{"id":40026029,"url":"https://github.com/hagicode-org/releases","last_synced_at":"2026-04-24T08:00:36.339Z","repository":{"id":333402757,"uuid":"1134216441","full_name":"HagiCode-org/releases","owner":"HagiCode-org","description":"Release automation hub for packaging HagiCode artifacts, publishing GitHub releases, and shipping multi-architecture images.","archived":false,"fork":false,"pushed_at":"2026-04-23T11:45:06.000Z","size":754,"stargazers_count":2,"open_issues_count":1,"forks_count":1,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-04-23T13:30:49.506Z","etag":null,"topics":["devops","docker","github-releases","hagicode","multi-arch","release-automation"],"latest_commit_sha":null,"homepage":"https://hagicode.com/","language":"C#","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/HagiCode-org.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":"AGENTS.md","dco":null,"cla":null}},"created_at":"2026-01-14T12:15:48.000Z","updated_at":"2026-04-23T11:45:11.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/HagiCode-org/releases","commit_stats":null,"previous_names":["hagicode-org/releases"],"tags_count":69,"template":false,"template_full_name":null,"purl":"pkg:github/HagiCode-org/releases","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/HagiCode-org%2Freleases","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/HagiCode-org%2Freleases/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/HagiCode-org%2Freleases/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/HagiCode-org%2Freleases/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/HagiCode-org","download_url":"https://codeload.github.com/HagiCode-org/releases/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/HagiCode-org%2Freleases/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32214420,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-24T03:15:14.334Z","status":"ssl_error","status_checked_at":"2026-04-24T03:15:11.608Z","response_time":64,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["devops","docker","github-releases","hagicode","multi-arch","release-automation"],"created_at":"2026-01-19T04:00:32.663Z","updated_at":"2026-04-24T08:00:36.331Z","avatar_url":"https://github.com/HagiCode-org.png","language":"C#","readme":"# HagiCode Release\n\n[简体中文](./README_cn.md)\n\nHagiCode Release is the automation hub for turning built artifacts into distributable releases, container images, and publish records.\n\n## Product overview\n\nThis repository connects version discovery, GitHub Releases, and multi-registry Docker publishing so HagiCode builds can move from generated packages to public delivery.\n\n## What this repository handles\n\n- Monitor version sources and decide when a release pipeline should run\n- Publish application packages to GitHub Releases\n- Build and push multi-architecture Docker images\n- Synchronize publish results and release metadata across delivery channels\n- Ship the streamlined CLI baseline used inside the unified container runtime\n\n## Main areas\n\n- `nukeBuild/` - release automation targets and shared build logic\n- `.github/workflows/` - CI/CD pipelines for monitoring and publishing\n- `docker_deployment/` - container build context, Dockerfiles, and entrypoint scripts\n- `output/` - generated artifacts during local release work\n- `ENVIRONMENT_VARIABLES.md` - runtime and publishing configuration reference\n\n## Common release commands\n\n```bash\n./build.sh VersionMonitor\n./build.sh GitHubRelease --ReleaseVersion \"1.2.3\"\n./build.sh DockerRelease --ReleaseVersion \"1.2.3\" --DockerPlatform \"all\"\n```\n\nUse repository-specific credentials and registry settings from `ENVIRONMENT_VARIABLES.md` when preparing a real release.\n\n## Local container build and test\n\nThe repository now also ships a local `docker compose` workflow that reuses the existing Nuke-driven build-context generation instead of bypassing it:\n\n```bash\ncp .env.local.example .env.local\ncp .env.secrets.local.example .env.secrets.local\n./scripts/docker-local-build.sh\n./scripts/docker-local-up.sh\n./scripts/docker-local-test.sh\n./scripts/docker-local-logs.sh\n./scripts/docker-local-down.sh\n```\n\n- `docker-compose.local.yml` uses the local image tag from `HAGICODE_LOCAL_IMAGE` and publishes the app to `127.0.0.1:5000` by default\n- Local persistence stays under `./.local/hagicode/data` and `./.local/hagicode/saves`\n- Keep plaintext local-only credentials in `.env.secrets.local`; the local scripts load it after `.env.local`, and `build.sh`/`build.ps1` also load it automatically outside GitHub Actions\n- When `AZURE_BLOB_SAS_URL` is set, `scripts/docker-local-build.sh` downloads the requested version/platform package first; otherwise it reuses matching zip packages already present in `output/download`\n- Local image builds still need outbound access to Docker Hub, `dot.net`, GitHub, and npm unless your machine already has equivalent mirrors or caches\n- `scripts/docker-local-test.sh` waits for HTTP readiness and then smoke-tests `claude`, `openspec`, `skills`, `opencode`, `codex`, and `code-server` inside the running container\n\n## Steam Linux desktop artifact verification\n\nWhen a Linux desktop package bundles the optional portable payload under `resources/extra/portable-fixed/current`, keep the Steam startup contract aligned with the desktop bootstrap fix:\n\n- Steam launch of the packaged artifact must log that Steam Linux compatibility mode was enabled before the first window is created\n- The same packaged artifact launched directly from the CLI must log that compatibility mode was skipped and direct CLI launch keeps the default graphics path\n- If later startup diagnostics are captured, the copied startup-failure log should still begin with the `[StartupCompatibility]` context line so release triage can separate graphics-mode handling from unrelated failures\n\n## Trigger boundaries\n\nAutomatic publishing now has a single entry point:\n\n- `./build.sh VersionMonitor` still discovers every unpublished Azure version, but it auto-selects only the newest unpublished version for the current run\n- GitHub Release automation starts only from `repository_dispatch` with event type `version-monitor-release`\n- Docker automation starts only from `repository_dispatch` with registry-specific event types (`version-monitor-docker-aliyun`, `version-monitor-docker-azure`, `version-monitor-docker-dockerhub`)\n- Older unpublished versions are reported as deferred backlog for later scheduled runs or manual handling\n\nManual reruns stay available, but they are explicit:\n\n- `github-release-workflow.yml` requires `workflow_dispatch.version`\n- Each `docker-build-*.yml` workflow requires `workflow_dispatch.version` and keeps optional `platform` / `dry_run`\n- Creating or reusing a Git tag no longer auto-starts GitHub Release or Docker workflows\n\n## Container CLI contract\n\nThe unified runtime image now builds from a clean `debian:bookworm-slim` base instead of inheriting the official `node` image user model. Node.js 22 is installed through an image-managed NVM layout under `/usr/local/nvm`, while npm-installed CLIs remain installed under `/home/hagicode/.npm-global`.\nDuring image build, the Node bootstrap layer clears `NPM_CONFIG_PREFIX` before `nvm install`; after the image switches to `hagicode`, `npm config set prefix '/home/hagicode/.npm-global'` restores the runtime/global-install contract for npm-delivered CLIs.\n`code-server` is installed from the pinned standalone release archive and linked on `PATH`, so it does not depend on the npm global prefix.\n\nOnly `hagicode` is supported as the non-root runtime user. When `PUID` and `PGID` are provided, container startup remaps that single user and reconciles ownership for `/home/hagicode`, its `.claude` state, and `/app`.\n\nThe unified runtime image bakes only the primary agent CLI baseline:\n\n- `claude`\n- `opencode`\n- `codex`\n\n`openspec` remains in the image as the retained workflow tool for spec-driven changes, and `skills` remains bundled as the retained skill-management CLI. Both are documented separately from the primary agent CLI baseline so provider scope does not expand again by accident.\n\nProvider CLIs such as `copilot`, `codebuddy`, and `qodercli` now follow the HagiCode UI-managed install path instead of shipping in the container by default. `uipro` is no longer part of the image because the bundled `skills` command replaces its previous shipped-runtime workflow.\n\n## Omniroute unified provider bootstrap\n\nThe release image now treats Omniroute as the unified local provider proxy for Claude, Codex/OpenAI, and OpenCode traffic inside the container.\n\n- Default local bind: `127.0.0.1:4060`\n- Local management/runtime state: `/app/data/omniroute`\n- Shared process supervision: `pm2-runtime`\n- App readiness gate: `/app/data/omniroute/runtime/hagicode.ready`\n\nStartup order is intentionally Omniroute-first:\n\n1. The entrypoint resolves the HagiCode app command and captures upstream provider credentials before any local reroute happens.\n2. The entrypoint normalizes Omniroute runtime paths and persisted secrets under `/app/data/omniroute`.\n3. The entrypoint exports the local Omniroute endpoint back into the runtime environment consumed by `claude`, `codex`, `opencode`, and HagiCode.\n4. `pm2-runtime` starts two managed processes: `omniroute` and `hagicode-app`.\n5. `hagicode-app` starts through `wait-for-ready.sh`, which blocks on the ready file until Omniroute bootstrap succeeds.\n6. The bootstrap helper logs into local Omniroute, upserts provider nodes/connections through the Omniroute HTTP API, writes bootstrap state, and releases the ready file.\n\nBootstrap is API-first and idempotent. The container does not mutate Omniroute SQLite files directly; it reuses persisted state and upserts only the providers that have the minimum upstream credentials configured.\n\nAfter bootstrap, the container runtime rewires the main provider endpoints to local Omniroute URLs:\n\n- `ANTHROPIC_URL` points to the local Omniroute API base URL and `ANTHROPIC_AUTH_TOKEN` is replaced with the shared local key for Claude CLI traffic.\n- `CODEX_BASE_URL` / `OPENAI_BASE_URL` point to the local Omniroute API base URL and `CODEX_API_KEY` / `OPENAI_API_KEY` are replaced with the shared local key.\n- `OPENCODE_BASE_URL` / `OPENCODE_API_BASE_URL` point to the local Omniroute API base URL and `OPENCODE_API_KEY` is replaced with the shared local key.\n- HagiCode receives `HAGICODE_OMNIROUTE_ENABLED=true`, `HAGICODE_OMNIROUTE_BASE_URL`, `HAGICODE_OMNIROUTE_API_BASE_URL`, `OmniRoute__Enabled`, `OmniRoute__BaseUrl`, and `OmniRoute__ApiBaseUrl`.\n\n## Bundled Code Server runtime\n\nThe unified image now bakes a pinned `code-server` binary into the same runtime baseline so Builder can export browser-IDE defaults without asking operators to install extra packages after startup.\n\n- Builder `full-custom` mode exports `VsCodeServer__*` defaults directly into compose when you keep code-server enabled\n- Builder now exposes a shared EULA toggle that exports `ACCEPT_EULA=Y` only when operators explicitly opt in, and the entrypoint refuses startup without an accepted value\n- Dedicated host publishing remains opt-in, and the generated mapping binds to `127.0.0.1` by default for the first exposure step\n- Password auth requires `CODE_SERVER_PASSWORD` or `CODE_SERVER_HASHED_PASSWORD`; the entrypoint bridges those variables to the standard `PASSWORD` / `HASHED_PASSWORD` names before app startup\n- Both persistence roots are required in production deployments: `hagicode_data:/app/data` keeps system-scoped assets writable, and `hagicode_saves:/app/saves` keeps save-scoped runtime state writable\n- System-scoped assets still persist through `hagicode_data:/app/data`, and managed Code Server data stays under `/app/data/code-server`\n- Save-scoped HagiCode runtime state now persists through `hagicode_saves:/app/saves`, with the active save rooted at `/app/saves/save0/...`\n- The image and entrypoint prepare only `/app/data` and `/app/saves`; the application runtime still initializes `/app/saves/save0/config` and `/app/saves/save0/data` on demand\n- If you are upgrading from an older single-volume deployment, add a named volume or bind mount for `/app/saves` before replacing the container\n\nMinimal mount layout:\n\n```yaml\nvolumes:\n  - hagicode_data:/app/data\n  - hagicode_saves:/app/saves\n```\n\n## Startup SSH bootstrap\n\nThe release image now installs `openssh-client` and can import a mounted private key during startup when SSH access is explicitly required.\n\n- Set `SSH_PRIVATE_KEY_PATH` to a mounted private key file to enable bootstrap\n- Optionally set `SSH_KNOWN_HOSTS_PATH` to import a mounted `known_hosts` file\n- Optionally set `SSH_STRICT_HOST_KEY_CHECKING` to override the documented default of `accept-new`\n- Leave `SSH_PRIVATE_KEY_PATH` unset to skip SSH bootstrap entirely\n\nAt startup the entrypoint copies the mounted key into `/home/hagicode/.ssh/imported_key`, writes deterministic SSH config at `/home/hagicode/.ssh/config`, fixes ownership for the `hagicode` runtime user, and exports `GIT_SSH_COMMAND` so downstream `git` and `ssh` commands use the imported identity.\n\nIf `SSH_PRIVATE_KEY_PATH` is set but the file is missing, unreadable, or not a regular file, container startup fails fast with path-level diagnostics and never prints secret contents.\n\n## Ecosystem role\n\nHagiCode Release takes outputs produced by repositories such as `repos/hagicode-core` and `repos/hagicode-desktop`, then publishes them to GitHub Releases, Azure ACR, Aliyun ACR, DockerHub, and related delivery channels.\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhagicode-org%2Freleases","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fhagicode-org%2Freleases","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhagicode-org%2Freleases/lists"}