From 793ab7d5826a86647fb5ed28d6f6516d8fa20ed2 Mon Sep 17 00:00:00 2001 From: Shaun Arman Date: Mon, 30 Mar 2026 15:18:38 -0500 Subject: [PATCH 1/2] feat: add macOS arm64 act_runner and release build job - Register Apple Silicon Mac as act_runner with label macos-arm64 - Add build-macos-arm64 job to Gitea Actions release pipeline - Produces unsigned .dmg artifact for aarch64-apple-darwin - Update CICD-Pipeline.md to reflect Gitea Actions agents --- .gitea/workflows/release.yml | 36 ++++++++++++++++++++++++++++++++++ docs/wiki/CICD-Pipeline.md | 38 ++++++++++++++++++++---------------- 2 files changed, 57 insertions(+), 17 deletions(-) diff --git a/.gitea/workflows/release.yml b/.gitea/workflows/release.yml index 86e40a44..d5a15f1c 100644 --- a/.gitea/workflows/release.yml +++ b/.gitea/workflows/release.yml @@ -100,6 +100,42 @@ jobs: -F "attachment=@$f;filename=$(basename $f)" && echo "Uploaded $(basename $f)" || echo "Upload failed: $f" done + build-macos-arm64: + runs-on: macos-arm64 + steps: + - name: Checkout + run: | + git init + git remote add origin http://172.0.0.29:3000/sarman/tftsr-devops_investigation.git + git fetch --depth=1 origin $GITHUB_SHA + git checkout FETCH_HEAD + - name: Build + env: + MACOSX_DEPLOYMENT_TARGET: "11.0" + run: | + npm ci --legacy-peer-deps + rustup target add aarch64-apple-darwin + cargo install tauri-cli --version "^2" --locked + CI=true cargo tauri build --target aarch64-apple-darwin + - name: Upload artifacts + env: + RELEASE_TOKEN: ${{ secrets.RELEASE_TOKEN }} + run: | + API="http://172.0.0.29:3000/api/v1/repos/$GITHUB_REPOSITORY" + TAG="$GITHUB_REF_NAME" + curl -sf -X POST "$API/releases" \ + -H "Authorization: token $RELEASE_TOKEN" \ + -H "Content-Type: application/json" \ + -d "{\"tag_name\":\"$TAG\",\"name\":\"TFTSR $TAG\",\"body\":\"Release $TAG\",\"draft\":false}" || true + RELEASE_ID=$(curl -sf "$API/releases/tags/$TAG" \ + -H "Authorization: token $RELEASE_TOKEN" | grep -o '"id":[0-9]*' | head -1 | cut -d: -f2) + echo "Release ID: $RELEASE_ID" + find src-tauri/target/aarch64-apple-darwin/release/bundle -name "*.dmg" | while read f; do + curl -sf -X POST "$API/releases/$RELEASE_ID/assets" \ + -H "Authorization: token $RELEASE_TOKEN" \ + -F "attachment=@$f;filename=$(basename $f)" && echo "Uploaded $(basename $f)" || echo "Upload failed: $f" + done + build-linux-arm64: runs-on: linux-arm64 container: diff --git a/docs/wiki/CICD-Pipeline.md b/docs/wiki/CICD-Pipeline.md index c5bae857..d65b6684 100644 --- a/docs/wiki/CICD-Pipeline.md +++ b/docs/wiki/CICD-Pipeline.md @@ -13,13 +13,17 @@ | Agent | Platform | Host | Purpose | |-------|----------|------|---------| -| `woodpecker_agent` (Docker) | `linux/amd64` | 172.0.0.29 | Native x86_64 — test builds + amd64/windows release | -| `woodpecker-agent` (systemd) | `linux/arm64` | sarman's local machine | Native aarch64 — arm64 release builds | -| `woodpecker_agent_arm64` (Docker) | `linux/arm64` | 172.0.0.29 | QEMU fallback — kept as backup | +| `gitea_act_runner_amd64` (Docker) | `linux-amd64` | 172.0.0.29 | Native x86_64 — test builds + amd64/windows release | +| `act_runner` (systemd) | `linux-arm64` | 172.0.0.29 | Native aarch64 — arm64 release builds | +| `act_runner` (launchd) | `macos-arm64` | sarman's local Mac | Native Apple Silicon — macOS `.dmg` release builds | -Agent labels configured via `WOODPECKER_LABELS`: -- Docker agents: `WOODPECKER_LABELS=platform=linux/amd64` (or arm64) -- Local systemd agent: `~/.config/woodpecker-agent/config.env` → `WOODPECKER_LABELS=platform=linux/arm64` +Agent labels configured in `~/.config/act_runner/config.yaml`: +```yaml +runner: + labels: + - "macos-arm64:host" +``` +macOS runner runs jobs **directly on the host** (no Docker container) — macOS SDK cannot run in Docker. --- @@ -61,21 +65,21 @@ steps: --- -## Release Pipeline (`.woodpecker/release.yml`) +## Release Pipeline (`.gitea/workflows/release.yml`) **Triggers:** Git tags matching `v*` ``` -Pipeline steps: - 1. clone (amd64 workspace) → alpine/git with explicit tag fetch + checkout - 2. build-linux-amd64 → cargo tauri build (x86_64-unknown-linux-gnu) - → artifacts/linux-amd64/{.deb, .rpm, .AppImage} - 3. build-windows-amd64 → cargo tauri build (x86_64-pc-windows-gnu) - → artifacts/windows-amd64/{.exe, .msi} - 4. build-linux-arm64 → cargo tauri build (aarch64-unknown-linux-gnu) - → artifacts/linux-arm64/{.deb, .rpm, .AppImage} - → uploads arm64 artifacts inline to Gitea release - 5. upload-release → Create Gitea release + upload amd64 + windows artifacts +Jobs (run in parallel): + build-linux-amd64 → cargo tauri build (x86_64-unknown-linux-gnu) + → {.deb, .rpm, .AppImage} uploaded to Gitea release + build-windows-amd64 → cargo tauri build (x86_64-pc-windows-gnu) via mingw-w64 + → {.exe, .msi} uploaded to Gitea release + build-linux-arm64 → cargo tauri build (aarch64-unknown-linux-gnu) + → {.deb, .rpm, .AppImage} uploaded to Gitea release + build-macos-arm64 → cargo tauri build (aarch64-apple-darwin) — runs on local Mac + → {.dmg} uploaded to Gitea release + → unsigned; users must right-click → Open to bypass Gatekeeper ``` **Per-step agent routing (Woodpecker 2.x labels):** From 16d537c4afae273ad3f11bafb6b08c0bb817dd40 Mon Sep 17 00:00:00 2001 From: Shaun Arman Date: Mon, 30 Mar 2026 15:52:43 -0500 Subject: [PATCH 2/2] fix: button text visibility, toggle contrast, create_issue IPC, ad-hoc codesign - globals.css: remove button from WebKit -webkit-text-fill-color override that was causing button text to be invisible (text color matched background in dark mode) - Security.tsx: toggle enabled state uses bg-blue-500 instead of bg-primary; in dark mode --primary is near-white making the white knob invisible - tauriCommands.ts: fix createIssueCmd to pass flat args (not wrapped in newIssue), map domain->category, and return Issue instead of IssueDetail - NewIssue/index.tsx: update call site to use Issue return type directly - release.yml: add ad-hoc codesign step for macOS .app so Gatekeeper shows "unidentified developer" instead of "damaged" error --- .gitea/workflows/release.yml | 2 ++ docs/wiki/CICD-Pipeline.md | 2 +- src/lib/tauriCommands.ts | 7 ++++++- src/pages/NewIssue/index.tsx | 6 +++--- src/pages/Settings/Security.tsx | 2 +- src/styles/globals.css | 2 +- 6 files changed, 14 insertions(+), 7 deletions(-) diff --git a/.gitea/workflows/release.yml b/.gitea/workflows/release.yml index d5a15f1c..54be7a97 100644 --- a/.gitea/workflows/release.yml +++ b/.gitea/workflows/release.yml @@ -117,6 +117,8 @@ jobs: rustup target add aarch64-apple-darwin cargo install tauri-cli --version "^2" --locked CI=true cargo tauri build --target aarch64-apple-darwin + codesign --deep --force --sign - \ + src-tauri/target/aarch64-apple-darwin/release/bundle/macos/TFTSR.app - name: Upload artifacts env: RELEASE_TOKEN: ${{ secrets.RELEASE_TOKEN }} diff --git a/docs/wiki/CICD-Pipeline.md b/docs/wiki/CICD-Pipeline.md index d65b6684..59b4ed45 100644 --- a/docs/wiki/CICD-Pipeline.md +++ b/docs/wiki/CICD-Pipeline.md @@ -79,7 +79,7 @@ Jobs (run in parallel): → {.deb, .rpm, .AppImage} uploaded to Gitea release build-macos-arm64 → cargo tauri build (aarch64-apple-darwin) — runs on local Mac → {.dmg} uploaded to Gitea release - → unsigned; users must right-click → Open to bypass Gatekeeper + → unsigned; after install run: xattr -cr /Applications/TFTSR.app ``` **Per-step agent routing (Woodpecker 2.x labels):** diff --git a/src/lib/tauriCommands.ts b/src/lib/tauriCommands.ts index ecf08d67..5359cb81 100644 --- a/src/lib/tauriCommands.ts +++ b/src/lib/tauriCommands.ts @@ -266,7 +266,12 @@ export const applyRedactionsCmd = (logFileId: string, approvedSpanIds: string[]) // ─── Issue CRUD ─────────────────────────────────────────────────────────────── export const createIssueCmd = (newIssue: NewIssue) => - invoke("create_issue", { newIssue }); + invoke("create_issue", { + title: newIssue.title, + description: newIssue.description ?? "", + severity: newIssue.severity ?? "P3", + category: newIssue.domain, + }); export const getIssueCmd = (issueId: string) => invoke("get_issue", { issueId }); diff --git a/src/pages/NewIssue/index.tsx b/src/pages/NewIssue/index.tsx index 30410950..2fa5242a 100644 --- a/src/pages/NewIssue/index.tsx +++ b/src/pages/NewIssue/index.tsx @@ -51,9 +51,9 @@ export default function NewIssue() { setIsSubmitting(true); setError(null); try { - const detail = await createIssueCmd({ title: title.trim(), domain: selectedDomain, severity }); - startSession(detail.issue); - navigate(`/issue/${detail.issue.id}/triage`); + const issue = await createIssueCmd({ title: title.trim(), domain: selectedDomain, severity }); + startSession(issue); + navigate(`/issue/${issue.id}/triage`); } catch (err) { setError(String(err)); setIsSubmitting(false); diff --git a/src/pages/Settings/Security.tsx b/src/pages/Settings/Security.tsx index 661dcb2e..5e223ca7 100644 --- a/src/pages/Settings/Security.tsx +++ b/src/pages/Settings/Security.tsx @@ -82,7 +82,7 @@ export default function Security() { aria-checked={enabledPatterns[pattern.id]} onClick={() => togglePattern(pattern.id)} className={`relative inline-flex h-6 w-11 items-center rounded-full transition-colors ${ - enabledPatterns[pattern.id] ? "bg-primary" : "bg-muted" + enabledPatterns[pattern.id] ? "bg-blue-500" : "bg-muted" }`} >