Skip to content
Merged
Changes from 2 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
77 changes: 77 additions & 0 deletions scripts/pre-release.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,77 @@
#!/bin/bash
set -euo pipefail

# VIBE CODED: AVERT YOUR EYES

REPO="${GOOSE_REPO:-$(git remote get-url origin | sed 's|.*github.com[:/]||;s|\.git$||')}"

Copilot AI Feb 11, 2026

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

GOOSE_REPO is used elsewhere in this repo as a filesystem path (e.g., documentation/automation/recipe-schema-tracking/scripts/*), but here it’s treated as a GitHub owner/repo slug for gh --repo, so setting GOOSE_REPO will break this script; use a different env var name (e.g., GOOSE_GITHUB_REPO) or accept a separate GOOSE_REPO_PATH elsewhere.

Suggested change
REPO="${GOOSE_REPO:-$(git remote get-url origin | sed 's|.*github.com[:/]||;s|\.git$||')}"
REPO="${GOOSE_GITHUB_REPO:-$(git remote get-url origin | sed 's|.*github.com[:/]||;s|\.git$||')}"

Copilot uses AI. Check for mistakes.

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this seems maybe worth addressing?

DEST="$HOME/Downloads"

# Find release PR
if [[ $# -gt 0 ]]; then
SEARCH="chore(release): release version $1"
else
SEARCH="chore(release): release version"
fi

PR=$(gh pr list --repo "$REPO" --search "$SEARCH in:title" --state all --limit 1 --json number,title)
PR_NUMBER=$(echo "$PR" | jq -r '.[0].number // empty')
VERSION=$(echo "$PR" | jq -r '.[0].title // empty' | grep -oE '[0-9]+\.[0-9]+\.[0-9]+')

if [[ -z "$PR_NUMBER" ]]; then
echo "No matching release PR found."
exit 1
fi
echo "Found PR #$PR_NUMBER - version $VERSION"

# Grab the last nightly.link download URL from PR comments
DOWNLOAD_URL=$(gh api "repos/$REPO/issues/$PR_NUMBER/comments" \
--jq '[.[].body | capture("(?<url>https://nightly\\.link/[^)]+\\.zip)") | .url] | last // empty')

Copilot AI Feb 11, 2026

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The jq filter will error on the first PR comment body that doesn’t match the nightly.link regex because capture(...) throws on non-matches, so this can fail even when a later comment contains a valid URL; use capture(...)? or select(test(...)) | capture(...) to safely skip non-matching comments.

Suggested change
--jq '[.[].body | capture("(?<url>https://nightly\\.link/[^)]+\\.zip)") | .url] | last // empty')
--jq '[.[].body | select(test("https://nightly\\.link/[^)]+\\.zip")) | capture("(?<url>https://nightly\\.link/[^)]+\\.zip)") | .url] | last // empty')

Copilot uses AI. Check for mistakes.

if [[ -z "$DOWNLOAD_URL" ]]; then
echo "No download link found in PR comments."
exit 1
fi
echo "Downloading $DOWNLOAD_URL"

# Download, extract, prepare
TMPDIR=$(mktemp -d)
curl -sL -o "$TMPDIR/goose.zip" "$DOWNLOAD_URL"
unzip -o -q "$TMPDIR/goose.zip" -d "$TMPDIR/extracted"

# nightly.link double-zips: if we got another zip, extract that too
INNER_ZIP=$(find "$TMPDIR/extracted" -name "*.zip" | head -1)
if [[ -n "$INNER_ZIP" ]]; then
unzip -o -q "$INNER_ZIP" -d "$TMPDIR/extracted"
fi

APP=$(find "$TMPDIR/extracted" -name "*.app" -maxdepth 2 | head -1)
APP_NAME="Goose ${VERSION}.app"
rm -rf "$DEST/$APP_NAME"
cp -R "$APP" "$DEST/$APP_NAME"
APP_PATH="$DEST/$APP_NAME"

# Remove quarantine
xattr -r -d com.apple.quarantine "$APP_PATH" 2>/dev/null || true

# Sign with entitlements
PLIST=$(mktemp /tmp/entitlements.XXXXXX.plist)
cat > "$PLIST" << 'EOF'

Copilot AI Feb 11, 2026

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The script creates a temp directory and entitlements plist but never cleans them up, which will leave files behind on success or failure; add a trap to remove $TMPDIR and $PLIST on EXIT (similar to scripts/test_providers.sh).

Copilot uses AI. Check for mistakes.

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

also seems nice to fix up

Copy link
Copy Markdown
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yeah, I actually removed this so I could see what it was doing, will put it back

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.security.cs.allow-jit</key><true/>
<key>com.apple.security.cs.allow-unsigned-executable-memory</key><true/>
<key>com.apple.security.device.audio-input</key><true/>
<key>com.apple.security.device.camera</key><true/>
<key>com.apple.security.network.client</key><true/>
<key>com.apple.security.network.server</key><true/>
</dict>
</plist>
EOF

codesign --force --deep --sign - --entitlements "$PLIST" "$APP_PATH"

echo ""
echo "Ready: $APP_PATH"
echo " open \"$APP_PATH\""
Loading