lobe-chat/.github/workflows/release-desktop-beta.yml

name: Release Desktop Beta

on:
  release:
    types: [published] # 发布 release 时触发构建

# 确保同一时间只运行一个相同的 workflow，取消正在进行的旧的运行
concurrency:
  group: ${{ github.ref }}-${{ github.workflow }}
  cancel-in-progress: true

# Add default permissions
permissions: read-all

jobs:
  test:
    name: Code quality check
    # 添加 PR label 触发条件，只有添加了 trigger:build-desktop 标签的 PR 才会触发构建
    runs-on: ubuntu-latest # 只在 ubuntu 上运行一次检查
    steps:
      - name: Checkout base
        uses: actions/checkout@v5
        with:
          fetch-depth: 0

      - name: Setup Node.js
        uses: actions/setup-node@v5
        with:
          node-version: 22
          package-manager-cache: false

      - name: Install bun
        uses: oven-sh/setup-bun@v2
        with:
          bun-version: 1.2.23

      - name: Install deps
        run: bun i

      - name: Lint
        run: bun run lint

  version:
    name: Determine version
    runs-on: ubuntu-latest
    outputs:
      # 输出版本信息，供后续 job 使用
      version: ${{ steps.set_version.outputs.version }}
      is_pr_build: ${{ steps.set_version.outputs.is_pr_build }}
    steps:
      - uses: actions/checkout@v5
        with:
          fetch-depth: 0

      - name: Setup Node.js
        uses: actions/setup-node@v5
        with:
          node-version: 22
          package-manager-cache: false

      # 主要逻辑：确定构建版本号
      - name: Set version
        id: set_version
        run: |
          # 从 apps/desktop/package.json 读取基础版本号
          base_version=$(node -p "require('./apps/desktop/package.json').version")

          # Release 事件直接使用 release tag 作为版本号，去掉可能的 v 前缀
          version="${{ github.event.release.tag_name }}"
          version="${version#v}"
          echo "version=${version}" >> $GITHUB_OUTPUT
          echo "📦 Release Version: ${version}"

      # 输出版本信息总结，方便在 GitHub Actions 界面查看
      - name: Version Summary
        run: |
          echo "🚦 Release Version: ${{ steps.set_version.outputs.version }}"

  build:
    needs: [version, test]
    name: Build Desktop App
    runs-on: ${{ matrix.os }}
    strategy:
      matrix:
        os: [macos-latest, macos-15-intel, windows-2025, ubuntu-latest]
    steps:
      - uses: actions/checkout@v5
        with:
          fetch-depth: 0

      - name: Install pnpm
        uses: pnpm/action-setup@v4
        with:
          run_install: false

      - name: Setup Node.js
        uses: actions/setup-node@v5
        with:
          node-version: 22
          package-manager-cache: false

      # node-linker=hoisted 模式将可以确保 asar 压缩可用
      - name: Install dependencies
        run: pnpm install --node-linker=hoisted

      - name: Install deps on Desktop
        run: npm run install-isolated --prefix=./apps/desktop

      # 设置 package.json 的版本号
      - name: Set package version
        run: npm run workflow:set-desktop-version ${{ needs.version.outputs.version }} beta

      # macOS 构建处理
      - name: Build artifact on macOS
        if: runner.os == 'macOS'
        run: npm run desktop:build
        env:
          APP_URL: http://localhost:3015
          DATABASE_URL: "postgresql://postgres@localhost:5432/postgres"
          # 默认添加一个加密 SECRET
          KEY_VAULTS_SECRET: "oLXWIiR/AKF+rWaqy9lHkrYgzpATbW3CtJp3UfkVgpE="
          # macOS 签名和公证配置
          CSC_LINK: ${{ secrets.APPLE_CERTIFICATE_BASE64 }}
          CSC_KEY_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
          # allow provisionally
          CSC_FOR_PULL_REQUEST: true
          APPLE_ID: ${{ secrets.APPLE_ID }}
          APPLE_APP_SPECIFIC_PASSWORD: ${{ secrets.APPLE_APP_SPECIFIC_PASSWORD }}
          APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}

          NEXT_PUBLIC_DESKTOP_PROJECT_ID: ${{ secrets.UMAMI_BETA_DESKTOP_PROJECT_ID }}
          NEXT_PUBLIC_DESKTOP_UMAMI_BASE_URL: ${{ secrets.UMAMI_BETA_DESKTOP_BASE_URL }}

      #  Windows 平台构建处理
      - name: Build artifact on Windows
        if: runner.os == 'Windows'
        run: npm run desktop:build
        env:
          APP_URL: http://localhost:3015
          DATABASE_URL: "postgresql://postgres@localhost:5432/postgres"
          KEY_VAULTS_SECRET: "oLXWIiR/AKF+rWaqy9lHkrYgzpATbW3CtJp3UfkVgpE="
          NEXT_PUBLIC_DESKTOP_PROJECT_ID: ${{ secrets.UMAMI_BETA_DESKTOP_PROJECT_ID }}
          NEXT_PUBLIC_DESKTOP_UMAMI_BASE_URL: ${{ secrets.UMAMI_BETA_DESKTOP_BASE_URL }}

          # 将 TEMP 和 TMP 目录设置到 C 盘
          TEMP: C:\temp
          TMP: C:\temp

      # Linux 平台构建处理
      - name: Build artifact on Linux
        if: runner.os == 'Linux'
        run: npm run desktop:build
        env:
          APP_URL: http://localhost:3015
          DATABASE_URL: "postgresql://postgres@localhost:5432/postgres"
          KEY_VAULTS_SECRET: "oLXWIiR/AKF+rWaqy9lHkrYgzpATbW3CtJp3UfkVgpE="
          NEXT_PUBLIC_DESKTOP_PROJECT_ID: ${{ secrets.UMAMI_BETA_DESKTOP_PROJECT_ID }}
          NEXT_PUBLIC_DESKTOP_UMAMI_BASE_URL: ${{ secrets.UMAMI_BETA_DESKTOP_BASE_URL }}

      # 处理 macOS latest-mac.yml 重命名 (避免多架构覆盖)
      - name: Rename macOS latest-mac.yml for multi-architecture support
        if: runner.os == 'macOS'
        run: |
          cd apps/desktop/release
          if [ -f "latest-mac.yml" ]; then
            # 使用系统架构检测，与 electron-builder 输出保持一致
            SYSTEM_ARCH=$(uname -m)
            if [[ "$SYSTEM_ARCH" == "arm64" ]]; then
              ARCH_SUFFIX="arm64"
            else
              ARCH_SUFFIX="x64"
            fi

            mv latest-mac.yml "latest-mac-${ARCH_SUFFIX}.yml"
            echo "✅ Renamed latest-mac.yml to latest-mac-${ARCH_SUFFIX}.yml (detected: $SYSTEM_ARCH)"
            ls -la latest-mac-*.yml
          else
            echo "⚠️ latest-mac.yml not found, skipping rename"
            ls -la latest*.yml || echo "No latest*.yml files found"
          fi

      # 上传构建产物 (工作流处理重命名，不依赖 electron-builder 钩子)
      - name: Upload artifact
        uses: actions/upload-artifact@v4
        with:
          name: release-${{ matrix.os }}
          path: |
            apps/desktop/release/latest*
            apps/desktop/release/*.dmg*
            apps/desktop/release/*.zip*
            apps/desktop/release/*.exe*
            apps/desktop/release/*.AppImage
            apps/desktop/release/*.deb*
            apps/desktop/release/*.snap*
            apps/desktop/release/*.rpm*
            apps/desktop/release/*.tar.gz*
          retention-days: 5

  # 合并 macOS 多架构 latest-mac.yml 文件
  merge-mac-files:
    needs: [build, version]
    name: Merge macOS Release Files
    runs-on: ubuntu-latest
    permissions:
      contents: write
    steps:
      - name: Checkout repository
        uses: actions/checkout@v5

      - name: Setup Node.js
        uses: actions/setup-node@v5
        with:
          node-version: 22
          package-manager-cache: false

      - name: Install bun
        uses: oven-sh/setup-bun@v2
        with:
          bun-version: 1.2.23

      # 下载所有平台的构建产物
      - name: Download artifacts
        uses: actions/download-artifact@v4
        with:
          path: release
          pattern: release-*
          merge-multiple: true

      # 列出下载的构建产物
      - name: List downloaded artifacts
        run: ls -R release

      # 仅为该步骤在脚本目录安装 yaml 单包，避免安装整个 monorepo 依赖
      - name: Install yaml only for merge step
        run: |
          cd scripts/electronWorkflow
          # 在脚本目录创建最小 package.json，防止 bun 向上寻找根 package.json
          if [ ! -f package.json ]; then
            echo '{"name":"merge-mac-release","private":true}' > package.json
          fi
          bun add --no-save yaml@2.8.1

      # 合并 macOS YAML 文件 (使用 bun 运行 JavaScript)
      - name: Merge latest-mac.yml files
        run: bun run scripts/electronWorkflow/mergeMacReleaseFiles.js

      # 上传合并后的构建产物
      - name: Upload artifacts with merged macOS files
        uses: actions/upload-artifact@v4
        with:
          name: merged-release
          path: release/
          retention-days: 1

  # 发布所有平台构建产物
  publish-release:
    needs: [merge-mac-files]
    name: Publish Beta Release
    runs-on: ubuntu-latest
    permissions:
      contents: write
    steps:
      # 下载合并后的构建产物
      - name: Download merged artifacts
        uses: actions/download-artifact@v4
        with:
          name: merged-release
          path: release

      # 列出所有构建产物
      - name: List final artifacts
        run: ls -R release

      # 将构建产物上传到现有 release (现在包含合并后的 latest-mac.yml)
      - name: Upload to Release
        uses: softprops/action-gh-release@v1
        with:
          tag_name: ${{ github.event.release.tag_name }}
          files: |
            release/latest*
            release/*.dmg*
            release/*.zip*
            release/*.exe*
            release/*.AppImage
            release/*.deb*
            release/*.snap*
            release/*.rpm*
            release/*.tar.gz*
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}