feat: cli 2.0

.dockerignore

@@ -0,0 +1,13 @@
+.git
+.venv
+.github
+__pycache__
+*.pyc
+media
+tests
+2-0-TODO.md
+*.egg-info
+dist
+build
+.mypy_cache
+.pytest_cache

.github/workflows/attach-to-release.yml

@@ -1,4 +1,4 @@
-name: Attach Assets to Release
+name: "Attach Assets to Release"
 
 on:
   workflow_call:
@@ -10,17 +10,23 @@ on:
 jobs:
   attach-to-release:
     name: Attach Assets to Release
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-latest
     steps:
-      - name: Download processed assets
+      - name: Download binaries
         uses: actions/download-artifact@v4
         with:
-          name: phase-cli-release
-          path: ./phase-cli-release
+          name: phase-cli-binaries
+          path: ./release
+
+      - name: Download packages
+        uses: actions/download-artifact@v4
+        with:
+          name: phase-cli-packages
+          path: ./release
 
       - name: Attach assets to release
         uses: softprops/action-gh-release@v2
         with:
-          files: ./phase-cli-release/*
+          files: ./release/*
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/build.yml

@@ -1,245 +1,43 @@
-name: Build CLI
+name: "Cross-compile"
 
 on:
   workflow_call:
     inputs:
       version:
         required: true
         type: string
-      python_version:
-        required: true
-        type: string
-      alpine_version:
-        required: true
-        type: string
 
 jobs:
   build:
-    name: Build CLI
-    runs-on: ${{ matrix.os }}
-    strategy:
-      matrix:
-        # ubuntu-22.04 - context: https://github.com/phasehq/cli/issues/94
-        # macos-15-intel darwin-amd64 builds (intel)
-        # macos-14 darwin-arm64 builds (apple silicon)
-        # context: https://github.com/actions/runner-images?tab=readme-ov-file#available-images
-
-        os: [ubuntu-22.04, windows-2022, macos-15-intel, macos-14]
+    name: Cross-compile all targets
+    runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
-      - uses: actions/setup-python@v5
-        with:
-          python-version: ${{ inputs.python_version }}
-      - run: pip install -r requirements.txt
-        if: runner.os != 'Linux'
-      - run: pip install pyinstaller==6.16.0
-        if: runner.os != 'Linux'
-      - run: pyinstaller --hidden-import _cffi_backend --paths ./phase_cli --name phase phase_cli/main.py
-        if: runner.os != 'Linux'
-      - name: Build Linux binary in manylinux_2_28 container (glibc 2.28 baseline)
-        if: matrix.os == 'ubuntu-22.04'
-        # Design decisions:
-        # - Use manylinux_2_28 for Linux builds to target glibc 2.28 baseline while maintaining wide compatibility
-        # - Build CPython in-container with --enable-shared (shared libpython) so PyInstaller can bundle correctly.
-        # - Use system OpenSSL from manylinux_2_28; avoid building OpenSSL from source for speed and simplicity.
-        # - Install Python from source with --enable-shared to ensure a shared libpython is available for PyInstaller.
-        # - Package PyInstaller onedir under /usr/lib/phase and symlink /usr/bin/phase to preserve metadata and bundled files (avoids runtime import errors on RPM-based distros).
-        # - Print ldd --version
-        run: |
-          docker run --rm \
-            -v "${PWD}":/workspace \
-            -w /workspace \
-            quay.io/pypa/manylinux_2_28_x86_64 \
-            /bin/bash -lc 'set -euo pipefail; \
-              echo "=== ldd version (manylinux_2_28 x86_64) ==="; \
-              ldd --version; \
-              echo "=== Installing build deps ==="; \
-              yum -y install wget tar make gcc openssl-devel bzip2-devel libffi-devel zlib-devel >/dev/null; \
-              echo "Install Python from source with --enable-shared to ensure a shared libpython is available for PyInstaller."; \
-              echo "=== Building Python ${{ inputs.python_version }} with --enable-shared ==="; \
-              PYVER="${{ inputs.python_version }}"; \
-              MAJOR=$(echo "$PYVER" | cut -d. -f1); \
-              MINOR=$(echo "$PYVER" | cut -d. -f2); \
-              FULLVER=$(curl -s https://www.python.org/ftp/python/ | grep -oE ">${MAJOR}\\.${MINOR}\\.[0-9]+/" | tr -d ">/" | sort -V | tail -1 || echo "$PYVER"); \
-              cd /tmp; \
-              wget -q https://www.python.org/ftp/python/${FULLVER}/Python-${FULLVER}.tgz; \
-              tar -xzf Python-${FULLVER}.tgz; \
-              cd Python-${FULLVER}; \
-              ./configure --prefix=/opt/py-shared --enable-shared --with-system-openssl >/dev/null; \
-              make -j$(nproc) >/dev/null; \
-              make install >/dev/null; \
-              export LD_LIBRARY_PATH=/opt/py-shared/lib:$LD_LIBRARY_PATH; \
-              /opt/py-shared/bin/python3 --version; \
-              /opt/py-shared/bin/python3 -c '\''import ssl; print("SSL OK")'\''; \
-              /opt/py-shared/bin/python3 -m pip install --upgrade pip >/dev/null; \
-              cd /workspace; \
-              /opt/py-shared/bin/python3 -m pip install -r requirements.txt >/dev/null; \
-              /opt/py-shared/bin/python3 -m pip install pyinstaller==6.16.0 >/dev/null; \
-              /opt/py-shared/bin/python3 -m PyInstaller --hidden-import _cffi_backend --paths ./phase_cli --name phase phase_cli/main.py'
-        shell: bash
-
-      - name: Codesign macOS build output
-        if: runner.os == 'macOS'
-        run: |
-          uname -a
-          codesign --force --deep --sign - dist/phase/phase
-          codesign --verify --deep --verbose=2 dist/phase/phase
-      - name: Print GLIBC version
-        if: matrix.os == 'ubuntu-22.04'
-        run: ldd --version
-
-      # Set LC_ALL based on the runner OS for Linux and macOS
-      - name: Set LC_ALL for Linux and macOS
-        run: export LC_ALL=C.UTF-8
-        if: runner.os != 'Windows'
-        shell: bash
-
-      # Set LC_ALL for Windows
-      - name: Set LC_ALL for Windows
-        run: echo "LC_ALL=C.UTF-8" | Out-File -Append -Encoding utf8 $env:GITHUB_ENV
-        if: runner.os == 'Windows'
-        shell: pwsh
-
-      # Build DEB and RPM packages for Linux
-      - run: |
-          sudo apt-get update
-          sudo apt-get install -y ruby-dev rubygems build-essential 
-          sudo gem install --no-document fpm
-          # Stage files to preserve PyInstaller onedir layout
-          rm -rf pkgroot
-          mkdir -p pkgroot/usr/lib/phase
-          cp -a dist/phase/. pkgroot/usr/lib/phase/
-          mkdir -p pkgroot/usr/bin
-          echo "Symlink ensures PATH-discoverable binary while keeping full onedir intact"
-          # This will create a symlink to the phase binary in the /usr/lib/phase/ directory
-          ln -sf ../lib/phase/phase pkgroot/usr/bin/phase
-          # Build packages from staged root
-          fpm -s dir -t deb -n phase -v ${{ inputs.version }} -C pkgroot .
-          fpm -s dir -t rpm -n phase -v ${{ inputs.version }} -C pkgroot .
-        if: matrix.os == 'ubuntu-22.04'
-        shell: bash
 
-      # Upload DEB and RPM packages
-      - uses: actions/upload-artifact@v4
+      - name: Set up Go
+        uses: actions/setup-go@v5
         with:
-          name: phase-deb
-          path: "*.deb"
-        if: matrix.os == 'ubuntu-22.04'
-      - uses: actions/upload-artifact@v4
-        with:
-          name: phase-rpm
-          path: "*.rpm"
-        if: matrix.os == 'ubuntu-22.04'
-
-      - name: Set artifact name
-        run: |
-          if [[ "${{ matrix.os }}" == "macos-14" ]]; then
-            echo "ARTIFACT_NAME=${{ runner.os }}-arm64-binary" >> $GITHUB_ENV
-          elif [[ "${{ matrix.os }}" == "macos-15-intel" ]]; then
-            echo "ARTIFACT_NAME=${{ runner.os }}-amd64-binary" >> $GITHUB_ENV
-          else
-            echo "ARTIFACT_NAME=${{ runner.os }}-binary" >> $GITHUB_ENV
-          fi
-        shell: bash
+          go-version: "1.24"
+          cache-dependency-path: src/go.sum
 
-      - name: Upload binary
-        uses: actions/upload-artifact@v4
+      - name: Clone Go SDK
+        uses: actions/checkout@v4
         with:
-          name: ${{ env.ARTIFACT_NAME }}
-          path: dist/phase*
+          repository: phasehq/golang-sdk
+          path: golang-sdk
 
-  build_arm:
-    name: Build Linux ARM64
-    runs-on: ubuntu-22.04-arm
-    steps:
-      - uses: actions/checkout@v4
-      - name: Build with PyInstaller (manylinux_2_28 aarch64 via docker)
-        run: |
-          docker run --rm \
-            -v "${PWD}":/workspace \
-            -w /workspace \
-            quay.io/pypa/manylinux_2_28_aarch64 \
-            /bin/bash -lc 'set -euo pipefail; \
-              echo "=== ldd version (manylinux_2_28 aarch64) ==="; \
-              ldd --version; \
-              echo "=== Installing build deps ==="; \
-              yum -y install wget tar make gcc openssl-devel bzip2-devel libffi-devel zlib-devel >/dev/null; \
-              echo "Install Python from source with --enable-shared to ensure a shared libpython is available for PyInstaller."; \
-              echo "=== Building Python ${{ inputs.python_version }} with --enable-shared ==="; \
-              PYVER="${{ inputs.python_version }}"; \
-              MAJOR=$(echo "$PYVER" | cut -d. -f1); \
-              MINOR=$(echo "$PYVER" | cut -d. -f2); \
-              FULLVER=$(curl -s https://www.python.org/ftp/python/ | grep -oE ">${MAJOR}\\.${MINOR}\\.[0-9]+/" | tr -d ">/" | sort -V | tail -1 || echo "$PYVER"); \
-              cd /tmp; \
-              wget -q https://www.python.org/ftp/python/${FULLVER}/Python-${FULLVER}.tgz; \
-              tar -xzf Python-${FULLVER}.tgz; \
-              cd Python-${FULLVER}; \
-              ./configure --prefix=/opt/py-shared --enable-shared --with-system-openssl >/dev/null; \
-              make -j$(nproc) >/dev/null; \
-              make install >/dev/null; \
-              export LD_LIBRARY_PATH=/opt/py-shared/lib:$LD_LIBRARY_PATH; \
-              /opt/py-shared/bin/python3 --version; \
-              /opt/py-shared/bin/python3 -c '\''import ssl; print("SSL OK")'\''; \
-              /opt/py-shared/bin/python3 -m pip install --upgrade pip >/dev/null; \
-              cd /workspace; \
-              /opt/py-shared/bin/python3 -m pip install -r requirements.txt >/dev/null; \
-              /opt/py-shared/bin/python3 -m pip install pyinstaller==6.16.0 >/dev/null; \
-              /opt/py-shared/bin/python3 -m PyInstaller --hidden-import _cffi_backend --paths ./phase_cli --name phase phase_cli/main.py'
-      - uses: actions/upload-artifact@v4
-        with:
-          name: Linux-binary-arm64
-          path: dist/phase*
+      - name: Patch go.mod replace directive for CI
+        working-directory: src
+        run: go mod edit -replace github.com/phasehq/golang-sdk=../golang-sdk
 
-  build_apk:
-    name: Build Alpine
-    runs-on: ${{ matrix.os }}
-    strategy:
-      matrix:
-        include:
-          - { os: ubuntu-22.04, arch: x86_64 }
-          - { os: ubuntu-22.04-arm, arch: aarch64 }
-    steps:
-      - uses: actions/checkout@v4
-      - name: Build Alpine package
+      - name: Build all targets
         run: |
-          if [ "${{ matrix.arch }}" = "aarch64" ]; then
-            TARGET_ARCH="arm64"
-          elif [ "${{ matrix.arch }}" = "x86_64" ]; then
-            TARGET_ARCH="amd64"
-          fi
-
-          # CONTEXT: phase_cli_linux_<ARCH>_alpine_<VERSION> artifact will contain phase_cli_linux_<ARCH>_<VERSION>.apk
-
-          OUTPUT_PACKAGE_NAME="phase_cli_linux_${TARGET_ARCH}_${{ inputs.version }}.apk"
-          ARTIFACT_NAME="phase_cli_linux_${TARGET_ARCH}_alpine_${{ inputs.version }}"
-
-          echo "OUTPUT_PACKAGE_NAME=$OUTPUT_PACKAGE_NAME" >> $GITHUB_ENV
-          echo "ARTIFACT_NAME=$ARTIFACT_NAME" >> $GITHUB_ENV
+          VERSION="${{ inputs.version }}" OUTPUT_DIR=dist \
+            bash scripts/build.sh
 
-          mkdir -p ./output
-          docker run --rm \
-            -v "${PWD}":/workspace \
-            -w /workspace \
-            --env ABUILD_USER=builder \
-            --env ARCH=${{ matrix.arch }} \
-            --env OUTPUT_PACKAGE_NAME="$OUTPUT_PACKAGE_NAME" \
-            alpine:${{ inputs.alpine_version }} \
-            /bin/sh -ec " \
-              set -ex; \
-              apk update; \
-              apk add --no-cache alpine-sdk python3 python3-dev py3-pip build-base git curl sudo doas; \
-              adduser -D builder; \
-              addgroup builder abuild; \
-              echo 'builder ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers; \
-              echo 'permit nopass builder as root' >> /etc/doas.conf; \
-              chown -R builder /workspace; \
-              sudo -u builder /bin/sh -ec 'cd /workspace && export HOME=/home/builder && abuild-keygen -a -i -n'; \
-              sudo -u builder /bin/sh -ec 'cd /workspace && abuild -r'; \
-              SOURCE_APK=\$(find /home/builder/packages/\$ARCH -name 'phase-*.apk' -print -quit); \
-              cp \"\$SOURCE_APK\" \"/workspace/output/\$OUTPUT_PACKAGE_NAME\" \
-            "
-      - name: Upload APK artifacts
+      - name: Upload binaries
         uses: actions/upload-artifact@v4
         with:
-          name: ${{ env.ARTIFACT_NAME }}
-          path: ./output/${{ env.OUTPUT_PACKAGE_NAME }}
+          name: phase-cli-binaries
+          path: dist/
+          retention-days: 7