lobe-chat/.github/workflows/release-desktop-beta.yml

name: Release Desktop Beta

# ============================================
# Beta 频道发版工作流
# ============================================
# 触发条件: 发布包含 pre-release 标识的 release
# 如: v2.0.0-beta.1, v2.0.0-alpha.1, v2.0.0-rc.1
#
# 注意: Stable 版本 (如 v2.0.0) 由 release-desktop-stable.yml 处理
# 注意: Nightly 版本已停用，不再参与 Desktop 发布流程
# ============================================

on:
  release:
    types: [published]

concurrency:
  group: ${{ github.ref }}-${{ github.workflow }}
  cancel-in-progress: true

permissions: read-all

env:
  NODE_VERSION: '24.11.1'

jobs:
  # ============================================
  # 检查是否为 Beta 版本 (排除 Stable 和 Nightly)
  # ============================================
  check-beta:
    name: Check if Beta Release
    runs-on: ubuntu-latest
    outputs:
      is_beta: ${{ steps.check.outputs.is_beta }}
      version: ${{ steps.check.outputs.version }}
    steps:
      - name: Check release tag
        id: check
        run: |
          version="${{ github.event.release.tag_name }}"
          version="${version#v}"
          echo "version=${version}" >> $GITHUB_OUTPUT

          # Beta 版本包含 beta/alpha/rc；nightly 标签已停用
          if [[ "$version" == *"nightly"* ]]; then
            echo "is_beta=false" >> $GITHUB_OUTPUT
            echo "⏭️ Skipping: $version is a disabled nightly release tag"
          elif [[ "$version" == *"beta"* ]] || [[ "$version" == *"alpha"* ]] || [[ "$version" == *"rc"* ]]; then
            echo "is_beta=true" >> $GITHUB_OUTPUT
            echo "✅ Beta release detected: $version"
          else
            echo "is_beta=false" >> $GITHUB_OUTPUT
            echo "⏭️ Skipping: $version is a stable release (handled by release-desktop-stable.yml)"
          fi

  test:
    name: Code quality check
    needs: [check-beta]
    if: needs.check-beta.outputs.is_beta == 'true'
    runs-on: ubuntu-latest
    steps:
      - name: Checkout base
        uses: actions/checkout@v6

      - name: Setup environment
        uses: ./.github/actions/setup-env
        with:
          node-version: ${{ env.NODE_VERSION }}

      - name: Install deps
        run: pnpm install

      - name: Lint
        run: bun run lint

  build:
    needs: [check-beta]
    if: needs.check-beta.outputs.is_beta == 'true'
    name: Build Desktop App
    runs-on: ${{ matrix.os }}
    strategy:
      matrix:
        os: [macos-latest, macos-15-intel, windows-2025, ubuntu-latest]
    steps:
      - uses: actions/checkout@v6

      - name: Setup build environment
        uses: ./.github/actions/desktop-build-setup
        with:
          node-version: ${{ env.NODE_VERSION }}

      - name: Set package version
        run: npm run workflow:set-desktop-version ${{ needs.check-beta.outputs.version }} beta

      # macOS 构建
      - name: Build artifact on macOS
        if: runner.os == 'macOS'
        run: npm run desktop:package:app
        env:
          UPDATE_CHANNEL: beta
          APP_URL: http://localhost:3015
          DATABASE_URL: 'postgresql://postgres@localhost:5432/postgres'
          KEY_VAULTS_SECRET: 'oLXWIiR/AKF+rWaqy9lHkrYgzpATbW3CtJp3UfkVgpE='
          CSC_LINK: ${{ secrets.APPLE_CERTIFICATE_BASE64 }}
          CSC_KEY_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
          CSC_FOR_PULL_REQUEST: true
          APPLE_ID: ${{ secrets.APPLE_ID }}
          APPLE_APP_SPECIFIC_PASSWORD: ${{ secrets.APPLE_APP_SPECIFIC_PASSWORD }}
          APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
          NEXT_PUBLIC_DESKTOP_PROJECT_ID: ${{ secrets.UMAMI_BETA_DESKTOP_PROJECT_ID }}
          NEXT_PUBLIC_DESKTOP_UMAMI_BASE_URL: ${{ secrets.UMAMI_BETA_DESKTOP_BASE_URL }}

      # Windows 构建
      - name: Build artifact on Windows
        if: runner.os == 'Windows'
        run: npm run desktop:package:app
        env:
          UPDATE_CHANNEL: beta
          APP_URL: http://localhost:3015
          DATABASE_URL: 'postgresql://postgres@localhost:5432/postgres'
          KEY_VAULTS_SECRET: 'oLXWIiR/AKF+rWaqy9lHkrYgzpATbW3CtJp3UfkVgpE='
          NEXT_PUBLIC_DESKTOP_PROJECT_ID: ${{ secrets.UMAMI_BETA_DESKTOP_PROJECT_ID }}
          NEXT_PUBLIC_DESKTOP_UMAMI_BASE_URL: ${{ secrets.UMAMI_BETA_DESKTOP_BASE_URL }}
          TEMP: C:\temp
          TMP: C:\temp

      # Linux 构建
      - name: Build artifact on Linux
        if: runner.os == 'Linux'
        run: npm run desktop:package:app
        env:
          UPDATE_CHANNEL: beta
          APP_URL: http://localhost:3015
          DATABASE_URL: 'postgresql://postgres@localhost:5432/postgres'
          KEY_VAULTS_SECRET: 'oLXWIiR/AKF+rWaqy9lHkrYgzpATbW3CtJp3UfkVgpE='
          NEXT_PUBLIC_DESKTOP_PROJECT_ID: ${{ secrets.UMAMI_BETA_DESKTOP_PROJECT_ID }}
          NEXT_PUBLIC_DESKTOP_UMAMI_BASE_URL: ${{ secrets.UMAMI_BETA_DESKTOP_BASE_URL }}

      - name: Upload artifacts
        uses: ./.github/actions/desktop-upload-artifacts
        with:
          artifact-name: release-${{ matrix.os }}

  # 汇总门禁: test/build 完成后决定是否继续
  gate:
    needs: [check-beta, test, build]
    if: ${{ needs.check-beta.outputs.is_beta == 'true' && needs.test.result == 'success' && needs.build.result == 'success' }}
    name: Gate for publish
    runs-on: ubuntu-latest
    steps:
      - name: Gate passed
        run: echo "Gate passed"

  # 合并 macOS 多架构 latest-mac.yml 文件
  merge-mac-files:
    needs: [gate]
    name: Merge macOS Release Files
    runs-on: ubuntu-latest
    permissions:
      contents: write
    steps:
      - name: Checkout repository
        uses: actions/checkout@v6

      - name: Setup environment
        uses: ./.github/actions/setup-env
        with:
          node-version: ${{ env.NODE_VERSION }}

      # 下载所有平台的构建产物
      - name: Download artifacts
        uses: actions/download-artifact@v7
        with:
          path: release
          pattern: release-*
          merge-multiple: true

      # 列出下载的构建产物
      - name: List downloaded artifacts
        run: ls -R release

      # 仅为该步骤在脚本目录安装 yaml 单包，避免安装整个 monorepo 依赖
      - name: Install yaml only for merge step
        run: |
          cd scripts/electronWorkflow
          if [ ! -f package.json ]; then
            echo '{"name":"merge-mac-release","private":true}' > package.json
          fi
          bun add --no-save yaml@2.8.1

      - name: Merge latest-mac.yml files
        run: bun run scripts/electronWorkflow/mergeMacReleaseFiles.js

      # 上传合并后的构建产物
      - name: Upload artifacts with merged macOS files
        uses: actions/upload-artifact@v6
        with:
          name: merged-release
          path: release/
          retention-days: 1

  # 发布所有平台构建产物
  publish-release:
    needs: [merge-mac-files]
    name: Publish Beta Release
    runs-on: ubuntu-latest
    permissions:
      contents: write
    steps:
      # 下载合并后的构建产物
      - name: Download merged artifacts
        uses: actions/download-artifact@v7
        with:
          name: merged-release
          path: release

      # 列出所有构建产物
      - name: List final artifacts
        run: ls -R release

      # 将构建产物上传到现有 release (现在包含合并后的 latest-mac.yml)
      - name: Upload to Release
        uses: softprops/action-gh-release@v1
        with:
          tag_name: ${{ github.event.release.tag_name }}
          files: |
            release/latest*
            release/*.dmg*
            release/*.zip*
            release/*.exe*
            release/*.AppImage
            release/*.deb*
            release/*.snap*
            release/*.rpm*
            release/*.tar.gz*
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}