Fix uninstall script to hardcode extension ID #77
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: [main, dev] | |
| tags: [v*] | |
| pull_request: | |
| branches: [main] | |
| workflow_dispatch: | |
| inputs: | |
| dry_run: | |
| description: Dry run (skip GitHub release and marketplace publish) | |
| type: boolean | |
| default: true | |
| jobs: | |
| test: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - uses: actions/setup-node@v6 | |
| with: | |
| node-version: 24 | |
| - run: sudo apt-get install -y git-crypt | |
| - run: npm ci | |
| - run: npm run build | |
| - run: npm test | |
| build-git-crypt: | |
| if: startsWith(github.ref, 'refs/tags/v') || github.event_name == 'workflow_dispatch' | |
| strategy: | |
| matrix: | |
| include: | |
| - target: darwin | |
| os: macos-15 | |
| - target: linux-x64 | |
| os: ubuntu-latest | |
| platform: linux/amd64 | |
| - target: linux-arm64 | |
| os: ubuntu-latest | |
| platform: linux/arm64 | |
| runs-on: ${{ matrix.os }} | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Read git-crypt version | |
| id: version | |
| run: | | |
| echo "version=$(sed -n '1p' git-crypt-version.txt)" >> "$GITHUB_OUTPUT" | |
| echo "checksum=$(sed -n '2p' git-crypt-version.txt)" >> "$GITHUB_OUTPUT" | |
| - name: Download and verify git-crypt source | |
| run: | | |
| curl -fsSL "https://github.com/AGWA/git-crypt/archive/${{ steps.version.outputs.version }}.tar.gz" -o git-crypt-src.tar.gz | |
| echo "${{ steps.version.outputs.checksum }} git-crypt-src.tar.gz" | shasum -a 256 -c | |
| tar xzf git-crypt-src.tar.gz | |
| - name: Build (macOS) | |
| if: runner.os == 'macOS' | |
| run: | | |
| brew install openssl@3 | |
| OPENSSL_DIR="$(brew --prefix openssl@3)" | |
| cd "git-crypt-${{ steps.version.outputs.version }}" | |
| # Makefile uses LDFLAGS += -lcrypto (not overridable via command line). | |
| # Patch to link the static archive directly instead. | |
| sed -i '' "s|-lcrypto|${OPENSSL_DIR}/lib/libcrypto.a|" Makefile | |
| make CXXFLAGS="-O2 -Wall -I${OPENSSL_DIR}/include" | |
| strip git-crypt | |
| mkdir -p ../bin | |
| cp git-crypt ../bin/ | |
| - name: Set up QEMU | |
| if: matrix.platform == 'linux/arm64' | |
| uses: docker/setup-qemu-action@v4 | |
| - name: Build (Linux static) | |
| if: runner.os == 'Linux' | |
| run: | | |
| docker run --rm --platform "${{ matrix.platform }}" \ | |
| -v "$PWD:/build" -w /build alpine sh -c " | |
| apk add g++ make musl-dev openssl-dev openssl-libs-static file && | |
| cd git-crypt-${{ steps.version.outputs.version }} && | |
| sed -i 's|-lcrypto|/usr/lib/libcrypto.a|' Makefile && | |
| LDFLAGS='-static' make && | |
| strip git-crypt && | |
| ./git-crypt --version && | |
| file git-crypt && | |
| mkdir -p ../bin && | |
| cp git-crypt ../bin/ | |
| " | |
| - name: Smoke test | |
| if: runner.os == 'macOS' | |
| run: | | |
| ./bin/git-crypt --version | |
| file ./bin/git-crypt | |
| - uses: actions/upload-artifact@v7 | |
| with: | |
| name: git-crypt-${{ matrix.target }} | |
| path: bin/git-crypt | |
| publish: | |
| needs: [test, build-git-crypt] | |
| if: startsWith(github.ref, 'refs/tags/v') || github.event_name == 'workflow_dispatch' | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| steps: | |
| - uses: actions/checkout@v6 | |
| with: | |
| fetch-depth: 0 | |
| - name: Verify tag is on main | |
| if: startsWith(github.ref, 'refs/tags/v') | |
| run: | | |
| if ! git branch -r --contains "$GITHUB_SHA" | grep -q 'origin/main'; then | |
| echo "Error: tag $GITHUB_REF_NAME is not on the main branch" | |
| exit 1 | |
| fi | |
| - uses: actions/setup-node@v6 | |
| with: | |
| node-version: 24 | |
| - run: npm ci | |
| - name: Verify tag matches package.json version | |
| if: startsWith(github.ref, 'refs/tags/v') | |
| run: | | |
| PKG_VERSION="v$(node -p 'require("./package.json").version')" | |
| if [ "$PKG_VERSION" != "$GITHUB_REF_NAME" ]; then | |
| echo "Error: tag $GITHUB_REF_NAME does not match package.json version $PKG_VERSION" | |
| exit 1 | |
| fi | |
| - uses: actions/download-artifact@v8 | |
| with: | |
| pattern: git-crypt-* | |
| path: artifacts/ | |
| - name: Package platform-specific VSIX files | |
| run: | | |
| for target in darwin-arm64 darwin-x64 linux-x64 linux-arm64; do | |
| mkdir -p bin | |
| # Both darwin targets use the same arm64 binary (Rosetta handles x64) | |
| case "$target" in | |
| darwin-*) ARTIFACT="darwin" ;; | |
| *) ARTIFACT="$target" ;; | |
| esac | |
| cp "artifacts/git-crypt-${ARTIFACT}/git-crypt" bin/git-crypt | |
| chmod +x bin/git-crypt | |
| npm run package -- --target "$target" | |
| rm -rf bin | |
| done | |
| - name: Package universal VSIX (no bundled binary) | |
| run: npm run package | |
| - name: Verify VSIX contents | |
| run: | | |
| for f in git-crypt-vscode-*-*.vsix; do | |
| echo "=== $f ===" | |
| unzip -l "$f" | grep -q 'bin/git-crypt' || { echo "FAIL: bin/git-crypt missing from $f"; exit 1; } | |
| done | |
| echo "=== universal ===" | |
| UNIVERSAL=$(ls git-crypt-vscode-*.vsix | grep -v -- '-darwin\|-linux') | |
| if unzip -l "$UNIVERSAL" | grep -q 'bin/git-crypt'; then | |
| echo "FAIL: bin/git-crypt should not be in universal $UNIVERSAL" | |
| exit 1 | |
| fi | |
| echo "All VSIX contents verified" | |
| - name: Create or update GitHub release | |
| if: startsWith(github.ref, 'refs/tags/v') && !inputs.dry_run | |
| run: | | |
| gh release create "$GITHUB_REF_NAME" git-crypt-vscode-*.vsix --title "$GITHUB_REF_NAME" --generate-notes || | |
| gh release upload "$GITHUB_REF_NAME" git-crypt-vscode-*.vsix --clobber | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Publish to marketplace | |
| if: ${{ !inputs.dry_run && (startsWith(github.ref, 'refs/tags/v') || github.ref == 'refs/heads/main') }} | |
| run: npm run publish -- --packagePath git-crypt-vscode-*.vsix | |
| env: | |
| VSCE_PAT: ${{ secrets.VSCE_PAT }} |