ci(release): build and attach unsigned macOS binaries to releases

ruomengz · ruomengz · commit e3e908bd6b82 · 2026-05-04T16:46:20.000-04:00
- Add a `build-mac` job to the nightly, manual, and promote release workflows to build unsigned macOS binaries for both `x64` and `arm64` architectures.
- Update the publication jobs to require the new `build-mac` step and download the resulting artifacts.
- Modify the `publish-release` action to include the macOS binaries as assets in the GitHub release if they exist.
diff --git a/.github/actions/publish-release/action.yml b/.github/actions/publish-release/action.yml
@@ -308,8 +308,21 @@ runs:
         fi
         rm -rf test-bundle
 
+        RELEASE_ASSETS=("gemini-cli-bundle.zip")
+
+        # Check for and prepare macOS binaries if they exist
+        if [[ -f "dist/darwin-arm64/gemini" ]]; then
+          cp dist/darwin-arm64/gemini gemini-darwin-arm64-unsigned
+          RELEASE_ASSETS+=("gemini-darwin-arm64-unsigned")
+        fi
+
+        if [[ -f "dist/darwin-x64/gemini" ]]; then
+          cp dist/darwin-x64/gemini gemini-darwin-x64-unsigned
+          RELEASE_ASSETS+=("gemini-darwin-x64-unsigned")
+        fi
+
         gh release create "${INPUTS_RELEASE_TAG}" \
-          gemini-cli-bundle.zip \
+          "${RELEASE_ASSETS[@]}" \
           --target "${STEPS_RELEASE_BRANCH_OUTPUTS_BRANCH_NAME}" \
           --title "Release ${INPUTS_RELEASE_TAG}" \
           --notes-start-tag "${INPUTS_PREVIOUS_TAG}" \
diff --git a/.github/workflows/build-unsigned-mac-binaries.yml b/.github/workflows/build-unsigned-mac-binaries.yml
@@ -53,4 +53,4 @@ jobs:
         with:
           name: 'gemini-darwin-${{ matrix.arch }}-unsigned'
           path: 'dist/darwin-${{ matrix.arch }}/'
-          retention-days: 5
+          retention-days: 14
diff --git a/.github/workflows/release-manual.yml b/.github/workflows/release-manual.yml
@@ -46,8 +46,45 @@ on:
         default: 'prod'
 
 jobs:
+  build-mac:
+    name: 'Build Unsigned (${{ matrix.arch }})'
+    if: "github.repository == 'google-gemini/gemini-cli'"
+    runs-on: 'macos-latest'
+    strategy:
+      fail-fast: false
+      matrix:
+        arch: ['x64', 'arm64']
+    steps:
+      - name: 'Checkout Ref'
+        uses: 'actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8'
+        with:
+          ref: '${{ github.event.inputs.ref }}'
+
+      - name: 'Set up Node.js'
+        uses: 'actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020'
+        with:
+          node-version-file: '.nvmrc'
+          architecture: '${{ matrix.arch }}'
+          cache: 'npm'
+
+      - name: 'Install dependencies'
+        run: 'npm ci'
+
+      - name: 'Build Binary'
+        env:
+          SKIP_SIGNING: 'true'
+        run: 'npm run build:binary'
+
+      - name: 'Upload Artifact'
+        uses: 'actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02'
+        with:
+          name: 'gemini-darwin-${{ matrix.arch }}-unsigned'
+          path: 'dist/darwin-${{ matrix.arch }}/gemini'
+          retention-days: 1
+
   release:
     if: "github.repository == 'google-gemini/gemini-cli'"
+    needs: ['build-mac']
     runs-on: 'ubuntu-latest'
     environment: "${{ github.event.inputs.environment || 'prod' }}"
     permissions:
@@ -83,6 +120,20 @@ jobs:
         working-directory: './release'
         run: 'npm ci'
 
+      - name: 'Download macOS arm64 binary'
+        uses: 'actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16'
+        continue-on-error: true
+        with:
+          name: 'gemini-darwin-arm64-unsigned'
+          path: 'release/dist/darwin-arm64'
+
+      - name: 'Download macOS x64 binary'
+        uses: 'actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16'
+        continue-on-error: true
+        with:
+          name: 'gemini-darwin-x64-unsigned'
+          path: 'release/dist/darwin-x64'
+
       - name: 'Prepare Release Info'
         id: 'release_info'
         working-directory: './release'
diff --git a/.github/workflows/release-nightly.yml b/.github/workflows/release-nightly.yml
@@ -30,8 +30,45 @@ on:
         default: 'prod'
 
 jobs:
+  build-mac:
+    name: 'Build Unsigned (${{ matrix.arch }})'
+    if: "github.repository == 'google-gemini/gemini-cli'"
+    runs-on: 'macos-latest'
+    strategy:
+      fail-fast: false
+      matrix:
+        arch: ['x64', 'arm64']
+    steps:
+      - name: 'Checkout Ref'
+        uses: 'actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8'
+        with:
+          ref: '${{ github.event.inputs.ref }}'
+
+      - name: 'Set up Node.js'
+        uses: 'actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020'
+        with:
+          node-version-file: '.nvmrc'
+          architecture: '${{ matrix.arch }}'
+          cache: 'npm'
+
+      - name: 'Install dependencies'
+        run: 'npm ci'
+
+      - name: 'Build Binary'
+        env:
+          SKIP_SIGNING: 'true'
+        run: 'npm run build:binary'
+
+      - name: 'Upload Artifact'
+        uses: 'actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02'
+        with:
+          name: 'gemini-darwin-${{ matrix.arch }}-unsigned'
+          path: 'dist/darwin-${{ matrix.arch }}/gemini'
+          retention-days: 1
+
   release:
     if: "github.repository == 'google-gemini/gemini-cli'"
+    needs: ['build-mac']
     environment: "${{ github.event.inputs.environment || 'prod' }}"
     runs-on: 'ubuntu-latest'
     permissions:
@@ -62,6 +99,20 @@ jobs:
         working-directory: './release'
         run: 'npm ci'
 
+      - name: 'Download macOS arm64 binary'
+        uses: 'actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16'
+        continue-on-error: true
+        with:
+          name: 'gemini-darwin-arm64-unsigned'
+          path: 'release/dist/darwin-arm64'
+
+      - name: 'Download macOS x64 binary'
+        uses: 'actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16'
+        continue-on-error: true
+        with:
+          name: 'gemini-darwin-x64-unsigned'
+          path: 'release/dist/darwin-x64'
+
       - name: 'Print Inputs'
         shell: 'bash'
         env:
diff --git a/.github/workflows/release-promote.yml b/.github/workflows/release-promote.yml
@@ -197,9 +197,45 @@ jobs:
           gemini_api_key: '${{ secrets.GEMINI_API_KEY }}'
           working-directory: './release'
 
+  build-mac:
+    name: 'Build Unsigned (${{ matrix.arch }})'
+    needs: 'calculate-versions'
+    runs-on: 'macos-latest'
+    strategy:
+      fail-fast: false
+      matrix:
+        arch: ['x64', 'arm64']
+    steps:
+      - name: 'Checkout Ref'
+        uses: 'actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8'
+        with:
+          ref: '${{ github.event.inputs.ref }}'
+
+      - name: 'Set up Node.js'
+        uses: 'actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020'
+        with:
+          node-version-file: '.nvmrc'
+          architecture: '${{ matrix.arch }}'
+          cache: 'npm'
+
+      - name: 'Install dependencies'
+        run: 'npm ci'
+
+      - name: 'Build Binary'
+        env:
+          SKIP_SIGNING: 'true'
+        run: 'npm run build:binary'
+
+      - name: 'Upload Artifact'
+        uses: 'actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02'
+        with:
+          name: 'gemini-darwin-${{ matrix.arch }}-unsigned'
+          path: 'dist/darwin-${{ matrix.arch }}/gemini'
+          retention-days: 1
+
   publish-preview:
     name: 'Publish preview'
-    needs: ['calculate-versions', 'test']
+    needs: ['calculate-versions', 'test', 'build-mac']
     runs-on: 'ubuntu-latest'
     environment: "${{ github.event.inputs.environment || 'prod' }}"
     permissions:
@@ -229,6 +265,20 @@ jobs:
         working-directory: './release'
         run: 'npm ci'
 
+      - name: 'Download macOS arm64 binary'
+        uses: 'actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16'
+        continue-on-error: true
+        with:
+          name: 'gemini-darwin-arm64-unsigned'
+          path: 'release/dist/darwin-arm64'
+
+      - name: 'Download macOS x64 binary'
+        uses: 'actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16'
+        continue-on-error: true
+        with:
+          name: 'gemini-darwin-x64-unsigned'
+          path: 'release/dist/darwin-x64'
+
       - name: 'Publish Release'
         uses: './.github/actions/publish-release'
         with:
@@ -266,7 +316,7 @@ jobs:
 
   publish-stable:
     name: 'Publish stable'
-    needs: ['calculate-versions', 'test', 'publish-preview']
+    needs: ['calculate-versions', 'test', 'publish-preview', 'build-mac']
     runs-on: 'ubuntu-latest'
     environment: "${{ github.event.inputs.environment || 'prod' }}"
     permissions:
@@ -296,6 +346,20 @@ jobs:
         working-directory: './release'
         run: 'npm ci'
 
+      - name: 'Download macOS arm64 binary'
+        uses: 'actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16'
+        continue-on-error: true
+        with:
+          name: 'gemini-darwin-arm64-unsigned'
+          path: 'release/dist/darwin-arm64'
+
+      - name: 'Download macOS x64 binary'
+        uses: 'actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16'
+        continue-on-error: true
+        with:
+          name: 'gemini-darwin-x64-unsigned'
+          path: 'release/dist/darwin-x64'
+
       - name: 'Publish Release'
         uses: './.github/actions/publish-release'
         with:
