Skip to content
Build Release (DEB + AppImage + APT Repo)

ci: fix yaml syntax in upstream check workflow #17

Sign in to view logs

ci: fix yaml syntax in upstream check workflow

ci: fix yaml syntax in upstream check workflow #17

Workflow file for this run

.github/workflows/release.yml at 7e3e6d1
name: Build Release (DEB + AppImage + APT Repo)
on:
push:
tags:
- "v*"
permissions:
contents: write
jobs:
build-and-publish:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: "20"
- name: Install APT tooling
run: |
sudo apt-get update
sudo apt-get install -y dpkg-dev
- name: Install npm dependencies
run: npm install
- name: Download Codex DMG
run: curl -fL "https://persistent.oaistatic.com/codex-app-prod/Codex.dmg" -o Codex.dmg
- name: Setup app payload for packaging (containerized glibc baseline)
run: |
set -euo pipefail
docker run --rm \
--user "$(id -u):$(id -g)" \
-e HOME=/tmp \
-e SKIP_APP_INSTALL=1 \
-v "${PWD}:/work" \
-w /work \
node:20-bullseye \
bash -lc 'node -v && npm -v && bash scripts/setup.sh ./Codex.dmg'
- name: Install Linux Codex CLI payload
run: npm install --no-save @openai/codex@0.112.0
- name: Resolve Linux Codex CLI binary path
id: linux_cli
run: |
set -euo pipefail
find_cli_bin() {
find node_modules/@openai -type f -name codex \
| grep -E '/@openai/codex-linux-[^/]+/vendor/.+/(codex/codex|path/codex)$' \
| head -n 1 || true
}
CLI_BIN="$(find_cli_bin)"
if [[ -z "${CLI_BIN}" ]]; then
ARCH="$(uname -m)"
if [[ "${ARCH}" == "x86_64" ]]; then
npm install --no-save "@openai/codex-linux-x64@npm:@openai/codex@0.112.0-linux-x64"
elif [[ "${ARCH}" == "aarch64" || "${ARCH}" == "arm64" ]]; then
npm install --no-save "@openai/codex-linux-arm64@npm:@openai/codex@0.112.0-linux-arm64"
else
echo "Unsupported Linux arch for Codex CLI payload: ${ARCH}" >&2
exit 1
fi
CLI_BIN="$(find_cli_bin)"
fi
if [[ -z "${CLI_BIN}" ]]; then
echo "Could not locate Linux codex binary under node_modules/@openai." >&2
exit 1
fi
echo "path=${CLI_BIN}" >> "${GITHUB_OUTPUT}"
file "${CLI_BIN}"
- name: Replace bundled CLI with Linux binary
run: |
set -euo pipefail
cp -f "${{ steps.linux_cli.outputs.path }}" app_resources/bin/codex
chmod +x app_resources/bin/codex
- name: Verify CLI payload extracted
run: |
test -x app_resources/bin/codex
ls -l app_resources/bin/codex
file app_resources/bin/codex
file app_resources/bin/codex | grep -E "ELF"
- name: Build DEB and AppImage
run: npm run build:linux
- name: Verify better-sqlite3 GLIBC compatibility (Ubuntu 20.04 baseline)
run: |
set -euo pipefail
BASELINE_GLIBC="2.31"
NODE_FILE="$(find dist/linux-unpacked -type f -name better_sqlite3.node | head -n 1 || true)"
if [[ -z "${NODE_FILE}" ]]; then
echo "Could not locate better_sqlite3.node in dist/linux-unpacked." >&2
exit 1
fi
echo "Inspecting: ${NODE_FILE}"
MAX_GLIBC="$(
strings "${NODE_FILE}" \
| grep -oE 'GLIBC_[0-9]+\.[0-9]+' \
| sed 's/^GLIBC_//' \
| sort -V \
| tail -n 1
)"
if [[ -z "${MAX_GLIBC}" ]]; then
echo "No GLIBC symbol version found in ${NODE_FILE}." >&2
exit 1
fi
echo "Detected max GLIBC requirement: ${MAX_GLIBC}"
if dpkg --compare-versions "${MAX_GLIBC}" gt "${BASELINE_GLIBC}"; then
echo "better_sqlite3.node requires GLIBC_${MAX_GLIBC}, exceeds baseline GLIBC_${BASELINE_GLIBC}." >&2
exit 1
fi
- name: Verify packaged CLI binary
run: |
test -x dist/linux-unpacked/resources/codex
ls -l dist/linux-unpacked/resources/codex
file dist/linux-unpacked/resources/codex
file dist/linux-unpacked/resources/codex | grep -E "ELF"
test -x dist/linux-unpacked/resources/bin/codex
ls -l dist/linux-unpacked/resources/bin/codex
file dist/linux-unpacked/resources/bin/codex
file dist/linux-unpacked/resources/bin/codex | grep -E "ELF"
- name: Create or update GitHub release
uses: softprops/action-gh-release@v2
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
files: |
dist/*.deb
dist/*.AppImage
- name: Check DEB size for gh-pages
id: deb_size
run: |
set -euo pipefail
LIMIT_BYTES=$((100 * 1024 * 1024))
DEB_FILE="$(ls -1 dist/*.deb | head -n 1)"
DEB_SIZE_BYTES="$(stat -c%s "${DEB_FILE}")"
echo "deb_file=${DEB_FILE}" >> "${GITHUB_OUTPUT}"
echo "deb_size_bytes=${DEB_SIZE_BYTES}" >> "${GITHUB_OUTPUT}"
if [[ "${DEB_SIZE_BYTES}" -lt "${LIMIT_BYTES}" ]]; then
echo "publish_apt=true" >> "${GITHUB_OUTPUT}"
else
echo "publish_apt=false" >> "${GITHUB_OUTPUT}"
fi
- name: Build APT repository files
if: steps.deb_size.outputs.publish_apt == 'true'
run: |
mkdir -p apt-public
cp dist/*.deb apt-public/
bash scripts/build-apt-repo.sh apt-public
bash scripts/generate-apt-install-script.sh "${{ github.repository_owner }}" "${{ github.event.repository.name }}" apt-public
REPO_URL="https://${{ github.repository_owner }}.github.io/${{ github.event.repository.name }}"
cat > apt-public/index.html <<EOF
<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<title>Codex Desktop APT Repository</title>
</head>
<body>
<h1>Codex Desktop APT Repository</h1>
<p>Install:</p>
<pre><code>curl -fsSL ${REPO_URL}/install.sh | sudo bash</code></pre>
<p>Or manually:</p>
<pre><code>echo "deb [trusted=yes] ${REPO_URL}/ stable main" | sudo tee /etc/apt/sources.list.d/codex-desktop.list
sudo apt update
sudo apt install codex-desktop</code></pre>
</body>
</html>
EOF
- name: Skip APT publish (DEB exceeds GitHub 100MB file limit)
if: steps.deb_size.outputs.publish_apt != 'true'
run: |
echo "Skipping gh-pages APT publish."
echo "DEB file: ${{ steps.deb_size.outputs.deb_file }}"
echo "Size bytes: ${{ steps.deb_size.outputs.deb_size_bytes }}"
echo "Reason: GitHub blocks files >= 100MB on git pushes (gh-pages branch)."
- name: Publish APT repo to gh-pages
if: steps.deb_size.outputs.publish_apt == 'true'
uses: peaceiris/actions-gh-pages@v4
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
publish_branch: gh-pages
publish_dir: ./apt-public