update node requirements and applied audit fixes #141
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build Matrix | |
on: | |
# run for all pull requests that should go into the master | |
pull_request: | |
branches: | |
- master | |
# run when a new semantic version tag got pushed (a release) | |
push: | |
tags: | |
- "v[0-9]+.[0-9]+(.[0-9]+)?(-[a-z]+(.[0-9])?)?" | |
# allow to run the workflow manually from the actions tab | |
workflow_dispatch: | |
jobs: | |
variables: | |
outputs: | |
ref_name: ${{ steps.var.outputs.ref_name}} | |
runs-on: "ubuntu-20.04" | |
steps: | |
- name: Setting Global Variables | |
uses: actions/github-script@v7 | |
id: var | |
with: | |
script: | | |
core.setOutput('ref_name', '${{ github.ref_name }}'.toLowerCase().replaceAll(/[/\\*?]/g, '_').trim()); | |
build: | |
name: ${{ matrix.config.name }} | |
needs: [variables] | |
runs-on: ${{ matrix.config.os }} | |
strategy: | |
fail-fast: false | |
matrix: | |
config: | |
- { | |
name: "Windows", | |
executable_name: "Restic-Browser.exe", | |
os: windows-2022, | |
} | |
- { | |
name: "Ubuntu", | |
executable_name: "restic-browser", | |
os: ubuntu-20.04, | |
} | |
- { | |
name: "macOS", | |
executable_name: "Restic-Browser.app", | |
os: macos-13, | |
} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Rust Setup (Windows & Linux) | |
uses: dtolnay/rust-toolchain@stable | |
if: ${{ matrix.config.name != 'macOS' }} | |
- name: Rust Setup (macOS) | |
uses: dtolnay/rust-toolchain@stable | |
with: | |
targets: "aarch64-apple-darwin, x86_64-apple-darwin" | |
if: ${{ matrix.config.name == 'macOS' }} | |
- name: Rust Cache | |
uses: swatinem/rust-cache@v2 | |
with: | |
workspaces: "./src-tauri -> target" | |
- name: Node Setup | |
uses: actions/setup-node@v4 | |
with: | |
node-version: "lts/Jod" | |
cache: "npm" | |
- name: System dependencies (Linux) | |
run: | | |
sudo apt update | |
sudo apt install -y libgtk-3-dev libwebkit2gtk-4.0-dev | |
if: ${{ matrix.config.name == 'Ubuntu' }} | |
- name: Node dependencies | |
run: npm ci | |
- name: Build (Windows) | |
run: npm run tauri build | |
if: ${{ matrix.config.name == 'Windows' }} | |
- name: Build (Linux) | |
run: npm run tauri build | |
if: ${{ matrix.config.name == 'Ubuntu' }} | |
- name: Build (macOS) | |
run: npm run tauri build -- --target universal-apple-darwin | |
if: ${{ matrix.config.name == 'macOS' }} | |
- name: Code Sign (Windows) | |
env: | |
WINDOWS_CODE_CERT_DATA: ${{ secrets.WINDOWS_CODE_CERT_DATA }} | |
WINDOWS_CODE_CERT_PASS: ${{ secrets.WINDOWS_CODE_CERT_PASS }} | |
if: ${{ matrix.config.name == 'Windows' && env.WINDOWS_CODE_CERT_DATA != null && env.WINDOWS_CODE_CERT_PASS != null }} | |
uses: lando/code-sign-action@v3 | |
with: | |
file: ./src-tauri/target/release/${{ matrix.config.executable_name }} | |
certificate-data: ${{ secrets.WINDOWS_CODE_CERT_DATA }} | |
certificate-password: ${{ secrets.WINDOWS_CODE_CERT_PASS }} | |
- name: Code Sign (macOS) | |
env: | |
MACOS_CODE_CERT_DATA: ${{ secrets.MACOS_CODE_CERT_DATA }} | |
MACOS_CODE_CERT_PASS: ${{ secrets.MACOS_CODE_CERT_PASS }} | |
MACOS_CODE_CERT_TEAM_ID: ${{ secrets.MACOS_CODE_CERT_TEAM_ID }} | |
MACOS_EXECUTABLE_PATH: ./src-tauri/target/universal-apple-darwin/release/bundle/macos/${{ matrix.config.executable_name }} | |
if: ${{ matrix.config.name == 'macOS' && env.MACOS_CODE_CERT_DATA != null && env.MACOS_CODE_CERT_PASS != null && env.MACOS_CODE_CERT_TEAM_ID != null }} | |
run: | | |
echo $MACOS_CODE_CERT_DATA | base64 --decode > certificate.p12 | |
security create-keychain -p $MACOS_CODE_CERT_PASS build.keychain | |
security default-keychain -s build.keychain | |
security unlock-keychain -p $MACOS_CODE_CERT_PASS build.keychain | |
security import certificate.p12 -k build.keychain -P $MACOS_CODE_CERT_PASS -T /usr/bin/codesign | |
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $MACOS_CODE_CERT_PASS build.keychain | |
/usr/bin/codesign --force -s $MACOS_CODE_CERT_TEAM_ID --entitlements ./src-tauri/entitlements.plist --deep --options=runtime "$MACOS_EXECUTABLE_PATH" | |
- name: Notarize (macOS) | |
env: | |
MACOS_NOTARY_USER: ${{ secrets.MACOS_NOTARY_USER }} | |
MACOS_NOTARY_PASS: ${{ secrets.MACOS_NOTARY_PASS }} | |
if: ${{ matrix.config.name == 'macOS' && env.MACOS_NOTARY_USER != null && env.MACOS_NOTARY_USER != null }} | |
uses: lando/notarize-action@v2 | |
with: | |
appstore-connect-username: ${{ secrets.MACOS_NOTARY_USER }} | |
appstore-connect-password: ${{ secrets.MACOS_NOTARY_PASS }} | |
appstore-connect-team-id: ${{ secrets.MACOS_CODE_CERT_TEAM_ID }} | |
primary-bundle-id: org.restic.browser | |
product-path: ./src-tauri/target/universal-apple-darwin/release/bundle/macos/${{ matrix.config.executable_name }} | |
verbose: false | |
- name: Upload Artifact (Windows) | |
if: ${{ matrix.config.name == 'Windows' }} | |
uses: actions/upload-artifact@v4 | |
with: | |
name: "Restic-Browser-${{ needs.variables.outputs.ref_name }}-windows" | |
path: ./src-tauri/target/release/*.exe | |
if-no-files-found: error | |
- name: Prepare Upload Artifact (Linux) | |
if: ${{ matrix.config.name == 'Ubuntu' }} | |
run: | | |
set -e | |
cd ./src-tauri/target/release | |
tar -cvf ${{ matrix.config.executable_name }}.tar ${{ matrix.config.executable_name }} | |
cd ./bundle/appimage | |
mv *.AppImage ${{ matrix.config.executable_name }}.AppImage | |
- name: Upload Artifact (Linux, Executable) | |
if: ${{ matrix.config.name == 'Ubuntu' }} | |
uses: actions/upload-artifact@v4 | |
with: | |
name: "Restic-Browser-${{ needs.variables.outputs.ref_name }}-linux" | |
path: ./src-tauri/target/release/*.tar | |
if-no-files-found: error | |
- name: Upload Artifact (Linux, AppImage) | |
if: ${{ matrix.config.name == 'Ubuntu' }} | |
uses: actions/upload-artifact@v4 | |
with: | |
name: "Restic-Browser-${{ needs.variables.outputs.ref_name }}-linux-appimage" | |
path: ./src-tauri/target/release/bundle/appimage/*.AppImage | |
if-no-files-found: error | |
- name: Prepare Upload Artifact (macOS) | |
if: ${{ matrix.config.name == 'macOS' }} | |
run: | | |
cd ./src-tauri/target/universal-apple-darwin/release/bundle/macos | |
tar -cvf ${{ matrix.config.executable_name }}.tar ${{ matrix.config.executable_name }} | |
- name: Upload Artifact (macOS) | |
if: ${{ matrix.config.name == 'macOS' }} | |
uses: actions/upload-artifact@v4 | |
with: | |
name: "Restic-Browser-${{ needs.variables.outputs.ref_name }}-macOS" | |
path: ./src-tauri/target/universal-apple-darwin/release/bundle/macos/*.tar | |
if-no-files-found: error |