From b2d7dca2912b6b5103f6d073c25f2df5dc8fd413 Mon Sep 17 00:00:00 2001 From: Kaiyue Jiang Date: Thu, 5 Mar 2026 12:57:34 -0800 Subject: [PATCH 01/12] Add bun-compile GitHub Action workflow Adds .github/workflows/bun-compile.yml that compiles the Auggie CLI into self-contained native binaries using Bun, pulling the pre-built @augmentcode/auggie package from npm. - workflow_dispatch trigger with required version input - 4 platform targets via matrix (darwin-arm64, darwin-x64, linux-x64, windows-x64) - Cross-compilation on ubuntu-latest using bun build --compile --target - Release job creates GitHub Release with all 4 binaries attached --- .github/workflows/bun-compile.yml | 68 +++++++++++++++++++++++++++++++ 1 file changed, 68 insertions(+) create mode 100644 .github/workflows/bun-compile.yml diff --git a/.github/workflows/bun-compile.yml b/.github/workflows/bun-compile.yml new file mode 100644 index 0000000..de00a78 --- /dev/null +++ b/.github/workflows/bun-compile.yml @@ -0,0 +1,68 @@ +# Bun Compile +# Compiles Auggie CLI into self-contained native binaries using Bun, +# pulling the pre-built @augmentcode/auggie package from npm. + +name: Bun Compile +on: + workflow_dispatch: + inputs: + version: + description: 'npm package version (e.g. 0.17.0)' + required: true + type: string + +jobs: + build: + runs-on: ubuntu-latest + strategy: + matrix: + include: + - target: bun-darwin-arm64 + output: auggie-bun-darwin-arm64 + - target: bun-darwin-x64 + output: auggie-bun-darwin-x64 + - target: bun-linux-x64 + output: auggie-bun-linux-x64 + - target: bun-windows-x64 + output: auggie-bun-windows-x64.exe + permissions: + contents: read + steps: + - name: Set up Bun + uses: oven-sh/setup-bun@v2 + + - name: Create entry point + run: | + echo 'await import("npm:@augmentcode/auggie@${{ inputs.version }}");' > augment.mjs + + - name: Compile binary + run: bun build augment.mjs --compile --target=${{ matrix.target }} --outfile=${{ matrix.output }} + + - name: Upload artifact + uses: actions/upload-artifact@v4 + with: + name: ${{ matrix.output }} + path: ${{ matrix.output }} + + release: + needs: build + runs-on: ubuntu-latest + permissions: + contents: write + steps: + - name: Download all artifacts + uses: actions/download-artifact@v4 + with: + path: artifacts + merge-multiple: true + + - name: Create GitHub Release + env: + GH_TOKEN: ${{ github.token }} + GH_REPO: ${{ github.repository }} + run: | + gh release create "v${{ inputs.version }}" \ + --title "v${{ inputs.version }}" \ + --generate-notes \ + artifacts/* + From 5a63113d5f931922240a12cbf2f68514f3c78623 Mon Sep 17 00:00:00 2001 From: Kaiyue Jiang Date: Thu, 5 Mar 2026 13:20:36 -0800 Subject: [PATCH 02/12] temp: add push trigger for testing --- .github/workflows/bun-compile.yml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/.github/workflows/bun-compile.yml b/.github/workflows/bun-compile.yml index de00a78..6e8608b 100644 --- a/.github/workflows/bun-compile.yml +++ b/.github/workflows/bun-compile.yml @@ -10,6 +10,9 @@ on: description: 'npm package version (e.g. 0.17.0)' required: true type: string + push: + branches: + - auggie-bun-compile-workflow jobs: build: @@ -33,7 +36,7 @@ jobs: - name: Create entry point run: | - echo 'await import("npm:@augmentcode/auggie@${{ inputs.version }}");' > augment.mjs + echo 'await import("npm:@augmentcode/auggie@${{ inputs.version || '0.17.0-prerelease.14' }}");' > augment.mjs - name: Compile binary run: bun build augment.mjs --compile --target=${{ matrix.target }} --outfile=${{ matrix.output }} @@ -61,8 +64,8 @@ jobs: GH_TOKEN: ${{ github.token }} GH_REPO: ${{ github.repository }} run: | - gh release create "v${{ inputs.version }}" \ - --title "v${{ inputs.version }}" \ + gh release create "v${{ inputs.version || '0.17.0-prerelease.14' }}" \ + --title "v${{ inputs.version || '0.17.0-prerelease.14' }}" \ --generate-notes \ artifacts/* From 6659b2a841870751ef97b62b1971a9e24381b231 Mon Sep 17 00:00:00 2001 From: Kaiyue Jiang Date: Thu, 5 Mar 2026 13:23:02 -0800 Subject: [PATCH 03/12] fix: install npm package before bun compile --- .github/workflows/bun-compile.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/bun-compile.yml b/.github/workflows/bun-compile.yml index 6e8608b..9a5f1dc 100644 --- a/.github/workflows/bun-compile.yml +++ b/.github/workflows/bun-compile.yml @@ -34,9 +34,12 @@ jobs: - name: Set up Bun uses: oven-sh/setup-bun@v2 + - name: Install package + run: bun install @augmentcode/auggie@${{ inputs.version || '0.17.0-prerelease.14' }} + - name: Create entry point run: | - echo 'await import("npm:@augmentcode/auggie@${{ inputs.version || '0.17.0-prerelease.14' }}");' > augment.mjs + echo 'await import("@augmentcode/auggie");' > augment.mjs - name: Compile binary run: bun build augment.mjs --compile --target=${{ matrix.target }} --outfile=${{ matrix.output }} From 7d198cc5b329dbfccd5b4a2ec61481490feeb7b5 Mon Sep 17 00:00:00 2001 From: Kaiyue Jiang Date: Thu, 5 Mar 2026 13:32:12 -0800 Subject: [PATCH 04/12] fix: patch process.argv[1] for bun compile compatibility --- .github/workflows/bun-compile.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/bun-compile.yml b/.github/workflows/bun-compile.yml index 9a5f1dc..8fc6c9c 100644 --- a/.github/workflows/bun-compile.yml +++ b/.github/workflows/bun-compile.yml @@ -39,7 +39,7 @@ jobs: - name: Create entry point run: | - echo 'await import("@augmentcode/auggie");' > augment.mjs + printf 'process.argv[1] = process.execPath;\nawait import("@augmentcode/auggie");\n' > augment.mjs - name: Compile binary run: bun build augment.mjs --compile --target=${{ matrix.target }} --outfile=${{ matrix.output }} From 0753f6a3f869ebd1743e25cbf123b61893a0392c Mon Sep 17 00:00:00 2001 From: Kaiyue Jiang Date: Thu, 5 Mar 2026 13:39:04 -0800 Subject: [PATCH 05/12] revert: remove process.argv[1] patch from entry point --- .github/workflows/bun-compile.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/bun-compile.yml b/.github/workflows/bun-compile.yml index 8fc6c9c..9a5f1dc 100644 --- a/.github/workflows/bun-compile.yml +++ b/.github/workflows/bun-compile.yml @@ -39,7 +39,7 @@ jobs: - name: Create entry point run: | - printf 'process.argv[1] = process.execPath;\nawait import("@augmentcode/auggie");\n' > augment.mjs + echo 'await import("@augmentcode/auggie");' > augment.mjs - name: Compile binary run: bun build augment.mjs --compile --target=${{ matrix.target }} --outfile=${{ matrix.output }} From 6419df67d46b82de1dc3d2c8cffd8cf8009d804e Mon Sep 17 00:00:00 2001 From: Kaiyue Jiang Date: Thu, 5 Mar 2026 13:48:05 -0800 Subject: [PATCH 06/12] feat: add repository_dispatch trigger for automated npm sync --- .github/workflows/bun-compile.yml | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/.github/workflows/bun-compile.yml b/.github/workflows/bun-compile.yml index 9a5f1dc..7560261 100644 --- a/.github/workflows/bun-compile.yml +++ b/.github/workflows/bun-compile.yml @@ -10,9 +10,8 @@ on: description: 'npm package version (e.g. 0.17.0)' required: true type: string - push: - branches: - - auggie-bun-compile-workflow + repository_dispatch: + types: [npm-published] jobs: build: @@ -35,7 +34,7 @@ jobs: uses: oven-sh/setup-bun@v2 - name: Install package - run: bun install @augmentcode/auggie@${{ inputs.version || '0.17.0-prerelease.14' }} + run: bun install @augmentcode/auggie@${{ inputs.version || github.event.client_payload.version }} - name: Create entry point run: | @@ -67,8 +66,8 @@ jobs: GH_TOKEN: ${{ github.token }} GH_REPO: ${{ github.repository }} run: | - gh release create "v${{ inputs.version || '0.17.0-prerelease.14' }}" \ - --title "v${{ inputs.version || '0.17.0-prerelease.14' }}" \ + gh release create "v${{ inputs.version || github.event.client_payload.version }}" \ + --title "v${{ inputs.version || github.event.client_payload.version }}" \ --generate-notes \ artifacts/* From 8e56c070132ac6aa8ab9342cff74e050555c8e02 Mon Sep 17 00:00:00 2001 From: Kaiyue Jiang Date: Thu, 5 Mar 2026 15:09:31 -0800 Subject: [PATCH 07/12] rename binary assets from auggie-bun-* to auggie-* Agent-Id: agent-42aef0a6-de54-40e7-9889-e6dc52b9645d --- .github/workflows/bun-compile.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/bun-compile.yml b/.github/workflows/bun-compile.yml index 7560261..b4b452a 100644 --- a/.github/workflows/bun-compile.yml +++ b/.github/workflows/bun-compile.yml @@ -20,13 +20,13 @@ jobs: matrix: include: - target: bun-darwin-arm64 - output: auggie-bun-darwin-arm64 + output: auggie-darwin-arm64 - target: bun-darwin-x64 - output: auggie-bun-darwin-x64 + output: auggie-darwin-x64 - target: bun-linux-x64 - output: auggie-bun-linux-x64 + output: auggie-linux-x64 - target: bun-windows-x64 - output: auggie-bun-windows-x64.exe + output: auggie-windows-x64.exe permissions: contents: read steps: From 7e749223abedf134b7fb946226a907ab6960e166 Mon Sep 17 00:00:00 2001 From: Kaiyue Jiang Date: Fri, 6 Mar 2026 16:45:57 -0800 Subject: [PATCH 08/12] fix: use clean artifact names without .exe suffix Agent-Id: agent-94e7274a-0a18-4a87-abb4-57e6efed6532 --- .github/workflows/bun-compile.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/bun-compile.yml b/.github/workflows/bun-compile.yml index b4b452a..f5dcfaf 100644 --- a/.github/workflows/bun-compile.yml +++ b/.github/workflows/bun-compile.yml @@ -46,7 +46,7 @@ jobs: - name: Upload artifact uses: actions/upload-artifact@v4 with: - name: ${{ matrix.output }} + name: auggie-${{ matrix.target }} path: ${{ matrix.output }} release: From 741590cfe4c2c9788c094179500e3376a2de9559 Mon Sep 17 00:00:00 2001 From: Kaiyue Jiang Date: Fri, 6 Mar 2026 16:50:50 -0800 Subject: [PATCH 09/12] fix: clean artifact names, re-add push trigger for testing Agent-Id: agent-94e7274a-0a18-4a87-abb4-57e6efed6532 --- .github/workflows/bun-compile.yml | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/.github/workflows/bun-compile.yml b/.github/workflows/bun-compile.yml index f5dcfaf..c08b8d7 100644 --- a/.github/workflows/bun-compile.yml +++ b/.github/workflows/bun-compile.yml @@ -12,6 +12,9 @@ on: type: string repository_dispatch: types: [npm-published] + push: + branches: + - auggie-bun-compile-workflow jobs: build: @@ -21,12 +24,16 @@ jobs: include: - target: bun-darwin-arm64 output: auggie-darwin-arm64 + artifact: auggie-darwin-arm64 - target: bun-darwin-x64 output: auggie-darwin-x64 + artifact: auggie-darwin-x64 - target: bun-linux-x64 output: auggie-linux-x64 + artifact: auggie-linux-x64 - target: bun-windows-x64 output: auggie-windows-x64.exe + artifact: auggie-windows-x64 permissions: contents: read steps: @@ -34,7 +41,7 @@ jobs: uses: oven-sh/setup-bun@v2 - name: Install package - run: bun install @augmentcode/auggie@${{ inputs.version || github.event.client_payload.version }} + run: bun install @augmentcode/auggie@${{ inputs.version || github.event.client_payload.version || '0.17.0-prerelease.14' }} - name: Create entry point run: | @@ -46,7 +53,7 @@ jobs: - name: Upload artifact uses: actions/upload-artifact@v4 with: - name: auggie-${{ matrix.target }} + name: ${{ matrix.artifact }} path: ${{ matrix.output }} release: @@ -66,8 +73,8 @@ jobs: GH_TOKEN: ${{ github.token }} GH_REPO: ${{ github.repository }} run: | - gh release create "v${{ inputs.version || github.event.client_payload.version }}" \ - --title "v${{ inputs.version || github.event.client_payload.version }}" \ + gh release create "v${{ inputs.version || github.event.client_payload.version || '0.17.0-prerelease.14' }}" \ + --title "v${{ inputs.version || github.event.client_payload.version || '0.17.0-prerelease.14' }}" \ --generate-notes \ artifacts/* From 114d5ef58f0b13b819c85d9ad9ddd498a3a99a74 Mon Sep 17 00:00:00 2001 From: Kaiyue Jiang Date: Fri, 6 Mar 2026 16:58:49 -0800 Subject: [PATCH 10/12] fix: update version fallback to 0.18.1 Agent-Id: agent-94e7274a-0a18-4a87-abb4-57e6efed6532 --- .github/workflows/bun-compile.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/bun-compile.yml b/.github/workflows/bun-compile.yml index c08b8d7..70c5f61 100644 --- a/.github/workflows/bun-compile.yml +++ b/.github/workflows/bun-compile.yml @@ -41,7 +41,7 @@ jobs: uses: oven-sh/setup-bun@v2 - name: Install package - run: bun install @augmentcode/auggie@${{ inputs.version || github.event.client_payload.version || '0.17.0-prerelease.14' }} + run: bun install @augmentcode/auggie@${{ inputs.version || github.event.client_payload.version || '0.18.1' }} - name: Create entry point run: | @@ -73,8 +73,8 @@ jobs: GH_TOKEN: ${{ github.token }} GH_REPO: ${{ github.repository }} run: | - gh release create "v${{ inputs.version || github.event.client_payload.version || '0.17.0-prerelease.14' }}" \ - --title "v${{ inputs.version || github.event.client_payload.version || '0.17.0-prerelease.14' }}" \ + gh release create "v${{ inputs.version || github.event.client_payload.version || '0.18.1' }}" \ + --title "v${{ inputs.version || github.event.client_payload.version || '0.18.1' }}" \ --generate-notes \ artifacts/* From e5886694896709fb27a254c44641ffe86bb58664 Mon Sep 17 00:00:00 2001 From: Kaiyue Jiang Date: Mon, 9 Mar 2026 14:00:45 -0700 Subject: [PATCH 11/12] fix: remove hardcoded version fallback, fail fast if no version provided Addresses PR review comments: remove '0.18.1' fallback in both build and release jobs. Version is now passed via env vars and the workflow fails explicitly if no version is supplied via workflow_dispatch or repository_dispatch. Agent-Id: agent-94e7274a-0a18-4a87-abb4-57e6efed6532 --- .github/workflows/bun-compile.yml | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/.github/workflows/bun-compile.yml b/.github/workflows/bun-compile.yml index 70c5f61..a4ced86 100644 --- a/.github/workflows/bun-compile.yml +++ b/.github/workflows/bun-compile.yml @@ -41,7 +41,14 @@ jobs: uses: oven-sh/setup-bun@v2 - name: Install package - run: bun install @augmentcode/auggie@${{ inputs.version || github.event.client_payload.version || '0.18.1' }} + env: + VERSION: ${{ inputs.version || github.event.client_payload.version }} + run: | + if [ -z "$VERSION" ]; then + echo "::error::No version provided. Supply via workflow_dispatch input or repository_dispatch payload." + exit 1 + fi + bun install "@augmentcode/auggie@${VERSION}" - name: Create entry point run: | @@ -72,9 +79,14 @@ jobs: env: GH_TOKEN: ${{ github.token }} GH_REPO: ${{ github.repository }} + VERSION: ${{ inputs.version || github.event.client_payload.version }} run: | - gh release create "v${{ inputs.version || github.event.client_payload.version || '0.18.1' }}" \ - --title "v${{ inputs.version || github.event.client_payload.version || '0.18.1' }}" \ + if [ -z "$VERSION" ]; then + echo "::error::No version provided. Cannot create release." + exit 1 + fi + gh release create "v${VERSION}" \ + --title "v${VERSION}" \ --generate-notes \ artifacts/* From 7307a0e52436a21e36735ae9d74497a41ed99cef Mon Sep 17 00:00:00 2001 From: Kaiyue Jiang Date: Tue, 10 Mar 2026 14:51:16 -0700 Subject: [PATCH 12/12] Add macOS code signing, notarization, and SHA-256 checksums to Bun compile workflow (#99) --- .github/workflows/bun-compile.yml | 48 ++++++++++++++++++++++++++++++- 1 file changed, 47 insertions(+), 1 deletion(-) diff --git a/.github/workflows/bun-compile.yml b/.github/workflows/bun-compile.yml index a4ced86..d7e8054 100644 --- a/.github/workflows/bun-compile.yml +++ b/.github/workflows/bun-compile.yml @@ -18,20 +18,24 @@ on: jobs: build: - runs-on: ubuntu-latest + runs-on: ${{ matrix.os }} strategy: matrix: include: - target: bun-darwin-arm64 + os: macos-latest output: auggie-darwin-arm64 artifact: auggie-darwin-arm64 - target: bun-darwin-x64 + os: macos-latest output: auggie-darwin-x64 artifact: auggie-darwin-x64 - target: bun-linux-x64 + os: ubuntu-latest output: auggie-linux-x64 artifact: auggie-linux-x64 - target: bun-windows-x64 + os: ubuntu-latest output: auggie-windows-x64.exe artifact: auggie-windows-x64 permissions: @@ -57,6 +61,42 @@ jobs: - name: Compile binary run: bun build augment.mjs --compile --target=${{ matrix.target }} --outfile=${{ matrix.output }} + - name: Import code signing certificate + if: contains(matrix.target, 'darwin') + env: + APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }} + APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }} + run: | + echo "$APPLE_CERTIFICATE" | base64 --decode > certificate.p12 + security create-keychain -p "temppass" build.keychain + security default-keychain -s build.keychain + security unlock-keychain -p "temppass" build.keychain + security import certificate.p12 -k build.keychain -P "$APPLE_CERTIFICATE_PASSWORD" -T /usr/bin/codesign + security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "temppass" build.keychain + rm -f certificate.p12 + + - name: Sign binary + if: contains(matrix.target, 'darwin') + run: | + IDENTITY=$(security find-identity -v -p codesigning build.keychain | grep "Developer ID" | head -1 | sed 's/.*"\(.*\)".*/\1/') + if [ -z "$IDENTITY" ]; then + echo "::error::No Developer ID signing identity found in build.keychain" + exit 1 + fi + echo "Signing with identity: $IDENTITY" + codesign --force --options runtime --timestamp --sign "$IDENTITY" ${{ matrix.output }} + + - name: Notarize binary + if: contains(matrix.target, 'darwin') + env: + APPLE_ID: ${{ secrets.APPLE_ID }} + APPLE_APP_SPECIFIC_PASSWORD: ${{ secrets.APPLE_APP_SPECIFIC_PASSWORD }} + APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} + run: | + zip "${{ matrix.output }}.zip" "${{ matrix.output }}" + xcrun notarytool submit "${{ matrix.output }}.zip" --apple-id "$APPLE_ID" --password "$APPLE_APP_SPECIFIC_PASSWORD" --team-id "$APPLE_TEAM_ID" --wait + rm -f "${{ matrix.output }}.zip" + - name: Upload artifact uses: actions/upload-artifact@v4 with: @@ -75,6 +115,12 @@ jobs: path: artifacts merge-multiple: true + - name: Generate checksums + run: | + cd artifacts + sha256sum auggie-* > checksums.txt + cat checksums.txt + - name: Create GitHub Release env: GH_TOKEN: ${{ github.token }}