lhumina_code/hero_browser

Fork 0

ci: publish binaries to Releases assets (cluster A canonical-pattern fix) #17

Merged

mik-tf merged 5 commits from development_mik_release_assets into development

2026-05-04 02:11:18 +00:00

mik-tf commented

2026-05-04 02:11:15 +00:00

Owner

Single-squash for the cluster A canonical-pattern fix. See #16 for full pilot context.

Restores parity with hero_proc's build-linux.yaml canonical pattern:

Workflow .forgejo/workflows/build-linux.yaml: adds explicit Create Release + Upload Release Assets steps; replaces broken publish_binaries helper call with inline pkg-registry upload (correct /api/packages/ endpoint, tag-derived version).
scripts/build_lib.sh::setup_linux_toolchain: pre-installs x86_64-unknown-linux-musl target; apt installs jq.

Pilot validated end-to-end with v0.1.4-rc5 — 6 Release assets (3 binaries × amd64/arm64), public no-auth download confirmed, pkg-registry mirror published.

Tracker: hero_demo#54

Signed-off-by: mik-tf

Single-squash for the cluster A canonical-pattern fix. See [#16](https://forge.ourworld.tf/lhumina_code/hero_browser/issues/16) for full pilot context. Restores parity with hero_proc's `build-linux.yaml` canonical pattern: - Workflow `.forgejo/workflows/build-linux.yaml`: adds explicit Create Release + Upload Release Assets steps; replaces broken `publish_binaries` helper call with inline pkg-registry upload (correct `/api/packages/` endpoint, tag-derived version). - `scripts/build_lib.sh::setup_linux_toolchain`: pre-installs `x86_64-unknown-linux-musl` target; apt installs `jq`. Pilot validated end-to-end with `v0.1.4-rc5` — 6 Release assets (3 binaries × amd64/arm64), public no-auth download confirmed, pkg-registry mirror published. Tracker: [hero_demo#54](https://forge.ourworld.tf/lhumina_code/hero_demo/issues/54) Signed-off-by: mik-tf

mik-tf added 5 commits

2026-05-04 02:11:15 +00:00

ci(build-linux): publish to Releases assets + pkg registry, not pkg only

Build Linux / build-linux (linux-amd64, false, x86_64-unknown-linux-musl) (push) Failing after 24s

Details

Build Linux / build-linux (linux-arm64, true, aarch64-unknown-linux-gnu) (push) Failing after 2m54s

Details

edeb5eb068

Add explicit Create Release + Upload Release Assets steps modeled on
hero_proc's canonical pattern. The previous template called only
publish_binaries (Forgejo package registry), which left no Release
artifacts — invisible to svc_install_from_ci, which downloads from
release-assets.

Releases is the canonical Hero binary distribution path
(industry-standard for static-Linux-binary distribution: kubectl, gh,
ripgrep, hugo, terraform all use it; Forgejo Release assets are
public/no-auth, no token needed for VM bootstrap). Package-registry
upload kept as secondary mirror for tfgrid_deploy compatibility.

Phase 2 audit: lhumina_code/hero_demo#54
Issue: #16
Cluster A siblings (same root cause):
  lhumina_code/hero_biz#13
  lhumina_code/hero_books#118
  lhumina_code/hero_foundry#26

Validation: re-tag and confirm Release + assets appear, then
service_proc install --from-ci hero_browser resolves.

Signed-off-by: mik-tf

fix(build_lib): pre-install x86_64-unknown-linux-musl target in setup

Build Linux / build-linux (linux-amd64, false, x86_64-unknown-linux-musl) (push) Failing after 2m18s

Details

Build Linux / build-linux (linux-arm64, true, aarch64-unknown-linux-gnu) (push) Has been cancelled

Details

217fd7a5dc

The despiegk/builder:latest image stopped shipping the musl target
preinstalled at some point. setup_linux_toolchain previously assumed
it was available and skipped rustup target add for the native target,
adding it only for cross-compile targets. This broke tag builds with:

  error[E0463]: can't find crate for `core`
  note: the `x86_64-unknown-linux-musl` target may not be installed

hero_proc/scripts/build_lib.sh has had the explicit rustup target add
x86_64-unknown-linux-musl line for a while; the broken-template variant
(in cluster A/B/D services) lost it. Restored.

Discovered while validating the Release-asset publish path
(lhumina_code/hero_demo#54
 #16).

Same fix needs propagating to hero_biz, hero_books, hero_foundry,
hero_editor (all using the broken-template build_lib.sh).

Signed-off-by: mik-tf

fix(build_lib): apt install jq in setup_linux_toolchain

Build Linux / build-linux (linux-amd64, false, x86_64-unknown-linux-musl) (push) Failing after 3m4s

Details

Build Linux / build-linux (linux-arm64, true, aarch64-unknown-linux-gnu) (push) Failing after 3m53s

Details

929dd2cd55

The new Release-asset workflow steps (Create Release / Upload Release
Assets) parse Forgejo API responses with jq, but the despiegk/builder
image doesn't ship jq preinstalled. setup_linux_toolchain now installs
it alongside musl-tools / pkg-config / build-essential.

Mirrors hero_proc's build-linux.yaml which explicitly does
`apt-get install -y musl-tools pkg-config jq` in its Setup step.

Discovered when v0.1.4-rc2 build succeeded but Create Release step
failed at line 15 with: jq: command not found
(#16).

Same fix needs propagating to hero_biz, hero_books, hero_foundry,
hero_editor (all using the broken-template build_lib.sh).

Signed-off-by: mik-tf

ci(build-linux): export BIN_DIR before publish_binaries

Build Linux / build-linux (linux-amd64, false, x86_64-unknown-linux-musl) (push) Failing after 3m8s

Details

Build Linux / build-linux (linux-arm64, true, aarch64-unknown-linux-gnu) (push) Failing after 3m55s

Details

94570b6a0d

The pkg-registry mirror step calls scripts/build_lib.sh::publish_binaries
which requires BIN_DIR env var. The original broken-template version of
this step didn't set it; calling publish_binaries fails immediately with:
  ERROR: publish_binaries: BIN_DIR environment variable not set

hero_books's workflow has had the inline `export BIN_DIR=...` line for a
while; the broken-template variant lost it (or never had it). Restored.

forge_config call also added for OWNER/SERVER env vars needed by the
package-registry URL construction inside publish_binaries.

Releases assets path (canonical) was already green at v0.1.4-rc3 — this
fix unblocks only the optional pkg-registry mirror.

Discovered when v0.1.4-rc3 published all 3 amd64 binaries to Releases
successfully (https://forge.ourworld.tf/lhumina_code/hero_browser/releases/tag/v0.1.4-rc3)
but failed at the secondary pkg-registry publish step.

Signed-off-by: mik-tf

ci(build-linux): inline pkg-registry upload, match hero_proc pattern

Build Linux / build-linux (linux-amd64, false, x86_64-unknown-linux-musl) (push) Successful in 3m1s

Details

Build Linux / build-linux (linux-arm64, true, aarch64-unknown-linux-gnu) (push) Successful in 3m47s

Details

Test / test (pull_request) Successful in 3m30s

Details

Build and Test / build (pull_request) Successful in 4m43s

Details

ac4b3d81a2

The shared build_lib.sh::publish_binaries helper had multiple drifts
from the canonical hero_proc pattern (BIN_DIR not exported, and the
URL constructs /api/crates/ instead of /api/packages/, which 404s on
Forgejo's generic package registry).

Replaced the broken helper call with an inline upload step copied from
hero_proc/.forgejo/workflows/build-linux.yaml ("Upload to Package
Registry" step, lines 108-135). Uses the correct /api/packages/<owner>/
generic/<project>/<version>/<artifact> URL pattern, strips the leading
"v" from tag refs, falls back to "dev" for workflow_dispatch.

Releases-asset path (canonical) was already green at v0.1.4-rc4. This
fix unblocks only the secondary pkg-registry mirror, completing the
parity with hero_proc's "publish to both" pattern.

Tracker: lhumina_code/hero_demo#54
        #16

Signed-off-by: mik-tf