From cd1cb27d49b72a83ffda9ca820ee84cd68231e6e Mon Sep 17 00:00:00 2001
From: skepsismusic <olapro@gmail.com>
Date: Fri, 6 Feb 2026 00:30:27 +0100
Subject: [PATCH] Fix macOS build: vendor OpenSSL, improve release asset names

Co-authored-by: Cursor <cursoragent@cursor.com>
---
 .github/workflows/release.yml | 47 +++++++++++++++++++++++++++--------
 backend/Cargo.lock            | 10 ++++++++
 backend/Cargo.toml            |  4 +--
 3 files changed, 48 insertions(+), 13 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 1d73e84..037688c 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -10,21 +10,27 @@ permissions:
 
 jobs:
   build:
-    name: Build ${{ matrix.target }}
+    name: Build ${{ matrix.name }}
     runs-on: ${{ matrix.os }}
     strategy:
       fail-fast: false
       matrix:
         include:
-          - target: x86_64-unknown-linux-gnu
+          - name: Linux (x86_64)
+            target: x86_64-unknown-linux-gnu
             os: ubuntu-latest
             archive: tar.gz
-          - target: x86_64-apple-darwin
+            asset_name: ironpad-linux-x86_64
+          - name: macOS (x86_64)
+            target: x86_64-apple-darwin
             os: macos-latest
             archive: tar.gz
-          - target: x86_64-pc-windows-msvc
+            asset_name: ironpad-macos-x86_64
+          - name: Windows (x86_64)
+            target: x86_64-pc-windows-msvc
             os: windows-latest
             archive: zip
+            asset_name: ironpad-windows-x86_64
 
     steps:
       - name: Checkout
@@ -35,6 +41,10 @@ jobs:
         with:
           targets: ${{ matrix.target }}
 
+      - name: Install system dependencies (Linux)
+        if: runner.os == 'Linux'
+        run: sudo apt-get update && sudo apt-get install -y cmake
+
       - name: Install Node.js
         uses: actions/setup-node@v4
         with:
@@ -60,10 +70,9 @@ jobs:
         if: matrix.archive == 'tar.gz'
         shell: bash
         run: |
-          BINARY_NAME="ironpad"
-          RELEASE_DIR="ironpad-${{ github.ref_name }}-${{ matrix.target }}"
+          RELEASE_DIR="${{ matrix.asset_name }}-${{ github.ref_name }}"
           mkdir -p "$RELEASE_DIR"
-          cp "backend/target/${{ matrix.target }}/release/$BINARY_NAME" "$RELEASE_DIR/"
+          cp "backend/target/${{ matrix.target }}/release/ironpad" "$RELEASE_DIR/"
           cp README.md LICENSE "$RELEASE_DIR/"
           tar czf "$RELEASE_DIR.tar.gz" "$RELEASE_DIR"
           echo "ASSET=$RELEASE_DIR.tar.gz" >> $GITHUB_ENV
@@ -72,10 +81,9 @@ jobs:
         if: matrix.archive == 'zip'
         shell: bash
         run: |
-          BINARY_NAME="ironpad.exe"
-          RELEASE_DIR="ironpad-${{ github.ref_name }}-${{ matrix.target }}"
+          RELEASE_DIR="${{ matrix.asset_name }}-${{ github.ref_name }}"
           mkdir -p "$RELEASE_DIR"
-          cp "backend/target/${{ matrix.target }}/release/$BINARY_NAME" "$RELEASE_DIR/"
+          cp "backend/target/${{ matrix.target }}/release/ironpad.exe" "$RELEASE_DIR/"
           cp README.md LICENSE "$RELEASE_DIR/"
           7z a "$RELEASE_DIR.zip" "$RELEASE_DIR"
           echo "ASSET=$RELEASE_DIR.zip" >> $GITHUB_ENV
@@ -83,7 +91,7 @@ jobs:
       - name: Upload artifact
         uses: actions/upload-artifact@v4
         with:
-          name: ironpad-${{ matrix.target }}
+          name: ${{ matrix.asset_name }}
           path: ${{ env.ASSET }}
 
   release:
@@ -99,6 +107,23 @@ jobs:
       - name: Create GitHub Release
         uses: softprops/action-gh-release@v2
         with:
+          name: Ironpad ${{ github.ref_name }}
+          body: |
+            ## Downloads
+
+            | Platform | File |
+            |----------|------|
+            | Windows (x86_64) | `ironpad-windows-x86_64-${{ github.ref_name }}.zip` |
+            | macOS (x86_64) | `ironpad-macos-x86_64-${{ github.ref_name }}.tar.gz` |
+            | Linux (x86_64) | `ironpad-linux-x86_64-${{ github.ref_name }}.tar.gz` |
+
+            **Linux:** Extract the tar.gz and run `./ironpad`. Works on any distro -- it's a standalone binary with no dependencies.
+
+            **macOS:** Extract and run. You may need to allow it in System Settings > Privacy & Security on first launch.
+
+            **Windows:** Extract the zip and run `ironpad.exe`.
+
+            ---
           files: artifacts/**/*
           generate_release_notes: true
         env:
diff --git a/backend/Cargo.lock b/backend/Cargo.lock
index 7297547..dd243d1 100644
--- a/backend/Cargo.lock
+++ b/backend/Cargo.lock
@@ -1141,6 +1141,15 @@ version = "0.1.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "d05e27ee213611ffe7d6348b942e8f942b37114c00cc03cec254295a4a17852e"
 
+[[package]]
+name = "openssl-src"
+version = "300.5.5+3.5.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3f1787d533e03597a7934fd0a765f0d28e94ecc5fb7789f8053b1e699a56f709"
+dependencies = [
+ "cc",
+]
+
 [[package]]
 name = "openssl-sys"
 version = "0.9.111"
@@ -1149,6 +1158,7 @@ checksum = "82cab2d520aa75e3c58898289429321eb788c3106963d0dc886ec7a5f4adc321"
 dependencies = [
  "cc",
  "libc",
+ "openssl-src",
  "pkg-config",
  "vcpkg",
 ]
diff --git a/backend/Cargo.toml b/backend/Cargo.toml
index 54d6700..43b1ce2 100644
--- a/backend/Cargo.toml
+++ b/backend/Cargo.toml
@@ -21,8 +21,8 @@ serde_yaml = "0.9"
 # Markdown parsing (CommonMark)
 markdown = "1.0.0-alpha.22"
 
-# Git operations
-git2 = "0.19"
+# Git operations (vendored-openssl for cross-platform CI builds)
+git2 = { version = "0.19", features = ["vendored-openssl"] }
 
 
 # File system watching