From c5cacfd57d3dea76b8b9e67d85601eecb4cfe445 Mon Sep 17 00:00:00 2001 From: Shaun Arman Date: Sat, 13 Jun 2026 17:59:36 -0500 Subject: [PATCH 1/3] feat(ci): add beta release channel with two-track pipeline - Add release-beta.yml: triggers on push to beta, creates v{CARGO}-beta.N pre-release tags with prerelease: true, builds all four platforms; tag counter resets when Cargo.toml version bumps - Add beta to test.yml push triggers so CI runs on direct pushes to beta (pull_request already covers PRs targeting beta) - Implement update_channel in AppSettings (state.rs) with serde default "stable"; wire get/set_update_channel commands to AppState instead of returning hardcoded stubs - Implement channel-aware check_app_updates: queries /releases?limit=20 and picks first non-draft release matching the active channel (stable = !prerelease, beta = prerelease), skipping drafts - Document two-channel strategy in docs/wiki/CICD-Pipeline.md Manual steps still required in Gitea UI: 1. Create beta branch from master 2. Apply same branch protection rules as master to beta 3. Set repo default PR target branch to beta --- .gitea/workflows/release-beta.yml | 548 ++++++++++++++++++++++++++++++ .gitea/workflows/test.yml | 1 + docs/wiki/CICD-Pipeline.md | 60 ++++ src-tauri/src/commands/system.rs | 57 +++- src-tauri/src/state.rs | 7 + 5 files changed, 667 insertions(+), 6 deletions(-) create mode 100644 .gitea/workflows/release-beta.yml diff --git a/.gitea/workflows/release-beta.yml b/.gitea/workflows/release-beta.yml new file mode 100644 index 00000000..18a56c5e --- /dev/null +++ b/.gitea/workflows/release-beta.yml @@ -0,0 +1,548 @@ +name: Release Beta + +# Runs on every merge to beta — creates a v{CARGO_VERSION}-beta.N pre-release tag, +# builds all four platforms, and uploads artifacts. Wiki sync is intentionally +# omitted here; it only runs from master via auto-tag.yml. + +on: + push: + branches: + - beta + workflow_dispatch: + +concurrency: + group: auto-tag-beta + cancel-in-progress: false + +jobs: + autotag: + runs-on: linux-amd64 + container: + image: alpine:latest + outputs: + release_tag: ${{ steps.bump.outputs.release_tag }} + steps: + - name: Create beta tag + id: bump + env: + RELEASE_TOKEN: ${{ secrets.RELEASE_TOKEN }} + run: | + set -eu + apk add --no-cache curl jq git + + API="http://172.0.0.29:3000/api/v1/repos/$GITHUB_REPOSITORY" + + git init + git remote add origin "http://oauth2:${RELEASE_TOKEN}@172.0.0.29:3000/${GITHUB_REPOSITORY}.git" + git fetch --depth=1 origin "$GITHUB_SHA" + git checkout FETCH_HEAD + git config user.name "gitea-actions[bot]" + git config user.email "gitea-actions@local" + + CARGO_VERSION=$(grep '^version' src-tauri/Cargo.toml | head -1 | sed 's/version = "//;s/"//') + echo "Cargo.toml declares: $CARGO_VERSION" + + # Find the highest existing beta.N for this Cargo version + LATEST_BETA=$(curl -s "$API/tags?limit=100" \ + -H "Authorization: token $RELEASE_TOKEN" | \ + jq -r '.[].name' | \ + grep -E "^v${CARGO_VERSION}-beta\.[0-9]+$" | \ + sort -t. -k4 -n | tail -1 || true) + echo "Latest beta tag: ${LATEST_BETA:-none}" + + if [ -z "$LATEST_BETA" ]; then + NEXT="v${CARGO_VERSION}-beta.1" + else + N=$(echo "$LATEST_BETA" | sed "s/v${CARGO_VERSION}-beta\\.//") + NEXT="v${CARGO_VERSION}-beta.$((N + 1))" + fi + + echo "Next beta tag: $NEXT" + + if git ls-remote --exit-code --tags origin "refs/tags/$NEXT" >/dev/null 2>&1; then + echo "Tag $NEXT already exists; builds will target this tag." + else + git tag -a "$NEXT" -m "Pre-release $NEXT" + git push origin "refs/tags/$NEXT" + echo "Tag $NEXT pushed successfully" + fi + + echo "release_tag=$NEXT" >> "$GITHUB_OUTPUT" + + changelog: + needs: autotag + runs-on: linux-amd64 + container: + image: alpine:latest + steps: + - name: Install dependencies + run: apk add --no-cache git curl jq + + - name: Checkout (full history + all tags) + env: + RELEASE_TOKEN: ${{ secrets.RELEASE_TOKEN }} + run: | + set -eu + git init + git remote add origin \ + "http://oauth2:${RELEASE_TOKEN}@172.0.0.29:3000/${GITHUB_REPOSITORY}.git" + git fetch --unshallow origin || git fetch --depth=2147483647 origin || true + git fetch --tags origin + git checkout "$GITHUB_SHA" 2>/dev/null || git checkout FETCH_HEAD + git config user.name "gitea-actions[bot]" + git config user.email "gitea-actions@local" + + - name: Install git-cliff + run: | + set -eu + CLIFF_VER="2.7.0" + curl -fsSL \ + "https://github.com/orhun/git-cliff/releases/download/v${CLIFF_VER}/git-cliff-${CLIFF_VER}-x86_64-unknown-linux-musl.tar.gz" \ + | tar -xz --strip-components=1 -C /usr/local/bin \ + "git-cliff-${CLIFF_VER}/git-cliff" + + - name: Generate changelog + env: + RELEASE_TAG: ${{ needs.autotag.outputs.release_tag }} + run: | + set -eu + CURRENT_TAG="${RELEASE_TAG}" + echo "Building changelog for $CURRENT_TAG" + + if ! git rev-parse "refs/tags/${CURRENT_TAG}" >/dev/null 2>&1; then + echo "ERROR: tag ${CURRENT_TAG} not found locally after fetch" + exit 1 + fi + + # Include all tag types (stable + beta) for a proper diff range + PREV_TAG=$(git tag --sort=-version:refname | grep -v "^${CURRENT_TAG}$" | head -1 || echo "") + if [ -n "$PREV_TAG" ]; then + git-cliff --config cliff.toml "${PREV_TAG}..${CURRENT_TAG}" > /tmp/release_body.md || true + else + git log --pretty=format:"- %s" > /tmp/release_body.md || true + fi + echo "=== Release body preview ===" + cat /tmp/release_body.md + + - name: Create or update Gitea pre-release + env: + RELEASE_TOKEN: ${{ secrets.RELEASE_TOKEN }} + RELEASE_TAG: ${{ needs.autotag.outputs.release_tag }} + run: | + set -eu + TAG="${RELEASE_TAG}" + API="http://172.0.0.29:3000/api/v1/repos/$GITHUB_REPOSITORY" + + RELEASE_ID=$(curl -s "$API/releases/tags/$TAG" \ + -H "Authorization: token $RELEASE_TOKEN" | jq -r '.id // empty') + + if [ -z "$RELEASE_ID" ]; then + echo "Creating pre-release $TAG..." + RELEASE_ID=$(jq -n \ + --arg tag "$TAG" \ + --arg name "TFTSR $TAG" \ + --rawfile body /tmp/release_body.md \ + '{tag_name: $tag, name: $name, body: $body, draft: true, prerelease: true}' \ + | curl -sf -X POST "$API/releases" \ + -H "Authorization: token $RELEASE_TOKEN" \ + -H "Content-Type: application/json" \ + --data @- \ + | jq -r '.id') + echo "✓ Pre-release created (id=$RELEASE_ID)" + else + echo "Updating existing release $TAG (id=$RELEASE_ID)..." + jq -n --rawfile body /tmp/release_body.md '{body: $body}' \ + | curl -sf -X PATCH "$API/releases/$RELEASE_ID" \ + -H "Authorization: token $RELEASE_TOKEN" \ + -H "Content-Type: application/json" \ + --data @- + echo "✓ Release body updated" + fi + + if [ -z "$RELEASE_ID" ] || [ "$RELEASE_ID" = "null" ]; then + echo "ERROR: Failed to create or locate release for $TAG" + exit 1 + fi + + - name: Upload CHANGELOG.md as release asset + env: + RELEASE_TOKEN: ${{ secrets.RELEASE_TOKEN }} + RELEASE_TAG: ${{ needs.autotag.outputs.release_tag }} + run: | + set -eu + TAG="${RELEASE_TAG}" + API="http://172.0.0.29:3000/api/v1/repos/$GITHUB_REPOSITORY" + RELEASE_ID=$(curl -sf "$API/releases/tags/$TAG" \ + -H "Authorization: token $RELEASE_TOKEN" | jq -r '.id') + if [ -z "$RELEASE_ID" ] || [ "$RELEASE_ID" = "null" ]; then + echo "ERROR: Could not find release for tag $TAG" + exit 1 + fi + # Generate a minimal changelog file for the asset + git log --pretty=format:"- %s" -20 > CHANGELOG.md || true + EXISTING_ID=$(curl -sf "$API/releases/$RELEASE_ID" \ + -H "Authorization: token $RELEASE_TOKEN" \ + | jq -r '.assets[]? | select(.name == "CHANGELOG.md") | .id') + if [ -n "$EXISTING_ID" ]; then + curl -sf -X DELETE "$API/releases/$RELEASE_ID/assets/$EXISTING_ID" \ + -H "Authorization: token $RELEASE_TOKEN" + fi + curl -sf -X POST "$API/releases/$RELEASE_ID/assets" \ + -H "Authorization: token $RELEASE_TOKEN" \ + -F "attachment=@CHANGELOG.md;filename=CHANGELOG.md" + echo "✓ CHANGELOG.md uploaded" + + build-linux-amd64: + needs: autotag + runs-on: linux-amd64 + container: + image: 172.0.0.29:3000/sarman/tftsr-linux-amd64:rust1.88-node22 + steps: + - name: Checkout + run: | + git init + git remote add origin http://172.0.0.29:3000/sarman/tftsr-devops_investigation.git + git fetch --depth=1 origin "$GITHUB_SHA" + git checkout FETCH_HEAD + - name: Cache cargo registry + uses: actions/cache@v4 + with: + path: | + ~/.cargo/registry/index + ~/.cargo/registry/cache + ~/.cargo/git/db + key: ${{ runner.os }}-cargo-linux-amd64-${{ hashFiles('**/Cargo.lock') }} + restore-keys: | + ${{ runner.os }}-cargo-linux-amd64- + - name: Cache npm + uses: actions/cache@v4 + with: + path: ~/.npm + key: ${{ runner.os }}-npm-${{ hashFiles('**/package-lock.json') }} + restore-keys: | + ${{ runner.os }}-npm- + - name: Build + env: + APPIMAGE_EXTRACT_AND_RUN: "1" + run: | + npm ci --legacy-peer-deps + CI=true npx tauri build --target x86_64-unknown-linux-gnu + - name: Upload artifacts + env: + RELEASE_TOKEN: ${{ secrets.RELEASE_TOKEN }} + RELEASE_TAG: ${{ needs.autotag.outputs.release_tag }} + run: | + set -eu + API="http://172.0.0.29:3000/api/v1/repos/$GITHUB_REPOSITORY" + TAG="${RELEASE_TAG}" + echo "Uploading artifacts for $TAG..." + curl -sf -X POST "$API/releases" \ + -H "Authorization: token $RELEASE_TOKEN" \ + -H "Content-Type: application/json" \ + -d "{\"tag_name\":\"$TAG\",\"name\":\"TFTSR $TAG\",\"body\":\"Pre-release $TAG\",\"draft\":false,\"prerelease\":true}" || true + RELEASE_ID=$(curl -sf "$API/releases/tags/$TAG" \ + -H "Authorization: token $RELEASE_TOKEN" | jq -r '.id') + if [ -z "$RELEASE_ID" ] || [ "$RELEASE_ID" = "null" ]; then + echo "ERROR: Failed to get release ID for $TAG" + exit 1 + fi + echo "Release ID: $RELEASE_ID" + ARTIFACTS=$(find src-tauri/target/x86_64-unknown-linux-gnu/release/bundle -type f \ + \( -name "*.deb" -o -name "*.rpm" \)) + if [ -z "$ARTIFACTS" ]; then + echo "ERROR: No Linux amd64 artifacts were found to upload." + exit 1 + fi + printf '%s\n' "$ARTIFACTS" | while IFS= read -r f; do + NAME=$(basename "$f") + UPLOAD_NAME="linux-amd64-$NAME" + echo "Uploading $UPLOAD_NAME..." + EXISTING_IDS=$(curl -sf "$API/releases/$RELEASE_ID" \ + -H "Authorization: token $RELEASE_TOKEN" \ + | jq -r --arg name "$UPLOAD_NAME" '.assets[]? | select(.name == $name) | .id') + if [ -n "$EXISTING_IDS" ]; then + printf '%s\n' "$EXISTING_IDS" | while IFS= read -r id; do + [ -n "$id" ] || continue + curl -sf -X DELETE "$API/releases/$RELEASE_ID/assets/$id" \ + -H "Authorization: token $RELEASE_TOKEN" + done + fi + RESP_FILE=$(mktemp) + HTTP_CODE=$(curl -sS -o "$RESP_FILE" -w "%{http_code}" -X POST "$API/releases/$RELEASE_ID/assets" \ + -H "Authorization: token $RELEASE_TOKEN" \ + -F "attachment=@$f;filename=$UPLOAD_NAME") + if [ "$HTTP_CODE" -ge 200 ] && [ "$HTTP_CODE" -lt 300 ]; then + echo "✓ Uploaded $UPLOAD_NAME" + else + echo "✗ Upload failed for $UPLOAD_NAME (HTTP $HTTP_CODE)" + python -c 'import pathlib,sys;print(pathlib.Path(sys.argv[1]).read_text(errors="replace")[:2000])' "$RESP_FILE" + exit 1 + fi + done + + build-windows-amd64: + needs: autotag + runs-on: linux-amd64 + container: + image: 172.0.0.29:3000/sarman/tftsr-windows-cross:rust1.88-node22 + steps: + - name: Checkout + run: | + git init + git remote add origin http://172.0.0.29:3000/sarman/tftsr-devops_investigation.git + git fetch --depth=1 origin "$GITHUB_SHA" + git checkout FETCH_HEAD + - name: Cache cargo registry + uses: actions/cache@v4 + with: + path: | + ~/.cargo/registry/index + ~/.cargo/registry/cache + ~/.cargo/git/db + key: ${{ runner.os }}-cargo-windows-${{ hashFiles('**/Cargo.lock') }} + restore-keys: | + ${{ runner.os }}-cargo-windows- + - name: Cache npm + uses: actions/cache@v4 + with: + path: ~/.npm + key: ${{ runner.os }}-npm-${{ hashFiles('**/package-lock.json') }} + restore-keys: | + ${{ runner.os }}-npm- + - name: Build + env: + CC_x86_64_pc_windows_gnu: x86_64-w64-mingw32-gcc + CXX_x86_64_pc_windows_gnu: x86_64-w64-mingw32-g++ + AR_x86_64_pc_windows_gnu: x86_64-w64-mingw32-ar + CARGO_TARGET_X86_64_PC_WINDOWS_GNU_LINKER: x86_64-w64-mingw32-gcc + OPENSSL_NO_VENDOR: "0" + OPENSSL_STATIC: "1" + run: | + npm ci --legacy-peer-deps + CI=true npx tauri build --target x86_64-pc-windows-gnu + - name: Upload artifacts + env: + RELEASE_TOKEN: ${{ secrets.RELEASE_TOKEN }} + RELEASE_TAG: ${{ needs.autotag.outputs.release_tag }} + run: | + set -eu + API="http://172.0.0.29:3000/api/v1/repos/$GITHUB_REPOSITORY" + TAG="${RELEASE_TAG}" + echo "Uploading artifacts for $TAG..." + curl -sf -X POST "$API/releases" \ + -H "Authorization: token $RELEASE_TOKEN" \ + -H "Content-Type: application/json" \ + -d "{\"tag_name\":\"$TAG\",\"name\":\"TFTSR $TAG\",\"body\":\"Pre-release $TAG\",\"draft\":false,\"prerelease\":true}" || true + RELEASE_ID=$(curl -sf "$API/releases/tags/$TAG" \ + -H "Authorization: token $RELEASE_TOKEN" | jq -r '.id') + if [ -z "$RELEASE_ID" ] || [ "$RELEASE_ID" = "null" ]; then + echo "ERROR: Failed to get release ID for $TAG" + exit 1 + fi + echo "Release ID: $RELEASE_ID" + ARTIFACTS=$(find src-tauri/target/x86_64-pc-windows-gnu/release/bundle -type f \ + \( -name "*.exe" -o -name "*.msi" \) 2>/dev/null) + if [ -z "$ARTIFACTS" ]; then + echo "ERROR: No Windows amd64 artifacts were found to upload." + exit 1 + fi + printf '%s\n' "$ARTIFACTS" | while IFS= read -r f; do + NAME=$(basename "$f") + echo "Uploading $NAME..." + EXISTING_IDS=$(curl -sf "$API/releases/$RELEASE_ID" \ + -H "Authorization: token $RELEASE_TOKEN" \ + | jq -r --arg name "$NAME" '.assets[]? | select(.name == $name) | .id') + if [ -n "$EXISTING_IDS" ]; then + printf '%s\n' "$EXISTING_IDS" | while IFS= read -r id; do + [ -n "$id" ] || continue + curl -sf -X DELETE "$API/releases/$RELEASE_ID/assets/$id" \ + -H "Authorization: token $RELEASE_TOKEN" + done + fi + RESP_FILE=$(mktemp) + HTTP_CODE=$(curl -sS -o "$RESP_FILE" -w "%{http_code}" -X POST "$API/releases/$RELEASE_ID/assets" \ + -H "Authorization: token $RELEASE_TOKEN" \ + -F "attachment=@$f;filename=$NAME") + if [ "$HTTP_CODE" -ge 200 ] && [ "$HTTP_CODE" -lt 300 ]; then + echo "✓ Uploaded $NAME" + else + echo "✗ Upload failed for $NAME (HTTP $HTTP_CODE)" + python -c 'import pathlib,sys;print(pathlib.Path(sys.argv[1]).read_text(errors="replace")[:2000])' "$RESP_FILE" + exit 1 + fi + done + + build-macos-arm64: + needs: autotag + runs-on: macos-arm64 + steps: + - name: Checkout + run: | + git init + git remote add origin http://172.0.0.29:3000/sarman/tftsr-devops_investigation.git + git fetch --depth=1 origin "$GITHUB_SHA" + git checkout FETCH_HEAD + - name: Build + env: + MACOSX_DEPLOYMENT_TARGET: "11.0" + run: | + npm ci --legacy-peer-deps + rustup target add aarch64-apple-darwin + CI=true npx tauri build --target aarch64-apple-darwin --bundles app + APP=$(find src-tauri/target/aarch64-apple-darwin/release/bundle/macos -maxdepth 1 -type d -name "*.app" | head -n 1) + if [ -z "$APP" ]; then + echo "ERROR: Could not find macOS app bundle" + exit 1 + fi + APP_NAME=$(basename "$APP" .app) + codesign --deep --force --sign - "$APP" + mkdir -p src-tauri/target/aarch64-apple-darwin/release/bundle/dmg + DMG=src-tauri/target/aarch64-apple-darwin/release/bundle/dmg/${APP_NAME}.dmg + hdiutil create -volname "$APP_NAME" -srcfolder "$APP" -ov -format UDZO "$DMG" + - name: Upload artifacts + env: + RELEASE_TOKEN: ${{ secrets.RELEASE_TOKEN }} + RELEASE_TAG: ${{ needs.autotag.outputs.release_tag }} + run: | + set -eu + API="http://172.0.0.29:3000/api/v1/repos/$GITHUB_REPOSITORY" + TAG="${RELEASE_TAG}" + echo "Uploading artifacts for $TAG..." + curl -sf -X POST "$API/releases" \ + -H "Authorization: token $RELEASE_TOKEN" \ + -H "Content-Type: application/json" \ + -d "{\"tag_name\":\"$TAG\",\"name\":\"TFTSR $TAG\",\"body\":\"Pre-release $TAG\",\"draft\":false,\"prerelease\":true}" || true + RELEASE_ID=$(curl -sf "$API/releases/tags/$TAG" \ + -H "Authorization: token $RELEASE_TOKEN" | jq -r '.id') + if [ -z "$RELEASE_ID" ] || [ "$RELEASE_ID" = "null" ]; then + echo "ERROR: Failed to get release ID for $TAG" + exit 1 + fi + echo "Release ID: $RELEASE_ID" + ARTIFACTS=$(find src-tauri/target/aarch64-apple-darwin/release/bundle -type f -name "*.dmg") + if [ -z "$ARTIFACTS" ]; then + echo "ERROR: No macOS arm64 DMG artifacts were found to upload." + exit 1 + fi + printf '%s\n' "$ARTIFACTS" | while IFS= read -r f; do + NAME=$(basename "$f") + echo "Uploading $NAME..." + EXISTING_IDS=$(curl -sf "$API/releases/$RELEASE_ID" \ + -H "Authorization: token $RELEASE_TOKEN" \ + | jq -r --arg name "$NAME" '.assets[]? | select(.name == $name) | .id') + if [ -n "$EXISTING_IDS" ]; then + printf '%s\n' "$EXISTING_IDS" | while IFS= read -r id; do + [ -n "$id" ] || continue + curl -sf -X DELETE "$API/releases/$RELEASE_ID/assets/$id" \ + -H "Authorization: token $RELEASE_TOKEN" + done + fi + RESP_FILE=$(mktemp) + HTTP_CODE=$(curl -sS -o "$RESP_FILE" -w "%{http_code}" -X POST "$API/releases/$RELEASE_ID/assets" \ + -H "Authorization: token $RELEASE_TOKEN" \ + -F "attachment=@$f;filename=$NAME") + if [ "$HTTP_CODE" -ge 200 ] && [ "$HTTP_CODE" -lt 300 ]; then + echo "✓ Uploaded $NAME" + else + echo "✗ Upload failed for $NAME (HTTP $HTTP_CODE)" + python -c 'import pathlib,sys;print(pathlib.Path(sys.argv[1]).read_text(errors="replace")[:2000])' "$RESP_FILE" + exit 1 + fi + done + + build-linux-arm64: + needs: autotag + runs-on: linux-amd64 + container: + image: 172.0.0.29:3000/sarman/tftsr-linux-arm64:rust1.88-node22 + steps: + - name: Checkout + run: | + git init + git remote add origin http://172.0.0.29:3000/sarman/tftsr-devops_investigation.git + git fetch --depth=1 origin "$GITHUB_SHA" + git checkout FETCH_HEAD + - name: Cache cargo registry + uses: actions/cache@v4 + with: + path: | + ~/.cargo/registry/index + ~/.cargo/registry/cache + ~/.cargo/git/db + key: ${{ runner.os }}-cargo-arm64-${{ hashFiles('**/Cargo.lock') }} + restore-keys: | + ${{ runner.os }}-cargo-arm64- + - name: Cache npm + uses: actions/cache@v4 + with: + path: ~/.npm + key: ${{ runner.os }}-npm-${{ hashFiles('**/package-lock.json') }} + restore-keys: | + ${{ runner.os }}-npm- + - name: Build + env: + CC_aarch64_unknown_linux_gnu: aarch64-linux-gnu-gcc + CXX_aarch64_unknown_linux_gnu: aarch64-linux-gnu-g++ + AR_aarch64_unknown_linux_gnu: aarch64-linux-gnu-ar + CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER: aarch64-linux-gnu-gcc + PKG_CONFIG_SYSROOT_DIR: /usr/aarch64-linux-gnu + PKG_CONFIG_PATH: /usr/lib/aarch64-linux-gnu/pkgconfig + PKG_CONFIG_ALLOW_CROSS: "1" + OPENSSL_NO_VENDOR: "0" + OPENSSL_STATIC: "1" + APPIMAGE_EXTRACT_AND_RUN: "1" + run: | + npm ci --legacy-peer-deps + CI=true npx tauri build --target aarch64-unknown-linux-gnu --bundles deb,rpm + - name: Upload artifacts + env: + RELEASE_TOKEN: ${{ secrets.RELEASE_TOKEN }} + RELEASE_TAG: ${{ needs.autotag.outputs.release_tag }} + run: | + set -eu + API="http://172.0.0.29:3000/api/v1/repos/$GITHUB_REPOSITORY" + TAG="${RELEASE_TAG}" + echo "Uploading artifacts for $TAG..." + curl -sf -X POST "$API/releases" \ + -H "Authorization: token $RELEASE_TOKEN" \ + -H "Content-Type: application/json" \ + -d "{\"tag_name\":\"$TAG\",\"name\":\"TFTSR $TAG\",\"body\":\"Pre-release $TAG\",\"draft\":false,\"prerelease\":true}" || true + RELEASE_ID=$(curl -sf "$API/releases/tags/$TAG" \ + -H "Authorization: token $RELEASE_TOKEN" | jq -r '.id') + if [ -z "$RELEASE_ID" ] || [ "$RELEASE_ID" = "null" ]; then + echo "ERROR: Failed to get release ID for $TAG" + exit 1 + fi + echo "Release ID: $RELEASE_ID" + ARTIFACTS=$(find src-tauri/target/aarch64-unknown-linux-gnu/release/bundle -type f \ + \( -name "*.deb" -o -name "*.rpm" -o -name "*.AppImage" \)) + if [ -z "$ARTIFACTS" ]; then + echo "ERROR: No Linux arm64 artifacts were found to upload." + exit 1 + fi + printf '%s\n' "$ARTIFACTS" | while IFS= read -r f; do + NAME=$(basename "$f") + UPLOAD_NAME="linux-arm64-$NAME" + echo "Uploading $UPLOAD_NAME..." + EXISTING_IDS=$(curl -sf "$API/releases/$RELEASE_ID" \ + -H "Authorization: token $RELEASE_TOKEN" \ + | jq -r --arg name "$UPLOAD_NAME" '.assets[]? | select(.name == $name) | .id') + if [ -n "$EXISTING_IDS" ]; then + printf '%s\n' "$EXISTING_IDS" | while IFS= read -r id; do + [ -n "$id" ] || continue + curl -sf -X DELETE "$API/releases/$RELEASE_ID/assets/$id" \ + -H "Authorization: token $RELEASE_TOKEN" + done + fi + RESP_FILE=$(mktemp) + HTTP_CODE=$(curl -sS -o "$RESP_FILE" -w "%{http_code}" -X POST "$API/releases/$RELEASE_ID/assets" \ + -H "Authorization: token $RELEASE_TOKEN" \ + -F "attachment=@$f;filename=$UPLOAD_NAME") + if [ "$HTTP_CODE" -ge 200 ] && [ "$HTTP_CODE" -lt 300 ]; then + echo "✓ Uploaded $UPLOAD_NAME" + else + echo "✗ Upload failed for $UPLOAD_NAME (HTTP $HTTP_CODE)" + python -c 'import pathlib,sys;print(pathlib.Path(sys.argv[1]).read_text(errors="replace")[:2000])' "$RESP_FILE" + exit 1 + fi + done diff --git a/.gitea/workflows/test.yml b/.gitea/workflows/test.yml index 7efe54c1..1d2aa989 100644 --- a/.gitea/workflows/test.yml +++ b/.gitea/workflows/test.yml @@ -4,6 +4,7 @@ on: push: branches: - master + - beta pull_request: jobs: diff --git a/docs/wiki/CICD-Pipeline.md b/docs/wiki/CICD-Pipeline.md index 851d32e7..48a3a28b 100644 --- a/docs/wiki/CICD-Pipeline.md +++ b/docs/wiki/CICD-Pipeline.md @@ -361,6 +361,66 @@ docker exec gogs_postgres_db psql -U gogs -d gogsdb -c "SELECT id, lower_name FR --- +## Release Channels + +The project ships two update channels: + +| Channel | Branch | Tag format | Gitea release flag | Updater endpoint | +|---------|--------|------------|--------------------|-----------------| +| **Stable** | `master` | `v1.2.3` | `prerelease: false` | `/releases?limit=20` → first non-prerelease | +| **Beta** | `beta` | `v1.2.3-beta.N` | `prerelease: true` | `/releases?limit=20` → first prerelease | + +### Workflow files + +| Workflow | Trigger | Produces | +|----------|---------|---------| +| `auto-tag.yml` | push to `master` | Stable release, wiki sync, CHANGELOG committed back to master | +| `release-beta.yml` | push to `beta` | Pre-release, no wiki sync | + +### Beta tag numbering + +`release-beta.yml` reads `CARGO_VERSION` from `src-tauri/Cargo.toml` and finds the +highest existing `v{CARGO_VERSION}-beta.N` tag. It increments N on each push: + +``` +v1.3.0-beta.1 ← first push after Cargo.toml bumped to 1.3.0 +v1.3.0-beta.2 ← second push +v1.3.0-beta.3 ← etc. +``` + +When `Cargo.toml` is bumped (e.g. `1.3.0` → `1.4.0`), the counter resets to `.1`. + +### Promoting beta to stable + +1. Ensure `Cargo.toml` version is correct (no `-beta` suffix — just the clean semver). +2. Open a PR from `beta → master` and merge it. +3. `auto-tag.yml` fires, creates tag `v1.3.0`, builds all platforms, marks release stable. + +### In-app updater channel switching + +Users select their channel in **Settings → Updates**. The selection is stored in +`AppSettings.update_channel` (persisted via the frontend settings store). + +`check_app_updates` queries `GET /releases?limit=20` and returns the first release +matching the active channel: +- `stable` → first entry where `prerelease == false` +- `beta` → first entry where `prerelease == true` + +Draft releases are always skipped. + +### Branch protection for `beta` + +`beta` should carry the same protection rules as `master`: +- Require PR before merging +- Require all CI checks: `rust-fmt-check`, `rust-clippy`, `rust-tests`, + `frontend-typecheck`, `frontend-tests` +- Dismiss stale reviews on new commits + +Set **Settings → Repository → Default Branch** to `beta` so the Gitea UI defaults +new PRs to target `beta` rather than `master`. + +--- + ## Migration Notes (Gogs 0.14 → Gitea) Gitea auto-migrates the Gogs PostgreSQL schema on first start. Users, repos, teams, and diff --git a/src-tauri/src/commands/system.rs b/src-tauri/src/commands/system.rs index b5c59572..55c17d60 100644 --- a/src-tauri/src/commands/system.rs +++ b/src-tauri/src/commands/system.rs @@ -79,6 +79,12 @@ pub async fn update_settings( { settings.active_provider = Some(active_provider.to_string()); } + if let Some(ch) = partial_settings + .get("update_channel") + .and_then(|v| v.as_str()) + { + settings.update_channel = ch.to_string(); + } Ok(settings.clone()) } @@ -489,9 +495,21 @@ fn is_newer_version(latest: &str, current: &str) -> bool { } #[tauri::command] -pub async fn check_app_updates(app: tauri::AppHandle) -> Result { +pub async fn check_app_updates( + app: tauri::AppHandle, + state: tauri::State<'_, AppState>, +) -> Result { let current_version = app.package_info().version.to_string(); + let channel = { + state + .settings + .lock() + .map_err(|e| e.to_string())? + .update_channel + .clone() + }; + let client = reqwest::Client::builder() .timeout(std::time::Duration::from_secs(10)) .build() @@ -499,7 +517,7 @@ pub async fn check_app_updates(app: tauri::AppHandle) -> Result Result = response .json() .await .map_err(|e| format!("Failed to parse update response: {e}"))?; + let release = releases + .iter() + .find(|r| { + let is_pre = r["prerelease"].as_bool().unwrap_or(false); + let is_draft = r["draft"].as_bool().unwrap_or(false); + if is_draft { + return false; + } + match channel.as_str() { + "beta" => is_pre, + _ => !is_pre, + } + }) + .ok_or_else(|| format!("No release found for channel: {channel}"))?; + let latest_tag = release["tag_name"] .as_str() .unwrap_or("") @@ -553,12 +586,24 @@ pub async fn install_app_updates(app: tauri::AppHandle) -> Result<(), String> { } #[tauri::command] -pub async fn get_update_channel() -> Result { - Ok("stable".to_string()) +pub async fn get_update_channel(state: tauri::State<'_, AppState>) -> Result { + state + .settings + .lock() + .map(|s| s.update_channel.clone()) + .map_err(|e| e.to_string()) } #[tauri::command] -pub async fn set_update_channel(_channel: String) -> Result<(), String> { +pub async fn set_update_channel( + channel: String, + state: tauri::State<'_, AppState>, +) -> Result<(), String> { + state + .settings + .lock() + .map_err(|e| e.to_string())? + .update_channel = channel; Ok(()) } diff --git a/src-tauri/src/state.rs b/src-tauri/src/state.rs index a63c189d..c5426b31 100644 --- a/src-tauri/src/state.rs +++ b/src-tauri/src/state.rs @@ -57,6 +57,12 @@ pub struct AppSettings { pub default_provider: String, pub default_model: String, pub ollama_url: String, + #[serde(default = "default_update_channel")] + pub update_channel: String, +} + +fn default_update_channel() -> String { + "stable".to_string() } impl Default for AppSettings { @@ -68,6 +74,7 @@ impl Default for AppSettings { default_provider: "ollama".to_string(), default_model: "llama3.2:3b".to_string(), ollama_url: "http://localhost:11434".to_string(), + update_channel: "stable".to_string(), } } } From 5680a289402f191ddfbcd07d38d5540ebd8daa31 Mon Sep 17 00:00:00 2001 From: Shaun Arman Date: Sat, 13 Jun 2026 18:04:37 -0500 Subject: [PATCH 2/3] feat(ci): auto-sync beta from master after every push MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Adds sync-beta.yml: triggers on push to master, merges master into beta using RELEASE_TOKEN (admin — same mechanism auto-tag.yml uses to push CHANGELOG commits to protected master). Skips gracefully if beta does not exist yet or is already up to date. Note: commits with [skip ci] suppress all workflow runs; those commits are picked up on the next real push to master. --- .gitea/workflows/sync-beta.yml | 66 ++++++++++++++++++++++++++++++++++ 1 file changed, 66 insertions(+) create mode 100644 .gitea/workflows/sync-beta.yml diff --git a/.gitea/workflows/sync-beta.yml b/.gitea/workflows/sync-beta.yml new file mode 100644 index 00000000..214dc550 --- /dev/null +++ b/.gitea/workflows/sync-beta.yml @@ -0,0 +1,66 @@ +name: Sync Beta from Master + +# Merges master into beta after every push to master so beta never falls +# behind. Uses RELEASE_TOKEN (admin user) which can push to protected +# branches, same as the CHANGELOG commit in auto-tag.yml. +# +# NOTE: commits carrying [skip ci] in their message (e.g. the CHANGELOG +# commit from auto-tag.yml) suppress all workflow runs, so this job will +# not fire for those specific commits. The NEXT real push to master will +# bring the skipped commit(s) along in the merge. If you need immediate +# sync of every commit, remove [skip ci] from auto-tag.yml's CHANGELOG +# commit and instead gate auto-tag.yml with a path or branch filter. + +on: + push: + branches: + - master + +concurrency: + group: sync-beta + cancel-in-progress: true + +jobs: + sync: + runs-on: linux-amd64 + container: + image: alpine:latest + steps: + - name: Merge master into beta + env: + RELEASE_TOKEN: ${{ secrets.RELEASE_TOKEN }} + run: | + set -eu + apk add --no-cache git + + git init + git remote add origin \ + "http://oauth2:${RELEASE_TOKEN}@172.0.0.29:3000/${GITHUB_REPOSITORY}.git" + git config user.name "gitea-actions[bot]" + git config user.email "gitea-actions@local" + + # Check beta exists before trying to merge into it + if ! git ls-remote --exit-code origin refs/heads/beta >/dev/null 2>&1; then + echo "beta branch does not exist yet — skipping sync" + exit 0 + fi + + git fetch origin master beta + git checkout -b beta origin/beta + + # If beta already contains everything in master (e.g. right after a + # beta→master promotion) there is nothing to do. + if git merge-base --is-ancestor origin/master HEAD; then + echo "beta is already up to date with master — nothing to do" + exit 0 + fi + + if git merge --no-ff origin/master \ + -m "chore: sync beta from master [skip ci]"; then + git push origin beta + echo "✓ beta synced with master" + else + echo "✗ Merge conflict — manual resolution required" + git merge --abort || true + exit 1 + fi From 8befa472262e2caa62fe6e6a2ad5aabed88e32b1 Mon Sep 17 00:00:00 2001 From: Shaun Arman Date: Sat, 13 Jun 2026 18:36:31 -0500 Subject: [PATCH 3/3] chore: bump version to 1.2.3 --- package.json | 2 +- src-tauri/Cargo.toml | 2 +- src-tauri/tauri.conf.json | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/package.json b/package.json index 739ce27e..a7f0a064 100644 --- a/package.json +++ b/package.json @@ -1,7 +1,7 @@ { "name": "trcaa", "private": true, - "version": "1.2.2", + "version": "1.2.3", "type": "module", "scripts": { "dev": "vite", diff --git a/src-tauri/Cargo.toml b/src-tauri/Cargo.toml index 2d724c5e..646e452d 100644 --- a/src-tauri/Cargo.toml +++ b/src-tauri/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "trcaa" -version = "1.2.2" +version = "1.2.3" edition = "2021" [lib] diff --git a/src-tauri/tauri.conf.json b/src-tauri/tauri.conf.json index c201a3f5..79292e2b 100644 --- a/src-tauri/tauri.conf.json +++ b/src-tauri/tauri.conf.json @@ -1,6 +1,6 @@ { "productName": "Troubleshooting and RCA Assistant", - "version": "1.2.2", + "version": "1.2.3", "identifier": "com.trcaa.app", "build": { "frontendDist": "../dist",