Fix GitHub Actions

[JustLikeCheese]

修复 Linux 平台的 GitHub Actions
修复 Windows MSIX %-encoded 路径解码问题
增强 getWindowsVersion()，加了 4 次重试
Ciallo～(∠・ω< )⌒★!

Linux 的平台喔还没测试，Linux 佬可以试试
https://github.com/JustLikeCheese/CodexDesktop-Rebuild/actions/runs/27545680480

Summary by Sourcery

Fix CI build failures on Linux and Windows by replacing the Linux packaging pipeline with a custom Electron-based builder and improving Windows packaging and version checks.

New Features:

• Introduce a dedicated Linux build script that downloads Electron templates, packs the app into app.asar, copies Linux resources, and invokes Electron Forge makers for deb, rpm, and zip artifacts.

Bug Fixes:

• Decode percent-encoded paths in Windows MSIX extractions to align the filesystem with asar headers and prevent unpacked binary resolution failures.
• Make Linux builds fail fast when required @cometix/codex or Linux ripgrep vendor binaries are missing instead of silently shipping macOS binaries in Linux packages.
• Avoid treating missing main bundles as hard errors in patch scripts when sync-upstream has not populated src/.

Enhancements:

• Add retry logic to getWindowsVersion() in the sync script to improve resilience of Windows version detection in CI.
• Adjust Linux build npm scripts to use architecture-specific native rebuilds and the new Linux build pipeline.
• Update better-sqlite3 to a newer version.

CI:

• Tighten GitHub Actions build workflows by installing all required Linux build dependencies, enforcing artifact presence with if-no-files-found=error, and wiring the workflow to the new Linux build process.

[sourcery-ai]

Reviewer's Guide

Refactors Linux build to bypass @electron/packager on CI, tightens Linux packaging safety, fixes Windows MSIX percent-encoded paths, hardens Windows version detection, and makes the GitHub Actions workflows fail-fast when artifacts or dependencies are missing.

Sequence diagram for Windows syncWin MSIX path decoding

sequenceDiagram
  participant syncWin
  participant decodePercentNames
  participant assembleOutput

  syncWin->>decodePercentNames: decodePercentNames(app.asar.unpacked)
  decodePercentNames-->>syncWin: [percent-encoded paths decoded]
  syncWin->>assembleOutput: assembleOutput(resourcesDir, destDir, Windows)
  assembleOutput-->>syncWin: info
  syncWin-->>syncWin: return info

Loading

File-Level Changes

Change	Details	Files
Fix Windows MSIX extraction by normalizing percent-encoded file and directory names before assembling output.	Introduce a recursive decodePercentNames() helper that scans app.asar.unpacked and renames entries whose names contain %XX sequences using decodeURIComponent. Integrate decodePercentNames() into the Windows sync pipeline so unpacked .node binaries match asar header paths and extraction no longer fails on scoped package directories.	scripts/sync-upstream.js
Improve robustness of Windows version detection in the sync script.	Wrap getWindowsVersion() in a retry loop with up to 4 attempts, logging attempt counts and errors. Add exponential backoff-style delays between attempts to mitigate transient failures while preserving existing result structure.	scripts/sync-upstream.js
Rework Linux build pipeline to avoid extract-zip issues on CI and to explicitly rebuild native modules per-arch.	Add a new build-from-upstream-linux.js script that downloads Electron using @electron/get, extracts it via the system unzip, packs src/ into app.asar with @electron/asar, copies Linux resources from src/mac-{arch}, strips cross-arch helper binaries, and runs @electron-forge makers for deb, rpm, and zip. Update package.json Linux build scripts to call rebuild:native:x64 / rebuild:native:arm64 and the new build-from-upstream-linux.js instead of electron-forge make directly. Introduce arch-specific electron-rebuild scripts (rebuild:native:x64 and rebuild:native:arm64) while keeping the old rebuild:native as a generic entry point.	scripts/build-from-upstream-linux.js package.json
Harden Linux packaging so we never ship upstream macOS binaries inside Linux artifacts.	In prepare-src.js, when running on Linux, fail the build (process.exit(1)) if the @cometix/codex vendor binary is missing instead of leaving the upstream macOS Mach-O binary in place. Similarly fail when a Linux ripgrep (rg) binary is not found in the vendor directory, instead of silently keeping upstream macOS Mach-O rg.	scripts/prepare-src.js
Make patch scripts no-op instead of hard-failing when src/ hasn’t been populated by sync-upstream.	Change patch-copyright.js to log a [skip] message and return when no main bundle is found, instead of treating it as an error and exiting. Apply the same behavior to patch-devtools.js so it also skips gracefully when bundles are absent.	scripts/patch-copyright.js scripts/patch-devtools.js
Tighten GitHub Actions behavior and Linux CI environment for build jobs.	Add if-no-files-found: error to all artifact upload steps for macOS, Windows, and Linux to turn missing artifacts into explicit CI failures. Expand the Linux build job’s apt dependencies to include build-essential, python3, and libudev-dev to support native builds and Electron tooling. Ensure Linux build artifacts (deb/rpm/zip) uploads also fail the job if no files are found.	.github/workflows/build.yml
Align dependency versions with the new Linux build flow.	Bump better-sqlite3 to ^12.10.1 to stay current and compatible with the updated native build setup. Regenerate package-lock.json to capture updated dependencies and ensure reproducible installs.	package.json package-lock.json

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[sourcery-ai]

Hey - I've found 2 issues, and left some high level feedback:

• In decodePercentNames, consider handling the case where the decoded name already exists in the target directory before calling fs.renameSync, otherwise a collision between encoded/decoded names could throw and abort processing of the rest of the tree.
• In build-from-upstream-linux.js, it might be safer to explicitly check for the presence of the unzip binary (or wrap execFileSync('unzip', ...) with a clearer error) so that CI or local environments without unzip fail with a more actionable message.

Prompt for AI Agents

Please address the comments from this code review:

## Overall Comments
- In `decodePercentNames`, consider handling the case where the decoded name already exists in the target directory before calling `fs.renameSync`, otherwise a collision between encoded/decoded names could throw and abort processing of the rest of the tree.
- In `build-from-upstream-linux.js`, it might be safer to explicitly check for the presence of the `unzip` binary (or wrap `execFileSync('unzip', ...)` with a clearer error) so that CI or local environments without `unzip` fail with a more actionable message.

## Individual Comments

### Comment 1
<location path="scripts/sync-upstream.js" line_range="220-229" />
<code_context>
   return info;
 }

+function decodePercentNames(root) {
+  if (!fs.existsSync(root)) return;
+  let renamed = 0;
+  const walk = (dir) => {
+    for (const e of fs.readdirSync(dir, { withFileTypes: true })) {
+      const cur = path.join(dir, e.name);
+      let next = cur;
+      if (/%[0-9A-Fa-f]{2}/.test(e.name)) {
+        try {
+          const decoded = decodeURIComponent(e.name);
+          if (decoded !== e.name) {
+            next = path.join(dir, decoded);
+            fs.renameSync(cur, next);
+            renamed++;
+          }
+        } catch {
+          /* keep as-is on malformed sequences */
+        }
+      }
+      if (e.isDirectory()) walk(next);
+    }
+  };
+  walk(root);
+  if (renamed) console.log(`   [decode] renamed ${renamed} percent-encoded path(s)`);
+}
+
</code_context>
<issue_to_address>
**issue (bug_risk):** Handle potential name collisions when decoding percent-encoded filenames.

On Windows, `fs.renameSync` will throw if the decoded target already exists, which will abort `syncWin`. Consider checking `fs.existsSync(next)` before renaming and either skipping, logging, or resolving the conflict (e.g., by appending a suffix) so a single collision doesn’t stop the whole sync.
</issue_to_address>

### Comment 2
<location path="scripts/build-from-upstream-linux.js" line_range="50-59" />
<code_context>
+function copyLinuxResources(srcDir, destDir) {
</code_context>
<issue_to_address>
**suggestion (bug_risk):** Preserve original file permissions instead of chmod 755 for every copied file.

`chmodSync(..., 0o755)` is being applied to all copied files, which incorrectly makes non-executables (e.g., images, text files) executable and may conflict with upstream packaging expectations. Please preserve the source file mode (e.g., via `fs.statSync(srcPath).mode`) and only enforce 755 for known executables, or at least restrict chmod to files that were already executable.

Suggested implementation:

```javascript
      const srcStat = fs.statSync(srcPath);
      let mode = srcStat.mode;

      // If the source file was executable, normalize to 755.
      // Otherwise, preserve the original (non-executable) mode.
      if ((mode & 0o111) !== 0) {
        mode = 0o755;
      }

      fs.chmodSync(destPath, mode);

```

If there are other places in this file (or nearby scripts) that use `fs.chmodSync(..., 0o755)` for copies performed by `copyLinuxResources` or similar helpers, you should apply the same pattern there: compute `srcStat = fs.statSync(srcPath)`, derive `mode` from `srcStat.mode`, and only enforce `0o755` when the source file was already executable.
</issue_to_address>

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[sourcery-ai]

issue (bug_risk): Handle potential name collisions when decoding percent-encoded filenames.

On Windows, fs.renameSync will throw if the decoded target already exists, which will abort syncWin. Consider checking fs.existsSync(next) before renaming and either skipping, logging, or resolving the conflict (e.g., by appending a suffix) so a single collision doesn’t stop the whole sync.

[sourcery-ai]

suggestion (bug_risk): Preserve original file permissions instead of chmod 755 for every copied file.

chmodSync(..., 0o755) is being applied to all copied files, which incorrectly makes non-executables (e.g., images, text files) executable and may conflict with upstream packaging expectations. Please preserve the source file mode (e.g., via fs.statSync(srcPath).mode) and only enforce 755 for known executables, or at least restrict chmod to files that were already executable.

Suggested implementation:

      const srcStat = fs.statSync(srcPath);
      let mode = srcStat.mode;

      // If the source file was executable, normalize to 755.
      // Otherwise, preserve the original (non-executable) mode.
      if ((mode & 0o111) !== 0) {
        mode = 0o755;
      }

      fs.chmodSync(destPath, mode);

If there are other places in this file (or nearby scripts) that use fs.chmodSync(..., 0o755) for copies performed by copyLinuxResources or similar helpers, you should apply the same pattern there: compute srcStat = fs.statSync(srcPath), derive mode from srcStat.mode, and only enforce 0o755 when the source file was already executable.

[MAE5blog]

I tested a very similar fix set on a native Ubuntu 24.04 arm64 host and wanted to confirm that the overall direction here is correct.

What matched the root causes we reproduced locally:

• better-sqlite3@12.4.6 + Electron 42 / V8 14.x failed during electron-rebuild with the SetNativeDataProperty / v8::External API breakage.
• Linux packaging also needed to avoid carrying the wrong @oai/sky/bin/linux/sky_linux_* binary into the final artifact, otherwise RPM strip would fail on arm64.

What we validated locally:

• Built 26.609.71450 successfully on native arm64 and produced .deb, .rpm, and .zip artifacts.
• Switched the machine to the produced build and it is currently running successfully, so this was not just a compile-only check.

Two follow-ups I would still recommend before merge:

1. package.json still keeps @electron/rebuild at ^3.7.1. The exact pair we validated end-to-end was @electron/rebuild ^4.0.4 + better-sqlite3 ^12.11.1. 12.10.1 may already be enough, but if CI / arm64 still flakes, that version pair is worth aligning to.
2. Please add at least one post-build runtime smoke for Linux arm64 artifacts. In our local run, build artifacts were green, but Browser / Chrome functionality still depended on shipping Linux-arm64 runtime assets such as resources/node_repl, node_repl-obu, and plugins/openai-bundled/plugins/chrome/extension-host/linux/arm64/extension-host. The packaging fix and the runtime completeness check ended up being two separate steps for us.

Overall: this PR is moving in the right direction and it matches the failures we reproduced locally on arm64.