From 7abfda47f9fc484ba922ba7cf5a764756b707e3b Mon Sep 17 00:00:00 2001 From: Nitheesh D R Date: Wed, 20 May 2026 21:12:28 +0530 Subject: [PATCH 1/3] build(flatpak): add CI job, update metainfo releases, reduce JVM heap - Add `build-flatpak` job to the release workflow using flatpak/flatpak-github-actions/flatpak-builder@v6; produces a GitHub-Store-x86_64.flatpak bundle uploaded as the `linux-flatpak` artifact and included in the draft release. - Update release job: add `build-flatpak` to `needs`, stage `linux-flatpak/*.flatpak` files, include in the completeness guard. - Reduce Gradle JVM heap in the Flatpak build from -Xmx6g/-XX:MaxMetaspaceSize=2g to -Xmx4g/-XX:MaxMetaspaceSize=1g so the build fits within GitHub Actions ubuntu-latest runners (7 GB total RAM). - Add releases 1.7.0 through 1.8.2 to metainfo XML so the Flathub listing shows a complete, up-to-date release history. Closes #208 --- .github/workflows/build-desktop-platforms.yml | 37 ++++++++++++++++++- .../zed.rainxch.githubstore.metainfo.xml | 29 +++++++++++++++ packaging/flatpak/zed.rainxch.githubstore.yml | 2 +- 3 files changed, 65 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build-desktop-platforms.yml b/.github/workflows/build-desktop-platforms.yml index ce1df8481..dec8d97ec 100644 --- a/.github/workflows/build-desktop-platforms.yml +++ b/.github/workflows/build-desktop-platforms.yml @@ -506,9 +506,34 @@ jobs: retention-days: 30 compression-level: 0 + build-flatpak: + runs-on: ubuntu-latest + + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Build Flatpak bundle + uses: flatpak/flatpak-github-actions/flatpak-builder@v6 + with: + bundle: GitHub-Store-x86_64.flatpak + manifest-path: packaging/flatpak/zed.rainxch.githubstore.yml + run-tests: false + upload-artifact: false + cache-key: flatpak-builder-${{ github.sha }} + + - name: Upload Flatpak bundle + uses: actions/upload-artifact@v4 + with: + name: linux-flatpak + path: GitHub-Store-x86_64.flatpak + if-no-files-found: error + retention-days: 30 + compression-level: 0 + release: name: Draft release with all installers - needs: [sign-windows, build-macos, build-linux] + needs: [sign-windows, build-macos, build-linux, build-flatpak] runs-on: ubuntu-latest permissions: contents: write @@ -572,6 +597,7 @@ jobs: linux_debian12_count=0 linux_appimage_count=0 linux_arch_count=0 + linux_flatpak_count=0 # Windows — names already unique (.exe, .msi). Files come from the # signed artifact, not the raw build output, so they carry the @@ -625,11 +651,17 @@ jobs: stage "$f" "$(basename "$f")" && linux_arch_count=$((linux_arch_count + 1)) || true done < <(find artifacts/linux-arch -type f -name '*.pkg.tar.zst' 2>/dev/null) + # Linux Flatpak bundle (.flatpak) + while IFS= read -r f; do + [ -n "$f" ] || continue + stage "$f" "$(basename "$f")" && linux_flatpak_count=$((linux_flatpak_count + 1)) || true + done < <(find artifacts/linux-flatpak -type f -name '*.flatpak' 2>/dev/null) + echo echo "Final staged files:" ls -la release-files/ echo - echo "Per-group counts: windows=$windows_count macos-x64=$macos_x64_count macos-arm64=$macos_arm64_count linux-modern=$linux_modern_count linux-debian12=$linux_debian12_count linux-appimage=$linux_appimage_count linux-arch=$linux_arch_count" + echo "Per-group counts: windows=$windows_count macos-x64=$macos_x64_count macos-arm64=$macos_arm64_count linux-modern=$linux_modern_count linux-debian12=$linux_debian12_count linux-appimage=$linux_appimage_count linux-arch=$linux_arch_count linux-flatpak=$linux_flatpak_count" # Completeness guard: refuse to ship an incomplete release. Each # group must produce >= 1 staged file. Without this guard, a build @@ -644,6 +676,7 @@ jobs: [ "$linux_debian12_count" -eq 0 ] && missing+=("Linux debian12-compat (.deb/.rpm)") [ "$linux_appimage_count" -eq 0 ] && missing+=("Linux AppImage (.AppImage/.zsync)") [ "$linux_arch_count" -eq 0 ] && missing+=("Linux Arch (.pkg.tar.zst)") + [ "$linux_flatpak_count" -eq 0 ] && missing+=("Linux Flatpak (.flatpak)") if [ ${#missing[@]} -gt 0 ]; then echo diff --git a/packaging/flatpak/zed.rainxch.githubstore.metainfo.xml b/packaging/flatpak/zed.rainxch.githubstore.metainfo.xml index 2dcc5752d..7411df929 100644 --- a/packaging/flatpak/zed.rainxch.githubstore.metainfo.xml +++ b/packaging/flatpak/zed.rainxch.githubstore.metainfo.xml @@ -62,6 +62,35 @@ + + +

Multi-OS release picker: download APKs from desktop and .debs from phone; + cross-platform downloads open in your browser. Adds "Hide seen repositories" + to declutter discovery feeds, content-width preference for desktop, and + AppImage distribution for Linux.

+ + + + +

APK inspection: view signatures, permissions, and metadata before installing. + Background update-check toggle to save battery. Migration tooling for + switching between installer types.

+ + + + +

Switched to a dedicated backend for improved reliability and faster response + times in throttled regions. Adds external import (paste a GitHub URL to add + a repository) and mirror picker for China users.

+ + + + +

Tweaks overhaul: installer attribution, font and theme customisation, and + per-app update channels. Link Apps feature: associate any installed app with + its GitHub repository for one-tap updates.

+ +

Security improvements: package name and signing key validation on updates, diff --git a/packaging/flatpak/zed.rainxch.githubstore.yml b/packaging/flatpak/zed.rainxch.githubstore.yml index b010e42bb..8d6919f97 100644 --- a/packaging/flatpak/zed.rainxch.githubstore.yml +++ b/packaging/flatpak/zed.rainxch.githubstore.yml @@ -106,7 +106,7 @@ modules: - ./gradlew :composeApp:packageUberJarForCurrentOS --no-daemon --no-configuration-cache - -Dorg.gradle.jvmargs="-Xmx6g -XX:MaxMetaspaceSize=2g" + -Dorg.gradle.jvmargs="-Xmx4g -XX:MaxMetaspaceSize=1g" -Dorg.gradle.parallel=false # Install the JAR - install -Dm644 "$(find composeApp/build/compose/jars/ -name '*.jar' -type f | head -1)" From 68f2dc6d0918f82f3878f36d8affa939a6d1b33f Mon Sep 17 00:00:00 2001 From: Nitheesh D R Date: Wed, 20 May 2026 21:18:33 +0530 Subject: [PATCH 2/3] fix(flatpak): key builder cache on dependency content, not commit SHA --- .github/workflows/build-desktop-platforms.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-desktop-platforms.yml b/.github/workflows/build-desktop-platforms.yml index dec8d97ec..3a89a4b0c 100644 --- a/.github/workflows/build-desktop-platforms.yml +++ b/.github/workflows/build-desktop-platforms.yml @@ -520,7 +520,7 @@ jobs: manifest-path: packaging/flatpak/zed.rainxch.githubstore.yml run-tests: false upload-artifact: false - cache-key: flatpak-builder-${{ github.sha }} + cache-key: flatpak-builder-${{ hashFiles('packaging/flatpak/flatpak-sources.json', 'packaging/flatpak/zed.rainxch.githubstore.yml') }} - name: Upload Flatpak bundle uses: actions/upload-artifact@v4 From 7845c543012b0da144257e45cd5743d386bdaf85 Mon Sep 17 00:00:00 2001 From: Nitheesh D R Date: Wed, 20 May 2026 21:21:23 +0530 Subject: [PATCH 3/3] fix(flatpak): add permissions block and disable credential persistence --- .github/workflows/build-desktop-platforms.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/build-desktop-platforms.yml b/.github/workflows/build-desktop-platforms.yml index 3a89a4b0c..686daa78d 100644 --- a/.github/workflows/build-desktop-platforms.yml +++ b/.github/workflows/build-desktop-platforms.yml @@ -508,10 +508,14 @@ jobs: build-flatpak: runs-on: ubuntu-latest + permissions: + contents: read steps: - name: Checkout code uses: actions/checkout@v4 + with: + persist-credentials: false - name: Build Flatpak bundle uses: flatpak/flatpak-github-actions/flatpak-builder@v6