name: Build Sidecars on: push: branches: [main] paths: - 'client/**' - 'server/**' - 'backend/**' - 'pyproject.toml' - 'local-transcription-headless.spec' workflow_dispatch: jobs: bump-sidecar-version: name: Bump sidecar version and tag if: "!contains(github.event.head_commit.message, '[skip ci]')" runs-on: ubuntu-latest outputs: version: ${{ steps.bump.outputs.version }} tag: ${{ steps.bump.outputs.tag }} has_changes: ${{ steps.check_changes.outputs.has_changes }} steps: - uses: actions/checkout@v4 with: fetch-depth: 2 - name: Check for backend changes id: check_changes run: | # If triggered by workflow_dispatch, always build if [ "${{ github.event_name }}" = "workflow_dispatch" ]; then echo "has_changes=true" >> $GITHUB_OUTPUT exit 0 fi # Check if relevant files changed in this commit CHANGED=$(git diff --name-only HEAD~1 HEAD -- client/ server/ backend/ pyproject.toml local-transcription-headless.spec 2>/dev/null || echo "") if [ -n "$CHANGED" ]; then echo "has_changes=true" >> $GITHUB_OUTPUT echo "Backend changes detected: $CHANGED" else echo "has_changes=false" >> $GITHUB_OUTPUT echo "No backend changes detected, skipping sidecar build" fi - name: Configure git if: steps.check_changes.outputs.has_changes == 'true' run: | git config user.name "Gitea Actions" git config user.email "actions@gitea.local" - name: Bump sidecar patch version if: steps.check_changes.outputs.has_changes == 'true' id: bump run: | # Read current version from pyproject.toml CURRENT=$(grep '^version = ' pyproject.toml | head -1 | sed 's/version = "\(.*\)"/\1/') echo "Current sidecar version: ${CURRENT}" # Increment patch number MAJOR=$(echo "${CURRENT}" | cut -d. -f1) MINOR=$(echo "${CURRENT}" | cut -d. -f2) PATCH=$(echo "${CURRENT}" | cut -d. -f3) NEW_PATCH=$((PATCH + 1)) NEW_VERSION="${MAJOR}.${MINOR}.${NEW_PATCH}" echo "New sidecar version: ${NEW_VERSION}" # Update pyproject.toml sed -i "s/^version = \"${CURRENT}\"/version = \"${NEW_VERSION}\"/" pyproject.toml # Update version.py sed -i "s/__version__ = \"${CURRENT}\"/__version__ = \"${NEW_VERSION}\"/" version.py sed -i "s/__version_info__ = .*/__version_info__ = (${MAJOR}, ${MINOR}, ${NEW_PATCH})/" version.py echo "version=${NEW_VERSION}" >> $GITHUB_OUTPUT echo "tag=sidecar-v${NEW_VERSION}" >> $GITHUB_OUTPUT - name: Commit and tag if: steps.check_changes.outputs.has_changes == 'true' env: BUILD_TOKEN: ${{ secrets.BUILD_TOKEN }} run: | NEW_VERSION="${{ steps.bump.outputs.version }}" TAG="${{ steps.bump.outputs.tag }}" git add pyproject.toml version.py git commit -m "chore: bump sidecar version to ${NEW_VERSION} [skip ci]" git tag "${TAG}" REMOTE_URL=$(git remote get-url origin | sed "s|://|://gitea-actions:${BUILD_TOKEN}@|") git pull --rebase "${REMOTE_URL}" main || true git push "${REMOTE_URL}" HEAD:main git push "${REMOTE_URL}" "${TAG}" - name: Create Gitea release if: steps.check_changes.outputs.has_changes == 'true' env: BUILD_TOKEN: ${{ secrets.BUILD_TOKEN }} run: | REPO_API="${GITHUB_SERVER_URL}/api/v1/repos/${GITHUB_REPOSITORY}" TAG="${{ steps.bump.outputs.tag }}" VERSION="${{ steps.bump.outputs.version }}" RELEASE_NAME="Sidecar v${VERSION}" curl -s -X POST \ -H "Authorization: token ${BUILD_TOKEN}" \ -H "Content-Type: application/json" \ -d "{\"tag_name\": \"${TAG}\", \"name\": \"${RELEASE_NAME}\", \"body\": \"Automated sidecar build.\", \"draft\": false, \"prerelease\": false}" \ "${REPO_API}/releases" echo "Created release: ${RELEASE_NAME}" # ── Linux sidecar (CUDA + CPU) ── build-sidecar-linux: name: Build Sidecar (Linux) needs: bump-sidecar-version if: needs.bump-sidecar-version.outputs.has_changes == 'true' runs-on: ubuntu-latest env: PYTHON_VERSION: "3.11" steps: - uses: actions/checkout@v4 with: ref: ${{ needs.bump-sidecar-version.outputs.tag }} - name: Install uv run: | if command -v uv &> /dev/null; then echo "uv already installed: $(uv --version)" else curl -LsSf https://astral.sh/uv/install.sh | sh echo "$HOME/.local/bin" >> $GITHUB_PATH fi - name: Set up Python run: uv python install ${{ env.PYTHON_VERSION }} - name: Install system dependencies run: | sudo apt-get update sudo apt-get install -y portaudio19-dev - name: Build sidecar (CUDA) run: | uv sync --frozen || uv sync uv run pyinstaller local-transcription-headless.spec - name: Package sidecar (CUDA) run: | cd dist/local-transcription-backend && zip -r ../../sidecar-linux-x86_64-cuda.zip . - name: Build sidecar (CPU) run: | rm -rf dist/local-transcription-backend build/ uv pip install torch torchaudio --index-url https://download.pytorch.org/whl/cpu --force-reinstall # Run pyinstaller directly from venv to prevent uv run from # re-resolving torch back to the CUDA version via pyproject.toml sources .venv/bin/pyinstaller local-transcription-headless.spec - name: Package sidecar (CPU) run: | cd dist/local-transcription-backend && zip -r ../../sidecar-linux-x86_64-cpu.zip . - name: Upload to sidecar release env: BUILD_TOKEN: ${{ secrets.BUILD_TOKEN }} run: | sudo apt-get install -y jq REPO_API="${GITHUB_SERVER_URL}/api/v1/repos/${GITHUB_REPOSITORY}" TAG="${{ needs.bump-sidecar-version.outputs.tag }}" echo "Waiting for sidecar release ${TAG} to be available..." for i in $(seq 1 30); do RELEASE_JSON=$(curl -s -H "Authorization: token ${BUILD_TOKEN}" \ "${REPO_API}/releases/tags/${TAG}") RELEASE_ID=$(echo "$RELEASE_JSON" | jq -r '.id // empty') if [ -n "${RELEASE_ID}" ] && [ "${RELEASE_ID}" != "null" ]; then echo "Found sidecar release: ${TAG} (ID: ${RELEASE_ID})" break fi echo "Attempt ${i}/30: Release not ready yet, retrying in 10s..." sleep 10 done if [ -z "${RELEASE_ID}" ] || [ "${RELEASE_ID}" = "null" ]; then echo "ERROR: Failed to find sidecar release for tag ${TAG} after 30 attempts." exit 1 fi for file in sidecar-*.zip; do filename=$(basename "$file") encoded_name=$(echo "$filename" | sed 's/ /%20/g') echo "Uploading ${filename} ($(du -h "$file" | cut -f1))..." ASSET_ID=$(curl -s -H "Authorization: token ${BUILD_TOKEN}" \ "${REPO_API}/releases/${RELEASE_ID}/assets" | jq -r ".[] | select(.name == \"${filename}\") | .id // empty") if [ -n "${ASSET_ID}" ]; then curl -s -X DELETE -H "Authorization: token ${BUILD_TOKEN}" \ "${REPO_API}/releases/${RELEASE_ID}/assets/${ASSET_ID}" fi HTTP_CODE=$(curl -s -o /dev/null -w "%{http_code}" -X POST \ -H "Authorization: token ${BUILD_TOKEN}" \ -H "Content-Type: application/octet-stream" \ -T "$file" \ "${REPO_API}/releases/${RELEASE_ID}/assets?name=${encoded_name}") echo "Upload response: HTTP ${HTTP_CODE}" done # ── Windows sidecar (CUDA + CPU) ── build-sidecar-windows: name: Build Sidecar (Windows) needs: bump-sidecar-version if: needs.bump-sidecar-version.outputs.has_changes == 'true' runs-on: windows-latest env: PYTHON_VERSION: "3.11" steps: - uses: actions/checkout@v4 with: ref: ${{ needs.bump-sidecar-version.outputs.tag }} - name: Install uv shell: powershell run: | if (Get-Command uv -ErrorAction SilentlyContinue) { Write-Host "uv already installed: $(uv --version)" } else { irm https://astral.sh/uv/install.ps1 | iex # Add both possible uv install locations to PATH $uvPaths = @( "$env:USERPROFILE\.local\bin", "$env:USERPROFILE\.cargo\bin", "$env:LOCALAPPDATA\uv\bin" ) foreach ($p in $uvPaths) { if (Test-Path $p) { echo $p | Out-File -FilePath $env:GITHUB_PATH -Encoding utf8 -Append } } } - name: Set up Python shell: powershell run: uv python install ${{ env.PYTHON_VERSION }} - name: Install 7-Zip shell: powershell run: | if (-not (Get-Command 7z -ErrorAction SilentlyContinue)) { choco install 7zip -y } - name: Build sidecar (CUDA) shell: powershell run: | uv sync --frozen if ($LASTEXITCODE -ne 0) { uv sync } uv run pyinstaller local-transcription-headless.spec - name: Package sidecar (CUDA) shell: powershell run: | 7z a -tzip -mx=5 sidecar-windows-x86_64-cuda.zip .\dist\local-transcription-backend\* - name: Build sidecar (CPU) shell: powershell run: | Remove-Item -Recurse -Force dist\local-transcription-backend, build -ErrorAction SilentlyContinue uv pip install torch torchaudio --index-url https://download.pytorch.org/whl/cpu --force-reinstall # Run pyinstaller directly from venv to prevent uv run from # re-resolving torch back to the CUDA version via pyproject.toml sources .venv\Scripts\pyinstaller.exe local-transcription-headless.spec - name: Package sidecar (CPU) shell: powershell run: | 7z a -tzip -mx=5 sidecar-windows-x86_64-cpu.zip .\dist\local-transcription-backend\* - name: Upload to sidecar release shell: powershell env: BUILD_TOKEN: ${{ secrets.BUILD_TOKEN }} run: | $REPO_API = "${{ github.server_url }}/api/v1/repos/${{ github.repository }}" $Headers = @{ "Authorization" = "token $env:BUILD_TOKEN" } $TAG = "${{ needs.bump-sidecar-version.outputs.tag }}" Write-Host "Waiting for sidecar release ${TAG} to be available..." $RELEASE_ID = $null for ($i = 1; $i -le 30; $i++) { try { $release = Invoke-RestMethod -Uri "${REPO_API}/releases/tags/${TAG}" -Headers $Headers -ErrorAction Stop $RELEASE_ID = $release.id if ($RELEASE_ID) { Write-Host "Found sidecar release: ${TAG} (ID: ${RELEASE_ID})" break } } catch {} Write-Host "Attempt ${i}/30: Release not ready yet, retrying in 10s..." Start-Sleep -Seconds 10 } if (-not $RELEASE_ID) { Write-Host "ERROR: Failed to find sidecar release for tag ${TAG} after 30 attempts." exit 1 } Get-ChildItem -Path . -Filter "sidecar-*.zip" | ForEach-Object { $filename = $_.Name $encodedName = [System.Uri]::EscapeDataString($filename) $size = [math]::Round($_.Length / 1MB, 1) Write-Host "Uploading ${filename} (${size} MB)..." try { $assets = Invoke-RestMethod -Uri "${REPO_API}/releases/${RELEASE_ID}/assets" -Headers $Headers $existing = $assets | Where-Object { $_.name -eq $filename } if ($existing) { Invoke-RestMethod -Uri "${REPO_API}/releases/${RELEASE_ID}/assets/$($existing.id)" -Method Delete -Headers $Headers } } catch {} $uploadUrl = "${REPO_API}/releases/${RELEASE_ID}/assets?name=${encodedName}" $result = curl.exe --fail --silent --show-error ` -X POST ` -H "Authorization: token $env:BUILD_TOKEN" ` -H "Content-Type: application/octet-stream" ` -T "$($_.FullName)" ` "$uploadUrl" 2>&1 if ($LASTEXITCODE -eq 0) { Write-Host "Upload successful: ${filename}" } else { Write-Host "WARNING: Upload failed for ${filename}: ${result}" } } # ── macOS sidecar (CPU only — no CUDA on macOS) ── build-sidecar-macos: name: Build Sidecar (macOS) needs: bump-sidecar-version if: needs.bump-sidecar-version.outputs.has_changes == 'true' runs-on: macos-latest env: PYTHON_VERSION: "3.11" steps: - uses: actions/checkout@v4 with: ref: ${{ needs.bump-sidecar-version.outputs.tag }} - name: Install uv run: | if command -v uv &> /dev/null; then echo "uv already installed: $(uv --version)" else curl -LsSf https://astral.sh/uv/install.sh | sh echo "$HOME/.local/bin" >> $GITHUB_PATH fi - name: Set up Python run: uv python install ${{ env.PYTHON_VERSION }} - name: Install system dependencies run: brew install portaudio - name: Build sidecar (CPU) env: UV_NO_SOURCES: "1" run: | # UV_NO_SOURCES bypasses pyproject.toml's [tool.uv.sources] which forces # torch from the CUDA index (no macOS ARM wheels there). # Default PyPI torch includes MPS (Apple Silicon GPU) support. uv sync .venv/bin/pyinstaller local-transcription-headless.spec - name: Package sidecar (CPU) run: | cd dist/local-transcription-backend && zip -r ../../sidecar-macos-aarch64-cpu.zip . - name: Upload to sidecar release env: BUILD_TOKEN: ${{ secrets.BUILD_TOKEN }} run: | which jq || brew install jq REPO_API="${GITHUB_SERVER_URL}/api/v1/repos/${GITHUB_REPOSITORY}" TAG="${{ needs.bump-sidecar-version.outputs.tag }}" echo "Waiting for sidecar release ${TAG} to be available..." for i in $(seq 1 30); do RELEASE_JSON=$(curl -s -H "Authorization: token ${BUILD_TOKEN}" \ "${REPO_API}/releases/tags/${TAG}") RELEASE_ID=$(echo "$RELEASE_JSON" | jq -r '.id // empty') if [ -n "${RELEASE_ID}" ] && [ "${RELEASE_ID}" != "null" ]; then echo "Found sidecar release: ${TAG} (ID: ${RELEASE_ID})" break fi echo "Attempt ${i}/30: Release not ready yet, retrying in 10s..." sleep 10 done if [ -z "${RELEASE_ID}" ] || [ "${RELEASE_ID}" = "null" ]; then echo "ERROR: Failed to find sidecar release for tag ${TAG} after 30 attempts." exit 1 fi for file in sidecar-*.zip; do filename=$(basename "$file") encoded_name=$(echo "$filename" | sed 's/ /%20/g') echo "Uploading ${filename} ($(du -h "$file" | cut -f1))..." ASSET_ID=$(curl -s -H "Authorization: token ${BUILD_TOKEN}" \ "${REPO_API}/releases/${RELEASE_ID}/assets" | jq -r ".[] | select(.name == \"${filename}\") | .id // empty") if [ -n "${ASSET_ID}" ]; then curl -s -X DELETE -H "Authorization: token ${BUILD_TOKEN}" \ "${REPO_API}/releases/${RELEASE_ID}/assets/${ASSET_ID}" fi HTTP_CODE=$(curl -s -o /dev/null -w "%{http_code}" -X POST \ -H "Authorization: token ${BUILD_TOKEN}" \ -H "Content-Type: application/octet-stream" \ -T "$file" \ "${REPO_API}/releases/${RELEASE_ID}/assets?name=${encoded_name}") echo "Upload response: HTTP ${HTTP_CODE}" done