StirNetwork · kmn · Apr 27, 2025
diff --git a/.github/workflows/publish-homebrew.yml b/.github/workflows/publish-homebrew.yml
@@ -0,0 +1,79 @@
+# SPDX-FileCopyrightText: 2025 Ethersecurity Inc.
+#
+# SPDX-License-Identifier: MPL-2.0
+# Author: Shohei KAMON <cameong@stir.network>
+
+name: Publish to Homebrew
+
+on:
+  push:
+    tags:
+      - 'v*'  # Trigger on any tag push
+  workflow_dispatch:
+
+jobs:
+  build-and-publish:
+    runs-on: ${{ matrix.os }}
+    strategy:
+      matrix:
+        include:
+          - os: macos-13
+            arch: x86_64
+          - os: macos-14
+            arch: arm64
+          - os: ubuntu-latest
+            arch: amd64  # WSL Linux build
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v4
+        with:
+          python-version: '3.11'
+
+      - name: Install pyinstaller
+        run: |
+          python -m pip install pyinstaller
+
+      - name: Build Intel binary (x86_64) with PyInstaller
+        if: matrix.arch == 'x86_64'
+        run: |
+          pyinstaller --onefile --name fireblocks-cli fireblocks_cli/main.py
+          mkdir -p release/fireblocks-cli-${{ github.ref_name }}-x86_64
+          mv dist/fireblocks-cli release/fireblocks-cli-${{ github.ref_name }}-x86_64/fireblocks-cli
+          tar -czvf fireblocks_cli-${{ github.ref_name }}-macos-x86_64.tar.gz -C release fireblocks-cli-${{ github.ref_name }}-x86_64
+          sha256sum fireblocks_cli-${{ github.ref_name }}-macos-x86_64.tar.gz > fireblocks_cli-${{ github.ref_name }}-macos-x86_64.tar.gz.sha256
+
+      - name: Build ARM binary (arm64) with PyInstaller
+        if: matrix.arch == 'arm64'
+        run: |
+          pyinstaller --onefile --name fireblocks-cli fireblocks_cli/main.py
+          mkdir -p release/fireblocks-cli-${{ github.ref_name }}-arm64
+          mv dist/fireblocks-cli release/fireblocks-cli-${{ github.ref_name }}-arm64/fireblocks-cli
+          tar -czvf fireblocks_cli-${{ github.ref_name }}-macos-arm64.tar.gz -C release fireblocks-cli-${{ github.ref_name }}-arm64
+          sha256sum fireblocks_cli-${{ github.ref_name }}-macos-arm64.tar.gz > fireblocks_cli-${{ github.ref_name }}-macos-arm64.tar.gz.sha256
+
+      - name: Build Linux binary (amd64) with PyInstaller (for WSL)
+        if: matrix.os == 'ubuntu-latest'
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y libx11-dev libxext-dev libxrender-dev libxrandr-dev libpng-dev
+          pyinstaller --onefile --name fireblocks-cli fireblocks_cli/main.py
+          mkdir -p release/fireblocks-cli-${{ github.ref_name }}-amd64
+          mv dist/fireblocks-cli release/fireblocks-cli-${{ github.ref_name }}-amd64/fireblocks-cli
+          tar -czvf fireblocks_cli-${{ github.ref_name }}-linux-amd64.tar.gz -C release fireblocks-cli-${{ github.ref_name }}-amd64
+          sha256sum fireblocks_cli-${{ github.ref_name }}-linux-amd64.tar.gz > fireblocks_cli-${{ github.ref_name }}-linux-amd64.tar.gz.sha256
+
+      - name: Upload to GitHub Release
+        uses: softprops/action-gh-release@v2
+        with:
+          files: |
+            fireblocks_cli-${{ github.ref_name }}-macos-x86_64.tar.gz
+            fireblocks_cli-${{ github.ref_name }}-macos-arm64.tar.gz
+            fireblocks_cli-${{ github.ref_name }}-linux-amd64.tar.gz
+            fireblocks_cli-${{ github.ref_name }}-macos-x86_64.tar.gz.sha256
+            fireblocks_cli-${{ github.ref_name }}-macos-arm64.tar.gz.sha256
+            fireblocks_cli-${{ github.ref_name }}-linux-amd64.tar.gz.sha256
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/pypi.yml → .github/workflows/publish-pypi.yml b/.github/workflows/pypi.yml → .github/workflows/publish-pypi.yml
@@ -8,7 +8,7 @@ name: Publish to PyPI
 on:
   push:
     tags:
-      - 'v*'  # v1.0.0 のようなタグで実行
+      - 'v*'  # Trigger on any tag push
   workflow_dispatch:
 
 jobs:
@@ -33,7 +33,19 @@ jobs:
           python -m pip install --upgrade pip
           pip install --upgrade setuptools wheel build twine
 
-      - name: Build and publish
+      - name: Check version format
+        id: check_version
+        run: |
+          if [[ "${GITHUB_REF##*/}" =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
+            echo "Valid version tag detected: ${GITHUB_REF##*/}"
+            echo "VERSION_VALID=true" >> $GITHUB_ENV
+          else
+            echo "Invalid version tag detected: ${GITHUB_REF##*/}"
+            echo "VERSION_VALID=false" >> $GITHUB_ENV
+          fi
+
+      - name: Build and publish to PyPI
+        if: env.VERSION_VALID == 'true'
         env:
           TWINE_USERNAME: __token__
           TWINE_PASSWORD: ${{ secrets.PYPI_API_TOKEN }}
@@ -42,6 +54,7 @@ jobs:
           twine upload --repository pypi dist/*
 
       - name: Generate SHA256
+        if: env.VERSION_VALID == 'true'
         run: |
           sha256sum dist/*.tar.gz > dist/fireblocks-cli-${GITHUB_REF##*/}.tar.gz.sha256
 
@@ -52,6 +65,6 @@ jobs:
             dist/*.tar.gz
             dist/*.tar.gz.sha256
           generate_release_notes: true
-          create_release: true
+          create_release: false
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/docs/devops/release_workflow.md b/docs/devops/release_workflow.md
@@ -0,0 +1,37 @@
+<!--
+SPDX-FileCopyrightText: 2025 Ethersecurity Inc.
+
+SPDX-License-Identifier: MPL-2.0
+-->
+<!-- Author: Shohei KAMON <cameong@stir.network> -->
+
+# Release Workflow for fireblocks-cli
+
+This document outlines the release process for the **fireblocks-cli** project, covering both **PyPI** and **Homebrew** releases, and how they are handled through GitHub Actions.
+
+## Overview
+
+When a tag (e.g., `v0.1.8`) is pushed, the following actions are triggered:
+
+1. **PyPI release**: The Python package is built and uploaded to **PyPI** (source tar.gz and wheel).
+2. **Homebrew release**: Binary files for **Intel** and **ARM** Macs are built using **PyInstaller** and uploaded to **GitHub Releases**.
+
+## Workflow Steps
+
+1. **Trigger**: A tag is pushed (e.g., `v0.1.8`) to GitHub.
+2. **GitHub Actions**:
+   - **publish-pypi.yml**: This workflow builds the Python package and uploads it to PyPI.
+   - **publish-homebrew.yml**: This workflow builds binaries (Intel/ARM) using `pyinstaller` and uploads them to GitHub Releases.
+
+
+# Additional Notes
+
+- The process can be automated completely, minimizing manual steps for each release.
+- This workflow is designed for seamless integration with both **Homebrew** and **PyPI**, making it easy for developers and users alike to install the tool.
+
+---
+
+# Future Improvements
+
+- Add version management for Homebrew (automatic update of version on Homebrew tap).
+- Enhance testing and validation steps for both PyPI and Homebrew releases.