name: Release on: push: tags: ['v*'] workflow_dispatch: inputs: version: description: 'Package/release version to publish to npm, without the leading v' required: true type: string env: CARGO_TERM_COLOR: always RUSTFLAGS: -Dwarnings jobs: parity: if: github.event_name == 'push' runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - uses: dtolnay/rust-toolchain@stable with: components: clippy, rustfmt - name: Install Linux system dependencies if: runner.os == 'Linux' run: | for i in 1 2 3 4 5; do sudo apt-get update && break echo "apt-get update failed (attempt $i); retrying in 15s" sleep 15 done sudo apt-get install -y libdbus-1-dev pkg-config - uses: Swatinem/rust-cache@v2 - name: Format check run: cargo fmt --all -- --check - name: Compile check run: cargo check --workspace --all-targets --locked - name: Clippy run: cargo clippy --workspace --all-targets --all-features --locked -- -D warnings - name: Workspace tests run: cargo test --workspace --all-features --locked - name: TUI snapshot parity run: cargo test -p deepseek-tui-core --test snapshot --locked - name: Protocol schema parity run: cargo test -p deepseek-protocol --test parity_protocol --locked - name: State persistence parity run: cargo test -p deepseek-state --test parity_state --locked - name: Lockfile drift guard run: git diff --exit-code -- Cargo.lock build: needs: parity # `parity` is gated to tag-push events. On manual `workflow_dispatch`, # parity is skipped, so let `build` proceed when parity either succeeded # or was skipped — but never when it actually failed or the run was # cancelled. Operators using dispatch are expected to have already run # the same gates locally / via ci.yml on `main`. if: ${{ !cancelled() && (needs.parity.result == 'success' || needs.parity.result == 'skipped') }} strategy: matrix: include: # --- deepseek (cli) --- - os: ubuntu-latest target: x86_64-unknown-linux-gnu binary: deepseek artifact_name: deepseek-linux-x64 - os: ubuntu-24.04-arm target: aarch64-unknown-linux-gnu binary: deepseek artifact_name: deepseek-linux-arm64 - os: macos-latest target: x86_64-apple-darwin binary: deepseek artifact_name: deepseek-macos-x64 - os: macos-latest target: aarch64-apple-darwin binary: deepseek artifact_name: deepseek-macos-arm64 - os: windows-latest target: x86_64-pc-windows-msvc binary: deepseek.exe artifact_name: deepseek-windows-x64.exe # --- deepseek-tui (TUI) --- - os: ubuntu-latest target: x86_64-unknown-linux-gnu binary: deepseek-tui artifact_name: deepseek-tui-linux-x64 - os: ubuntu-24.04-arm target: aarch64-unknown-linux-gnu binary: deepseek-tui artifact_name: deepseek-tui-linux-arm64 - os: macos-latest target: x86_64-apple-darwin binary: deepseek-tui artifact_name: deepseek-tui-macos-x64 - os: macos-latest target: aarch64-apple-darwin binary: deepseek-tui artifact_name: deepseek-tui-macos-arm64 - os: windows-latest target: x86_64-pc-windows-msvc binary: deepseek-tui.exe artifact_name: deepseek-tui-windows-x64.exe runs-on: ${{ matrix.os }} steps: - uses: actions/checkout@v4 - uses: dtolnay/rust-toolchain@stable with: targets: ${{ matrix.target }} - uses: Swatinem/rust-cache@v2 - name: Install Linux system dependencies if: runner.os == 'Linux' run: | for i in 1 2 3 4 5; do sudo apt-get update && break echo "apt-get update failed (attempt $i); retrying in 15s" sleep 15 done sudo apt-get install -y libdbus-1-dev pkg-config - name: Build shell: bash run: cargo build --release --locked --target ${{ matrix.target }} - name: Rename binary shell: bash run: | BIN_PATH="target/${{ matrix.target }}/release/${{ matrix.binary }}" if [ ! -f "${BIN_PATH}" ]; then echo "Binary not at ${BIN_PATH}; searching target/ for ${{ matrix.binary }}:" find target -name "${{ matrix.binary }}" -type f exit 1 fi cp "${BIN_PATH}" "${{ matrix.artifact_name }}" - uses: actions/upload-artifact@v4 with: name: ${{ matrix.artifact_name }} path: ${{ matrix.artifact_name }} docker: needs: build if: ${{ !cancelled() && needs.build.result == 'success' }} runs-on: ubuntu-latest permissions: contents: read packages: write steps: - uses: actions/checkout@v4 - name: Set up QEMU uses: docker/setup-qemu-action@v3 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - name: Log in to GitHub Container Registry uses: docker/login-action@v3 with: registry: ghcr.io username: ${{ github.repository_owner }} password: ${{ secrets.GITHUB_TOKEN }} - name: Normalize image name id: image shell: bash run: echo "name=ghcr.io/${GITHUB_REPOSITORY,,}" >> "$GITHUB_OUTPUT" - name: Extract metadata id: meta uses: docker/metadata-action@v5 with: images: | ${{ steps.image.outputs.name }} tags: | type=semver,pattern={{version}} type=semver,pattern={{major}}.{{minor}} type=semver,pattern=v{{major}} type=ref,event=tag type=raw,value=${{ inputs.version }},enable=${{ github.event_name == 'workflow_dispatch' }} type=raw,value=v${{ inputs.version }},enable=${{ github.event_name == 'workflow_dispatch' }} type=raw,value=latest - name: Build and push uses: docker/build-push-action@v6 with: context: . platforms: linux/amd64,linux/arm64 push: true tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} cache-from: type=gha cache-to: type=gha,mode=max release: needs: [build, docker] if: ${{ !cancelled() && needs.build.result == 'success' && needs.docker.result == 'success' }} runs-on: ubuntu-latest permissions: contents: write steps: - uses: actions/download-artifact@v4 with: path: artifacts - name: List artifacts run: find artifacts -type f - name: Generate checksum manifest shell: bash run: | mkdir -p artifacts/checksums manifest="artifacts/checksums/deepseek-artifacts-sha256.txt" : > "${manifest}" while IFS= read -r -d '' file; do hash="$(sha256sum "${file}" | awk '{print $1}')" base="$(basename "${file}")" printf '%s %s\n' "${hash}" "${base}" >> "${manifest}" done < <(find artifacts -type f ! -path 'artifacts/checksums/*' -print0 | sort -z) cat "${manifest}" - name: Resolve release tag id: release_tag shell: bash run: | if [ "${GITHUB_EVENT_NAME}" = "workflow_dispatch" ]; then echo "tag=v${{ inputs.version }}" >> "$GITHUB_OUTPUT" else echo "tag=${GITHUB_REF_NAME}" >> "$GITHUB_OUTPUT" fi - uses: softprops/action-gh-release@v1 with: tag_name: ${{ steps.release_tag.outputs.tag }} files: artifacts/*/* prerelease: false body: | ## Install ### Recommended — npm (one command, both binaries) ```bash npm install -g deepseek-tui ``` The wrapper downloads both binaries from this Release and places them in the same directory. ### Docker / GHCR ```bash docker run --rm -it \ -e DEEPSEEK_API_KEY="$DEEPSEEK_API_KEY" \ -v ~/.deepseek:/home/deepseek/.deepseek \ ghcr.io/hmbown/deepseek-tui:${{ steps.release_tag.outputs.tag }} ``` The image ships the `deepseek` dispatcher and `deepseek-tui` runtime. The `latest` tag is also updated on release. ### Cargo (Linux / macOS) ```bash cargo install deepseek-tui-cli deepseek-tui --locked ``` Both crates are required — `deepseek-tui-cli` produces the `deepseek` dispatcher and `deepseek-tui` produces the interactive runtime that the dispatcher delegates to. Installing only one binary will fail at runtime with a `MISSING_COMPANION_BINARY` error. ### Manual download **Both** binaries below must be downloaded for your platform and dropped into the same directory (e.g. `~/.local/bin/`): | Platform | Dispatcher | TUI runtime | |---|---|---| | Linux x64 | `deepseek-linux-x64` | `deepseek-tui-linux-x64` | | Linux ARM64 | `deepseek-linux-arm64` | `deepseek-tui-linux-arm64` | | macOS x64 | `deepseek-macos-x64` | `deepseek-tui-macos-x64` | | macOS ARM | `deepseek-macos-arm64` | `deepseek-tui-macos-arm64` | | Windows x64 | `deepseek-windows-x64.exe` | `deepseek-tui-windows-x64.exe` | Then `chmod +x` both (Unix) and run `./deepseek`. ### Verify (recommended) Download `deepseek-artifacts-sha256.txt` from this Release and verify: ```bash # Linux sha256sum -c deepseek-artifacts-sha256.txt # macOS shasum -a 256 -c deepseek-artifacts-sha256.txt ``` ## Changelog See [CHANGELOG.md](https://github.com/Hmbown/DeepSeek-TUI/blob/main/CHANGELOG.md) for the full notes for this release. # npm publish is intentionally not automated. The npm account requires 2FA OTP # on every publish, and a granular automation token that bypasses 2FA has not # been provisioned. Release the npm wrapper manually from a developer machine # after the GitHub Release has been created — see CLAUDE.md "Releases" for the # exact commands.