Tighten Wails release design after self-review
- Fold action.yml into a single composite step so the binary's resolved path is computed in the same shell that just installed it. - Specify shell-style splitting for extra-build-flags. - Spell out auto-detection edge cases for notarization-method. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
parent
39f5bad966
commit
8b812e72a5
|
|
@ -105,9 +105,6 @@ outputs:
|
||||||
runs:
|
runs:
|
||||||
using: composite
|
using: composite
|
||||||
steps:
|
steps:
|
||||||
- shell: bash
|
|
||||||
run: |
|
|
||||||
go install "${{ github.action_repository }}/cmd/wails-release@${{ github.action_ref }}"
|
|
||||||
- shell: bash
|
- shell: bash
|
||||||
env:
|
env:
|
||||||
INPUT_WORKING_DIRECTORY: ${{ inputs.working-directory }}
|
INPUT_WORKING_DIRECTORY: ${{ inputs.working-directory }}
|
||||||
|
|
@ -128,9 +125,15 @@ runs:
|
||||||
INPUT_S3_KEY: ${{ inputs.s3-key }}
|
INPUT_S3_KEY: ${{ inputs.s3-key }}
|
||||||
INPUT_S3_ENDPOINT_URL: ${{ inputs.s3-endpoint-url }}
|
INPUT_S3_ENDPOINT_URL: ${{ inputs.s3-endpoint-url }}
|
||||||
INPUT_S3_REGION: ${{ inputs.s3-region }}
|
INPUT_S3_REGION: ${{ inputs.s3-region }}
|
||||||
run: wails-release
|
run: |
|
||||||
|
go install "${{ github.action_repository }}/cmd/wails-release@${{ github.action_ref }}"
|
||||||
|
"$(go env GOPATH)/bin/wails-release"
|
||||||
```
|
```
|
||||||
|
|
||||||
|
The install and the binary invocation are kept in a single step so we
|
||||||
|
don't depend on `$GOPATH/bin` being on `PATH` between steps. The binary
|
||||||
|
is invoked by absolute path resolved via `go env GOPATH`.
|
||||||
|
|
||||||
### Boundaries
|
### Boundaries
|
||||||
|
|
||||||
Each `internal/*` package owns one phase, exposes a small interface, and
|
Each `internal/*` package owns one phase, exposes a small interface, and
|
||||||
|
|
@ -170,12 +173,30 @@ work as designed.
|
||||||
### Validation rules (config package, before any side effects)
|
### Validation rules (config package, before any side effects)
|
||||||
|
|
||||||
- Both cert inputs must be present.
|
- Both cert inputs must be present.
|
||||||
- Notarization: exactly one credential group must be complete; mixed or
|
- Notarization:
|
||||||
partial groups → fail fast with a message naming the missing fields.
|
- If `notarization-method` is `api-key` or `apple-id`, the named
|
||||||
|
group's fields must all be present; missing fields → error listing
|
||||||
|
them by name.
|
||||||
|
- If `notarization-method` is empty or `auto`, exactly one group must
|
||||||
|
be **fully** populated. Both populated → ambiguity error. Neither
|
||||||
|
populated → missing-credentials error.
|
||||||
- If `s3-bucket` is set, `s3-key` must also be set.
|
- If `s3-bucket` is set, `s3-key` must also be set.
|
||||||
- Resolve `version` early so it is available for `s3-key` substitution and
|
- Resolve `version` early so it is available for `s3-key` substitution and
|
||||||
the artifact filename.
|
the artifact filename.
|
||||||
|
|
||||||
|
### `extra-build-flags` parsing
|
||||||
|
|
||||||
|
The value is split with shell-style word rules (Go's
|
||||||
|
`github.com/google/shlex` or equivalent) so the workflow can write
|
||||||
|
quoted arguments naturally:
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
extra-build-flags: -tags release -ldflags "-X main.commit=$SHA"
|
||||||
|
```
|
||||||
|
|
||||||
|
The split tokens are appended to the `wails build` argv after the
|
||||||
|
action's mandatory flags (`-platform darwin/universal -clean -trimpath`).
|
||||||
|
|
||||||
## Outputs
|
## Outputs
|
||||||
|
|
||||||
| Name | Description |
|
| Name | Description |
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue