Open
Conversation
sespiros
added
changelog
sespiros
force-pushed
the
sse/darwin-cli
branch
from
ed4dc33 to
42a426c
Compare
|
sespiros
force-pushed
the
sse/darwin-cli
branch
from
42a426c to
12e9896
Compare
Do the documentation changes need to be backported?Changes to
|
charludo
reviewed
Apr 10, 2026
sespiros
force-pushed
the
sse/darwin-cli
branch
from
4715cad to
ddff508
Compare
charludo
approved these changes
Apr 17, 2026
Collaborator
charludo
left a comment
charludo
left a comment
There was a problem hiding this comment.
Actions look good to me - thanks for doing the restructuring, as well!
Let's run the pr release artifacts workflow on this branch to test everything out again before merging. And we should probably do a release soon-ish, while all of these changes are still fresh in mind, in case something needs fixing.
Pre-release artifacts on ddff508The pre-release artifacts for this commit are available at the following link: https://contrast-public.s3.eu-central-1.amazonaws.com/pr-artifacts/24560392946/1/ Created by @sespiros in pr_release_artifacts workflow. |
Pre-release artifacts on cb61f4fThe pre-release artifacts for this commit are available at the following link: https://contrast-public.s3.eu-central-1.amazonaws.com/pr-artifacts/24567367684/1/ Created by @sespiros in pr_release_artifacts workflow. |
sespiros
force-pushed
the
sse/darwin-cli
branch
from
cb61f4f to
57de777
Compare
Pre-release artifacts on 57de777The pre-release artifacts for this commit are available at the following link: https://contrast-public.s3.eu-central-1.amazonaws.com/pr-artifacts/24665171221/1/ Created by @sespiros in pr_release_artifacts workflow. |
Extract the CLI build into a reusable composite action at
.github/actions/build_cli that takes a system input (e.g.
x86_64-linux, aarch64-darwin). The binary is copied to
workspace/contrast-${SYSTEM} so each platform gets a distinct artifact
name. Update artifact paths and update-contrast-releases.sh to match.
Signed-off-by: Spyros Seimenis <sse@edgeless.systems>
Replace the unix timestamp (date +%s) in pre-release S3 paths with GitHub Actions run metadata. Use github.run_id so multiple jobs in the same workflow run can independently compute the same S3 prefix without inter-job output plumbing. Include github.run_attempt so reruns publish to a different URL instead of silently overwriting artifacts that may already have been shared with testers. This keeps x86_64-linux and aarch64-darwin uploads coordinated within one workflow attempt while preserving immutable customer-facing links across reruns. Signed-off-by: Spyros Seimenis <sse@edgeless.systems>
Move the AWS IAM role login and S3 upload logic into a reusable composite action at .github/actions/s3_upload. Signed-off-by: Spyros Seimenis <sse@edgeless.systems>
Add a release-aarch64-darwin job that builds the CLI on macos-latest, attaches the binary to the draft GitHub release, and uploads it to the S3 pre-release bucket. The job runs after release-x86_64-linux to ensure cachix is warm with the required linux derivations and the draft release exists. Rename the release job to release-x86_64-linux for consistency. The publish job waits for both release jobs before marking the release as non-draft. The update-main job downloads the darwin artifact so that update-contrast-releases.sh can hash it into contrast-releases.json. Signed-off-by: Spyros Seimenis <sse@edgeless.systems>
Add a tabbed platform selector (Linux/macOS) to the CLI install page. The macOS tab downloads the aarch64-darwin binary and includes a note about the Gatekeeper quarantine workaround for browser downloads. Signed-off-by: Spyros Seimenis <sse@edgeless.systems>
Split the workflow into three jobs so the PR comment only posts once all artifacts are available in S3: 1. create-release-artifacts (ubuntu-24.04): builds containers and linux CLI, uploads to S3, exposes the S3 URL as a job output. 2. build-darwin-cli (macos-latest): needs job 1 (for Cachix to be populated), builds darwin CLI, uploads to the same S3 directory. 3. notify (ubuntu-24.04): needs both, posts the PR comment using the S3 URL from job 1. Signed-off-by: Spyros Seimenis <sse@edgeless.systems>
readarray is a bash 4+ builtin not available on macOS which ships bash 3.2. Replace with a while-read loop which is portable across both bash versions. Signed-off-by: Spyros Seimenis <sse@edgeless.systems>
sespiros
force-pushed
the
sse/darwin-cli
branch
from
57de777 to
cdef68b
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This is rebased on top of #2260
Fixes #874