Create Release #155
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "Create Release" | |
| on: | |
| # Allow manual | |
| workflow_dispatch: | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| create-release: | |
| permissions: | |
| contents: write | |
| runs-on: ubuntu-latest | |
| outputs: | |
| release_id: ${{ steps.create-release.outputs.result }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: setup node | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: 20 | |
| - name: Get app version | |
| run: echo "PACKAGE_VERSION=$(node -p "require('./apps/desktop/src-tauri/tauri.conf.json').package.version")" >> $GITHUB_ENV | |
| - name: Create release or skip | |
| id: create-release | |
| uses: actions/github-script@v7 | |
| with: | |
| script: | | |
| const { script } = await import('${{ github.workspace }}/scripts/actions/create-release.js') | |
| return await script({ github, context }); | |
| build-tauri: | |
| name: Build (${{ matrix.settings.os }}) | |
| needs: create-release | |
| permissions: | |
| contents: write | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| settings: | |
| - host: macos-latest | |
| target: universal-apple-darwin | |
| toolchain: aarch64-apple-darwin,x86_64-apple-darwin | |
| bundles: app,dmg | |
| os: darwin | |
| - host: windows-latest | |
| target: x86_64-pc-windows-msvc | |
| toolchain: x86_64-pc-windows-msvc | |
| bundles: msi,nsis | |
| os: windows | |
| - host: ubuntu-latest | |
| target: x86_64-unknown-linux-gnu | |
| toolchain: x86_64-unknown-linux-gnu | |
| bundles: deb,appimage | |
| os: linux | |
| env: | |
| APP_DIR: "apps/desktop" | |
| runs-on: ${{ matrix.settings.host }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Setup node | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: 20 | |
| - name: Install Rust stable | |
| uses: dtolnay/rust-toolchain@stable | |
| with: | |
| target: "${{ matrix.settings.toolchain }}" | |
| - uses: Swatinem/rust-cache@v2 | |
| with: | |
| workspaces: "apps/desktop/src-tauri/target" | |
| - name: install dependencies (ubuntu only) | |
| if: matrix.settings.host == 'ubuntu-latest' | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y libgtk-3-dev libwebkit2gtk-4.1-dev libappindicator3-dev librsvg2-dev patchelf | |
| - uses: pnpm/action-setup@v3 | |
| with: | |
| version: 9 | |
| - name: install frontend dependencies | |
| run: pnpm install | |
| - uses: tauri-apps/tauri-action@dev | |
| env: | |
| APPLE_ID: "${{ secrets.APPLE_ID }}" | |
| APPLE_PASSWORD: "${{ secrets.APPLE_PASSWORD }}" | |
| APPLE_TEAM_ID: "${{ secrets.APPLE_TEAM_ID }}" | |
| APPLE_SIGNING_IDENTITY: "${{ secrets.APPLE_SIGNING_IDENTITY }}" | |
| APPLE_CERTIFICATE: "${{ secrets.APPLE_CERTIFICATE }}" | |
| APPLE_CERTIFICATE_PASSWORD: "${{ secrets.APPLE_CERTIFICATE_PASSWORD }}" | |
| TAURI_SIGNING_PRIVATE_KEY: "${{ secrets.TAURI_SIGNING_PRIVATE_KEY }}" | |
| TAURI_SIGNING_PUBLIC_KEY: "${{ secrets.TAURI_SIGNING_PUBLIC_KEY }}" | |
| GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" | |
| VITE_AXIOM_TOKEN: "${{ secrets.VITE_AXIOM_TOKEN }}" | |
| VITE_SENTRY_AUTH_TOKEN: "${{ secrets.VITE_SENTRY_AUTH_TOKEN }}" | |
| with: | |
| projectPath: "${{ env.APP_DIR }}" | |
| releaseId: ${{ needs.create-release.outputs.release_id }} | |
| args: --target ${{ matrix.settings.target }} --bundles ${{ matrix.settings.bundles }},updater | |
| sign-windows: | |
| runs-on: ubuntu-latest | |
| needs: [create-release, build-tauri] | |
| permissions: | |
| contents: write | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Download draft binaries | |
| uses: actions/github-script@v7 | |
| with: | |
| script: | | |
| const { script } = await import('${{ github.workspace }}/scripts/actions/download-draft-bins.js') | |
| const id = "${{ needs.create-release.outputs.release_id }}"; | |
| await script({ github, context }, id); | |
| env: | |
| # NOTE: we need this to download the bins | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Presign | |
| run: | | |
| ls -hal binaries | |
| sha1sum binaries/* | |
| - name: Sign Windows Binaries | |
| run: | | |
| echo "Starting code sign for windows bins..." | |
| docker run -v "./binaries:/code/binaries" ghcr.io/sslcom/codesigner:latest batch_sign \ | |
| -username=${ES_USERNAME} \ | |
| -password=${ES_PASSWORD} \ | |
| -credential_id=${ES_CREDENTIAL_ID} \ | |
| -totp_secret=${ES_TOTP_SECRET} \ | |
| -input_dir_path="/code/binaries" \ | |
| -output_dir_path="/code/binaries/signed" | |
| env: | |
| ES_USERNAME: "${{ secrets.ES_USERNAME }}" | |
| ES_PASSWORD: "${{ secrets.ES_PASSWORD }}" | |
| ES_CREDENTIAL_ID: "${{ secrets.ES_CREDENTIAL_ID }}" | |
| ES_TOTP_SECRET: "${{ secrets.ES_TOTP_SECRET }}" | |
| - name: Postsign | |
| run: | | |
| ls -hal binaries/signed | |
| sha1sum binaries/signed/* | |
| - name: Upload signed windows binaries | |
| uses: actions/github-script@v7 | |
| with: | |
| script: | | |
| const { script } = await import('${{ github.workspace }}/scripts/actions/upload-signed-bins.js'); | |
| const id = "${{ needs.create-release.outputs.release_id }}"; | |
| await script({ github, context }, id); |