From bc95436a438dc8964b3b80328b35cae1c3659cb8 Mon Sep 17 00:00:00 2001 From: Onur Solmaz <2453968+osolmaz@users.noreply.github.com> Date: Mon, 23 Mar 2026 21:34:51 +0100 Subject: [PATCH] release: upload macos preflight artifacts (#53105) * release: upload macos preflight artifacts * release: speed up macos preflight * release: use xlarge macos runner * release: skip dmg path in macos preflight --- .../openclaw-release-maintainer/SKILL.md | 5 ++ .github/workflows/macos-release.yml | 53 +++++++++++++------ scripts/package-mac-dist.sh | 19 ++++--- 3 files changed, 53 insertions(+), 24 deletions(-) diff --git a/.agents/skills/openclaw-release-maintainer/SKILL.md b/.agents/skills/openclaw-release-maintainer/SKILL.md index caa5482ea78..ea0ab5d87f3 100644 --- a/.agents/skills/openclaw-release-maintainer/SKILL.md +++ b/.agents/skills/openclaw-release-maintainer/SKILL.md @@ -111,6 +111,11 @@ OPENCLAW_INSTALL_SMOKE_SKIP_NONROOT=1 pnpm test:install:smoke the npm version is already published. - Validation-only runs may be dispatched from a branch when you are testing a workflow change before merge. +- macOS release workflows run on GitHub's xlarge macOS runner and use a + SwiftPM cache because the Swift build/test/package path is CPU-heavy. +- macOS preflight uploads the ad-hoc `.zip` output as a workflow artifact so + maintainers can download and inspect the built package before any real + publish run. - npm preflight and macOS preflight must both pass before any publish run starts. - Real publish runs must be dispatched from `main`; branch-dispatched publish diff --git a/.github/workflows/macos-release.yml b/.github/workflows/macos-release.yml index bab49d171a6..3b16ce2365a 100644 --- a/.github/workflows/macos-release.yml +++ b/.github/workflows/macos-release.yml @@ -25,7 +25,9 @@ env: jobs: preflight_macos_release: - runs-on: macos-latest + # Use GitHub's xlarge macOS runner because release packaging is + # Swift-heavy and benefits from the faster hosted hardware tier. + runs-on: macos-latest-xlarge permissions: contents: read steps: @@ -59,6 +61,14 @@ jobs: xcodebuild -version swift --version + - name: Cache SwiftPM + uses: actions/cache@v5 + with: + path: ~/Library/Caches/org.swift.swiftpm + key: ${{ runner.os }}-swiftpm-release-${{ hashFiles('apps/macos/Package.resolved') }} + restore-keys: | + ${{ runner.os }}-swiftpm-release- + - name: Ensure matching GitHub release exists env: GH_TOKEN: ${{ github.token }} @@ -94,18 +104,6 @@ jobs: NODE_OPTIONS: --max-old-space-size=4096 run: pnpm release:check - - name: Swift build - run: | - set -euo pipefail - for attempt in 1 2 3; do - if swift build --package-path apps/macos --configuration release; then - exit 0 - fi - echo "swift build failed (attempt $attempt/3). Retryingโ€ฆ" - sleep $((attempt * 20)) - done - exit 1 - - name: Swift test run: | set -euo pipefail @@ -119,18 +117,31 @@ jobs: exit 1 - name: Package macOS release with ad-hoc signing + id: package_preflight env: - APP_VERSION: ${{ steps.package_version.outputs.value }} BUNDLE_ID: ai.openclaw.mac BUILD_CONFIG: release CODESIGN_TIMESTAMP: "off" SIGN_IDENTITY: "-" - SKIP_NOTARIZE: "1" SKIP_PNPM_INSTALL: "1" SKIP_TSC: "1" SKIP_UI_BUILD: "1" SPARKLE_FEED_URL: ${{ env.SPARKLE_FEED_URL }} - run: scripts/package-mac-dist.sh + run: | + set -euo pipefail + scripts/package-mac-app.sh + VERSION=$(/usr/libexec/PlistBuddy -c "Print CFBundleShortVersionString" dist/OpenClaw.app/Contents/Info.plist) + ZIP_PATH="dist/OpenClaw-${VERSION}.zip" + rm -f "$ZIP_PATH" + ditto -c -k --sequesterRsrc --keepParent dist/OpenClaw.app "$ZIP_PATH" + echo "zip_path=$ZIP_PATH" >> "$GITHUB_OUTPUT" + + - name: Upload preflight macOS artifacts + uses: actions/upload-artifact@v7 + with: + name: macos-preflight-${{ inputs.tag }} + path: ${{ steps.package_preflight.outputs.zip_path }} + if-no-files-found: error validate_publish_dispatch_ref: if: ${{ !inputs.preflight_only }} @@ -151,7 +162,7 @@ jobs: publish_macos_release: needs: [preflight_macos_release, validate_publish_dispatch_ref] if: ${{ !inputs.preflight_only }} - runs-on: macos-latest + runs-on: macos-latest-xlarge environment: mac-release concurrency: # Stable releases all derive the same shared appcast.xml; serialize those @@ -191,6 +202,14 @@ jobs: xcodebuild -version swift --version + - name: Cache SwiftPM + uses: actions/cache@v5 + with: + path: ~/Library/Caches/org.swift.swiftpm + key: ${{ runner.os }}-swiftpm-release-${{ hashFiles('apps/macos/Package.resolved') }} + restore-keys: | + ${{ runner.os }}-swiftpm-release- + - name: Ensure matching GitHub release exists env: GH_TOKEN: ${{ github.token }} diff --git a/scripts/package-mac-dist.sh b/scripts/package-mac-dist.sh index 843dc9d67aa..7b108b404ff 100755 --- a/scripts/package-mac-dist.sh +++ b/scripts/package-mac-dist.sh @@ -36,6 +36,7 @@ DSYM_ZIP="$ROOT_DIR/dist/OpenClaw-$VERSION.dSYM.zip" SKIP_NOTARIZE="${SKIP_NOTARIZE:-0}" NOTARIZE=1 SKIP_DSYM="${SKIP_DSYM:-0}" +SKIP_DMG="${SKIP_DMG:-0}" if [[ "$SKIP_NOTARIZE" == "1" ]]; then NOTARIZE=0 @@ -53,15 +54,19 @@ echo "๐Ÿ“ฆ Zip: $ZIP" rm -f "$ZIP" ditto -c -k --sequesterRsrc --keepParent "$APP" "$ZIP" -echo "๐Ÿ’ฟ DMG: $DMG" -"$ROOT_DIR/scripts/create-dmg.sh" "$APP" "$DMG" +if [[ "$SKIP_DMG" != "1" ]]; then + echo "๐Ÿ’ฟ DMG: $DMG" + "$ROOT_DIR/scripts/create-dmg.sh" "$APP" "$DMG" -if [[ "$NOTARIZE" == "1" ]]; then - if [[ -n "${SIGN_IDENTITY:-}" ]]; then - echo "๐Ÿ” Signing DMG: $DMG" - /usr/bin/codesign --force --sign "$SIGN_IDENTITY" --timestamp "$DMG" + if [[ "$NOTARIZE" == "1" ]]; then + if [[ -n "${SIGN_IDENTITY:-}" ]]; then + echo "๐Ÿ” Signing DMG: $DMG" + /usr/bin/codesign --force --sign "$SIGN_IDENTITY" --timestamp "$DMG" + fi + "$ROOT_DIR/scripts/notarize-mac-artifact.sh" "$DMG" fi - "$ROOT_DIR/scripts/notarize-mac-artifact.sh" "$DMG" +else + echo "๐Ÿ’ฟ Skipping DMG (SKIP_DMG=1)" fi if [[ "$SKIP_DSYM" != "1" ]]; then