git.data-it-solution.de/data/ntfy-action@main
with:
status: success
project: claude-desktop
message: "Version ${{ env.APP_VERSION }} verfuegbar — AppImage + Nix-Binary in Package Registry"
auth: ${{ secrets.NTFY_AUTH }}
- name: Notify failure
if: failure()
uses: https://git.data-it-solution.de/data/ntfy-action@main
with:
status: failure
project: claude-desktop
auth: ${{ secrets.NTFY_AUTH }}
Reference in a new issue View git blame Copy permalink