refactor(code): migrate build and dev to electron-vite

.github/workflows/code-build-test.yml

@@ -0,0 +1,291 @@
+name: Code Build Test
+
+# Full build + code signing + verification of apps/code on every push to this
+# branch (and on demand), producing downloadable artifacts for inspection.
+#
+# This intentionally does NOT create or publish any GitHub release — it exists
+# to prove the packaging pipeline works end to end before merge. The real
+# release pipeline lives in code-release.yml and runs only on v* tags.
+#
+# Temporary: retarget or delete the branch trigger once this branch is merged.
+
+on:
+  push:
+    branches:
+      - refactor/electron-vite
+  workflow_dispatch:
+
+concurrency:
+  group: code-build-test-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  build-macos:
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - arch: arm64
+            runner: macos-15
+          - arch: x64
+            runner: macos-15-intel
+    runs-on: ${{ matrix.runner }}
+    permissions:
+      id-token: write
+      contents: read
+    env:
+      NODE_OPTIONS: "--max-old-space-size=8192"
+      NODE_ENV: production
+      npm_config_arch: ${{ matrix.arch }}
+      npm_config_platform: darwin
+      VITE_POSTHOG_API_KEY: ${{ secrets.VITE_POSTHOG_API_KEY }}
+      VITE_POSTHOG_API_HOST: ${{ secrets.VITE_POSTHOG_API_HOST }}
+      POSTHOG_SOURCEMAP_API_KEY: ${{ secrets.POSTHOG_SOURCEMAP_API_KEY }}
+      POSTHOG_ENV_ID: ${{ secrets.POSTHOG_ENV_ID }}
+      POSTHOG_HOST: ${{ secrets.POSTHOG_HOST }}
+      CSC_LINK: ${{ secrets.APPLE_CODESIGN_CERT_BASE64 }}
+      CSC_KEY_PASSWORD: ${{ secrets.APPLE_CODESIGN_CERT_PASSWORD }}
+      APPLE_ID: ${{ secrets.APPLE_ID }}
+      APPLE_APP_SPECIFIC_PASSWORD: ${{ secrets.APPLE_APP_SPECIFIC_PASSWORD }}
+      APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          fetch-depth: 0
+          persist-credentials: false
+
+      - name: Setup pnpm
+        uses: pnpm/action-setup@b906affcce14559ad1aafd4ab0e942779e9f58b1 # v4.3.0
+
+      - name: Setup Node.js
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
+        with:
+          node-version: 22
+          cache: "pnpm"
+
+      - name: Install dependencies
+        run: pnpm install --frozen-lockfile
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a # v4.3.1
+        with:
+          role-to-assume: ${{ secrets.AWS_TWIG_APP_ASSETS_ROLE_ARN }}
+          aws-region: ${{ secrets.AWS_TWIG_APP_ASSETS_REGION }}
+          mask-aws-account-id: true
+          unset-current-credentials: true
+
+      - name: Download BerkeleyMono fonts from S3
+        run: aws s3 cp s3://${{ secrets.AWS_TWIG_APP_ASSETS_BUCKET }}/fonts/BerkeleyMono/ apps/code/assets/fonts/BerkeleyMono/ --recursive
+
+      - name: Build workspace packages
+        run: |
+          pnpm --filter @posthog/electron-trpc run build
+          pnpm --filter @posthog/platform run build
+          pnpm --filter @posthog/shared run build
+          pnpm --filter @posthog/git run build
+          pnpm --filter @posthog/enricher run build
+          pnpm --filter @posthog/agent run build
+
+      - name: Build app
+        env:
+          MATRIX_ARCH: ${{ matrix.arch }}
+        working-directory: apps/code
+        run: |
+          pnpm exec electron-vite build
+          if [[ "$MATRIX_ARCH" == "arm64" ]]; then
+            pnpm exec electron-builder build --mac --arm64 --publish never --config electron-builder.ts
+          else
+            pnpm exec electron-builder build --mac --x64 --publish never --config electron-builder.ts
+          fi
+
+      - name: Verify package
+        env:
+          MATRIX_ARCH: ${{ matrix.arch }}
+        run: |
+          if [[ "$MATRIX_ARCH" == "arm64" ]]; then
+            APP_BUNDLE="apps/code/out/mac-arm64/PostHog Code.app"
+          else
+            APP_BUNDLE="apps/code/out/mac/PostHog Code.app"
+          fi
+          RESOURCES="$APP_BUNDLE/Contents/Resources"
+          UNPACKED="$RESOURCES/app.asar.unpacked/node_modules"
+
+          if [[ ! -f "$RESOURCES/app-update.yml" ]]; then
+            echo "FAIL: app-update.yml missing at $RESOURCES/app-update.yml"
+            exit 1
+          fi
+          echo "OK: app-update.yml"
+
+          for mod in node-pty better-sqlite3 "@parcel/watcher"; do
+            if [[ ! -d "$UNPACKED/$mod" ]]; then
+              echo "FAIL: $mod missing in app.asar.unpacked/node_modules"
+              exit 1
+            fi
+            echo "OK: $mod"
+          done
+
+          for bin in claude-cli codex-acp; do
+            if [[ ! -d "$RESOURCES/app.asar.unpacked/.vite/build/$bin" ]]; then
+              echo "FAIL: $bin missing in bundled binaries"
+              exit 1
+            fi
+            echo "OK: $bin"
+          done
+
+      - name: Install Playwright
+        run: pnpm --filter code exec playwright install
+
+      - name: Smoke test packaged app
+        env:
+          CI: true
+          E2E_APP_ARCH: ${{ matrix.arch }}
+        run: pnpm --filter code exec playwright test --config=tests/e2e/playwright.config.ts tests/e2e/tests/smoke.spec.ts
+
+      - name: Upload Playwright report
+        if: failure()
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        with:
+          name: build-test-playwright-macos-${{ matrix.arch }}
+          path: apps/code/playwright-report/
+          retention-days: 7
+
+      - name: Upload artifacts
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        with:
+          name: code-macos-${{ matrix.arch }}
+          path: |
+            apps/code/out/*.dmg
+            apps/code/out/*-mac.zip
+            apps/code/out/*.blockmap
+            apps/code/out/latest-mac.yml
+          retention-days: 7
+
+  build-windows:
+    runs-on: windows-2022
+    permissions:
+      contents: read
+    env:
+      NODE_OPTIONS: "--max-old-space-size=8192"
+      NODE_ENV: production
+      VITE_POSTHOG_API_KEY: ${{ secrets.VITE_POSTHOG_API_KEY }}
+      VITE_POSTHOG_API_HOST: ${{ secrets.VITE_POSTHOG_API_HOST }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          fetch-depth: 0
+          persist-credentials: false
+
+      - name: Setup pnpm
+        uses: pnpm/action-setup@b906affcce14559ad1aafd4ab0e942779e9f58b1 # v4.3.0
+
+      - name: Setup Node.js
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
+        with:
+          node-version: 22
+          cache: "pnpm"
+
+      - name: Install dependencies
+        run: pnpm install --frozen-lockfile
+
+      - name: Build workspace packages
+        run: |
+          pnpm --filter @posthog/electron-trpc run build
+          pnpm --filter @posthog/platform run build
+          pnpm --filter @posthog/shared run build
+          pnpm --filter @posthog/git run build
+          pnpm --filter @posthog/enricher run build
+          pnpm --filter @posthog/agent run build
+
+      - name: Build app
+        working-directory: apps/code
+        run: |
+          pnpm exec electron-vite build
+          pnpm exec electron-builder build --win --x64 --publish never --config electron-builder.ts
+
+      - name: Upload artifacts
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        with:
+          name: code-windows
+          path: |
+            apps/code/out/*.exe
+            apps/code/out/latest.yml
+            apps/code/out/*.blockmap
+            apps/code/out/squirrel-windows/**
+          retention-days: 7
+          if-no-files-found: ignore
+
+  build-linux:
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - runner: ubuntu-24.04
+            arch: x64
+          - runner: ubuntu-24.04-arm
+            arch: arm64
+    runs-on: ${{ matrix.runner }}
+    permissions:
+      contents: read
+    env:
+      NODE_OPTIONS: "--max-old-space-size=8192"
+      NODE_ENV: production
+      VITE_POSTHOG_API_KEY: ${{ secrets.VITE_POSTHOG_API_KEY }}
+      VITE_POSTHOG_API_HOST: ${{ secrets.VITE_POSTHOG_API_HOST }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          fetch-depth: 0
+          persist-credentials: false
+
+      - name: Install Linux packaging tooling
+        # squashfs-tools/zsync/libfuse2t64: AppImage. fakeroot: deb. rpm: rpmbuild.
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y --no-install-recommends \
+            squashfs-tools zsync libfuse2t64 fakeroot rpm
+
+      - name: Setup pnpm
+        uses: pnpm/action-setup@b906affcce14559ad1aafd4ab0e942779e9f58b1 # v4.3.0
+
+      - name: Setup Node.js
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
+        with:
+          node-version: 22
+          cache: "pnpm"
+
+      - name: Install dependencies
+        run: pnpm install --frozen-lockfile
+
+      - name: Build workspace packages
+        run: |
+          pnpm --filter @posthog/electron-trpc run build
+          pnpm --filter @posthog/platform run build
+          pnpm --filter @posthog/shared run build
+          pnpm --filter @posthog/git run build
+          pnpm --filter @posthog/enricher run build
+          pnpm --filter @posthog/agent run build
+
+      - name: Build app
+        env:
+          MATRIX_ARCH: ${{ matrix.arch }}
+        working-directory: apps/code
+        run: |
+          pnpm exec electron-vite build
+          if [[ "$MATRIX_ARCH" == "arm64" ]]; then
+            pnpm exec electron-builder build --linux --arm64 --publish never --config electron-builder.ts
+          else
+            pnpm exec electron-builder build --linux --x64 --publish never --config electron-builder.ts
+          fi
+
+      - name: Upload artifacts
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        with:
+          name: code-linux-${{ matrix.arch }}
+          path: |
+            apps/code/out/*.AppImage
+            apps/code/out/*.deb
+            apps/code/out/*.rpm
+          retention-days: 7

.github/workflows/code-release.yml

@@ -149,11 +149,11 @@ jobs:
           MATRIX_ARCH: ${{ matrix.arch }}
         working-directory: apps/code
         run: |
-          node scripts/build.mjs
+          pnpm exec electron-vite build
           if [[ "$MATRIX_ARCH" == "arm64" ]]; then
-            pnpm exec electron-builder build --mac --arm64 --publish never --config electron-builder.config.cjs
+            pnpm exec electron-builder build --mac --arm64 --publish never --config electron-builder.ts
           else
-            pnpm exec electron-builder build --mac --x64 --publish never --config electron-builder.config.cjs
+            pnpm exec electron-builder build --mac --x64 --publish never --config electron-builder.ts
           fi
 
       - name: Verify package
@@ -305,8 +305,8 @@ jobs:
           APP_VERSION: ${{ steps.version.outputs.version }}
         working-directory: apps/code
         run: |
-          node scripts/build.mjs
-          pnpm exec electron-builder build --win --x64 --publish never --config electron-builder.config.cjs
+          pnpm exec electron-vite build
+          pnpm exec electron-builder build --win --x64 --publish never --config electron-builder.ts
 
       - name: Upload release artifacts
         shell: pwsh
@@ -422,11 +422,11 @@ jobs:
           MATRIX_ARCH: ${{ matrix.arch }}
         working-directory: apps/code
         run: |
-          node scripts/build.mjs
+          pnpm exec electron-vite build
           if [[ "$MATRIX_ARCH" == "arm64" ]]; then
-            pnpm exec electron-builder build --linux --arm64 --publish never --config electron-builder.config.cjs
+            pnpm exec electron-builder build --linux --arm64 --publish never --config electron-builder.ts
           else
-            pnpm exec electron-builder build --linux --x64 --publish never --config electron-builder.config.cjs
+            pnpm exec electron-builder build --linux --x64 --publish never --config electron-builder.ts
           fi
 
       - name: Upload release artifacts