sarman/tftsr-devops_investigation
1
1
Fork 0
Code Issues 4 Pull Requests Actions 34 Packages Projects 3 Releases 6 Wiki Activity

feat(ci): beta release channel + live updater channel switching #98

Merged
sarman merged 5 commits from fix/proxmox-v1.2.1 into master 2026-06-13 23:38:36 +00:00
Conversation 0 Commits 5 Files Changed 9 +736 -9
9 changed files with 736 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

548
.gitea/workflows/release-beta.yml Normal file
View File

@ -0,0 +1,548 @@
name: Release Beta
# Runs on every merge to beta — creates a v{CARGO_VERSION}-beta.N pre-release tag,
# builds all four platforms, and uploads artifacts. Wiki sync is intentionally
# omitted here; it only runs from master via auto-tag.yml.
on:
push:
branches:
- beta
workflow_dispatch:
concurrency:
group: auto-tag-beta
cancel-in-progress: false
jobs:
autotag:
runs-on: linux-amd64
container:
image: alpine:latest
outputs:
release_tag: ${{ steps.bump.outputs.release_tag }}
steps:
- name: Create beta tag
id: bump
env:
RELEASE_TOKEN: ${{ secrets.RELEASE_TOKEN }}
run: |
set -eu
apk add --no-cache curl jq git
API="http://172.0.0.29:3000/api/v1/repos/$GITHUB_REPOSITORY"
git init
git remote add origin "http://oauth2:${RELEASE_TOKEN}@172.0.0.29:3000/${GITHUB_REPOSITORY}.git"
git fetch --depth=1 origin "$GITHUB_SHA"
git checkout FETCH_HEAD
git config user.name "gitea-actions[bot]"
git config user.email "gitea-actions@local"
CARGO_VERSION=$(grep '^version' src-tauri/Cargo.toml | head -1 | sed 's/version = "//;s/"//')
echo "Cargo.toml declares: $CARGO_VERSION"
# Find the highest existing beta.N for this Cargo version
LATEST_BETA=$(curl -s "$API/tags?limit=100" \
-H "Authorization: token $RELEASE_TOKEN" | \
jq -r '.[].name' | \
grep -E "^v${CARGO_VERSION}-beta\.[0-9]+$" | \
sort -t. -k4 -n | tail -1 || true)
echo "Latest beta tag: ${LATEST_BETA:-none}"
if [ -z "$LATEST_BETA" ]; then
NEXT="v${CARGO_VERSION}-beta.1"
else
N=$(echo "$LATEST_BETA" | sed "s/v${CARGO_VERSION}-beta\\.//")
NEXT="v${CARGO_VERSION}-beta.$((N + 1))"
fi
echo "Next beta tag: $NEXT"
if git ls-remote --exit-code --tags origin "refs/tags/$NEXT" >/dev/null 2>&1; then
echo "Tag $NEXT already exists; builds will target this tag."
else
git tag -a "$NEXT" -m "Pre-release $NEXT"
git push origin "refs/tags/$NEXT"
echo "Tag $NEXT pushed successfully"
fi
echo "release_tag=$NEXT" >> "$GITHUB_OUTPUT"
changelog:
needs: autotag
runs-on: linux-amd64
container:
image: alpine:latest
steps:
- name: Install dependencies
run: apk add --no-cache git curl jq
- name: Checkout (full history + all tags)
env:
RELEASE_TOKEN: ${{ secrets.RELEASE_TOKEN }}
run: |
set -eu
git init
git remote add origin \
"http://oauth2:${RELEASE_TOKEN}@172.0.0.29:3000/${GITHUB_REPOSITORY}.git"
git fetch --unshallow origin || git fetch --depth=2147483647 origin || true
git fetch --tags origin
git checkout "$GITHUB_SHA" 2>/dev/null || git checkout FETCH_HEAD
git config user.name "gitea-actions[bot]"
git config user.email "gitea-actions@local"
- name: Install git-cliff
run: |
set -eu
CLIFF_VER="2.7.0"
curl -fsSL \
"https://github.com/orhun/git-cliff/releases/download/v${CLIFF_VER}/git-cliff-${CLIFF_VER}-x86_64-unknown-linux-musl.tar.gz" \
| tar -xz --strip-components=1 -C /usr/local/bin \
"git-cliff-${CLIFF_VER}/git-cliff"
- name: Generate changelog
env:
RELEASE_TAG: ${{ needs.autotag.outputs.release_tag }}
run: |
set -eu
CURRENT_TAG="${RELEASE_TAG}"
echo "Building changelog for $CURRENT_TAG"
if ! git rev-parse "refs/tags/${CURRENT_TAG}" >/dev/null 2>&1; then
echo "ERROR: tag ${CURRENT_TAG} not found locally after fetch"
exit 1
fi
# Include all tag types (stable + beta) for a proper diff range
PREV_TAG=$(git tag --sort=-version:refname | grep -v "^${CURRENT_TAG}$" | head -1 || echo "")
if [ -n "$PREV_TAG" ]; then
git-cliff --config cliff.toml "${PREV_TAG}..${CURRENT_TAG}" > /tmp/release_body.md || true
else
git log --pretty=format:"- %s" > /tmp/release_body.md || true
fi
echo "=== Release body preview ==="
cat /tmp/release_body.md
- name: Create or update Gitea pre-release
env:
RELEASE_TOKEN: ${{ secrets.RELEASE_TOKEN }}
RELEASE_TAG: ${{ needs.autotag.outputs.release_tag }}
run: |
set -eu
TAG="${RELEASE_TAG}"
API="http://172.0.0.29:3000/api/v1/repos/$GITHUB_REPOSITORY"
RELEASE_ID=$(curl -s "$API/releases/tags/$TAG" \
-H "Authorization: token $RELEASE_TOKEN" | jq -r '.id // empty')
if [ -z "$RELEASE_ID" ]; then
echo "Creating pre-release $TAG..."
RELEASE_ID=$(jq -n \
--arg tag "$TAG" \
--arg name "TFTSR $TAG" \
--rawfile body /tmp/release_body.md \
'{tag_name: $tag, name: $name, body: $body, draft: true, prerelease: true}' \
| curl -sf -X POST "$API/releases" \
-H "Authorization: token $RELEASE_TOKEN" \
-H "Content-Type: application/json" \
--data @- \
| jq -r '.id')
echo "✓ Pre-release created (id=$RELEASE_ID)"
else
echo "Updating existing release $TAG (id=$RELEASE_ID)..."
jq -n --rawfile body /tmp/release_body.md '{body: $body}' \
| curl -sf -X PATCH "$API/releases/$RELEASE_ID" \
-H "Authorization: token $RELEASE_TOKEN" \
-H "Content-Type: application/json" \
--data @-
echo "✓ Release body updated"
fi
if [ -z "$RELEASE_ID" ] || [ "$RELEASE_ID" = "null" ]; then
echo "ERROR: Failed to create or locate release for $TAG"
exit 1
fi
- name: Upload CHANGELOG.md as release asset
env:
RELEASE_TOKEN: ${{ secrets.RELEASE_TOKEN }}
RELEASE_TAG: ${{ needs.autotag.outputs.release_tag }}
run: |
set -eu
TAG="${RELEASE_TAG}"
API="http://172.0.0.29:3000/api/v1/repos/$GITHUB_REPOSITORY"
RELEASE_ID=$(curl -sf "$API/releases/tags/$TAG" \
-H "Authorization: token $RELEASE_TOKEN" | jq -r '.id')
if [ -z "$RELEASE_ID" ] || [ "$RELEASE_ID" = "null" ]; then
echo "ERROR: Could not find release for tag $TAG"
exit 1
fi
# Generate a minimal changelog file for the asset
git log --pretty=format:"- %s" -20 > CHANGELOG.md || true
EXISTING_ID=$(curl -sf "$API/releases/$RELEASE_ID" \
-H "Authorization: token $RELEASE_TOKEN" \
| jq -r '.assets[]? | select(.name == "CHANGELOG.md") | .id')
if [ -n "$EXISTING_ID" ]; then
curl -sf -X DELETE "$API/releases/$RELEASE_ID/assets/$EXISTING_ID" \
-H "Authorization: token $RELEASE_TOKEN"
fi
curl -sf -X POST "$API/releases/$RELEASE_ID/assets" \
-H "Authorization: token $RELEASE_TOKEN" \
-F "attachment=@CHANGELOG.md;filename=CHANGELOG.md"
echo "✓ CHANGELOG.md uploaded"
build-linux-amd64:
needs: autotag
runs-on: linux-amd64
container:
image: 172.0.0.29:3000/sarman/tftsr-linux-amd64:rust1.88-node22
steps:
- name: Checkout
run: |
git init
git remote add origin http://172.0.0.29:3000/sarman/tftsr-devops_investigation.git
git fetch --depth=1 origin "$GITHUB_SHA"
git checkout FETCH_HEAD
- name: Cache cargo registry
uses: actions/cache@v4
with:
path: |
~/.cargo/registry/index
~/.cargo/registry/cache
~/.cargo/git/db
key: ${{ runner.os }}-cargo-linux-amd64-${{ hashFiles('**/Cargo.lock') }}
restore-keys: |
${{ runner.os }}-cargo-linux-amd64-
- name: Cache npm
uses: actions/cache@v4
with:
path: ~/.npm
key: ${{ runner.os }}-npm-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.os }}-npm-
- name: Build
env:
APPIMAGE_EXTRACT_AND_RUN: "1"
run: |
npm ci --legacy-peer-deps
CI=true npx tauri build --target x86_64-unknown-linux-gnu
- name: Upload artifacts
env:
RELEASE_TOKEN: ${{ secrets.RELEASE_TOKEN }}
RELEASE_TAG: ${{ needs.autotag.outputs.release_tag }}
run: |
set -eu
API="http://172.0.0.29:3000/api/v1/repos/$GITHUB_REPOSITORY"
TAG="${RELEASE_TAG}"
echo "Uploading artifacts for $TAG..."
curl -sf -X POST "$API/releases" \
-H "Authorization: token $RELEASE_TOKEN" \
-H "Content-Type: application/json" \
-d "{\"tag_name\":\"$TAG\",\"name\":\"TFTSR $TAG\",\"body\":\"Pre-release $TAG\",\"draft\":false,\"prerelease\":true}" || true
RELEASE_ID=$(curl -sf "$API/releases/tags/$TAG" \
-H "Authorization: token $RELEASE_TOKEN" | jq -r '.id')
if [ -z "$RELEASE_ID" ] || [ "$RELEASE_ID" = "null" ]; then
echo "ERROR: Failed to get release ID for $TAG"
exit 1
fi
echo "Release ID: $RELEASE_ID"
ARTIFACTS=$(find src-tauri/target/x86_64-unknown-linux-gnu/release/bundle -type f \
\( -name "*.deb" -o -name "*.rpm" \))
if [ -z "$ARTIFACTS" ]; then
echo "ERROR: No Linux amd64 artifacts were found to upload."
exit 1
fi
printf '%s\n' "$ARTIFACTS" | while IFS= read -r f; do
NAME=$(basename "$f")
UPLOAD_NAME="linux-amd64-$NAME"
echo "Uploading $UPLOAD_NAME..."
EXISTING_IDS=$(curl -sf "$API/releases/$RELEASE_ID" \
-H "Authorization: token $RELEASE_TOKEN" \
| jq -r --arg name "$UPLOAD_NAME" '.assets[]? | select(.name == $name) | .id')
if [ -n "$EXISTING_IDS" ]; then
printf '%s\n' "$EXISTING_IDS" | while IFS= read -r id; do
[ -n "$id" ] || continue
curl -sf -X DELETE "$API/releases/$RELEASE_ID/assets/$id" \
-H "Authorization: token $RELEASE_TOKEN"
done
fi
RESP_FILE=$(mktemp)
HTTP_CODE=$(curl -sS -o "$RESP_FILE" -w "%{http_code}" -X POST "$API/releases/$RELEASE_ID/assets" \
-H "Authorization: token $RELEASE_TOKEN" \
-F "attachment=@$f;filename=$UPLOAD_NAME")
if [ "$HTTP_CODE" -ge 200 ] && [ "$HTTP_CODE" -lt 300 ]; then
echo "✓ Uploaded $UPLOAD_NAME"
else
echo "✗ Upload failed for $UPLOAD_NAME (HTTP $HTTP_CODE)"
python -c 'import pathlib,sys;print(pathlib.Path(sys.argv[1]).read_text(errors="replace")[:2000])' "$RESP_FILE"
exit 1
fi
done
build-windows-amd64:
needs: autotag
runs-on: linux-amd64
container:
image: 172.0.0.29:3000/sarman/tftsr-windows-cross:rust1.88-node22
steps:
- name: Checkout
run: |
git init
git remote add origin http://172.0.0.29:3000/sarman/tftsr-devops_investigation.git
git fetch --depth=1 origin "$GITHUB_SHA"
git checkout FETCH_HEAD
- name: Cache cargo registry
uses: actions/cache@v4
with:
path: |
~/.cargo/registry/index
~/.cargo/registry/cache
~/.cargo/git/db
key: ${{ runner.os }}-cargo-windows-${{ hashFiles('**/Cargo.lock') }}
restore-keys: |
${{ runner.os }}-cargo-windows-
- name: Cache npm
uses: actions/cache@v4
with:
path: ~/.npm
key: ${{ runner.os }}-npm-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.os }}-npm-
- name: Build
env:
CC_x86_64_pc_windows_gnu: x86_64-w64-mingw32-gcc
CXX_x86_64_pc_windows_gnu: x86_64-w64-mingw32-g++
AR_x86_64_pc_windows_gnu: x86_64-w64-mingw32-ar
CARGO_TARGET_X86_64_PC_WINDOWS_GNU_LINKER: x86_64-w64-mingw32-gcc
OPENSSL_NO_VENDOR: "0"
OPENSSL_STATIC: "1"
run: |
npm ci --legacy-peer-deps
CI=true npx tauri build --target x86_64-pc-windows-gnu
- name: Upload artifacts
env:
RELEASE_TOKEN: ${{ secrets.RELEASE_TOKEN }}
RELEASE_TAG: ${{ needs.autotag.outputs.release_tag }}
run: |
set -eu
API="http://172.0.0.29:3000/api/v1/repos/$GITHUB_REPOSITORY"
TAG="${RELEASE_TAG}"
echo "Uploading artifacts for $TAG..."
curl -sf -X POST "$API/releases" \
-H "Authorization: token $RELEASE_TOKEN" \
-H "Content-Type: application/json" \
-d "{\"tag_name\":\"$TAG\",\"name\":\"TFTSR $TAG\",\"body\":\"Pre-release $TAG\",\"draft\":false,\"prerelease\":true}" || true
RELEASE_ID=$(curl -sf "$API/releases/tags/$TAG" \
-H "Authorization: token $RELEASE_TOKEN" | jq -r '.id')
if [ -z "$RELEASE_ID" ] || [ "$RELEASE_ID" = "null" ]; then
echo "ERROR: Failed to get release ID for $TAG"
exit 1
fi
echo "Release ID: $RELEASE_ID"
ARTIFACTS=$(find src-tauri/target/x86_64-pc-windows-gnu/release/bundle -type f \
\( -name "*.exe" -o -name "*.msi" \) 2>/dev/null)
if [ -z "$ARTIFACTS" ]; then
echo "ERROR: No Windows amd64 artifacts were found to upload."
exit 1
fi
printf '%s\n' "$ARTIFACTS" | while IFS= read -r f; do
NAME=$(basename "$f")
echo "Uploading $NAME..."
EXISTING_IDS=$(curl -sf "$API/releases/$RELEASE_ID" \
-H "Authorization: token $RELEASE_TOKEN" \
| jq -r --arg name "$NAME" '.assets[]? | select(.name == $name) | .id')
if [ -n "$EXISTING_IDS" ]; then
printf '%s\n' "$EXISTING_IDS" | while IFS= read -r id; do
[ -n "$id" ] || continue
curl -sf -X DELETE "$API/releases/$RELEASE_ID/assets/$id" \
-H "Authorization: token $RELEASE_TOKEN"
done
fi
RESP_FILE=$(mktemp)
HTTP_CODE=$(curl -sS -o "$RESP_FILE" -w "%{http_code}" -X POST "$API/releases/$RELEASE_ID/assets" \
-H "Authorization: token $RELEASE_TOKEN" \
-F "attachment=@$f;filename=$NAME")
if [ "$HTTP_CODE" -ge 200 ] && [ "$HTTP_CODE" -lt 300 ]; then
echo "✓ Uploaded $NAME"
else
echo "✗ Upload failed for $NAME (HTTP $HTTP_CODE)"
python -c 'import pathlib,sys;print(pathlib.Path(sys.argv[1]).read_text(errors="replace")[:2000])' "$RESP_FILE"
exit 1
fi
done
build-macos-arm64:
needs: autotag
runs-on: macos-arm64
steps:
- name: Checkout
run: |
git init
git remote add origin http://172.0.0.29:3000/sarman/tftsr-devops_investigation.git
git fetch --depth=1 origin "$GITHUB_SHA"
git checkout FETCH_HEAD
- name: Build
env:
MACOSX_DEPLOYMENT_TARGET: "11.0"
run: |
npm ci --legacy-peer-deps
rustup target add aarch64-apple-darwin
CI=true npx tauri build --target aarch64-apple-darwin --bundles app
APP=$(find src-tauri/target/aarch64-apple-darwin/release/bundle/macos -maxdepth 1 -type d -name "*.app" | head -n 1)
if [ -z "$APP" ]; then
echo "ERROR: Could not find macOS app bundle"
exit 1
fi
APP_NAME=$(basename "$APP" .app)
codesign --deep --force --sign - "$APP"
mkdir -p src-tauri/target/aarch64-apple-darwin/release/bundle/dmg
DMG=src-tauri/target/aarch64-apple-darwin/release/bundle/dmg/${APP_NAME}.dmg
hdiutil create -volname "$APP_NAME" -srcfolder "$APP" -ov -format UDZO "$DMG"
- name: Upload artifacts
env:
RELEASE_TOKEN: ${{ secrets.RELEASE_TOKEN }}
RELEASE_TAG: ${{ needs.autotag.outputs.release_tag }}
run: |
set -eu
API="http://172.0.0.29:3000/api/v1/repos/$GITHUB_REPOSITORY"
TAG="${RELEASE_TAG}"
echo "Uploading artifacts for $TAG..."
curl -sf -X POST "$API/releases" \
-H "Authorization: token $RELEASE_TOKEN" \
-H "Content-Type: application/json" \
-d "{\"tag_name\":\"$TAG\",\"name\":\"TFTSR $TAG\",\"body\":\"Pre-release $TAG\",\"draft\":false,\"prerelease\":true}" || true
RELEASE_ID=$(curl -sf "$API/releases/tags/$TAG" \
-H "Authorization: token $RELEASE_TOKEN" | jq -r '.id')
if [ -z "$RELEASE_ID" ] || [ "$RELEASE_ID" = "null" ]; then
echo "ERROR: Failed to get release ID for $TAG"
exit 1
fi
echo "Release ID: $RELEASE_ID"
ARTIFACTS=$(find src-tauri/target/aarch64-apple-darwin/release/bundle -type f -name "*.dmg")
if [ -z "$ARTIFACTS" ]; then
echo "ERROR: No macOS arm64 DMG artifacts were found to upload."
exit 1
fi
printf '%s\n' "$ARTIFACTS" | while IFS= read -r f; do
NAME=$(basename "$f")
echo "Uploading $NAME..."
EXISTING_IDS=$(curl -sf "$API/releases/$RELEASE_ID" \
-H "Authorization: token $RELEASE_TOKEN" \
| jq -r --arg name "$NAME" '.assets[]? | select(.name == $name) | .id')
if [ -n "$EXISTING_IDS" ]; then
printf '%s\n' "$EXISTING_IDS" | while IFS= read -r id; do
[ -n "$id" ] || continue
curl -sf -X DELETE "$API/releases/$RELEASE_ID/assets/$id" \
-H "Authorization: token $RELEASE_TOKEN"
done
fi
RESP_FILE=$(mktemp)
HTTP_CODE=$(curl -sS -o "$RESP_FILE" -w "%{http_code}" -X POST "$API/releases/$RELEASE_ID/assets" \
-H "Authorization: token $RELEASE_TOKEN" \
-F "attachment=@$f;filename=$NAME")
if [ "$HTTP_CODE" -ge 200 ] && [ "$HTTP_CODE" -lt 300 ]; then
echo "✓ Uploaded $NAME"
else
echo "✗ Upload failed for $NAME (HTTP $HTTP_CODE)"
python -c 'import pathlib,sys;print(pathlib.Path(sys.argv[1]).read_text(errors="replace")[:2000])' "$RESP_FILE"
exit 1
fi
done
build-linux-arm64:
needs: autotag
runs-on: linux-amd64
container:
image: 172.0.0.29:3000/sarman/tftsr-linux-arm64:rust1.88-node22
steps:
- name: Checkout
run: |
git init
git remote add origin http://172.0.0.29:3000/sarman/tftsr-devops_investigation.git
git fetch --depth=1 origin "$GITHUB_SHA"
git checkout FETCH_HEAD
- name: Cache cargo registry
uses: actions/cache@v4
with:
path: |
~/.cargo/registry/index
~/.cargo/registry/cache
~/.cargo/git/db
key: ${{ runner.os }}-cargo-arm64-${{ hashFiles('**/Cargo.lock') }}
restore-keys: |
${{ runner.os }}-cargo-arm64-
- name: Cache npm
uses: actions/cache@v4
with:
path: ~/.npm
key: ${{ runner.os }}-npm-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.os }}-npm-
- name: Build
env:
CC_aarch64_unknown_linux_gnu: aarch64-linux-gnu-gcc
CXX_aarch64_unknown_linux_gnu: aarch64-linux-gnu-g++
AR_aarch64_unknown_linux_gnu: aarch64-linux-gnu-ar
CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER: aarch64-linux-gnu-gcc
PKG_CONFIG_SYSROOT_DIR: /usr/aarch64-linux-gnu
PKG_CONFIG_PATH: /usr/lib/aarch64-linux-gnu/pkgconfig
PKG_CONFIG_ALLOW_CROSS: "1"
OPENSSL_NO_VENDOR: "0"
OPENSSL_STATIC: "1"
APPIMAGE_EXTRACT_AND_RUN: "1"
run: |
npm ci --legacy-peer-deps
CI=true npx tauri build --target aarch64-unknown-linux-gnu --bundles deb,rpm
- name: Upload artifacts
env:
RELEASE_TOKEN: ${{ secrets.RELEASE_TOKEN }}
RELEASE_TAG: ${{ needs.autotag.outputs.release_tag }}
run: |
set -eu
API="http://172.0.0.29:3000/api/v1/repos/$GITHUB_REPOSITORY"
TAG="${RELEASE_TAG}"
echo "Uploading artifacts for $TAG..."
curl -sf -X POST "$API/releases" \
-H "Authorization: token $RELEASE_TOKEN" \
-H "Content-Type: application/json" \
-d "{\"tag_name\":\"$TAG\",\"name\":\"TFTSR $TAG\",\"body\":\"Pre-release $TAG\",\"draft\":false,\"prerelease\":true}" || true
RELEASE_ID=$(curl -sf "$API/releases/tags/$TAG" \
-H "Authorization: token $RELEASE_TOKEN" | jq -r '.id')
if [ -z "$RELEASE_ID" ] || [ "$RELEASE_ID" = "null" ]; then
echo "ERROR: Failed to get release ID for $TAG"
exit 1
fi
echo "Release ID: $RELEASE_ID"
ARTIFACTS=$(find src-tauri/target/aarch64-unknown-linux-gnu/release/bundle -type f \
\( -name "*.deb" -o -name "*.rpm" -o -name "*.AppImage" \))
if [ -z "$ARTIFACTS" ]; then
echo "ERROR: No Linux arm64 artifacts were found to upload."
exit 1
fi
printf '%s\n' "$ARTIFACTS" | while IFS= read -r f; do
NAME=$(basename "$f")
UPLOAD_NAME="linux-arm64-$NAME"
echo "Uploading $UPLOAD_NAME..."
EXISTING_IDS=$(curl -sf "$API/releases/$RELEASE_ID" \
-H "Authorization: token $RELEASE_TOKEN" \
| jq -r --arg name "$UPLOAD_NAME" '.assets[]? | select(.name == $name) | .id')
if [ -n "$EXISTING_IDS" ]; then
printf '%s\n' "$EXISTING_IDS" | while IFS= read -r id; do
[ -n "$id" ] || continue
curl -sf -X DELETE "$API/releases/$RELEASE_ID/assets/$id" \
-H "Authorization: token $RELEASE_TOKEN"
done
fi
RESP_FILE=$(mktemp)
HTTP_CODE=$(curl -sS -o "$RESP_FILE" -w "%{http_code}" -X POST "$API/releases/$RELEASE_ID/assets" \
-H "Authorization: token $RELEASE_TOKEN" \
-F "attachment=@$f;filename=$UPLOAD_NAME")
if [ "$HTTP_CODE" -ge 200 ] && [ "$HTTP_CODE" -lt 300 ]; then
echo "✓ Uploaded $UPLOAD_NAME"
else
echo "✗ Upload failed for $UPLOAD_NAME (HTTP $HTTP_CODE)"
python -c 'import pathlib,sys;print(pathlib.Path(sys.argv[1]).read_text(errors="replace")[:2000])' "$RESP_FILE"
exit 1
fi
done

66
.gitea/workflows/sync-beta.yml Normal file
View File

@ -0,0 +1,66 @@
name: Sync Beta from Master
# Merges master into beta after every push to master so beta never falls
# behind. Uses RELEASE_TOKEN (admin user) which can push to protected
# branches, same as the CHANGELOG commit in auto-tag.yml.
#
# NOTE: commits carrying [skip ci] in their message (e.g. the CHANGELOG
# commit from auto-tag.yml) suppress all workflow runs, so this job will
# not fire for those specific commits. The NEXT real push to master will
# bring the skipped commit(s) along in the merge. If you need immediate
# sync of every commit, remove [skip ci] from auto-tag.yml's CHANGELOG
# commit and instead gate auto-tag.yml with a path or branch filter.
on:
push:
branches:
- master
concurrency:
group: sync-beta
cancel-in-progress: true
jobs:
sync:
runs-on: linux-amd64
container:
image: alpine:latest
steps:
- name: Merge master into beta
env:
RELEASE_TOKEN: ${{ secrets.RELEASE_TOKEN }}
run: |
set -eu
apk add --no-cache git
git init
git remote add origin \
"http://oauth2:${RELEASE_TOKEN}@172.0.0.29:3000/${GITHUB_REPOSITORY}.git"
git config user.name "gitea-actions[bot]"
git config user.email "gitea-actions@local"
# Check beta exists before trying to merge into it
if ! git ls-remote --exit-code origin refs/heads/beta >/dev/null 2>&1; then
echo "beta branch does not exist yet — skipping sync"
exit 0
fi
git fetch origin master beta
git checkout -b beta origin/beta
# If beta already contains everything in master (e.g. right after a
# beta→master promotion) there is nothing to do.
if git merge-base --is-ancestor origin/master HEAD; then
echo "beta is already up to date with master — nothing to do"
exit 0
fi
if git merge --no-ff origin/master \
-m "chore: sync beta from master [skip ci]"; then
git push origin beta
echo "✓ beta synced with master"
else
echo "✗ Merge conflict — manual resolution required"
git merge --abort || true
exit 1
fi

1
.gitea/workflows/test.yml
View File

@ -4,6 +4,7 @@ on:
push:
branches:
- master
- beta
pull_request:
jobs:

60
docs/wiki/CICD-Pipeline.md
View File

@ -361,6 +361,66 @@ docker exec gogs_postgres_db psql -U gogs -d gogsdb -c "SELECT id, lower_name FR
---
## Release Channels
The project ships two update channels:
| Channel | Branch | Tag format | Gitea release flag | Updater endpoint |
|---------|--------|------------|--------------------|-----------------|
| **Stable** | `master` | `v1.2.3` | `prerelease: false` | `/releases?limit=20` → first non-prerelease |
| **Beta** | `beta` | `v1.2.3-beta.N` | `prerelease: true` | `/releases?limit=20` → first prerelease |
### Workflow files
| Workflow | Trigger | Produces |
|----------|---------|---------|
| `auto-tag.yml` | push to `master` | Stable release, wiki sync, CHANGELOG committed back to master |
| `release-beta.yml` | push to `beta` | Pre-release, no wiki sync |
### Beta tag numbering
`release-beta.yml` reads `CARGO_VERSION` from `src-tauri/Cargo.toml` and finds the
highest existing `v{CARGO_VERSION}-beta.N` tag. It increments N on each push:
```
v1.3.0-beta.1 ← first push after Cargo.toml bumped to 1.3.0
v1.3.0-beta.2 ← second push
v1.3.0-beta.3 ← etc.
```
When `Cargo.toml` is bumped (e.g. `1.3.0``1.4.0`), the counter resets to `.1`.
### Promoting beta to stable
1. Ensure `Cargo.toml` version is correct (no `-beta` suffix — just the clean semver).
2. Open a PR from `beta → master` and merge it.
3. `auto-tag.yml` fires, creates tag `v1.3.0`, builds all platforms, marks release stable.
### In-app updater channel switching
Users select their channel in **Settings → Updates**. The selection is stored in
`AppSettings.update_channel` (persisted via the frontend settings store).
`check_app_updates` queries `GET /releases?limit=20` and returns the first release
matching the active channel:
- `stable` → first entry where `prerelease == false`
- `beta` → first entry where `prerelease == true`
Draft releases are always skipped.
### Branch protection for `beta`
`beta` should carry the same protection rules as `master`:
- Require PR before merging
- Require all CI checks: `rust-fmt-check`, `rust-clippy`, `rust-tests`,
`frontend-typecheck`, `frontend-tests`
- Dismiss stale reviews on new commits
Set **Settings → Repository → Default Branch** to `beta` so the Gitea UI defaults
new PRs to target `beta` rather than `master`.
---
## Migration Notes (Gogs 0.14 → Gitea)
Gitea auto-migrates the Gogs PostgreSQL schema on first start. Users, repos, teams, and

2
package.json
View File

@ -1,7 +1,7 @@
{
"name": "trcaa",
"private": true,
"version": "1.2.2",
"version": "1.2.3",
"type": "module",
"scripts": {
"dev": "vite",

2
src-tauri/Cargo.toml
View File

@ -1,6 +1,6 @@
[package]
name = "trcaa"
version = "1.2.2"
version = "1.2.3"
edition = "2021"
[lib]

57
src-tauri/src/commands/system.rs
View File

@ -79,6 +79,12 @@ pub async fn update_settings(
{
settings.active_provider = Some(active_provider.to_string());
}
if let Some(ch) = partial_settings
.get("update_channel")
.and_then(|v| v.as_str())
{
settings.update_channel = ch.to_string();
}
Ok(settings.clone())
}
@ -489,9 +495,21 @@ fn is_newer_version(latest: &str, current: &str) -> bool {
}
#[tauri::command]
pub async fn check_app_updates(app: tauri::AppHandle) -> Result<serde_json::Value, String> {
pub async fn check_app_updates(
app: tauri::AppHandle,
state: tauri::State<'_, AppState>,
) -> Result<serde_json::Value, String> {
let current_version = app.package_info().version.to_string();
let channel = {
state
.settings
.lock()
.map_err(|e| e.to_string())?
.update_channel
.clone()
};
let client = reqwest::Client::builder()
.timeout(std::time::Duration::from_secs(10))
.build()
@ -499,7 +517,7 @@ pub async fn check_app_updates(app: tauri::AppHandle) -> Result<serde_json::Valu
let response = client
.get(
"https://gogs.tftsr.com/api/v1/repos/sarman/tftsr-devops_investigation/releases/latest",
"https://gogs.tftsr.com/api/v1/repos/sarman/tftsr-devops_investigation/releases?limit=20",
)
.header("Accept", "application/json")
.send()
@ -513,11 +531,26 @@ pub async fn check_app_updates(app: tauri::AppHandle) -> Result<serde_json::Valu
));
}
let release: serde_json::Value = response
let releases: Vec<serde_json::Value> = response
.json()
.await
.map_err(|e| format!("Failed to parse update response: {e}"))?;
let release = releases
.iter()
.find(|r| {
let is_pre = r["prerelease"].as_bool().unwrap_or(false);
let is_draft = r["draft"].as_bool().unwrap_or(false);
if is_draft {
return false;
}
match channel.as_str() {
"beta" => is_pre,
_ => !is_pre,
}
})
.ok_or_else(|| format!("No release found for channel: {channel}"))?;
let latest_tag = release["tag_name"]
.as_str()
.unwrap_or("")
@ -553,12 +586,24 @@ pub async fn install_app_updates(app: tauri::AppHandle) -> Result<(), String> {
}
#[tauri::command]
pub async fn get_update_channel() -> Result<String, String> {
Ok("stable".to_string())
pub async fn get_update_channel(state: tauri::State<'_, AppState>) -> Result<String, String> {
state
.settings
.lock()
.map(|s| s.update_channel.clone())
.map_err(|e| e.to_string())
}
#[tauri::command]
pub async fn set_update_channel(_channel: String) -> Result<(), String> {
pub async fn set_update_channel(
channel: String,
state: tauri::State<'_, AppState>,
) -> Result<(), String> {
state
.settings
.lock()
.map_err(|e| e.to_string())?
.update_channel = channel;
Ok(())
}

7
src-tauri/src/state.rs
View File

@ -57,6 +57,12 @@ pub struct AppSettings {
pub default_provider: String,
pub default_model: String,
pub ollama_url: String,
#[serde(default = "default_update_channel")]
pub update_channel: String,
}
fn default_update_channel() -> String {
"stable".to_string()
}
impl Default for AppSettings {
@ -68,6 +74,7 @@ impl Default for AppSettings {
default_provider: "ollama".to_string(),
default_model: "llama3.2:3b".to_string(),
ollama_url: "http://localhost:11434".to_string(),
update_channel: "stable".to_string(),
}
}
}

2
src-tauri/tauri.conf.json
View File

@ -1,6 +1,6 @@
{
"productName": "Troubleshooting and RCA Assistant",
"version": "1.2.2",
"version": "1.2.3",
"identifier": "com.trcaa.app",
"build": {
"frontendDist": "../dist",