feat: split out creating github release in separate step, refactor wi… #209
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: "release-tauri-app" | ||
on: | ||
push: | ||
tags: | ||
- 'v[0-9]+.[0-9]+.[0-9]+' | ||
- 'v[0-9]+.[0-9]+.[0-9]+-[a-z]+' | ||
- 'v[0-9]+.[0-9]+.[0-9]+-[a-z]+.[0-9]+' | ||
jobs: | ||
create-release: | ||
permissions: write-all | ||
runs-on: ubuntu-latest | ||
steps: | ||
- uses: ncipollo/release-action@v1 | ||
with: | ||
name: "Relay ${{ github.ref_name }}" | ||
body: "See the assets to download this version and install." | ||
prerelease: true | ||
draft: true | ||
release-tauri-app-linux: | ||
needs: create-release | ||
permissions: write-all | ||
outputs: | ||
releaseId: ${{ steps.build-app.outputs.releaseId }} | ||
runs-on: ubuntu-22.04 | ||
steps: | ||
- uses: actions/checkout@v3 | ||
- name: setup node | ||
uses: actions/setup-node@v1 | ||
with: | ||
node-version: 20 | ||
- name: install Rust stable | ||
uses: actions-rs/toolchain@v1 | ||
with: | ||
override: true | ||
toolchain: 1.80.1 | ||
- name: install Go stable | ||
uses: actions/setup-go@v4 | ||
with: | ||
go-version: "stable" | ||
- name: install dependencies (ubuntu only) | ||
run: | | ||
sudo apt update | ||
sudo apt install libwebkit2gtk-4.1-dev \ | ||
build-essential \ | ||
curl \ | ||
wget \ | ||
file \ | ||
libxdo-dev \ | ||
libssl-dev \ | ||
libayatana-appindicator3-dev \ | ||
librsvg2-dev | ||
- name: Install and prepare | ||
run: | | ||
npm install | ||
npm run setup:happ-release | ||
- id: build-app | ||
uses: tauri-apps/tauri-action@v0 | ||
env: | ||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
with: | ||
releaseId: ${{ needs.create-release.outputs.id }} | ||
args: --verbose | ||
release-tauri-app-android: | ||
permissions: write-all | ||
needs: | ||
- release-tauri-app-linux | ||
- create-release | ||
environment: Relay Release | ||
runs-on: 'ubuntu-22.04' | ||
steps: | ||
- uses: actions/checkout@v3 | ||
- name: Extend space | ||
uses: ./.github/actions/extend-space | ||
- name: Install nix | ||
uses: cachix/install-nix-action@v27 | ||
with: | ||
github_access_token: ${{ secrets.GITHUB_TOKEN }} | ||
nix_path: nixpkgs=channel:nixos-24.05 | ||
- uses: cachix/cachix-action@v15 | ||
with: | ||
name: holochain-ci | ||
- uses: cachix/cachix-action@v15 | ||
with: | ||
name: holochain-open-dev | ||
- uses: cachix/cachix-action@v15 | ||
with: | ||
name: darksoil-studio | ||
- name: Install and prepare | ||
run: | | ||
nix develop --no-update-lock-file --command npm install && npm run setup:happ-release | ||
- name: setup Android signing | ||
run: | | ||
cd src-tauri/gen/android | ||
echo "keyAlias=${{ secrets.ANDROID_KEY_ALIAS }}" > keystore.properties | ||
echo "keyPassword=${{ secrets.ANDROID_KEY_PASSWORD }}" >> keystore.properties | ||
base64 -d <<< "${{ secrets.ANDROID_KEY_BASE64 }}" > $RUNNER_TEMP/keystore.jks | ||
echo "storeFile=$RUNNER_TEMP/keystore.jks" >> keystore.properties | ||
echo "storePassword=${{ secrets.ANDROID_KEY_PASSWORD }}" >> keystore.properties | ||
- name: Build android APKs | ||
run: | | ||
nix develop .#androidDev --no-update-lock-file --command bash -c "npm run tauri android build -- --apk --split-per-abi --target aarch64 --target i686 --target x86_64" | ||
- uses: AButler/[email protected] | ||
with: | ||
files: src-tauri/gen/android/app/build/outputs/apk/*/release/app-* | ||
repo-token: ${{ secrets.GITHUB_TOKEN }} | ||
releaseId: ${{ needs.create-release.outputs.id }} | ||
release-tauri-app-windows: | ||
needs: create-release | ||
permissions: write-all | ||
runs-on: windows-latest | ||
steps: | ||
- uses: actions/checkout@v3 | ||
- name: setup node | ||
uses: actions/setup-node@v1 | ||
with: | ||
node-version: 20 | ||
- name: install Rust stable | ||
uses: actions-rs/toolchain@v1 | ||
with: | ||
override: true | ||
toolchain: 1.80.1 | ||
- name: install Go stable | ||
uses: actions/setup-go@v4 | ||
with: | ||
go-version: "stable" | ||
- name: Install and prepare | ||
run: | | ||
npm install | ||
npm run setup:happ-release | ||
- name: Build the App | ||
uses: tauri-apps/tauri-action@v0 | ||
env: | ||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
with: | ||
args: --verbose | ||
### Everything below this line is code signing for Windows via azure key vault, following these instructions: | ||
### https://melatonin.dev/blog/how-to-code-sign-windows-installers-with-an-ev-cert-on-github-actions/ | ||
- name: Sign the App | ||
run: | | ||
# read name and version from tauri.conf.json | ||
$TAURI_CONF = (Get-Content src-tauri\tauri.conf.json | Out-String | ConvertFrom-Json) | ||
$APP_PRODUCT_NAME_VERSION = "$($TAURI_CONF.productName)_$($TAURI_CONF.version)" | ||
dotnet tool install --global AzureSignTool | ||
# sign the .msi file | ||
AzureSignTool sign -kvu "${{ secrets.AZURE_KEY_VAULT_URI }}" -kvi "${{ secrets.AZURE_CLIENT_ID }}" -kvt "${{ secrets.AZURE_TENANT_ID }}" -kvs "${{ secrets.AZURE_CLIENT_SECRET }}" -kvc ${{ secrets.AZURE_CERT_NAME }} -tr http://timestamp.digicert.com -v "src-tauri\target\release\bundle\msi\$($APP_PRODUCT_NAME_VERSION)_x64_en-US.msi" | ||
# sign the .exe file | ||
AzureSignTool sign -kvu "${{ secrets.AZURE_KEY_VAULT_URI }}" -kvi "${{ secrets.AZURE_CLIENT_ID }}" -kvt "${{ secrets.AZURE_TENANT_ID }}" -kvs "${{ secrets.AZURE_CLIENT_SECRET }}" -kvc ${{ secrets.AZURE_CERT_NAME }} -tr http://timestamp.digicert.com -v "src-tauri\target\release\bundle\nsis\$($APP_PRODUCT_NAME_VERSION)_x64-setup.exe" | ||
# log hashes before and after code signing to verify that the uploaded assets are the right ones | ||
CertUtil -hashfile "D:\a\${{ github.event.repository.name }}\${{ github.event.repository.name }}\target\release\bundle\msi\$($APP_PRODUCT_NAME_VERSION)_x64_en-US.msi" SHA256 | ||
CertUtil -hashfile "D:\a\${{ github.event.repository.name }}\${{ github.event.repository.name }}\target\release\bundle\nsis\$($APP_PRODUCT_NAME_VERSION)_x64-setup.exe" SHA256 | ||
- name: Upload the Signed App | ||
uses: xresloader/upload-to-github-release@v1 | ||
env: | ||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
with: | ||
release_id: ${{ needs.create-release.outputs.id }} | ||
file: "D:\a\${{ github.event.repository.name }}\${{ github.event.repository.name }}\target\release\bundle\msi\*;D:\a\${{ github.event.repository.name }}\${{ github.event.repository.name }}\target\release\bundle\nsis\*" | ||
release-tauri-app-macos: | ||
needs: create-release | ||
permissions: write-all | ||
strategy: | ||
fail-fast: false | ||
matrix: | ||
include: | ||
- platform: 'macos-latest' # for Arm based macs (M1 and above). | ||
- platform: 'macos-13' # for Intel based macs. | ||
runs-on: ${{ matrix.platform }} | ||
steps: | ||
- uses: actions/checkout@v3 | ||
- name: setup node | ||
uses: actions/setup-node@v1 | ||
with: | ||
node-version: 20 | ||
- name: install Rust stable | ||
uses: actions-rs/toolchain@v1 | ||
with: | ||
override: true | ||
toolchain: 1.80.1 | ||
- name: install Go stable | ||
uses: actions/setup-go@v4 | ||
with: | ||
go-version: stable | ||
- name: Install and prepare | ||
run: | | ||
npm install | ||
npm run setup:happ-release | ||
- name: Build the App | ||
uses: tauri-apps/tauri-action@v0 | ||
env: | ||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }} | ||
APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }} | ||
APPLE_SIGNING_IDENTITY: ${{ secrets.APPLE_SIGNING_IDENTITY }} | ||
APPLE_ID: ${{ secrets.APPLE_ID }} | ||
APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} | ||
APPLE_PASSWORD: ${{ secrets.APPLE_PASSWORD }} | ||
with: | ||
releaseId: ${{ needs.create-release.outputs.id }} | ||
args: --verbose |