johno/beads
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
218ee6d2b411d701e63a5b61d7bda9f21abede5e
beads/scripts
History
Bob Cotton c802f27fe5 feat: comprehensive NixOS support improvements (#1024) 
* feat: comprehensive NixOS support improvements

This commit adds full NixOS support and automates Nix package maintenance:

## Static Linux Binaries for NixOS

Changes .goreleaser.yml to create static Linux binaries:
- Set CGO_ENABLED=0 for Linux amd64 and arm64 builds
- Remove cross-compiler dependencies (aarch64-linux-gnu-gcc)
- Simplifies build process while fixing NixOS compatibility

Static binaries work on all Linux distributions including NixOS, Alpine,
and musl-based distros without dynamic linker dependencies.

## Automated default.nix Version Management

Adds default.nix to the version bump workflow:
- Updates default.nix version field in bump-version.sh (new step 9)
- Adds default.nix to version verification checks
- Prevents version drift (was 5 releases behind: 0.42.0 vs 0.47.0)
- Updates README.md to remove glibc 2.32+ requirement

## Automated vendorHash Management

Creates scripts/update-nix-vendorhash.sh to automate vendorHash updates:
- Automatically detects correct hash by triggering Nix build error
- Extracts hash from error message and updates default.nix
- Verifies update with clean build
- Eliminates error-prone manual copy-paste workflow
- Works with local Nix OR Docker (uses nixos/nix image automatically)

Integrates vendorHash check into bump-version.sh:
- Detects when go.mod or go.sum have changed
- Prompts to run vendorHash update script interactively
- Catches synchronization issues at release time

## Documentation

Updates AGENTS.md with Nix package maintenance guide:
- Documents when and how to update vendorHash
- Recommends automated script as primary method
- Provides manual and alternative methods as fallback
- Notes Docker fallback for maintainers without Nix

## Impact

- NixOS users can now install via standard methods
- Nix package version stays synchronized automatically
- vendorHash updates work without Nix installed (via Docker)
- vendorHash updates are caught during release workflow
- All Linux users benefit from more portable binaries

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

* fix: address PR review feedback for NixOS support

Fixes three issues identified in PR review:

1. Replace undefined log_* functions in bump-version.sh with existing
   echo pattern (log_warning, log_info, log_success, log_error were
   called but not defined)

2. Update default.nix version from 0.42.0 to 0.47.0 to fix version
   drift with cmd/bd/version.go

3. Remove Nix Package Maintenance section from AGENTS.md per beads
   architecture (use bd prime for dynamic context, keep AGENTS.md
   minimal)

* fix: update versions to 0.47.1 after merge with main

- Update claude-plugin plugin.json to 0.47.1
- Update default.nix to 0.47.1
- Fixes version check failures after merging latest main branch

---------

Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-01-12 23:46:33 -08:00
..
hooks
bump-version.sh
feat: comprehensive NixOS support improvements (#1024)
2026-01-12 23:46:33 -08:00
check-versions.sh
docs: update paths for claude-plugin subdirectory structure (GH#985) (#1007)
2026-01-10 22:49:29 -08:00
docs.md
docs: Add comprehensive documentation for version reporting changes
2025-12-13 10:04:01 +11:00
generate-llms-full.sh
feat: add llms.txt standard support for AI agent discoverability (#784)
2025-12-30 18:27:50 -08:00
install-hooks.sh
install.sh
fix(install): stop existing daemons before binary replacement (#945)
2026-01-07 20:45:37 -08:00
README.md
docs: update paths for claude-plugin subdirectory structure (GH#985) (#1007)
2026-01-10 22:49:29 -08:00
release.sh
Use -short flag in release.sh to avoid test deadlock (bd-82dv)
2025-11-08 22:58:43 -08:00
sign-windows.sh
feat: add Windows code signing infrastructure (bd-14v0)
2025-12-24 00:07:16 -08:00
test.sh
refactor: remove unused bd pin/unpin/hook commands (bd-x0zl)
2025-12-27 16:02:15 -08:00
update-homebrew.sh
fixed an install script bug
2025-12-22 13:16:22 -08:00
update-nix-vendorhash.sh
feat: comprehensive NixOS support improvements (#1024)
2026-01-12 23:46:33 -08:00
update-winget.sh
feat(packaging): add Windows winget manifest (fixes #524)
2025-12-20 03:38:31 -08:00

README.md

Beads Scripts

Utility scripts for maintaining the beads project.

release.sh ( The Easy Button)

One-command release from version bump to local installation.

Usage

# Full release (does everything)
./scripts/release.sh 0.9.3

# Preview what would happen
./scripts/release.sh 0.9.3 --dry-run

What It Does

This master script automates the entire release process:

  1. Kills running daemons (avoids version conflicts)
  2. Runs tests and linting
  3. Bumps version in all files
  4. Commits and pushes version bump
  5. Creates and pushes git tag
  6. Updates Homebrew formula
  7. Upgrades local brew installation
  8. Verifies everything works

After this script completes, your system is running the new version!

Examples

# Release version 0.9.3
./scripts/release.sh 0.9.3

# Preview a release (no changes made)
./scripts/release.sh 1.0.0 --dry-run

Prerequisites

  • Clean git working directory
  • All changes committed
  • golangci-lint installed
  • Homebrew installed (for local upgrade)
  • Push access to steveyegge/beads and steveyegge/homebrew-beads

Output

The script provides colorful, step-by-step progress output:

  • 🟨 Yellow: Current step
  • 🟩 Green: Step completed
  • 🟥 Red: Errors
  • 🟦 Blue: Section headers

What Happens Next

After the script finishes:

  • GitHub Actions builds binaries for all platforms (~5 minutes)
  • PyPI package is published automatically
  • Users can brew upgrade bd to get the new version
  • GitHub Release is created with binaries and changelog

bump-version.sh

Bumps the version number across all beads components in a single command.

Usage

# Show usage
./scripts/bump-version.sh

# Update versions (shows diff, no commit)
./scripts/bump-version.sh 0.9.3

# Update versions and auto-commit
./scripts/bump-version.sh 0.9.3 --commit

What It Does

Updates version in all these files:

  • cmd/bd/version.go - bd CLI version constant
  • claude-plugin/.claude-plugin/plugin.json - Plugin version
  • .claude-plugin/marketplace.json - Marketplace plugin version
  • integrations/beads-mcp/pyproject.toml - MCP server version
  • README.md - Alpha status version
  • PLUGIN.md - Version requirements

Features

  • Validates semantic versioning format (MAJOR.MINOR.PATCH)
  • Verifies all versions match after update
  • Shows git diff of changes
  • Auto-commits with standardized message (optional)
  • Cross-platform compatible (macOS and Linux)

Examples

# Bump to 0.9.3 and review changes
./scripts/bump-version.sh 0.9.3
# Review the diff, then manually commit

# Bump to 1.0.0 and auto-commit
./scripts/bump-version.sh 1.0.0 --commit
git push origin main

Why This Script Exists

Previously, version bumps only updated cmd/bd/version.go, leaving other components out of sync. This script ensures all version numbers stay consistent across the project.

Safety

  • Checks for uncommitted changes before proceeding
  • Refuses to auto-commit if there are existing uncommitted changes
  • Validates version format before making any changes
  • Verifies all versions match after update
  • Shows diff for review before commit

update-homebrew.sh

Automatically updates the Homebrew formula with GoReleaser release artifacts.

Usage

# Update formula after pushing git tag
./scripts/update-homebrew.sh 0.9.3

# Use custom tap directory
TAP_DIR=~/homebrew-beads ./scripts/update-homebrew.sh 0.9.3

What It Does

This script automates the Homebrew formula update process:

  1. Waits for GitHub Actions release build (~5 minutes, checks every 30s)
  2. Downloads checksums.txt from the GitHub release
  3. Extracts SHA256s for all platform-specific binaries:
    • macOS ARM64 (Apple Silicon)
    • macOS AMD64 (Intel)
    • Linux AMD64
    • Linux ARM64
  4. Clones/updates the homebrew-beads tap repository
  5. Updates Formula/bd.rb with new version and all SHA256s
  6. Commits and pushes the changes

Important Notes

  • Run AFTER pushing the git tag - the script waits for GitHub Actions to finish
  • Uses GoReleaser artifacts, not source tarballs (fixed in v0.23.0)
  • Automatically waits up to 7.5 minutes for release build to complete
  • Updates all platforms in a single operation

Examples

# Standard usage (after git tag push)
git tag v0.9.3 && git push origin v0.9.3
./scripts/update-homebrew.sh 0.9.3

# Custom tap directory
TAP_DIR=/path/to/homebrew-beads ./scripts/update-homebrew.sh 0.9.3

Why This Script Exists

Previously, the Homebrew formula update was manual and error-prone:

  • Used source tarball SHA256 instead of GoReleaser artifacts (wrong!)
  • Required manually computing 4 separate SHA256s
  • Easy to forget updating all platforms
  • No automation for waiting on GitHub Actions

This script fixes all those issues and is now used by release.sh.

sign-windows.sh

Signs Windows executables with an Authenticode certificate using osslsigncode.

Usage

# Sign a Windows executable
./scripts/sign-windows.sh path/to/bd.exe

# Environment variables required for signing:
export WINDOWS_SIGNING_CERT_PFX_BASE64="<base64-encoded-pfx>"
export WINDOWS_SIGNING_CERT_PASSWORD="<certificate-password>"

What It Does

This script is called automatically by GoReleaser during the release process:

  1. Decodes the PFX certificate from base64
  2. Signs the Windows executable using osslsigncode
  3. Timestamps the signature using DigiCert's RFC3161 server
  4. Replaces the original binary with the signed version
  5. Verifies the signature was applied correctly

Prerequisites

  • osslsigncode installed (apt install osslsigncode or brew install osslsigncode)
  • EV code signing certificate exported as PFX file
  • GitHub secrets configured:
    • WINDOWS_SIGNING_CERT_PFX_BASE64 - base64-encoded PFX file
    • WINDOWS_SIGNING_CERT_PASSWORD - certificate password

Graceful Degradation

If the signing secrets are not configured:

  • The script prints a warning and exits successfully
  • GoReleaser continues without signing
  • The release proceeds with unsigned Windows binaries

This allows releases to work before a certificate is acquired.

Why This Script Exists

Windows code signing helps reduce antivirus false positives that affect Go binaries. Kaspersky and other AV software commonly flag unsigned Go executables as potentially malicious due to heuristic detection. See docs/ANTIVIRUS.md for details.

Future Scripts

Additional maintenance scripts may be added here as needed.

Reference in New Issue View Git Blame Copy Permalink