build: wire desktop-bundle pipeline (CI matrix + per-platform installers)

Stand up the seamless-download path for non-technical buyers:

* .github/workflows/build.yml — matrix CI (mac/win/linux) that builds
  PyInstaller bundles and packages them per platform on tag push,
  attaching the resulting installers to a GitHub Release.
* build/installer.iss — Inno Setup script for the Windows installer
  (per-user install, optional desktop shortcut, runs on finish).
* build/macos/build_dmg.sh — wraps DataTools.app into a .dmg with a
  drag-to-/Applications layout.
* build/appimage/{AppRun,datatools.desktop,build.sh} — AppImage recipe.
* src/__init__.py — single source of truth for __version__; the spec
  reads it (was hardcoded), CI passes it through to all packagers.

Buyer download path now lives in the top-level README. Per-build
README documents the Phase 2 step (signing/notarization) that needs
the owner's Apple Developer + Windows code-signing credentials —
those are intentionally not in CI yet because they require setup
outside this repo.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
2026-05-05 13:58:43 +00:00
parent ea89c4d399
commit 4706ed571e
10 changed files with 368 additions and 4 deletions

108
.github/workflows/build.yml vendored Normal file
View File

@@ -0,0 +1,108 @@
name: Build installers
# Triggers:
# * Tag push (v*) → produces installers, attaches to a GitHub Release.
# * Manual dispatch → produces installers as workflow artifacts only.
#
# What this workflow doesn't do (yet):
# * Code signing (Mac Developer ID, Windows code-signing cert).
# Those need GitHub Secrets the owner sets up first. See
# build/README.md "Signing" for the secret names this workflow
# will read once they exist.
# * Auto-update endpoint generation. v1 distributes via Gumroad;
# buyers re-download for updates.
on:
workflow_dispatch:
push:
tags:
- 'v*'
permissions:
contents: write # needed to create the release on tag push
jobs:
build:
name: Build (${{ matrix.os }})
strategy:
fail-fast: false
matrix:
include:
- os: macos-latest
artifact_name: DataTools-mac.dmg
artifact_path: dist/DataTools-*-mac.dmg
- os: windows-latest
artifact_name: DataTools-win.exe
artifact_path: dist/DataTools-*-win-setup.exe
- os: ubuntu-latest
artifact_name: DataTools-linux.AppImage
artifact_path: dist/DataTools-*-linux-x86_64.AppImage
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: '3.12'
cache: pip
- name: Install build deps
run: |
pip install --upgrade pip
pip install -r requirements.txt
pip install pyinstaller
- name: Read version
id: version
shell: bash
run: |
VER=$(python -c "import re; print(re.search(r'__version__\s*=\s*\"([^\"]+)\"', open('src/__init__.py').read()).group(1))")
echo "version=$VER" >> "$GITHUB_OUTPUT"
- name: Build PyInstaller bundle
run: pyinstaller build/datatools.spec --clean --noconfirm
# ---- Per-platform packaging ----------------------------------
- name: Package macOS DMG
if: matrix.os == 'macos-latest'
run: bash build/macos/build_dmg.sh "${{ steps.version.outputs.version }}"
- name: Install Inno Setup (Windows)
if: matrix.os == 'windows-latest'
run: choco install innosetup --no-progress -y
- name: Package Windows installer
if: matrix.os == 'windows-latest'
shell: cmd
run: |
iscc /DAppVersion=${{ steps.version.outputs.version }} build\installer.iss
- name: Install AppImage tooling (Linux)
if: matrix.os == 'ubuntu-latest'
run: |
sudo apt-get update
sudo apt-get install -y libfuse2 wget
wget -q https://github.com/AppImage/AppImageKit/releases/download/continuous/appimagetool-x86_64.AppImage -O /usr/local/bin/appimagetool
sudo chmod +x /usr/local/bin/appimagetool
- name: Package Linux AppImage
if: matrix.os == 'ubuntu-latest'
run: bash build/appimage/build.sh "${{ steps.version.outputs.version }}"
# ---- Upload + release ----------------------------------------
- name: Upload artifact
uses: actions/upload-artifact@v4
with:
name: ${{ matrix.artifact_name }}
path: ${{ matrix.artifact_path }}
if-no-files-found: error
- name: Attach to Release (tag push only)
if: startsWith(github.ref, 'refs/tags/v')
uses: softprops/action-gh-release@v2
with:
files: ${{ matrix.artifact_path }}
fail_on_unmatched_files: true
generate_release_notes: true