diff --git a/.github/workflows/release-auto-tag.yml b/.github/workflows/release-auto-tag.yml index 36b355ce..c0722853 100644 --- a/.github/workflows/release-auto-tag.yml +++ b/.github/workflows/release-auto-tag.yml @@ -6,7 +6,7 @@ name: Release Auto-Tag on: workflow_dispatch: {} schedule: - - cron: "0 3 * * *" # 7 PM PT (03:00 UTC during PDT) + - cron: "0 2 * * *" # 7 PM PDT permissions: contents: write diff --git a/.github/workflows/release-canary.yml b/.github/workflows/release-canary.yml index 9e0108b7..c4627b7e 100644 --- a/.github/workflows/release-canary.yml +++ b/.github/workflows/release-canary.yml @@ -20,6 +20,53 @@ defaults: shell: bash jobs: + # --------------------------------------------------------------------------- + # Verify the default install path (no OPENSHELL_VERSION) resolves to latest + # --------------------------------------------------------------------------- + install-default: + name: Install default (${{ matrix.arch }}) + if: >- + github.event.workflow_run.conclusion == 'success' + && github.event.workflow_run.name == 'Release Tag' + strategy: + fail-fast: false + matrix: + include: + - arch: amd64 + runner: build-amd64 + - arch: arm64 + runner: build-arm64 + runs-on: ${{ matrix.runner }} + timeout-minutes: 10 + container: + image: ghcr.io/nvidia/openshell/ci:latest + credentials: + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + steps: + - name: Install CLI (default / latest) + run: | + set -euo pipefail + curl -LsSf https://raw.githubusercontent.com/NVIDIA/OpenShell/main/install.sh | sh + + - name: Verify CLI installation + run: | + set -euo pipefail + command -v openshell + ACTUAL="$(openshell --version)" + echo "Installed: $ACTUAL" + # This job only runs after Release Tag, so the triggering tag + # should match the latest release the default installer resolves to. + TAG="${{ github.event.workflow_run.head_branch }}" + if [[ "$TAG" =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then + EXPECTED="${TAG#v}" + if [[ "$ACTUAL" != *"$EXPECTED"* ]]; then + echo "::error::Version mismatch: expected '$EXPECTED' in '$ACTUAL'" + exit 1 + fi + echo "Version check passed: found $EXPECTED in output" + fi + canary: name: Canary ${{ matrix.mode }} (${{ matrix.arch }}) if: ${{ github.event_name == 'workflow_dispatch' || github.event.workflow_run.conclusion == 'success' }} @@ -82,14 +129,29 @@ jobs: fi fi - - name: Install CLI from GitHub Release - run: ./install.sh - env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - OPENSHELL_VERSION: ${{ steps.release.outputs.tag }} + - name: Install CLI from published install script + run: | + set -euo pipefail + curl -LsSf https://raw.githubusercontent.com/NVIDIA/OpenShell/main/install.sh | OPENSHELL_VERSION=${{ steps.release.outputs.tag }} OPENSHELL_INSTALL_DIR=/usr/local/bin sh - name: Verify CLI installation - run: openshell --version + run: | + set -euo pipefail + command -v openshell + ACTUAL="$(openshell --version)" + echo "Installed: $ACTUAL" + TAG="${{ steps.release.outputs.tag }}" + # For tagged releases (v1.2.3), verify the semver appears in the version string + if [[ "$TAG" =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then + EXPECTED="${TAG#v}" + if [[ "$ACTUAL" != *"$EXPECTED"* ]]; then + echo "::error::Version mismatch: expected '$EXPECTED' in '$ACTUAL'" + exit 1 + fi + echo "Version check passed: found $EXPECTED in output" + else + echo "Non-release tag ($TAG), skipping version check" + fi - name: Resolve gateway host run: | diff --git a/.github/workflows/release-tag.yml b/.github/workflows/release-tag.yml index e36de607..c0bd5deb 100644 --- a/.github/workflows/release-tag.yml +++ b/.github/workflows/release-tag.yml @@ -364,37 +364,10 @@ jobs: ### Quick install - Requires the [GitHub CLI (`gh`)](https://cli.github.com) to be installed and authenticated. - - ```bash - sh -c 'ARCH=$(uname -m); OS=$(uname -s); \ - case "${OS}-${ARCH}" in \ - Linux-x86_64) ASSET="openshell-x86_64-unknown-linux-musl.tar.gz" ;; \ - Linux-aarch64) ASSET="openshell-aarch64-unknown-linux-musl.tar.gz" ;; \ - Darwin-arm64) ASSET="openshell-aarch64-apple-darwin.tar.gz" ;; \ - *) echo "Unsupported platform: ${OS}-${ARCH}" >&2; exit 1 ;; \ - esac; \ - gh release download ${{ env.RELEASE_TAG }} --repo NVIDIA/OpenShell --pattern "${ASSET}" -O - \ - | tar xz \ - && sudo install -m 755 openshell /usr/local/bin/openshell' - ``` - - ### Docker images - ```bash - docker pull ghcr.io/nvidia/openshell/gateway:${{ needs.compute-versions.outputs.semver }} - docker pull ghcr.io/nvidia/openshell/cluster:${{ needs.compute-versions.outputs.semver }} + curl -LsSf https://raw.githubusercontent.com/NVIDIA/OpenShell/main/install.sh | OPENSHELL_VERSION=${{ env.RELEASE_TAG }} sh ``` - ### Assets - - | File | Platform | - |------|----------| - | `openshell-x86_64-unknown-linux-musl.tar.gz` | Linux x86_64 | - | `openshell-aarch64-unknown-linux-musl.tar.gz` | Linux aarch64 / ARM64 | - | `openshell-aarch64-apple-darwin.tar.gz` | macOS Apple Silicon | - | `openshell-*.whl` | Python wheels | - | `openshell-checksums-sha256.txt` | SHA256 checksums for all archives | files: | release/openshell-x86_64-unknown-linux-musl.tar.gz release/openshell-aarch64-unknown-linux-musl.tar.gz diff --git a/install.sh b/install.sh index aefb4a0d..cf29ba74 100755 --- a/install.sh +++ b/install.sh @@ -61,10 +61,10 @@ EXAMPLES: curl -LsSf https://raw.githubusercontent.com/NVIDIA/OpenShell/main/install.sh | sh # Install a specific version - OPENSHELL_VERSION=v0.0.4 curl -LsSf https://raw.githubusercontent.com/NVIDIA/OpenShell/main/install.sh | sh + curl -LsSf https://raw.githubusercontent.com/NVIDIA/OpenShell/main/install.sh | OPENSHELL_VERSION=v0.0.9 sh # Install to /usr/local/bin - OPENSHELL_INSTALL_DIR=/usr/local/bin curl -LsSf https://raw.githubusercontent.com/NVIDIA/OpenShell/main/install.sh | sh + curl -LsSf https://raw.githubusercontent.com/NVIDIA/OpenShell/main/install.sh | OPENSHELL_INSTALL_DIR=/usr/local/bin sh EOF }