Skip to content

update node requirements and applied audit fixes #141

update node requirements and applied audit fixes

update node requirements and applied audit fixes #141

Workflow file for this run

name: Build Matrix
on:
# run for all pull requests that should go into the master
pull_request:
branches:
- master
# run when a new semantic version tag got pushed (a release)
push:
tags:
- "v[0-9]+.[0-9]+(.[0-9]+)?(-[a-z]+(.[0-9])?)?"
# allow to run the workflow manually from the actions tab
workflow_dispatch:
jobs:
variables:
outputs:
ref_name: ${{ steps.var.outputs.ref_name}}
runs-on: "ubuntu-20.04"
steps:
- name: Setting Global Variables
uses: actions/github-script@v7
id: var
with:
script: |
core.setOutput('ref_name', '${{ github.ref_name }}'.toLowerCase().replaceAll(/[/\\*?]/g, '_').trim());
build:
name: ${{ matrix.config.name }}
needs: [variables]
runs-on: ${{ matrix.config.os }}
strategy:
fail-fast: false
matrix:
config:
- {
name: "Windows",
executable_name: "Restic-Browser.exe",
os: windows-2022,
}
- {
name: "Ubuntu",
executable_name: "restic-browser",
os: ubuntu-20.04,
}
- {
name: "macOS",
executable_name: "Restic-Browser.app",
os: macos-13,
}
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Rust Setup (Windows & Linux)
uses: dtolnay/rust-toolchain@stable
if: ${{ matrix.config.name != 'macOS' }}
- name: Rust Setup (macOS)
uses: dtolnay/rust-toolchain@stable
with:
targets: "aarch64-apple-darwin, x86_64-apple-darwin"
if: ${{ matrix.config.name == 'macOS' }}
- name: Rust Cache
uses: swatinem/rust-cache@v2
with:
workspaces: "./src-tauri -> target"
- name: Node Setup
uses: actions/setup-node@v4
with:
node-version: "lts/Jod"
cache: "npm"
- name: System dependencies (Linux)
run: |
sudo apt update
sudo apt install -y libgtk-3-dev libwebkit2gtk-4.0-dev
if: ${{ matrix.config.name == 'Ubuntu' }}
- name: Node dependencies
run: npm ci
- name: Build (Windows)
run: npm run tauri build
if: ${{ matrix.config.name == 'Windows' }}
- name: Build (Linux)
run: npm run tauri build
if: ${{ matrix.config.name == 'Ubuntu' }}
- name: Build (macOS)
run: npm run tauri build -- --target universal-apple-darwin
if: ${{ matrix.config.name == 'macOS' }}
- name: Code Sign (Windows)
env:
WINDOWS_CODE_CERT_DATA: ${{ secrets.WINDOWS_CODE_CERT_DATA }}
WINDOWS_CODE_CERT_PASS: ${{ secrets.WINDOWS_CODE_CERT_PASS }}
if: ${{ matrix.config.name == 'Windows' && env.WINDOWS_CODE_CERT_DATA != null && env.WINDOWS_CODE_CERT_PASS != null }}
uses: lando/code-sign-action@v3
with:
file: ./src-tauri/target/release/${{ matrix.config.executable_name }}
certificate-data: ${{ secrets.WINDOWS_CODE_CERT_DATA }}
certificate-password: ${{ secrets.WINDOWS_CODE_CERT_PASS }}
- name: Code Sign (macOS)
env:
MACOS_CODE_CERT_DATA: ${{ secrets.MACOS_CODE_CERT_DATA }}
MACOS_CODE_CERT_PASS: ${{ secrets.MACOS_CODE_CERT_PASS }}
MACOS_CODE_CERT_TEAM_ID: ${{ secrets.MACOS_CODE_CERT_TEAM_ID }}
MACOS_EXECUTABLE_PATH: ./src-tauri/target/universal-apple-darwin/release/bundle/macos/${{ matrix.config.executable_name }}
if: ${{ matrix.config.name == 'macOS' && env.MACOS_CODE_CERT_DATA != null && env.MACOS_CODE_CERT_PASS != null && env.MACOS_CODE_CERT_TEAM_ID != null }}
run: |
echo $MACOS_CODE_CERT_DATA | base64 --decode > certificate.p12
security create-keychain -p $MACOS_CODE_CERT_PASS build.keychain
security default-keychain -s build.keychain
security unlock-keychain -p $MACOS_CODE_CERT_PASS build.keychain
security import certificate.p12 -k build.keychain -P $MACOS_CODE_CERT_PASS -T /usr/bin/codesign
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $MACOS_CODE_CERT_PASS build.keychain
/usr/bin/codesign --force -s $MACOS_CODE_CERT_TEAM_ID --entitlements ./src-tauri/entitlements.plist --deep --options=runtime "$MACOS_EXECUTABLE_PATH"
- name: Notarize (macOS)
env:
MACOS_NOTARY_USER: ${{ secrets.MACOS_NOTARY_USER }}
MACOS_NOTARY_PASS: ${{ secrets.MACOS_NOTARY_PASS }}
if: ${{ matrix.config.name == 'macOS' && env.MACOS_NOTARY_USER != null && env.MACOS_NOTARY_USER != null }}
uses: lando/notarize-action@v2
with:
appstore-connect-username: ${{ secrets.MACOS_NOTARY_USER }}
appstore-connect-password: ${{ secrets.MACOS_NOTARY_PASS }}
appstore-connect-team-id: ${{ secrets.MACOS_CODE_CERT_TEAM_ID }}
primary-bundle-id: org.restic.browser
product-path: ./src-tauri/target/universal-apple-darwin/release/bundle/macos/${{ matrix.config.executable_name }}
verbose: false
- name: Upload Artifact (Windows)
if: ${{ matrix.config.name == 'Windows' }}
uses: actions/upload-artifact@v4
with:
name: "Restic-Browser-${{ needs.variables.outputs.ref_name }}-windows"
path: ./src-tauri/target/release/*.exe
if-no-files-found: error
- name: Prepare Upload Artifact (Linux)
if: ${{ matrix.config.name == 'Ubuntu' }}
run: |
set -e
cd ./src-tauri/target/release
tar -cvf ${{ matrix.config.executable_name }}.tar ${{ matrix.config.executable_name }}
cd ./bundle/appimage
mv *.AppImage ${{ matrix.config.executable_name }}.AppImage
- name: Upload Artifact (Linux, Executable)
if: ${{ matrix.config.name == 'Ubuntu' }}
uses: actions/upload-artifact@v4
with:
name: "Restic-Browser-${{ needs.variables.outputs.ref_name }}-linux"
path: ./src-tauri/target/release/*.tar
if-no-files-found: error
- name: Upload Artifact (Linux, AppImage)
if: ${{ matrix.config.name == 'Ubuntu' }}
uses: actions/upload-artifact@v4
with:
name: "Restic-Browser-${{ needs.variables.outputs.ref_name }}-linux-appimage"
path: ./src-tauri/target/release/bundle/appimage/*.AppImage
if-no-files-found: error
- name: Prepare Upload Artifact (macOS)
if: ${{ matrix.config.name == 'macOS' }}
run: |
cd ./src-tauri/target/universal-apple-darwin/release/bundle/macos
tar -cvf ${{ matrix.config.executable_name }}.tar ${{ matrix.config.executable_name }}
- name: Upload Artifact (macOS)
if: ${{ matrix.config.name == 'macOS' }}
uses: actions/upload-artifact@v4
with:
name: "Restic-Browser-${{ needs.variables.outputs.ref_name }}-macOS"
path: ./src-tauri/target/universal-apple-darwin/release/bundle/macos/*.tar
if-no-files-found: error