name: release on: workflow_dispatch: inputs: version: description: 'Version' required: true type: string latest: description: 'Latest' required: true type: boolean default: true reuse_engine_version: description: 'Reuse artifacts from this version (skips building)' required: false type: string defaults: run: # Enable fail-fast behavior shell: bash -e {0} env: # Disable incremental compilation for faster from-scratch builds CARGO_INCREMENTAL: 0 # Skip OpenAPI generation in CI (use pre-committed docs/openapi.json) SKIP_OPENAPI_GEN: 1 jobs: setup: name: "Setup" runs-on: ubuntu-24.04 permissions: # Allow pushing to GitHub contents: write # Allows authentication id-token: write steps: - uses: actions/checkout@v4 with: fetch-depth: 0 - uses: dtolnay/rust-toolchain@stable - uses: actions/setup-node@v4 with: node-version: 20 - run: corepack enable - name: Setup env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} R2_RELEASES_ACCESS_KEY_ID: ${{ secrets.R2_RELEASES_ACCESS_KEY_ID }} R2_RELEASES_SECRET_ACCESS_KEY: ${{ secrets.R2_RELEASES_SECRET_ACCESS_KEY }} run: | # Configure Git git config --global user.name "github-actions[bot]" git config --global user.email "github-actions[bot]@users.noreply.github.com" # Authenticate with NPM cat << EOF > ~/.npmrc //registry.npmjs.org/:_authToken=${{ secrets.NPM_TOKEN }} EOF # Install dependencies pnpm install --no-frozen-lockfile # Install tsx globally npm install -g tsx # Build command based on inputs CMD="./scripts/release/main.ts --version \"${{ github.event.inputs.version }}\" --phase setup-ci" if [ "${{ inputs.latest }}" != "true" ]; then CMD="$CMD --no-latest" fi if [ -n "${{ inputs.reuse_engine_version }}" ]; then CMD="$CMD --reuse-engine-version \"${{ inputs.reuse_engine_version }}\"" fi eval "$CMD" binaries: name: "Build & Upload Binaries" needs: [setup] if: ${{ !inputs.reuse_engine_version }} strategy: fail-fast: false matrix: include: - platform: linux runner: depot-ubuntu-24.04-8 target: x86_64-unknown-linux-musl binary_ext: "" arch: x86_64 - platform: linux runner: depot-ubuntu-24.04-arm-8 target: aarch64-unknown-linux-musl binary_ext: "" arch: aarch64 - platform: windows runner: depot-ubuntu-24.04-8 target: x86_64-pc-windows-gnu binary_ext: ".exe" arch: x86_64 - platform: macos runner: depot-ubuntu-24.04-8 target: x86_64-apple-darwin binary_ext: "" arch: x86_64 - platform: macos runner: depot-ubuntu-24.04-8 target: aarch64-apple-darwin binary_ext: "" arch: aarch64 runs-on: ${{ matrix.runner }} steps: - uses: actions/checkout@v4 with: fetch-depth: 0 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - name: Build binary run: | # Use Docker BuildKit export DOCKER_BUILDKIT=1 # Build the binary using our Dockerfile with version docker/release/build.sh ${{ matrix.target }} ${{ github.event.inputs.version }} # Make sure dist directory exists and binary is there ls -la dist/ - name: Upload to R2 env: AWS_ACCESS_KEY_ID: ${{ secrets.R2_RELEASES_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets.R2_RELEASES_SECRET_ACCESS_KEY }} run: | # Install dependencies for AWS CLI sudo apt-get update sudo apt-get install -y unzip curl # Install AWS CLI curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" unzip awscliv2.zip sudo ./aws/install --update COMMIT_SHA_SHORT="${GITHUB_SHA::7}" BINARY_PATH="dist/sandbox-agent-${{ matrix.target }}${{ matrix.binary_ext }}" GIGACODE_PATH="dist/gigacode-${{ matrix.target }}${{ matrix.binary_ext }}" # Must specify --checksum-algorithm for compatibility with R2 aws s3 cp \ "${BINARY_PATH}" \ "s3://rivet-releases/sandbox-agent/${COMMIT_SHA_SHORT}/binaries/sandbox-agent-${{ matrix.target }}${{ matrix.binary_ext }}" \ --region auto \ --endpoint-url https://2a94c6a0ced8d35ea63cddc86c2681e7.r2.cloudflarestorage.com \ --checksum-algorithm CRC32 aws s3 cp \ "${GIGACODE_PATH}" \ "s3://rivet-releases/sandbox-agent/${COMMIT_SHA_SHORT}/binaries/gigacode-${{ matrix.target }}${{ matrix.binary_ext }}" \ --region auto \ --endpoint-url https://2a94c6a0ced8d35ea63cddc86c2681e7.r2.cloudflarestorage.com \ --checksum-algorithm CRC32 docker: name: "Build & Push Docker Images" needs: [setup] if: ${{ !inputs.reuse_engine_version }} strategy: fail-fast: false matrix: include: - platform: linux/arm64 runner: depot-ubuntu-24.04-arm-8 arch_suffix: -arm64 - platform: linux/amd64 runner: depot-ubuntu-24.04-8 arch_suffix: -amd64 runs-on: ${{ matrix.runner }} steps: - uses: actions/checkout@v4 with: fetch-depth: 0 - name: Set outputs id: vars run: echo "sha_short=${GITHUB_SHA::7}" >> $GITHUB_OUTPUT - uses: ./.github/actions/docker-setup with: docker_username: ${{ secrets.DOCKER_CI_USERNAME }} docker_password: ${{ secrets.DOCKER_CI_ACCESS_TOKEN }} github_token: ${{ secrets.GITHUB_TOKEN }} - name: Build & Push uses: docker/build-push-action@v4 with: context: . push: true tags: rivetdev/sandbox-agent:${{ steps.vars.outputs.sha_short }}${{ matrix.arch_suffix }} file: docker/runtime/Dockerfile platforms: ${{ matrix.platform }} build-args: | TARGETARCH=${{ contains(matrix.platform, 'arm64') && 'arm64' || 'amd64' }} complete: name: "Complete" needs: [setup, docker, binaries] if: ${{ always() && !cancelled() && needs.setup.result == 'success' && (needs.docker.result == 'success' || needs.docker.result == 'skipped') && (needs.binaries.result == 'success' || needs.binaries.result == 'skipped') }} runs-on: ubuntu-24.04 steps: - uses: actions/checkout@v4 with: fetch-depth: 0 - uses: dtolnay/rust-toolchain@stable - uses: actions/setup-node@v4 with: node-version: 20 registry-url: "https://registry.npmjs.org" - run: corepack enable - uses: ./.github/actions/docker-setup continue-on-error: true with: docker_username: ${{ secrets.DOCKER_CI_USERNAME }} docker_password: ${{ secrets.DOCKER_CI_ACCESS_TOKEN }} github_token: ${{ secrets.GITHUB_TOKEN }} - name: Complete env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} CARGO_REGISTRY_TOKEN: ${{ secrets.CRATES_IO_TOKEN }} NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} R2_RELEASES_ACCESS_KEY_ID: ${{ secrets.R2_RELEASES_ACCESS_KEY_ID }} R2_RELEASES_SECRET_ACCESS_KEY: ${{ secrets.R2_RELEASES_SECRET_ACCESS_KEY }} run: | # Authenticate with NPM cat << EOF > ~/.npmrc //registry.npmjs.org/:_authToken=${{ secrets.NPM_TOKEN }} EOF # Install dependencies pnpm install --no-frozen-lockfile # Install tsx globally npm install -g tsx # Build command based on inputs CMD="./scripts/release/main.ts --version \"${{ github.event.inputs.version }}\" --phase complete-ci --no-validate-git" if [ "${{ inputs.latest }}" != "true" ]; then CMD="$CMD --no-latest" fi if [ -n "${{ inputs.reuse_engine_version }}" ]; then CMD="$CMD --reuse-engine-version \"${{ inputs.reuse_engine_version }}\"" fi eval "$CMD"