Skip to content

try again with 0.0.6 #3

try again with 0.0.6

try again with 0.0.6 #3

name: "publish"
on:
push:
branches:
- release-codesigned-0.1
jobs:
publish-tauri:
permissions:
contents: write
strategy:
fail-fast: false
matrix:
platform: [windows-2019, macos-11, ubuntu-20.04]
env:
MACOSX_DEPLOYMENT_TARGET: 10.13
runs-on: ${{ matrix.platform }}
steps:
- uses: actions/checkout@v2
- name: setup node
uses: actions/setup-node@v1
with:
node-version: 16
- name: install Rust stable
uses: actions-rs/toolchain@v1
with:
override: true
toolchain: stable
- name: install Go stable
uses: actions/setup-go@v4
with:
go-version: 'stable'
- name: install app dependencies and info
run: npm install && npm run tauri info
- name: install dependencies (ubuntu only)
if: matrix.platform == 'ubuntu-20.04'
run: |
sudo apt-get update
sudo apt-get install -y libwebkit2gtk-4.0-dev libcanberra-gtk-module libcanberra-gtk3-module build-essential curl wget libssl-dev libgtk-3-dev squashfs-tools libgtksourceview-3.0-dev libappindicator3-dev patchelf librsvg2-dev ayatana-indicator-application
- name: generate dist folder
run: npm run dist
- name: build the app (macOS and Linux only)
if: matrix.platform == 'ubuntu-20.04' || matrix.platform == 'macos-11' # HELP remove this line if Windows code signing is not wanted
uses: tauri-apps/tauri-action@dev
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
ENABLE_CODE_SIGNING: ${{ secrets.APPLE_CERTIFICATE }}
APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }}
APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
APPLE_SIGNING_IDENTITY: ${{ secrets.APPLE_SIGNING_IDENTITY }}
APPLE_ID: ${{ secrets.APPLE_ID }}
APPLE_PASSWORD: ${{ secrets.APPLE_PASSWORD }}
TAURI_PRIVATE_KEY: ${{ secrets.TAURI_PRIVATE_KEY }}
TAURI_KEY_PASSWORD: ${{ secrets.TAURI_KEY_PASSWORD }}
with:
projectPath: src-tauri # specifying to prevent action from looking for artifacts in crates/hc_launch/src-tauri
tagName: v__VERSION__ # the action automatically replaces \_\_VERSION\_\_ with the app version
releaseName: "KanDo v__VERSION__"
releaseBody: "See assets below to download and install this version."
releaseDraft: true
prerelease: true
### Everything below this line is code signing for Windows via azure key vault, following these instructions:
### https://melatonin.dev/blog/how-to-code-sign-windows-installers-with-an-ev-cert-on-github-actions/
### HELP Remove everything below if Windows code signing is wanted.
- name: build and sign the app (Windows only)
if: matrix.platform == 'windows-2019'
run: |
npm run build -- --verbose # building in verbose mode to get reasonable logging output in case of failure
dotnet tool install --global AzureSignTool
# replace-me -- HELP
# 1. replace all occurrences of [[CargoPackage]] with the name you gave your package in srct-tauri/Cargo.toml
# 2. replace all occurrences of [[productName]] with the productName field in tauri.conf.json
# 3. replace all occurrences of [[version]] with the version field in tauri.conf.json
# !! NOTE: The version field needs to be updated manually here with each new version of your app, otherwise the Windows build will fail.f
AzureSignTool sign -kvu "${{ secrets.AZURE_KEY_VAULT_URI }}" -kvi "${{ secrets.AZURE_CLIENT_ID }}" -kvt "${{ secrets.AZURE_TENANT_ID }}" -kvs "${{ secrets.AZURE_CLIENT_SECRET }}" -kvc ${{ secrets.AZURE_CERT_NAME }} -tr http://timestamp.digicert.com -v "D:\a\kando\kando\target\release\bundle/msi/KanDo_0.0.6_x64_en-US.msi"
# remove the .msi.zip and .msi.zip.sig files generated by tauri's build command as they are not code signed
rm "D:\a\kando\kando\src-tauri\target\release\bundle/msi/KanDo_0.0.6_en-US.msi.zip"
rm "D:\a\kando\kando\target\release\bundle/msi/KanDo_0.0.6_x64_en-US.msi.zip.sig"
# zip and sign the code signed .msi
7z a -mx=0 "D:\a\kando\kando\src-tauri\target\release\bundle/msi/KanDo_0.0.6_x64_en-US.msi.zip" "D:\a\kando\kando\target\release\bundle/msi/KanDo_0.0.6_x64_en-US.msi"
npm run tauri signer sign "D:\a\kando\src-tauri\kando\target\release\bundle/msi/KanDo_0.0.6_x64_en-US.msi.zip" -- -k ${{ secrets.TAURI_PRIVATE_KEY }} -p "${{ secrets.TAURI_KEY_PASSWORD }}"
# log hashes before and after code signing to verify that the uploaded assets are the right ones
CertUtil -hashfile "D:\a\kando\kando\src-tauri\target\release\bundle/msi/KanDo_0.0.6_x64_en-US.msi" SHA256
CertUtil -hashfile "D:\a\kando\kando\src-tauri\target\release\bundle/msi/KanDo_0.0.6_x64_en-US.msi.zip" SHA256
CertUtil -hashfile "D:\a\kando\kando\src-tauri\target\release\bundle/msi/KanDo_0.0.6_x64_en-US.msi.zip.sig" SHA256
env:
TAURI_PRIVATE_KEY: ${{ secrets.TAURI_PRIVATE_KEY }}
TAURI_KEY_PASSWORD: ${{ secrets.TAURI_KEY_PASSWORD }}
- name: upload signed .msi, .msi.zip, .msi.zip.sig files to github release (Windows only)
uses: matthme/tauri-action-ev-signing@dist
if: matrix.platform == 'windows-2019'
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
projectPath: src-tauri # specifying to prevent action from looking for artifacts in crates/hc_launch/src-tauri
tagName: v__VERSION__ # the action automatically replaces \_\_VERSION\_\_ with the app version
releaseName: "Holochain kando v__VERSION__"
releaseBody: "See assets below to download and install this version."
releaseDraft: true
prerelease: true