Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: lablup/all-smi
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: v0.21.1
Choose a base ref
...
head repository: lablup/all-smi
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: v0.22.0
Choose a head ref
  • 4 commits
  • 9 files changed
  • 2 contributors

Commits on May 27, 2026

  1. Configuration menu
    Copy the full SHA
    22e2d53 View commit details
    Browse the repository at this point in the history
  2. fix: harden release workflow — notarization key, self-healing rebuild…

    …, target selector (#256)
    
    - Decode the base64-stored App Store Connect .p8 key before notarytool (fixes invalidAsn1 on macOS notarization).
    - Check out the target tag's source (release tag or release_tag input) so the current workflow can rebuild/re-notarize past tags.
    - Add a workflow_dispatch 'targets' input (windows,linux,macos,all; comma-separated; empty=all) resolved into a filtered build matrix by a new setup job.
    inureyes authored May 27, 2026
    Configuration menu
    Copy the full SHA
    d3d8b56 View commit details
    Browse the repository at this point in the history
  3. Configuration menu
    Copy the full SHA
    78ebb67 View commit details
    Browse the repository at this point in the history
  4. fix(ci): sign Windows binary via Cloud KMS provider

    The Windows release job hung indefinitely on the "Sign Windows binary with signtool" step. The step used `signtool /a`, which auto-selects a certificate from the Windows certificate store, but the self-hosted runner's signing key is a Sectigo EV certificate whose private key lives in Google Cloud KMS. `/a` cannot use that key non-interactively and blocked on a credential prompt that never gets answered on the headless runner.
    
    Add scripts/sign-windows.ps1, which signs through the explicit Google Cloud KMS provider (`signtool ... /csp /kc /f /ac`), mirroring the proven approach backend.ai-go uses on the same self-hosted runner. The release workflow now invokes this script instead of the inline `/a` command.
    
    Because all-smi is a public repository, no certificate paths or KMS key identifiers are committed: the script reads them from environment variables injected from repository secrets (WINDOWS_SIGN_CERT_PATH, WINDOWS_SIGN_CA_CERT_PATH, WINDOWS_SIGN_KEY_CONTAINER), and only non-sensitive values (signtool path, provider name, timestamp URL) are defaulted. Missing secrets now fail fast with a clear error instead of hanging.
    inureyes committed May 27, 2026
    Configuration menu
    Copy the full SHA
    c8a06cb View commit details
    Browse the repository at this point in the history
Loading