fix(local): show security warning for all local agent installations (… #935

Workflow file for this run

.github/workflows/cli-release.yml at 0bca96a

	name: CLI Release

	on:
	push:
	branches: [main]
	paths:
	- 'packages/cli/src/**'
	- 'packages/cli/package.json'
	- 'packages/cli/bun.lock'
	workflow_dispatch:

	concurrency:
	group: cli-release
	cancel-in-progress: true

	jobs:
	build:
	name: Build and release CLI
	runs-on: ubuntu-latest
	permissions:
	contents: write

	steps:
	- name: Checkout code
	uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4

	- name: Setup Bun
	uses: oven-sh/setup-bun@0c5077e51419868618aeaa5fe8019c62421857d6 # v2

	- name: Install dependencies and build
	working-directory: packages/cli
	run: \|
	bun install
	bun run build

	- name: Build cloud bundles
	run: bun run packages/cli/build-clouds.ts

	- name: Get version
	id: version
	working-directory: packages/cli
	run: echo "version=$(jq -r .version package.json)" >> "$GITHUB_OUTPUT"

	- name: Create version file
	working-directory: packages/cli
	run: jq -r .version package.json > version

	- name: Update cli-latest release
	env:
	GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	run: \|
	# Create release if it doesn't exist, then upload assets with --clobber
	# to atomically replace files without a delete→create race window
	gh release create cli-latest \
	--title "CLI v${{ steps.version.outputs.version }}" \
	--notes "Pre-built CLI binary (auto-updated on every push to main).

	This release is used as a fallback by \`install.sh\` when the local build fails (e.g. Termux proot).
	The \`version\` file is used by the CLI's auto-update check.

	Version: ${{ steps.version.outputs.version }}
	Built: $(date -u +%Y-%m-%dT%H:%M:%SZ)" \
	--prerelease 2>/dev/null \|\| true

	gh release upload cli-latest \
	packages/cli/cli.js \
	packages/cli/version \
	--clobber

	- name: Upload cloud bundles
	env:
	GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	run: \|
	# Upload each cloud bundle, creating the release if needed.
	# Uses --clobber to atomically replace assets (no delete→create race).
	for bundle in packages/cli/*.js; do
	name=$(basename "$bundle" .js)
	[[ "$name" == "cli" ]] && continue # skip cli.js, already uploaded above

	gh release create "${name}-latest" \
	--title "${name} bundle v${{ steps.version.outputs.version }}" \
	--notes "Pre-built ${name} cloud provider bundle.

	Downloaded by \`sh/${name}/*.sh\` shims for \`bash <(curl ...)\` execution.

	Built: $(date -u +%Y-%m-%dT%H:%M:%SZ)" \
	--prerelease 2>/dev/null \|\| true

	gh release upload "${name}-latest" "$bundle" --clobber
	done

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix(local): show security warning for all local agent installations (… #935

Workflow file

fix(local): show security warning for all local agent installations (… #935

Uh oh!

Workflow file for this run