-
Notifications
You must be signed in to change notification settings - Fork 11
168 lines (134 loc) · 8.54 KB
/
release-codesigned.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
name: "publish"
on:
push:
branches:
- release-codesigned-testing-sidecar
jobs:
publish-tauri:
permissions:
contents: write
strategy:
fail-fast: false
matrix:
platform: [windows-2019]
env:
MACOSX_DEPLOYMENT_TARGET: 10.13
runs-on: ${{ matrix.platform }}
steps:
- uses: actions/checkout@v2
- name: setup node
uses: actions/setup-node@v1
with:
node-version: 16
- name: install Rust stable
uses: actions-rs/toolchain@v1
with:
override: true
toolchain: stable
- name: install Go stable
uses: actions/setup-go@v4
with:
go-version: 'stable'
- name: install app dependencies and info
run: npm install && npm run tauri info
- name: setup binaries (Windows only)
if: matrix.platform == 'windows-2019'
run: |
mkdir src-tauri/bins
cargo install --version 0.3.0 lair_keystore
$LkPath = Get-Command lair-keystore | Select-Object -ExpandProperty Definition
Copy-Item $LkPath -Destination src-tauri/bins/lair-keystore-v0.3.0-x86_64-pc-windows-msvc.exe
cargo install holochain --version 0.2.3-beta-rc.1 --locked --features sqlite-encrypted
$HcPath = Get-Command holochain | Select-Object -ExpandProperty Definition
Copy-Item $HcPath -Destination src-tauri/bins/holochain-v0.2.3-beta-rc.1-x86_64-pc-windows-msvc.exe
- name: setup binaries (macos only)
if: matrix.platform == 'macos-11'
run: |
mkdir src-tauri/bins
cargo install --version 0.3.0 lair_keystore
LAIR_PATH=$(which lair-keystore)
cp $LAIR_PATH src-tauri/bins/lair-keystore-v0.3.0-x86_64-apple-darwin
cargo install holochain --version 0.2.3-beta-rc.1 --locked --features sqlite-encrypted
HOLOCHAIN_PATH=$(which holochain)
cp $HOLOCHAIN_PATH src-tauri/bins/holochain-v0.2.3-beta-rc.1-x86_64-apple-darwin
- name: install dependencies (ubuntu only)
if: matrix.platform == 'ubuntu-20.04'
run: |
sudo apt-get update
sudo apt-get install -y libwebkit2gtk-4.0-dev libcanberra-gtk-module libcanberra-gtk3-module build-essential curl wget libssl-dev libgtk-3-dev squashfs-tools libgtksourceview-3.0-dev libappindicator3-dev patchelf librsvg2-dev ayatana-indicator-application
- name: setup binaries (ubuntu only)
if: matrix.platform == 'ubuntu-20.04'
run: |
mkdir src-tauri/bins
cargo install --version 0.3.0 lair_keystore
LAIR_PATH=$(which lair-keystore)
cp $LAIR_PATH src-tauri/bins/lair-keystore-v0.3.0-x86_64-unknown-linux-gnu
cargo install holochain --version 0.2.3-beta-rc.1 --locked --features sqlite-encrypted
HOLOCHAIN_PATH=$(which holochain)
cp $HOLOCHAIN_PATH src-tauri/bins/holochain-v0.2.3-beta-rc.1-x86_64-unknown-linux-gnu
- name: generate dist folder
run: npm run dist
- name: build the app (macOS and Linux only)
if: matrix.platform == 'ubuntu-20.04' || matrix.platform == 'macos-11' # HELP remove this line if Windows code signing is not wanted
uses: tauri-apps/tauri-action@dev
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
ENABLE_CODE_SIGNING: ${{ secrets.APPLE_CERTIFICATE }}
APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }}
APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
APPLE_SIGNING_IDENTITY: ${{ secrets.APPLE_SIGNING_IDENTITY }}
APPLE_ID: ${{ secrets.APPLE_ID }}
APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
APPLE_PASSWORD: ${{ secrets.APPLE_PASSWORD }}
TAURI_PRIVATE_KEY: ${{ secrets.TAURI_PRIVATE_KEY }}
TAURI_KEY_PASSWORD: ${{ secrets.TAURI_KEY_PASSWORD }}
with:
tagName: v__VERSION__ # the action automatically replaces \_\_VERSION\_\_ with the app version
releaseName: "hc-stress-test v__VERSION__"
releaseBody: "See assets below to download and install this version."
releaseDraft: true
prerelease: true
### Everything below this line is code signing for Windows via azure key vault, following these instructions:
### https://melatonin.dev/blog/how-to-code-sign-windows-installers-with-an-ev-cert-on-github-actions/
### HELP Remove everything below if Windows code signing is wanted.
- name: build and sign the app (Windows only)
if: matrix.platform == 'windows-2019'
run: |
npm run tauri build -- --verbose # building in verbose mode to get reasonable logging output in case of failure
dotnet tool install --global AzureSignTool
# replace-me -- HELP
# 1. replace all occurrences of [[GITHUB_REPO_NAME]] with the name you of your GitHub repository
# 2. replace all occurrences of [[productName]] with the productName field in tauri.conf.json
# 3. replace all occurrences of [[version]] with the version field in tauri.conf.json
# !! NOTE: The version field needs to be updated manually here with each new version of your app, otherwise the Windows build will fail.
# sign the .msi file
AzureSignTool sign -kvu "${{ secrets.AZURE_KEY_VAULT_URI }}" -kvi "${{ secrets.AZURE_CLIENT_ID }}" -kvt "${{ secrets.AZURE_TENANT_ID }}" -kvs "${{ secrets.AZURE_CLIENT_SECRET }}" -kvc ${{ secrets.AZURE_CERT_NAME }} -tr http://timestamp.digicert.com -v "D:\a\holochain-kangaroo\holochain-kangaroo\src-tauri\target\release\bundle\msi\hc-stress-test_0.0.3_x64_en-US.msi"
# sign the .exe file
AzureSignTool sign -kvu "${{ secrets.AZURE_KEY_VAULT_URI }}" -kvi "${{ secrets.AZURE_CLIENT_ID }}" -kvt "${{ secrets.AZURE_TENANT_ID }}" -kvs "${{ secrets.AZURE_CLIENT_SECRET }}" -kvc ${{ secrets.AZURE_CERT_NAME }} -tr http://timestamp.digicert.com -v "D:\a\holochain-kangaroo\holochain-kangaroo\src-tauri\target\release\bundle\nsis\hc-stress-test_0.0.3_x64-setup.exe"
# # Uncomment the lines below if you have the updater enabled
# # =========================================================
# # remove the .msi.zip and .msi.zip.sig files generated by tauri's build command as they are not code signed
# rm "D:\a\holochain-kangaroo\holochain-kangaroo\src-tauri\target\release\bundle\msi\hc-stress-test_0.0.3_x64_en-US.msi.zip"
# rm "D:\a\holochain-kangaroo\holochain-kangaroo\src-tauri\target\release\bundle\msi\hc-stress-test_0.0.3_x64_en-US.msi.zip.sig"
# rm "D:\a\holochain-kangaroo\holochain-kangaroo\target\release\bundle\nsis\hc-stress-test_0.0.3_x64-setup.nsis.zip"
# rm "D:\a\holochain-kangaroo\holochain-kangaroo\target\release\bundle\nsis\hc-stress-test_0.0.3_x64-setup.nsis.zip.sig"
# # zip and sign the code signed .msi
# 7z a -mx=0 "D:\a\holochain-kangaroo\holochain-kangaroo\src-tauri\target\release\bundle\msi\hc-stress-test_0.0.3_x64_en-US.msi.zip" "D:\a\holochain-kangaroo\holochain-kangaroo\target\release\bundle\msi\hc-stress-test_0.0.3_x64_en-US.msi"
# npm run tauri signer sign "D:\a\holochain-kangaroo\holochain-kangaroo\src-tauri\target\release\bundle\msi\hc-stress-test_0.0.3_x64_en-US.msi.zip" -- -k ${{ secrets.TAURI_PRIVATE_KEY }} -p "${{ secrets.TAURI_KEY_PASSWORD }}"
# 7z a -mx=0 "D:\a\holochain-kangaroo\holochain-kangaroo\target\release\bundle\nsis\hc-stress-test_0.0.3_x64-setup.nsis.zip" "D:\a\holochain-kangaroo\holochain-kangaroo\target\release\bundle\nsis\hc-stress-test_0.0.3_x64-setup.exe"
# npm run tauri signer sign "D:\a\holochain-kangaroo\holochain-kangaroo\target\release\bundle\nsis\hc-stress-test_0.0.3_x64-setup.nsis.zip" -- -k ${{ secrets.TAURI_PRIVATE_KEY_0_2 }} -p "${{ secrets.TAURI_KEY_PASSWORD }}"
# # =========================================================
env:
TAURI_PRIVATE_KEY: ${{ secrets.TAURI_PRIVATE_KEY }}
TAURI_KEY_PASSWORD: ${{ secrets.TAURI_KEY_PASSWORD }}
- name: upload signed .msi, .msi.zip, .msi.zip.sig, .exe, .nsis.zip, .nsis.zip.sig files to github release (Windows only)
uses: matthme/tauri-action-ev-signing@upload-only
if: matrix.platform == 'windows-2019'
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tagName: v__VERSION__ # the action automatically replaces \_\_VERSION\_\_ with the app version
releaseName: "hc-stress-test v__VERSION__"
releaseBody: "See assets below to download and install this version."
releaseDraft: true
prerelease: true