name: Desktop release # Builds and publishes the Electron desktop app via electron-forge. # Generates a GitHub Release (draft) with installers + update manifests. # Triggered by a `desktop-v*` tag or manually. # # Each target OS builds on its own runner so the bundled `ao` daemon is compiled # natively for that platform. build-daemon.mjs keys the binary off the build # host's platform, so cross-OS packaging (e.g. building the Windows installer on # macOS) would ship a non-Windows binary named `ao` and the app could not launch # the daemon (issues #235/#256). The per-OS matrix keeps host == target. # # ⚠️ Until macOS code signing + notarization secrets are configured (see # frontend/docs/desktop-release.md), published builds are UNSIGNED and will # NOT auto-update on macOS. The workflow still produces installable artifacts. on: push: tags: - "desktop-v*" workflow_dispatch: jobs: release: strategy: fail-fast: false matrix: os: [macos-latest, windows-latest] runs-on: ${{ matrix.os }} permissions: contents: write defaults: run: working-directory: frontend steps: - uses: actions/checkout@v4 - uses: actions/setup-node@v4 with: node-version: 20 cache: npm cache-dependency-path: frontend/package-lock.json # The daemon is compiled by build-daemon.mjs during prepackage/premake, so # the Go toolchain must be present and pinned on every runner. - uses: actions/setup-go@v5 with: go-version-file: backend/go.mod cache-dependency-path: backend/go.sum - run: npm ci - name: Publish run: npm run publish env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # macOS signing + notarization — add as repository secrets and # set osxSign/osxNotarize in forge.config.ts to enable. CSC_LINK: ${{ secrets.CSC_LINK }} CSC_KEY_PASSWORD: ${{ secrets.CSC_KEY_PASSWORD }} APPLE_ID: ${{ secrets.APPLE_ID }} APPLE_APP_SPECIFIC_PASSWORD: ${{ secrets.APPLE_APP_SPECIFIC_PASSWORD }} APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}