ci(release): build and attach unsigned macOS binaries to releases (#26462)

2026-05-14 05:42:54 -07:00 · 2026-05-05 17:59:54 -04:00
parent 3627f4777f
commit e039fcdf2a
6 changed files with 89 additions and 5 deletions
@@ -0,0 +1,23 @@
 name: 'Download Mac Binaries'
 description: 'Downloads the unsigned macOS binaries (x64 and arm64)'
 inputs:
  path:
    description: 'The base path to download the binaries to'
    required: true
    default: 'dist'
 runs:
  using: 'composite'
  steps:
    - name: 'Download macOS arm64 binary'
      uses: 'actions/download-artifact@cc203385981b70ca67e1cc392babf9cc229d5806' # ratchet:actions/download-artifact@v4
      continue-on-error: true
      with:
        name: 'gemini-darwin-arm64-unsigned'
        path: '${{ inputs.path }}/darwin-arm64'
    - name: 'Download macOS x64 binary'
      uses: 'actions/download-artifact@cc203385981b70ca67e1cc392babf9cc229d5806' # ratchet:actions/download-artifact@v4
      continue-on-error: true
      with:
        name: 'gemini-darwin-x64-unsigned'
        path: '${{ inputs.path }}/darwin-x64'
@@ -308,8 +308,21 @@ runs:
        fi
        rm -rf test-bundle
        RELEASE_ASSETS=("gemini-cli-bundle.zip")
        # Check for and prepare macOS binaries if they exist
        if [[ -f "dist/darwin-arm64/gemini" ]]; then
          zip -j gemini-darwin-arm64-unsigned.zip dist/darwin-arm64/gemini
          RELEASE_ASSETS+=("gemini-darwin-arm64-unsigned.zip")
        fi
        if [[ -f "dist/darwin-x64/gemini" ]]; then
          zip -j gemini-darwin-x64-unsigned.zip dist/darwin-x64/gemini
          RELEASE_ASSETS+=("gemini-darwin-x64-unsigned.zip")
        fi
        gh release create "${INPUTS_RELEASE_TAG}" \
-          gemini-cli-bundle.zip \
+          "${RELEASE_ASSETS[@]}" \
          --target "${STEPS_RELEASE_BRANCH_OUTPUTS_BRANCH_NAME}" \
          --title "Release ${INPUTS_RELEASE_TAG}" \
          --notes-start-tag "${INPUTS_PREVIOUS_TAG}" \
@@ -2,6 +2,12 @@ name: 'Build Unsigned Mac Binaries'
 on:
  workflow_dispatch:
  workflow_call:
    inputs:
      ref:
        description: 'The branch, tag, or SHA to build from.'
        required: true
        type: 'string'
 permissions:
  contents: 'read'
@@ -22,6 +28,8 @@ jobs:
    steps:
      - name: 'Checkout'
        uses: 'actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5' # ratchet:actions/checkout@v4
        with:
          ref: '${{ inputs.ref || github.ref }}'
      - name: 'Set up Node.js'
        uses: 'actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020' # ratchet:actions/setup-node@v4
@@ -52,5 +60,5 @@ jobs:
        uses: 'actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02' # ratchet:actions/upload-artifact@v4
        with:
          name: 'gemini-darwin-${{ matrix.arch }}-unsigned'
-          path: 'dist/darwin-${{ matrix.arch }}/'
+          path: 'dist/darwin-${{ matrix.arch }}/gemini'
-          retention-days: 5
+          retention-days: 14
@@ -46,8 +46,15 @@ on:
        default: 'prod'
 jobs:
  build-mac:
    if: "github.repository == 'google-gemini/gemini-cli'"
    uses: './.github/workflows/build-unsigned-mac-binaries.yml'
    with:
      ref: '${{ github.event.inputs.ref }}'
  release:
    if: "github.repository == 'google-gemini/gemini-cli'"
    needs: ['build-mac']
    runs-on: 'ubuntu-latest'
    environment: "${{ github.event.inputs.environment || 'prod' }}"
    permissions:
@@ -83,6 +90,11 @@ jobs:
        working-directory: './release'
        run: 'npm ci'
      - name: 'Download macOS Binaries'
        uses: './.github/actions/download-mac-binaries'
        with:
          path: 'release/dist'
      - name: 'Prepare Release Info'
        id: 'release_info'
        working-directory: './release'
@@ -30,8 +30,15 @@ on:
        default: 'prod'
 jobs:
  build-mac:
    if: "github.repository == 'google-gemini/gemini-cli'"
    uses: './.github/workflows/build-unsigned-mac-binaries.yml'
    with:
      ref: '${{ github.event.inputs.ref }}'
  release:
    if: "github.repository == 'google-gemini/gemini-cli'"
    needs: ['build-mac']
    environment: "${{ github.event.inputs.environment || 'prod' }}"
    runs-on: 'ubuntu-latest'
    permissions:
@@ -62,6 +69,11 @@ jobs:
        working-directory: './release'
        run: 'npm ci'
      - name: 'Download macOS Binaries'
        uses: './.github/actions/download-mac-binaries'
        with:
          path: 'release/dist'
      - name: 'Print Inputs'
        shell: 'bash'
        env:
@@ -197,9 +197,15 @@ jobs:
          gemini_api_key: '${{ secrets.GEMINI_API_KEY }}'
          working-directory: './release'
  build-mac:
    if: "github.repository == 'google-gemini/gemini-cli'"
    uses: './.github/workflows/build-unsigned-mac-binaries.yml'
    with:
      ref: '${{ github.event.inputs.ref }}'
  publish-preview:
    name: 'Publish preview'
-    needs: ['calculate-versions', 'test']
+    needs: ['calculate-versions', 'test', 'build-mac']
    runs-on: 'ubuntu-latest'
    environment: "${{ github.event.inputs.environment || 'prod' }}"
    permissions:
@@ -229,6 +235,11 @@ jobs:
        working-directory: './release'
        run: 'npm ci'
      - name: 'Download macOS Binaries'
        uses: './.github/actions/download-mac-binaries'
        with:
          path: 'release/dist'
      - name: 'Publish Release'
        uses: './.github/actions/publish-release'
        with:
@@ -266,7 +277,7 @@ jobs:
  publish-stable:
    name: 'Publish stable'
-    needs: ['calculate-versions', 'test', 'publish-preview']
+    needs: ['calculate-versions', 'test', 'publish-preview', 'build-mac']
    runs-on: 'ubuntu-latest'
    environment: "${{ github.event.inputs.environment || 'prod' }}"
    permissions:
@@ -296,6 +307,11 @@ jobs:
        working-directory: './release'
        run: 'npm ci'
      - name: 'Download macOS Binaries'
        uses: './.github/actions/download-mac-binaries'
        with:
          path: 'release/dist'
      - name: 'Publish Release'
        uses: './.github/actions/publish-release'
        with: