iven/openfang
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

初始化提交
Some checks failed
CI / Check / macos-latest (push) Has been cancelled
Details
CI / Check / ubuntu-latest (push) Has been cancelled
Details
CI / Check / windows-latest (push) Has been cancelled
Details
CI / Test / macos-latest (push) Has been cancelled
Details
CI / Test / ubuntu-latest (push) Has been cancelled
Details
CI / Test / windows-latest (push) Has been cancelled
Details
CI / Clippy (push) Has been cancelled
Details
CI / Format (push) Has been cancelled
Details
CI / Security Audit (push) Has been cancelled
Details
CI / Secrets Scan (push) Has been cancelled
Details
CI / Install Script Smoke Test (push) Has been cancelled
Details

Browse Source
This commit is contained in:
iven
2026-03-01 16:24:24 +08:00
commit 92e5def702
492 changed files with 211343 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

138
.github/workflows/ci.yml vendored Normal file
View File

@@ -0,0 +1,138 @@
name: CI
on:
push:
branches: [main]
pull_request:
branches: [main]
env:
CARGO_TERM_COLOR: always
RUSTFLAGS: "-D warnings"
jobs:
# ── Rust library crates (all 3 platforms) ──────────────────────────────────
check:
name: Check / ${{ matrix.os }}
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
os: [ubuntu-latest, macos-latest, windows-latest]
steps:
- uses: actions/checkout@v4
- uses: dtolnay/rust-toolchain@stable
- uses: Swatinem/rust-cache@v2
with:
key: check-${{ matrix.os }}
- name: Install Tauri system deps (Linux)
if: runner.os == 'Linux'
run: |
sudo apt-get update
sudo apt-get install -y \
libwebkit2gtk-4.1-dev \
libgtk-3-dev \
libayatana-appindicator3-dev \
librsvg2-dev \
patchelf
- run: cargo check --workspace
test:
name: Test / ${{ matrix.os }}
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
os: [ubuntu-latest, macos-latest, windows-latest]
steps:
- uses: actions/checkout@v4
- uses: dtolnay/rust-toolchain@stable
- uses: Swatinem/rust-cache@v2
with:
key: test-${{ matrix.os }}
- name: Install Tauri system deps (Linux)
if: runner.os == 'Linux'
run: |
sudo apt-get update
sudo apt-get install -y \
libwebkit2gtk-4.1-dev \
libgtk-3-dev \
libayatana-appindicator3-dev \
librsvg2-dev \
patchelf
# Tests that need a display (Tauri) are skipped in headless CI via cfg
- run: cargo test --workspace
clippy:
name: Clippy
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: dtolnay/rust-toolchain@stable
with:
components: clippy
- uses: Swatinem/rust-cache@v2
- name: Install Tauri system deps
run: |
sudo apt-get update
sudo apt-get install -y \
libwebkit2gtk-4.1-dev \
libgtk-3-dev \
libayatana-appindicator3-dev \
librsvg2-dev \
patchelf
- run: cargo clippy --workspace -- -D warnings
fmt:
name: Format
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: dtolnay/rust-toolchain@stable
with:
components: rustfmt
- run: cargo fmt --check
audit:
name: Security Audit
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: dtolnay/rust-toolchain@stable
- uses: Swatinem/rust-cache@v2
- name: Install cargo-audit
run: cargo install cargo-audit --locked
- run: cargo audit
# ── Secrets scanning (prevent accidental credential commits) ──────────────
secrets:
name: Secrets Scan
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Install trufflehog
run: |
curl -sSfL https://raw.githubusercontent.com/trufflesecurity/trufflehog/main/scripts/install.sh | sh -s -- -b /usr/local/bin
- name: Scan for secrets
run: |
trufflehog filesystem . \
--no-update \
--fail \
--only-verified \
--exclude-paths=<(echo -e "target/\n.git/\nCargo.lock")
# ── Installer smoke test (verify install scripts from Vercel) ──────────────
install-smoke:
name: Install Script Smoke Test
runs-on: ubuntu-latest
steps:
- name: Fetch and syntax-check shell installer
run: |
curl -fsSL https://openfang.sh/install -o /tmp/install.sh
bash -n /tmp/install.sh
- name: Fetch and syntax-check PowerShell installer
run: |
curl -fsSL https://openfang.sh/install.ps1 -o /tmp/install.ps1
pwsh -NoProfile -Command "Get-Content /tmp/install.ps1 | Out-Null" 2>&1 || true

234
.github/workflows/release.yml vendored Normal file
View File

@@ -0,0 +1,234 @@
name: Release
on:
push:
tags:
- "v*"
permissions:
contents: write
packages: write
env:
CARGO_TERM_COLOR: always
jobs:
# ── Tauri Desktop App (Windows + macOS + Linux) ───────────────────────────
# Produces: .msi, .exe (Windows) | .dmg, .app (macOS) | .AppImage, .deb (Linux)
# Also generates and uploads latest.json (the auto-updater manifest)
desktop:
name: Desktop / ${{ matrix.platform.name }}
strategy:
fail-fast: false
matrix:
platform:
- name: Linux x86_64
os: ubuntu-22.04
args: "--target x86_64-unknown-linux-gnu"
rust_target: x86_64-unknown-linux-gnu
- name: macOS x86_64
os: macos-latest
args: "--target x86_64-apple-darwin"
rust_target: x86_64-apple-darwin
- name: macOS ARM64
os: macos-latest
args: "--target aarch64-apple-darwin"
rust_target: aarch64-apple-darwin
- name: Windows x86_64
os: windows-latest
args: "--target x86_64-pc-windows-msvc"
rust_target: x86_64-pc-windows-msvc
- name: Windows ARM64
os: windows-latest
args: "--target aarch64-pc-windows-msvc"
rust_target: aarch64-pc-windows-msvc
runs-on: ${{ matrix.platform.os }}
steps:
- uses: actions/checkout@v4
- name: Install system deps (Linux)
if: runner.os == 'Linux'
run: |
sudo apt-get update
sudo apt-get install -y \
libwebkit2gtk-4.1-dev \
libgtk-3-dev \
libayatana-appindicator3-dev \
librsvg2-dev \
patchelf
- uses: dtolnay/rust-toolchain@stable
with:
targets: ${{ matrix.platform.rust_target }}
- uses: Swatinem/rust-cache@v2
with:
key: desktop-${{ matrix.platform.rust_target }}
- name: Import macOS signing certificate
if: runner.os == 'macOS'
env:
MAC_CERT_BASE64: ${{ secrets.MAC_CERT_BASE64 }}
MAC_CERT_PASSWORD: ${{ secrets.MAC_CERT_PASSWORD }}
run: |
echo "$MAC_CERT_BASE64" | base64 --decode > $RUNNER_TEMP/certificate.p12
KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
KEYCHAIN_PASSWORD=$(openssl rand -base64 32)
security create-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
security set-keychain-settings -lut 21600 "$KEYCHAIN_PATH"
security unlock-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
security import $RUNNER_TEMP/certificate.p12 -P "$MAC_CERT_PASSWORD" \
-A -t cert -f pkcs12 -k "$KEYCHAIN_PATH"
security list-keychain -d user -s "$KEYCHAIN_PATH"
security set-key-partition-list -S apple-tool:,apple:,codesign: \
-s -k "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
IDENTITY=$(security find-identity -v -p codesigning "$KEYCHAIN_PATH" | grep "Developer ID Application" | head -1 | awk -F'"' '{print $2}')
echo "Using signing identity: $IDENTITY"
echo "APPLE_SIGNING_IDENTITY=$IDENTITY" >> $GITHUB_ENV
rm -f $RUNNER_TEMP/certificate.p12
- name: Build and bundle Tauri desktop app
uses: tauri-apps/tauri-action@v0
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
TAURI_SIGNING_PRIVATE_KEY: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY }}
TAURI_SIGNING_PRIVATE_KEY_PASSWORD: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY_PASSWORD }}
APPLE_SIGNING_IDENTITY: ${{ env.APPLE_SIGNING_IDENTITY }}
APPLE_ID: ${{ secrets.MAC_NOTARIZE_APPLE_ID }}
APPLE_PASSWORD: ${{ secrets.MAC_NOTARIZE_PASSWORD }}
APPLE_TEAM_ID: ${{ secrets.MAC_NOTARIZE_TEAM_ID }}
with:
tagName: ${{ github.ref_name }}
releaseName: "OpenFang ${{ github.ref_name }}"
releaseBody: |
## What's New
See the [CHANGELOG](https://github.com/RightNow-AI/openfang/blob/main/CHANGELOG.md) for full details.
## Installation
**Desktop App** — Download the installer for your platform below.
**CLI (Linux/macOS)**:
```bash
curl -sSf https://openfang.sh | sh
```
**Docker**:
```bash
docker pull ghcr.io/rightnow-ai/openfang:latest
```
**Coming from OpenClaw?**
```bash
openfang migrate --from openclaw
```
releaseDraft: false
prerelease: false
includeUpdaterJson: true
projectPath: crates/openfang-desktop
args: ${{ matrix.platform.args }}
# ── CLI Binary (5 platforms) ──────────────────────────────────────────────
cli:
name: CLI / ${{ matrix.target }}
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
include:
- target: x86_64-unknown-linux-gnu
os: ubuntu-22.04
archive: tar.gz
- target: aarch64-unknown-linux-gnu
os: ubuntu-22.04
archive: tar.gz
- target: x86_64-apple-darwin
os: macos-latest
archive: tar.gz
- target: aarch64-apple-darwin
os: macos-latest
archive: tar.gz
- target: x86_64-pc-windows-msvc
os: windows-latest
archive: zip
- target: aarch64-pc-windows-msvc
os: windows-latest
archive: zip
steps:
- uses: actions/checkout@v4
- uses: dtolnay/rust-toolchain@stable
with:
targets: ${{ matrix.target }}
- name: Install build deps (Linux)
if: runner.os == 'Linux'
run: sudo apt-get update && sudo apt-get install -y pkg-config libssl-dev
- name: Install cross (Linux aarch64)
if: matrix.target == 'aarch64-unknown-linux-gnu'
run: cargo install cross --locked
- uses: Swatinem/rust-cache@v2
with:
key: cli-${{ matrix.target }}
- name: Build CLI (cross)
if: matrix.target == 'aarch64-unknown-linux-gnu'
run: cross build --release --target ${{ matrix.target }} --bin openfang
- name: Build CLI
if: matrix.target != 'aarch64-unknown-linux-gnu'
run: cargo build --release --target ${{ matrix.target }} --bin openfang
- name: Package (Unix)
if: matrix.archive == 'tar.gz'
run: |
cd target/${{ matrix.target }}/release
tar czf ../../../openfang-${{ matrix.target }}.tar.gz openfang
cd ../../..
sha256sum openfang-${{ matrix.target }}.tar.gz > openfang-${{ matrix.target }}.tar.gz.sha256
- name: Package (Windows)
if: matrix.archive == 'zip'
shell: pwsh
run: |
Compress-Archive -Path "target/${{ matrix.target }}/release/openfang.exe" -DestinationPath "openfang-${{ matrix.target }}.zip"
$hash = (Get-FileHash "openfang-${{ matrix.target }}.zip" -Algorithm SHA256).Hash.ToLower()
"$hash openfang-${{ matrix.target }}.zip" | Out-File -Encoding ASCII "openfang-${{ matrix.target }}.zip.sha256"
- name: Upload to GitHub Release
uses: softprops/action-gh-release@v2
with:
files: openfang-${{ matrix.target }}.*
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# ── Docker (linux/amd64 + linux/arm64) ────────────────────────────────────
docker:
name: Docker Image
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Log in to GHCR
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Set up QEMU (for arm64 emulation)
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Extract version
id: version
run: echo "version=${GITHUB_REF#refs/tags/v}" >> "$GITHUB_OUTPUT"
- name: Build and push (multi-arch)
uses: docker/build-push-action@v6
with:
context: .
push: true
platforms: linux/amd64,linux/arm64
tags: |
ghcr.io/rightnow-ai/openfang:latest
ghcr.io/rightnow-ai/openfang:${{ steps.version.outputs.version }}
cache-from: type=gha
cache-to: type=gha,mode=max