try again with 0.0.6 #3
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: "publish" | |
on: | |
push: | |
branches: | |
- release-codesigned-0.1 | |
jobs: | |
publish-tauri: | |
permissions: | |
contents: write | |
strategy: | |
fail-fast: false | |
matrix: | |
platform: [windows-2019, macos-11, ubuntu-20.04] | |
env: | |
MACOSX_DEPLOYMENT_TARGET: 10.13 | |
runs-on: ${{ matrix.platform }} | |
steps: | |
- uses: actions/checkout@v2 | |
- name: setup node | |
uses: actions/setup-node@v1 | |
with: | |
node-version: 16 | |
- name: install Rust stable | |
uses: actions-rs/toolchain@v1 | |
with: | |
override: true | |
toolchain: stable | |
- name: install Go stable | |
uses: actions/setup-go@v4 | |
with: | |
go-version: 'stable' | |
- name: install app dependencies and info | |
run: npm install && npm run tauri info | |
- name: install dependencies (ubuntu only) | |
if: matrix.platform == 'ubuntu-20.04' | |
run: | | |
sudo apt-get update | |
sudo apt-get install -y libwebkit2gtk-4.0-dev libcanberra-gtk-module libcanberra-gtk3-module build-essential curl wget libssl-dev libgtk-3-dev squashfs-tools libgtksourceview-3.0-dev libappindicator3-dev patchelf librsvg2-dev ayatana-indicator-application | |
- name: generate dist folder | |
run: npm run dist | |
- name: build the app (macOS and Linux only) | |
if: matrix.platform == 'ubuntu-20.04' || matrix.platform == 'macos-11' # HELP remove this line if Windows code signing is not wanted | |
uses: tauri-apps/tauri-action@dev | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
ENABLE_CODE_SIGNING: ${{ secrets.APPLE_CERTIFICATE }} | |
APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }} | |
APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }} | |
APPLE_SIGNING_IDENTITY: ${{ secrets.APPLE_SIGNING_IDENTITY }} | |
APPLE_ID: ${{ secrets.APPLE_ID }} | |
APPLE_PASSWORD: ${{ secrets.APPLE_PASSWORD }} | |
TAURI_PRIVATE_KEY: ${{ secrets.TAURI_PRIVATE_KEY }} | |
TAURI_KEY_PASSWORD: ${{ secrets.TAURI_KEY_PASSWORD }} | |
with: | |
projectPath: src-tauri # specifying to prevent action from looking for artifacts in crates/hc_launch/src-tauri | |
tagName: v__VERSION__ # the action automatically replaces \_\_VERSION\_\_ with the app version | |
releaseName: "KanDo v__VERSION__" | |
releaseBody: "See assets below to download and install this version." | |
releaseDraft: true | |
prerelease: true | |
### Everything below this line is code signing for Windows via azure key vault, following these instructions: | |
### https://melatonin.dev/blog/how-to-code-sign-windows-installers-with-an-ev-cert-on-github-actions/ | |
### HELP Remove everything below if Windows code signing is wanted. | |
- name: build and sign the app (Windows only) | |
if: matrix.platform == 'windows-2019' | |
run: | | |
npm run build -- --verbose # building in verbose mode to get reasonable logging output in case of failure | |
dotnet tool install --global AzureSignTool | |
# replace-me -- HELP | |
# 1. replace all occurrences of [[CargoPackage]] with the name you gave your package in srct-tauri/Cargo.toml | |
# 2. replace all occurrences of [[productName]] with the productName field in tauri.conf.json | |
# 3. replace all occurrences of [[version]] with the version field in tauri.conf.json | |
# !! NOTE: The version field needs to be updated manually here with each new version of your app, otherwise the Windows build will fail.f | |
AzureSignTool sign -kvu "${{ secrets.AZURE_KEY_VAULT_URI }}" -kvi "${{ secrets.AZURE_CLIENT_ID }}" -kvt "${{ secrets.AZURE_TENANT_ID }}" -kvs "${{ secrets.AZURE_CLIENT_SECRET }}" -kvc ${{ secrets.AZURE_CERT_NAME }} -tr http://timestamp.digicert.com -v "D:\a\kando\kando\target\release\bundle/msi/KanDo_0.0.6_x64_en-US.msi" | |
# remove the .msi.zip and .msi.zip.sig files generated by tauri's build command as they are not code signed | |
rm "D:\a\kando\kando\src-tauri\target\release\bundle/msi/KanDo_0.0.6_en-US.msi.zip" | |
rm "D:\a\kando\kando\target\release\bundle/msi/KanDo_0.0.6_x64_en-US.msi.zip.sig" | |
# zip and sign the code signed .msi | |
7z a -mx=0 "D:\a\kando\kando\src-tauri\target\release\bundle/msi/KanDo_0.0.6_x64_en-US.msi.zip" "D:\a\kando\kando\target\release\bundle/msi/KanDo_0.0.6_x64_en-US.msi" | |
npm run tauri signer sign "D:\a\kando\src-tauri\kando\target\release\bundle/msi/KanDo_0.0.6_x64_en-US.msi.zip" -- -k ${{ secrets.TAURI_PRIVATE_KEY }} -p "${{ secrets.TAURI_KEY_PASSWORD }}" | |
# log hashes before and after code signing to verify that the uploaded assets are the right ones | |
CertUtil -hashfile "D:\a\kando\kando\src-tauri\target\release\bundle/msi/KanDo_0.0.6_x64_en-US.msi" SHA256 | |
CertUtil -hashfile "D:\a\kando\kando\src-tauri\target\release\bundle/msi/KanDo_0.0.6_x64_en-US.msi.zip" SHA256 | |
CertUtil -hashfile "D:\a\kando\kando\src-tauri\target\release\bundle/msi/KanDo_0.0.6_x64_en-US.msi.zip.sig" SHA256 | |
env: | |
TAURI_PRIVATE_KEY: ${{ secrets.TAURI_PRIVATE_KEY }} | |
TAURI_KEY_PASSWORD: ${{ secrets.TAURI_KEY_PASSWORD }} | |
- name: upload signed .msi, .msi.zip, .msi.zip.sig files to github release (Windows only) | |
uses: matthme/tauri-action-ev-signing@dist | |
if: matrix.platform == 'windows-2019' | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
projectPath: src-tauri # specifying to prevent action from looking for artifacts in crates/hc_launch/src-tauri | |
tagName: v__VERSION__ # the action automatically replaces \_\_VERSION\_\_ with the app version | |
releaseName: "Holochain kando v__VERSION__" | |
releaseBody: "See assets below to download and install this version." | |
releaseDraft: true | |
prerelease: true |