auth-runtime/.forgejo/workflows/release.yml

name: Build and Release auth-rt

on:
  push:
    tags:
      - 'v*'

jobs:
  release:
    runs-on: docker
    steps:
      - uses: actions/checkout@v4

      - name: Install Go
        run: |
          curl -fsSL https://go.dev/dl/go1.22.12.linux-amd64.tar.gz | tar -C /usr/local -xz
          echo "/usr/local/go/bin" >> $GITHUB_PATH

      - name: Build all platforms
        run: |
          export PATH="/usr/local/go/bin:$PATH"
          export GOTOOLCHAIN=local
          cd cli
          for pair in darwin/arm64 darwin/amd64 linux/amd64 linux/arm64; do
            os="${pair%/*}"
            arch="${pair#*/}"
            echo "Building auth-rt-${os}-${arch}..."
            GOOS="$os" GOARCH="$arch" CGO_ENABLED=0 go build -ldflags="-s -w" -o "../auth-rt-${os}-${arch}" .
          done
          ls -lh ../auth-rt-*

      - name: Create release and upload binaries
        env:
          TAG: ${{ github.ref_name }}
          FORGEJO_TOKEN: ${{ secrets.FORGEJO_TOKEN }}
          API_URL: ${{ github.server_url }}/api/v1/repos/${{ github.repository }}
        run: |
          json_get() { node -e "process.stdout.write(String(JSON.parse(require('fs').readFileSync('/dev/stdin','utf8')).$1 || ''))"; }

          # Create release
          RELEASE_ID=$(curl -s -X POST "$API_URL/releases" \
            -H "Authorization: token $FORGEJO_TOKEN" \
            -H "Content-Type: application/json" \
            -d "{\"tag_name\":\"$TAG\",\"name\":\"$TAG\",\"body\":\"auth-rt $TAG\"}" \
            | json_get id)

          echo "Created release ID: $RELEASE_ID"

          # Upload each binary
          for f in auth-rt-*; do
            echo "Uploading $f..."
            curl -s -X POST "$API_URL/releases/$RELEASE_ID/assets?name=$f" \
              -H "Authorization: token $FORGEJO_TOKEN" \
              -H "Content-Type: application/octet-stream" \
              --data-binary "@$f"
            echo ""
          done

          # Maintain "latest" release
          LATEST_ID=$(curl -s "$API_URL/releases/tags/latest" \
            -H "Authorization: token $FORGEJO_TOKEN" | json_get id)

          if [ -n "$LATEST_ID" ]; then
            # Delete old assets
            ASSET_IDS=$(curl -s "$API_URL/releases/$LATEST_ID/assets" \
              -H "Authorization: token $FORGEJO_TOKEN" \
              | node -e "JSON.parse(require('fs').readFileSync('/dev/stdin','utf8')).forEach(a=>console.log(a.id))")
            for aid in $ASSET_IDS; do
              curl -s -X DELETE "$API_URL/releases/$LATEST_ID/assets/$aid" \
                -H "Authorization: token $FORGEJO_TOKEN"
            done
            curl -s -X PATCH "$API_URL/releases/$LATEST_ID" \
              -H "Authorization: token $FORGEJO_TOKEN" \
              -H "Content-Type: application/json" \
              -d "{\"body\":\"auth-rt latest (from $TAG)\"}"
          else
            LATEST_ID=$(curl -s -X POST "$API_URL/releases" \
              -H "Authorization: token $FORGEJO_TOKEN" \
              -H "Content-Type: application/json" \
              -d '{"tag_name":"latest","name":"latest","body":"auth-rt latest","prerelease":true}' \
              | json_get id)
          fi

          for f in auth-rt-*; do
            curl -s -X POST "$API_URL/releases/$LATEST_ID/assets?name=$f" \
              -H "Authorization: token $FORGEJO_TOKEN" \
              -H "Content-Type: application/octet-stream" \
              --data-binary "@$f"
          done

          echo "Done. Release $TAG + latest updated."
feat: Go 重写 auth-rt CLI，真正的零依赖二进制 - cli/ 目录：完整的 Go 实现（env/cache/auth/http/retry） - install.sh：支持本地编译和 --download 从 release 下载 - .forgejo/workflows/release.yml：CI 交叉编译 darwin/linux × amd64/arm64 - auth-cli.ts：改为调用 auth-rt 二进制（不再需要 bun/node） - 分发策略：skill install.sh 优先从 release 下载，失败则 clone + go build Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-03-20 12:51:45 +00:00			`name: Build and Release auth-rt`

			`on:`
			`push:`
			`tags:`
			`- 'v*'`

			`jobs:`
fix: CI 改用 Forgejo API 上传 release（不依赖 upload-artifact） Forgejo 不支持 actions/upload-artifact@v4，改为单 job 交叉编译 + curl 调用 Forgejo release API 上传二进制。同时维护 latest release 供 install.sh --download 使用。 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-03-20 13:03:32 +00:00			`release:`
feat: Go 重写 auth-rt CLI，真正的零依赖二进制 - cli/ 目录：完整的 Go 实现（env/cache/auth/http/retry） - install.sh：支持本地编译和 --download 从 release 下载 - .forgejo/workflows/release.yml：CI 交叉编译 darwin/linux × amd64/arm64 - auth-cli.ts：改为调用 auth-rt 二进制（不再需要 bun/node） - 分发策略：skill install.sh 优先从 release 下载，失败则 clone + go build Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-03-20 12:51:45 +00:00			`runs-on: docker`
			`steps:`
			`- uses: actions/checkout@v4`

fix: CI 去掉 golang container，在 node:20-bookworm 里直接装 Go 避免拉 golang 镜像的网络延迟，直接下载 Go tarball 编译。 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-03-20 13:17:45 +00:00			`- name: Install Go`
			`run: \|`
			`curl -fsSL https://go.dev/dl/go1.22.12.linux-amd64.tar.gz \| tar -C /usr/local -xz`
			`echo "/usr/local/go/bin" >> $GITHUB_PATH`

fix: CI 改用 Forgejo API 上传 release（不依赖 upload-artifact） Forgejo 不支持 actions/upload-artifact@v4，改为单 job 交叉编译 + curl 调用 Forgejo release API 上传二进制。同时维护 latest release 供 install.sh --download 使用。 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-03-20 13:03:32 +00:00			`- name: Build all platforms`
			`run: \|`
fix: CI 去掉 golang container，在 node:20-bookworm 里直接装 Go 避免拉 golang 镜像的网络延迟，直接下载 Go tarball 编译。 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-03-20 13:17:45 +00:00			`export PATH="/usr/local/go/bin:$PATH"`
fix: go.mod 降级到 1.22，CI 加 GOTOOLCHAIN=local 避免 CI 里 Go 1.22 尝试下载 1.25.7 toolchain。 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-03-20 13:24:22 +00:00			`export GOTOOLCHAIN=local`
fix: CI 改用 Forgejo API 上传 release（不依赖 upload-artifact） Forgejo 不支持 actions/upload-artifact@v4，改为单 job 交叉编译 + curl 调用 Forgejo release API 上传二进制。同时维护 latest release 供 install.sh --download 使用。 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-03-20 13:03:32 +00:00			`cd cli`
			`for pair in darwin/arm64 darwin/amd64 linux/amd64 linux/arm64; do`
			`os="${pair%/*}"`
			`arch="${pair#*/}"`
			`echo "Building auth-rt-${os}-${arch}..."`
fix: CI 去掉 golang container，在 node:20-bookworm 里直接装 Go 避免拉 golang 镜像的网络延迟，直接下载 Go tarball 编译。 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-03-20 13:17:45 +00:00			`GOOS="$os" GOARCH="$arch" CGO_ENABLED=0 go build -ldflags="-s -w" -o "../auth-rt-${os}-${arch}" .`
fix: CI 改用 Forgejo API 上传 release（不依赖 upload-artifact） Forgejo 不支持 actions/upload-artifact@v4，改为单 job 交叉编译 + curl 调用 Forgejo release API 上传二进制。同时维护 latest release 供 install.sh --download 使用。 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-03-20 13:03:32 +00:00			`done`
			`ls -lh ../auth-rt-*`
feat: Go 重写 auth-rt CLI，真正的零依赖二进制 - cli/ 目录：完整的 Go 实现（env/cache/auth/http/retry） - install.sh：支持本地编译和 --download 从 release 下载 - .forgejo/workflows/release.yml：CI 交叉编译 darwin/linux × amd64/arm64 - auth-cli.ts：改为调用 auth-rt 二进制（不再需要 bun/node） - 分发策略：skill install.sh 优先从 release 下载，失败则 clone + go build Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-03-20 12:51:45 +00:00
fix: CI 改用 Forgejo API 上传 release（不依赖 upload-artifact） Forgejo 不支持 actions/upload-artifact@v4，改为单 job 交叉编译 + curl 调用 Forgejo release API 上传二进制。同时维护 latest release 供 install.sh --download 使用。 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-03-20 13:03:32 +00:00			`- name: Create release and upload binaries`
feat: Go 重写 auth-rt CLI，真正的零依赖二进制 - cli/ 目录：完整的 Go 实现（env/cache/auth/http/retry） - install.sh：支持本地编译和 --download 从 release 下载 - .forgejo/workflows/release.yml：CI 交叉编译 darwin/linux × amd64/arm64 - auth-cli.ts：改为调用 auth-rt 二进制（不再需要 bun/node） - 分发策略：skill install.sh 优先从 release 下载，失败则 clone + go build Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-03-20 12:51:45 +00:00			`env:`
fix: CI 改用 Forgejo API 上传 release（不依赖 upload-artifact） Forgejo 不支持 actions/upload-artifact@v4，改为单 job 交叉编译 + curl 调用 Forgejo release API 上传二进制。同时维护 latest release 供 install.sh --download 使用。 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-03-20 13:03:32 +00:00			`TAG: ${{ github.ref_name }}`
			`FORGEJO_TOKEN: ${{ secrets.FORGEJO_TOKEN }}`
			`API_URL: ${{ github.server_url }}/api/v1/repos/${{ github.repository }}`
feat: Go 重写 auth-rt CLI，真正的零依赖二进制 - cli/ 目录：完整的 Go 实现（env/cache/auth/http/retry） - install.sh：支持本地编译和 --download 从 release 下载 - .forgejo/workflows/release.yml：CI 交叉编译 darwin/linux × amd64/arm64 - auth-cli.ts：改为调用 auth-rt 二进制（不再需要 bun/node） - 分发策略：skill install.sh 优先从 release 下载，失败则 clone + go build Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-03-20 12:51:45 +00:00			`run: \|`
fix: CI 用 node 替代 jq 解析 JSON node:20-bookworm 没有 jq，改用 node -e 解析 API 响应。 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-03-20 13:21:42 +00:00			`json_get() { node -e "process.stdout.write(String(JSON.parse(require('fs').readFileSync('/dev/stdin','utf8')).$1 \|\| ''))"; }`

fix: CI 改用 Forgejo API 上传 release（不依赖 upload-artifact） Forgejo 不支持 actions/upload-artifact@v4，改为单 job 交叉编译 + curl 调用 Forgejo release API 上传二进制。同时维护 latest release 供 install.sh --download 使用。 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-03-20 13:03:32 +00:00			`# Create release`
			`RELEASE_ID=$(curl -s -X POST "$API_URL/releases" \`
			`-H "Authorization: token $FORGEJO_TOKEN" \`
			`-H "Content-Type: application/json" \`
			`-d "{\"tag_name\":\"$TAG\",\"name\":\"$TAG\",\"body\":\"auth-rt $TAG\"}" \`
fix: CI 用 node 替代 jq 解析 JSON node:20-bookworm 没有 jq，改用 node -e 解析 API 响应。 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-03-20 13:21:42 +00:00			`\| json_get id)`
feat: Go 重写 auth-rt CLI，真正的零依赖二进制 - cli/ 目录：完整的 Go 实现（env/cache/auth/http/retry） - install.sh：支持本地编译和 --download 从 release 下载 - .forgejo/workflows/release.yml：CI 交叉编译 darwin/linux × amd64/arm64 - auth-cli.ts：改为调用 auth-rt 二进制（不再需要 bun/node） - 分发策略：skill install.sh 优先从 release 下载，失败则 clone + go build Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-03-20 12:51:45 +00:00
fix: CI 改用 Forgejo API 上传 release（不依赖 upload-artifact） Forgejo 不支持 actions/upload-artifact@v4，改为单 job 交叉编译 + curl 调用 Forgejo release API 上传二进制。同时维护 latest release 供 install.sh --download 使用。 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-03-20 13:03:32 +00:00			`echo "Created release ID: $RELEASE_ID"`
feat: Go 重写 auth-rt CLI，真正的零依赖二进制 - cli/ 目录：完整的 Go 实现（env/cache/auth/http/retry） - install.sh：支持本地编译和 --download 从 release 下载 - .forgejo/workflows/release.yml：CI 交叉编译 darwin/linux × amd64/arm64 - auth-cli.ts：改为调用 auth-rt 二进制（不再需要 bun/node） - 分发策略：skill install.sh 优先从 release 下载，失败则 clone + go build Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-03-20 12:51:45 +00:00
fix: CI 改用 Forgejo API 上传 release（不依赖 upload-artifact） Forgejo 不支持 actions/upload-artifact@v4，改为单 job 交叉编译 + curl 调用 Forgejo release API 上传二进制。同时维护 latest release 供 install.sh --download 使用。 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-03-20 13:03:32 +00:00			`# Upload each binary`
			`for f in auth-rt-*; do`
			`echo "Uploading $f..."`
			`curl -s -X POST "$API_URL/releases/$RELEASE_ID/assets?name=$f" \`
			`-H "Authorization: token $FORGEJO_TOKEN" \`
			`-H "Content-Type: application/octet-stream" \`
			`--data-binary "@$f"`
			`echo ""`
			`done`
feat: Go 重写 auth-rt CLI，真正的零依赖二进制 - cli/ 目录：完整的 Go 实现（env/cache/auth/http/retry） - install.sh：支持本地编译和 --download 从 release 下载 - .forgejo/workflows/release.yml：CI 交叉编译 darwin/linux × amd64/arm64 - auth-cli.ts：改为调用 auth-rt 二进制（不再需要 bun/node） - 分发策略：skill install.sh 优先从 release 下载，失败则 clone + go build Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-03-20 12:51:45 +00:00
fix: CI 去掉 golang container，在 node:20-bookworm 里直接装 Go 避免拉 golang 镜像的网络延迟，直接下载 Go tarball 编译。 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-03-20 13:17:45 +00:00			`# Maintain "latest" release`
fix: CI 改用 Forgejo API 上传 release（不依赖 upload-artifact） Forgejo 不支持 actions/upload-artifact@v4，改为单 job 交叉编译 + curl 调用 Forgejo release API 上传二进制。同时维护 latest release 供 install.sh --download 使用。 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-03-20 13:03:32 +00:00			`LATEST_ID=$(curl -s "$API_URL/releases/tags/latest" \`
fix: CI 用 node 替代 jq 解析 JSON node:20-bookworm 没有 jq，改用 node -e 解析 API 响应。 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-03-20 13:21:42 +00:00			`-H "Authorization: token $FORGEJO_TOKEN" \| json_get id)`
fix: CI 改用 Forgejo API 上传 release（不依赖 upload-artifact） Forgejo 不支持 actions/upload-artifact@v4，改为单 job 交叉编译 + curl 调用 Forgejo release API 上传二进制。同时维护 latest release 供 install.sh --download 使用。 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-03-20 13:03:32 +00:00
			`if [ -n "$LATEST_ID" ]; then`
			`# Delete old assets`
fix: CI 用 node 替代 jq 解析 JSON node:20-bookworm 没有 jq，改用 node -e 解析 API 响应。 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-03-20 13:21:42 +00:00			`ASSET_IDS=$(curl -s "$API_URL/releases/$LATEST_ID/assets" \`
			`-H "Authorization: token $FORGEJO_TOKEN" \`
			`\| node -e "JSON.parse(require('fs').readFileSync('/dev/stdin','utf8')).forEach(a=>console.log(a.id))")`
			`for aid in $ASSET_IDS; do`
fix: CI 改用 Forgejo API 上传 release（不依赖 upload-artifact） Forgejo 不支持 actions/upload-artifact@v4，改为单 job 交叉编译 + curl 调用 Forgejo release API 上传二进制。同时维护 latest release 供 install.sh --download 使用。 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-03-20 13:03:32 +00:00			`curl -s -X DELETE "$API_URL/releases/$LATEST_ID/assets/$aid" \`
			`-H "Authorization: token $FORGEJO_TOKEN"`
			`done`
			`curl -s -X PATCH "$API_URL/releases/$LATEST_ID" \`
			`-H "Authorization: token $FORGEJO_TOKEN" \`
			`-H "Content-Type: application/json" \`
			`-d "{\"body\":\"auth-rt latest (from $TAG)\"}"`
			`else`
			`LATEST_ID=$(curl -s -X POST "$API_URL/releases" \`
			`-H "Authorization: token $FORGEJO_TOKEN" \`
			`-H "Content-Type: application/json" \`
			`-d '{"tag_name":"latest","name":"latest","body":"auth-rt latest","prerelease":true}' \`
fix: CI 用 node 替代 jq 解析 JSON node:20-bookworm 没有 jq，改用 node -e 解析 API 响应。 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-03-20 13:21:42 +00:00			`\| json_get id)`
fix: CI 改用 Forgejo API 上传 release（不依赖 upload-artifact） Forgejo 不支持 actions/upload-artifact@v4，改为单 job 交叉编译 + curl 调用 Forgejo release API 上传二进制。同时维护 latest release 供 install.sh --download 使用。 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-03-20 13:03:32 +00:00			`fi`

feat: Go 重写 auth-rt CLI，真正的零依赖二进制 - cli/ 目录：完整的 Go 实现（env/cache/auth/http/retry） - install.sh：支持本地编译和 --download 从 release 下载 - .forgejo/workflows/release.yml：CI 交叉编译 darwin/linux × amd64/arm64 - auth-cli.ts：改为调用 auth-rt 二进制（不再需要 bun/node） - 分发策略：skill install.sh 优先从 release 下载，失败则 clone + go build Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-03-20 12:51:45 +00:00			`for f in auth-rt-*; do`
fix: CI 改用 Forgejo API 上传 release（不依赖 upload-artifact） Forgejo 不支持 actions/upload-artifact@v4，改为单 job 交叉编译 + curl 调用 Forgejo release API 上传二进制。同时维护 latest release 供 install.sh --download 使用。 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-03-20 13:03:32 +00:00			`curl -s -X POST "$API_URL/releases/$LATEST_ID/assets?name=$f" \`
			`-H "Authorization: token $FORGEJO_TOKEN" \`
			`-H "Content-Type: application/octet-stream" \`
			`--data-binary "@$f"`
feat: Go 重写 auth-rt CLI，真正的零依赖二进制 - cli/ 目录：完整的 Go 实现（env/cache/auth/http/retry） - install.sh：支持本地编译和 --download 从 release 下载 - .forgejo/workflows/release.yml：CI 交叉编译 darwin/linux × amd64/arm64 - auth-cli.ts：改为调用 auth-rt 二进制（不再需要 bun/node） - 分发策略：skill install.sh 优先从 release 下载，失败则 clone + go build Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-03-20 12:51:45 +00:00			`done`
fix: CI 改用 Forgejo API 上传 release（不依赖 upload-artifact） Forgejo 不支持 actions/upload-artifact@v4，改为单 job 交叉编译 + curl 调用 Forgejo release API 上传二进制。同时维护 latest release 供 install.sh --download 使用。 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-03-20 13:03:32 +00:00
			`echo "Done. Release $TAG + latest updated."`