treemd 0.5.12

A markdown navigator with tree-based structural navigation and syntax highlighting
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256

name: Cross-Platform Release

on:
  push:
    tags:
      - 'v*'
  workflow_dispatch:

jobs:
  build:
    name: Build for ${{ matrix.target }}
    runs-on: ${{ matrix.runner }}
    strategy:
      fail-fast: false
      matrix:
        include:
          # Linux x86_64 (glibc)
          - target: x86_64-unknown-linux-gnu
            runner: ubuntu-latest
            use_cross: false
          # Linux x86_64 (musl - for Alpine/static linking)
          - target: x86_64-unknown-linux-musl
            runner: ubuntu-latest
            use_cross: true
          # Linux ARM64 (glibc)
          - target: aarch64-unknown-linux-gnu
            runner: ubuntu-latest
            use_cross: true
          # Linux ARM64 (musl - for Alpine/static linking)
          - target: aarch64-unknown-linux-musl
            runner: ubuntu-latest
            use_cross: true
          # macOS x86_64
          - target: x86_64-apple-darwin
            runner: macos-latest
            use_cross: false
          # macOS ARM64 (Apple Silicon)
          - target: aarch64-apple-darwin
            runner: macos-latest
            use_cross: false
          # Windows x86_64
          - target: x86_64-pc-windows-msvc
            runner: windows-latest
            use_cross: false

    steps:
      - uses: actions/checkout@v5

      - uses: dtolnay/rust-toolchain@stable
        with:
          targets: ${{ matrix.target }}

      - uses: Swatinem/rust-cache@v2
        with:
          key: ${{ matrix.target }}-${{ hashFiles('**/Cargo.lock') }}
          shared-key: ${{ matrix.target }}

      # Install cross for Linux ARM builds
      # Using cargo install from git since there are no recent releases
      # (last release v0.2.5 was in Feb 2023, but development is active)
      - name: Install cross
        if: matrix.use_cross
        run: cargo install cross --git https://github.com/cross-rs/cross --rev 8633ec65ab914015c2444c732568b414bd3c47cf

      # For Linux ARM, we need proper configuration
      - name: Create .cargo/config.toml for Linux ARM
        if: matrix.target == 'aarch64-unknown-linux-gnu'
        shell: bash
        run: |
          mkdir -p .cargo
          cat > .cargo/config.toml << 'EOF'
          [target.aarch64-unknown-linux-gnu]
          linker = "aarch64-linux-gnu-gcc"
          ar = "aarch64-linux-gnu-ar"
          EOF

      - name: Build
        run: |
          if [ "${{ matrix.use_cross }}" = "true" ]; then
            cross build --release --target ${{ matrix.target }}
          else
            cargo build --release --target ${{ matrix.target }}
          fi
        shell: bash

      # Create artifact name based on target
      - name: Determine artifact name
        id: artifact
        run: |
          if [ "${{ runner.os }}" = "Windows" ]; then
            echo "bin=treemd.exe" >> $GITHUB_OUTPUT
          else
            echo "bin=treemd" >> $GITHUB_OUTPUT
          fi
        shell: bash

      # macOS Code Signing (optional - requires secrets to be configured)
      - name: Import Apple Code Signing Certificate
        if: runner.os == 'macOS'
        continue-on-error: true
        uses: Apple-Actions/import-codesign-certs@v3
        with:
          p12-file-base64: ${{ secrets.APPLE_CERTIFICATE_BASE64 }}
          p12-password: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}

      - name: Code sign and notarize macOS binary
        if: runner.os == 'macOS'
        run: |
          CERT_IMPORTED=false

          # Check if certificate was imported (if secrets exist, cert should be imported)
          if security find-identity -v -p codesigning | grep -q "Developer ID Application"; then
            CERT_IMPORTED=true
          fi

          if [ "$CERT_IMPORTED" = "true" ]; then
            echo "Signing with Developer ID..."
            codesign --deep --force --verify --verbose \
              --timestamp --options runtime \
              --sign "${{ secrets.APPLE_DEVELOPER_ID }}" \
              target/${{ matrix.target }}/release/treemd
            codesign -v target/${{ matrix.target }}/release/treemd

            echo "Notarizing with Apple..."
            ditto -c -k --sequesterRsrc target/${{ matrix.target }}/release/treemd treemd-notarize.zip

            xcrun notarytool submit treemd-notarize.zip \
              --apple-id "${{ secrets.APPLE_ID }}" \
              --password "${{ secrets.APPLE_ID_PASSWORD }}" \
              --team-id "${{ secrets.APPLE_TEAM_ID }}" \
              --wait \
              --timeout 30m

            echo "Note: Stapling is not applicable to bare CLI binaries"
            echo "Binary is notarized server-side - users will be verified online"

            echo "Verifying notarization status..."
            spctl -a -v target/${{ matrix.target }}/release/treemd || true
            echo "✓ Binary signed and notarized"
          else
            echo "Developer ID certificate not configured. Using ad-hoc signing..."
            codesign --remove-signature target/${{ matrix.target }}/release/treemd || true
            codesign -s - target/${{ matrix.target }}/release/treemd
            codesign -v target/${{ matrix.target }}/release/treemd
            echo "⚠ Binary ad-hoc signed (users may see Gatekeeper warning)"
          fi


      - name: Prepare artifacts (Windows)
        if: runner.os == 'Windows'
        run: |
          # Create artifacts directory
          New-Item -ItemType Directory -Force -Path artifacts | Out-Null

          $binary = "treemd-${{ matrix.target }}.exe"
          Copy-Item "target/${{ matrix.target }}/release/treemd.exe" $binary

          # Create zip for Windows (tar.gz not common on Windows)
          Compress-Archive -Path $binary -DestinationPath "artifacts/$binary.zip"

          # Generate SHA256
          $hash = (Get-FileHash $binary -Algorithm SHA256).Hash.ToLower()
          "$hash  $binary" | Out-File -FilePath "artifacts/$binary.sha256" -Encoding ascii -NoNewline

          Write-Host "Binary info:"
          Get-Item $binary | Format-List Length, LastWriteTime
          Get-Content "artifacts/$binary.sha256"
        shell: pwsh

      - name: Prepare artifacts (Unix)
        if: runner.os != 'Windows'
        run: |
          mkdir -p artifacts
          BINARY="treemd-${{ matrix.target }}"
          cp "target/${{ matrix.target }}/release/treemd" "$BINARY"
          chmod +x "$BINARY"

          # Create tar to preserve permissions and prevent corruption
          tar -czf "artifacts/$BINARY.tar.gz" "$BINARY"
          sha256sum "$BINARY" > "artifacts/$BINARY.sha256"
          ls -lh "$BINARY"
          cat "artifacts/$BINARY.sha256"
        shell: bash

      - name: Upload artifacts
        uses: actions/upload-artifact@v4
        with:
          name: ${{ matrix.target }}
          path: artifacts/*
          if-no-files-found: error
          retention-days: 1

  release:
    name: Create Release
    runs-on: ubuntu-latest
    needs: build
    if: startsWith(github.ref, 'refs/tags/v')
    permissions:
      contents: write

    steps:
      - uses: actions/checkout@v5

      - name: Download all artifacts
        uses: actions/download-artifact@v4
        with:
          path: release-artifacts

      - name: Prepare release assets
        run: |
          mkdir -p final-release

          # Copy archives directly (tar.gz and zip preserve permissions internally)
          find release-artifacts -name "*.tar.gz" -type f -exec cp {} final-release/ \;
          find release-artifacts -name "*.zip" -type f -exec cp {} final-release/ \;

          # Copy individual SHA256 files
          find release-artifacts -name "*.sha256" -type f -exec cp {} final-release/ \;

          echo "Final release contents:"
          ls -lah final-release/

          echo "Verifying archive integrity:"
          cd final-release
          for archive in *.tar.gz; do
            [ -f "$archive" ] || continue
            echo "Testing $archive:"
            tar -tzf "$archive" | head -5
          done
          for archive in *.zip; do
            [ -f "$archive" ] || continue
            echo "Testing $archive:"
            unzip -l "$archive"
          done
        shell: bash

      - name: Generate combined checksums
        run: |
          cd final-release
          # Generate SHA256SUMS for archives (not individual binaries)
          sha256sum *.tar.gz *.zip 2>/dev/null | grep -v "No such file" > SHA256SUMS || true
          cat SHA256SUMS
        shell: bash

      - name: Create Release
        uses: softprops/action-gh-release@v2
        with:
          files: |
            final-release/*.tar.gz
            final-release/*.zip
            final-release/*.sha256
            final-release/SHA256SUMS
          generate_release_notes: true
          draft: false
          prerelease: false
          fail_on_unmatched_files: true