fix(agent): detect feature flags product across tool-name variants (#… #557

Workflow file for this run

.github/workflows/code-release.yml at 7a4f19a

	name: Release PostHog Code

	on:
	push:
	tags:
	- "v*"

	concurrency:
	group: code-release
	cancel-in-progress: false

	jobs:
	publish-macos:
	strategy:
	fail-fast: false
	matrix:
	include:
	- arch: arm64
	runner: macos-15
	- arch: x64
	runner: macos-15-intel
	runs-on: ${{ matrix.runner }}
	permissions:
	id-token: write
	contents: write
	env:
	NODE_OPTIONS: "--max-old-space-size=8192"
	NODE_ENV: production
	npm_config_arch: ${{ matrix.arch }}
	npm_config_platform: darwin
	VITE_POSTHOG_API_KEY: ${{ secrets.VITE_POSTHOG_API_KEY }}
	VITE_POSTHOG_API_HOST: ${{ secrets.VITE_POSTHOG_API_HOST }}
	POSTHOG_SOURCEMAP_API_KEY: ${{ secrets.POSTHOG_SOURCEMAP_API_KEY }}
	POSTHOG_ENV_ID: ${{ secrets.POSTHOG_ENV_ID }}
	POSTHOG_HOST: ${{ secrets.POSTHOG_HOST }}
	APPLE_CODESIGN_IDENTITY: ${{ secrets.APPLE_CODESIGN_IDENTITY }}
	APPLE_ID: ${{ secrets.APPLE_ID }}
	APPLE_APP_SPECIFIC_PASSWORD: ${{ secrets.APPLE_APP_SPECIFIC_PASSWORD }}
	APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
	APPLE_CODESIGN_CERT_BASE64: ${{ secrets.APPLE_CODESIGN_CERT_BASE64 }}
	APPLE_CODESIGN_CERT_PASSWORD: ${{ secrets.APPLE_CODESIGN_CERT_PASSWORD }}
	APPLE_CODESIGN_KEYCHAIN_PASSWORD: ${{ secrets.APPLE_CODESIGN_KEYCHAIN_PASSWORD }}
	steps:
	- name: Get app token
	id: app-token
	uses: getsentry/action-github-app-token@d4b5da6c5e37703f8c3b3e43abb5705b46e159cc # v3.0.0
	with:
	app_id: ${{ secrets.GH_APP_ARRAY_RELEASER_APP_ID }}
	private_key: ${{ secrets.GH_APP_ARRAY_RELEASER_PRIVATE_KEY }}

	- name: Checkout
	uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
	with:
	fetch-depth: 0
	token: ${{ steps.app-token.outputs.token }}
	persist-credentials: false

	- name: Setup pnpm
	uses: pnpm/action-setup@b906affcce14559ad1aafd4ab0e942779e9f58b1 # v4.3.0

	- name: Setup Node.js
	uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
	with:
	node-version: 22
	cache: "pnpm"

	- name: Extract version from tag
	id: version
	run: \|
	TAG_VERSION="${GITHUB_REF#refs/tags/v}"
	echo "Version: $TAG_VERSION"
	echo "version=$TAG_VERSION" >> "$GITHUB_OUTPUT"

	- name: Set version in package.json
	env:
	APP_VERSION: ${{ steps.version.outputs.version }}
	run: \|
	jq --arg v "$APP_VERSION" '.version = $v' apps/code/package.json > tmp.json && mv tmp.json apps/code/package.json
	echo "Set apps/code/package.json version to $APP_VERSION"

	- name: Install dependencies
	run: pnpm install --frozen-lockfile

	- name: Configure AWS credentials
	uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a # v4.3.1
	with:
	role-to-assume: ${{ secrets.AWS_TWIG_APP_ASSETS_ROLE_ARN }}
	aws-region: ${{ secrets.AWS_TWIG_APP_ASSETS_REGION }}
	mask-aws-account-id: true
	unset-current-credentials: true

	- name: Download BerkeleyMono fonts from S3
	run: aws s3 cp s3://${{ secrets.AWS_TWIG_APP_ASSETS_BUCKET }}/fonts/BerkeleyMono/ apps/code/assets/fonts/BerkeleyMono/ --recursive

	- name: Build electron-trpc package
	run: pnpm --filter @posthog/electron-trpc run build

	- name: Build platform package
	run: pnpm --filter @posthog/platform run build

	- name: Build shared package
	run: pnpm --filter @posthog/shared run build

	- name: Build git package
	run: pnpm --filter @posthog/git run build

	- name: Build enricher package
	run: pnpm --filter @posthog/enricher run build

	- name: Build agent package
	run: pnpm --filter @posthog/agent run build

	- name: Import code signing certificate
	if: env.APPLE_CODESIGN_IDENTITY != ''
	env:
	CERT_BASE64: ${{ env.APPLE_CODESIGN_CERT_BASE64 }}
	CERT_PASSWORD: ${{ env.APPLE_CODESIGN_CERT_PASSWORD }}
	KEYCHAIN_PASSWORD: ${{ env.APPLE_CODESIGN_KEYCHAIN_PASSWORD }}
	run: \|
	if [ -z "$CERT_BASE64" ] \|\| [ -z "$CERT_PASSWORD" ] \|\| [ -z "$KEYCHAIN_PASSWORD" ]; then
	echo "Missing code signing certificate secrets"
	exit 1
	fi
	KEYCHAIN="$RUNNER_TEMP/codesign.keychain-db"
	echo "$CERT_BASE64" \| base64 --decode > "$RUNNER_TEMP/certificate.p12"
	security create-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN"
	security set-keychain-settings -lut 21600 "$KEYCHAIN"
	security unlock-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN"
	security import "$RUNNER_TEMP/certificate.p12" -k "$KEYCHAIN" -P "$CERT_PASSWORD" -T /usr/bin/codesign -T /usr/bin/security
	security list-keychains -d user -s "$KEYCHAIN" $(security list-keychains -d user \| tr -d '"')
	security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$KEYCHAIN_PASSWORD" "$KEYCHAIN"
	rm "$RUNNER_TEMP/certificate.p12"

	- name: Build native modules
	run: pnpm --filter code run build-native

	- name: Build release artifacts
	env:
	APP_VERSION: ${{ steps.version.outputs.version }}
	GITHUB_TOKEN: ${{ steps.app-token.outputs.token }}
	run: pnpm --filter code exec electron-forge publish --dry-run --arch=${{ matrix.arch }} --platform=darwin

	- name: Install Playwright
	run: pnpm --filter code exec playwright install

	- name: Smoke test packaged app
	env:
	CI: true
	E2E_APP_ARCH: ${{ matrix.arch }}
	run: pnpm --filter code exec playwright test --config=tests/e2e/playwright.config.ts tests/e2e/tests/smoke.spec.ts

	- name: Upload Playwright report
	uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
	if: failure()
	with:
	name: release-playwright-report-macos-${{ matrix.arch }}
	path: apps/code/playwright-report/
	retention-days: 7

	- name: Publish release artifacts
	env:
	APP_VERSION: ${{ steps.version.outputs.version }}
	GITHUB_TOKEN: ${{ steps.app-token.outputs.token }}
	run: pnpm --filter code exec electron-forge publish --from-dry-run

	publish-windows:
	runs-on: windows-latest
	permissions:
	id-token: write
	contents: write
	env:
	NODE_OPTIONS: "--max-old-space-size=8192"
	NODE_ENV: production
	VITE_POSTHOG_API_KEY: ${{ secrets.VITE_POSTHOG_API_KEY }}
	VITE_POSTHOG_API_HOST: ${{ secrets.VITE_POSTHOG_API_HOST }}
	steps:
	- name: Get app token
	id: app-token
	uses: getsentry/action-github-app-token@d4b5da6c5e37703f8c3b3e43abb5705b46e159cc # v3.0.0
	with:
	app_id: ${{ secrets.GH_APP_ARRAY_RELEASER_APP_ID }}
	private_key: ${{ secrets.GH_APP_ARRAY_RELEASER_PRIVATE_KEY }}

	- name: Checkout
	uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
	with:
	fetch-depth: 0
	token: ${{ steps.app-token.outputs.token }}
	persist-credentials: false

	- name: Setup pnpm
	uses: pnpm/action-setup@b906affcce14559ad1aafd4ab0e942779e9f58b1 # v4.3.0

	- name: Setup Node.js
	uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
	with:
	node-version: 22
	cache: "pnpm"

	- name: Extract version from tag
	id: version
	shell: pwsh
	env:
	GITHUB_REF: ${{ github.ref }}
	run: \|
	$tagVersion = "$env:GITHUB_REF" -replace "refs/tags/v", ""
	echo "Version: $tagVersion"
	echo "version=$tagVersion" >> $env:GITHUB_OUTPUT

	- name: Set version in package.json
	shell: pwsh
	env:
	APP_VERSION: ${{ steps.version.outputs.version }}
	run: \|
	$pkg = Get-Content apps/code/package.json -Raw \| ConvertFrom-Json
	$pkg.version = "$env:APP_VERSION"
	$pkg \| ConvertTo-Json -Depth 10 \| Set-Content apps/code/package.json
	echo "Set apps/code/package.json version to $env:APP_VERSION"

	- name: Install dependencies
	run: pnpm install --frozen-lockfile

	- name: Build electron-trpc package
	run: pnpm --filter @posthog/electron-trpc run build

	- name: Build platform package
	run: pnpm --filter @posthog/platform run build

	- name: Build shared package
	run: pnpm --filter @posthog/shared run build

	- name: Build git package
	run: pnpm --filter @posthog/git run build

	- name: Build enricher package
	run: pnpm --filter @posthog/enricher run build

	- name: Build agent package
	run: pnpm --filter @posthog/agent run build

	- name: Publish with Electron Forge
	env:
	APP_VERSION: ${{ steps.version.outputs.version }}
	GITHUB_TOKEN: ${{ steps.app-token.outputs.token }}
	run: pnpm --filter code run publish

	publish-linux:
	strategy:
	fail-fast: false
	matrix:
	runner: [ubuntu-24.04, ubuntu-24.04-arm]
	runs-on: ${{ matrix.runner }}
	permissions:
	id-token: write
	contents: write
	env:
	NODE_OPTIONS: "--max-old-space-size=8192"
	NODE_ENV: production
	VITE_POSTHOG_API_KEY: ${{ secrets.VITE_POSTHOG_API_KEY }}
	VITE_POSTHOG_API_HOST: ${{ secrets.VITE_POSTHOG_API_HOST }}
	steps:
	- name: Get app token
	id: app-token
	uses: getsentry/action-github-app-token@d4b5da6c5e37703f8c3b3e43abb5705b46e159cc # v3
	with:
	app_id: ${{ secrets.GH_APP_ARRAY_RELEASER_APP_ID }}
	private_key: ${{ secrets.GH_APP_ARRAY_RELEASER_PRIVATE_KEY }}

	- name: Checkout
	uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
	with:
	fetch-depth: 0
	token: ${{ steps.app-token.outputs.token }}
	persist-credentials: false

	- name: Install Linux packaging tooling
	# squashfs-tools/zsync/libfuse2t64: AppImage. fakeroot: maker-deb.
	# rpm: maker-rpm (provides rpmbuild).
	run: \|
	sudo apt-get update
	sudo apt-get install -y --no-install-recommends \
	squashfs-tools zsync libfuse2t64 fakeroot rpm

	- name: Setup pnpm
	uses: pnpm/action-setup@b906affcce14559ad1aafd4ab0e942779e9f58b1 # v4

	- name: Setup Node.js
	uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
	with:
	node-version: 22
	cache: "pnpm"

	- name: Extract version from tag
	id: version
	run: \|
	TAG_VERSION="${GITHUB_REF#refs/tags/v}"
	echo "Version: $TAG_VERSION"
	echo "version=$TAG_VERSION" >> "$GITHUB_OUTPUT"

	- name: Set version in package.json
	env:
	APP_VERSION: ${{ steps.version.outputs.version }}
	run: \|
	jq --arg v "$APP_VERSION" '.version = $v' apps/code/package.json > tmp.json && mv tmp.json apps/code/package.json
	echo "Set apps/code/package.json version to $APP_VERSION"

	- name: Install dependencies
	run: pnpm install --frozen-lockfile

	- name: Build electron-trpc package
	run: pnpm --filter @posthog/electron-trpc run build

	- name: Build platform package
	run: pnpm --filter @posthog/platform run build

	- name: Build shared package
	run: pnpm --filter @posthog/shared run build

	- name: Build git package
	run: pnpm --filter @posthog/git run build

	- name: Build enricher package
	run: pnpm --filter @posthog/enricher run build

	- name: Build agent package
	run: pnpm --filter @posthog/agent run build

	- name: Publish with Electron Forge
	env:
	APP_VERSION: ${{ steps.version.outputs.version }}
	GITHUB_TOKEN: ${{ steps.app-token.outputs.token }}
	run: pnpm --filter code run publish

	finalize-release:
	needs: [publish-macos, publish-windows, publish-linux]
	runs-on: ubuntu-latest
	permissions:
	contents: write
	steps:
	- name: Get app token
	id: app-token
	uses: getsentry/action-github-app-token@d4b5da6c5e37703f8c3b3e43abb5705b46e159cc # v3.0.0
	with:
	app_id: ${{ secrets.GH_APP_ARRAY_RELEASER_APP_ID }}
	private_key: ${{ secrets.GH_APP_ARRAY_RELEASER_PRIVATE_KEY }}

	- name: Extract version from tag
	id: version
	run: \|
	TAG_VERSION="${GITHUB_REF#refs/tags/v}"
	echo "version=$TAG_VERSION" >> "$GITHUB_OUTPUT"

	- name: Publish GitHub release
	env:
	GH_TOKEN: ${{ steps.app-token.outputs.token }}
	APP_VERSION: ${{ steps.version.outputs.version }}
	run: \|
	gh api repos/PostHog/code/releases/generate-notes -f tag_name="v$APP_VERSION" --jq '.body' > /tmp/release-notes.md
	gh release edit "v$APP_VERSION" --repo PostHog/code --draft=false --notes-file /tmp/release-notes.md

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix(agent): detect feature flags product across tool-name variants (#… #557

Workflow file

fix(agent): detect feature flags product across tool-name variants (#… #557

Uh oh!

Workflow file for this run