Skip to content

fix: only signle glob paths supported by gh action #219

fix: only signle glob paths supported by gh action

fix: only signle glob paths supported by gh action #219

name: "release-tauri-app"
on:
push:
tags:
- 'v[0-9]+.[0-9]+.[0-9]+'
- 'v[0-9]+.[0-9]+.[0-9]+-[a-z]+'
- 'v[0-9]+.[0-9]+.[0-9]+-[a-z]+.[0-9]+'
jobs:
create-release:
permissions: write-all
runs-on: ubuntu-latest
outputs:
releaseId: ${{ steps.step1.outputs.id }}
steps:
- id: step1
uses: ncipollo/release-action@v1
with:
name: "Volla Messages ${{ github.ref_name }}"
body: "See the assets to download this version and install."
prerelease: true
draft: true
release-tauri-app-linux:
needs: create-release
permissions: write-all
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v3
- name: setup node
uses: actions/setup-node@v1
with:
node-version: 20
- name: install Rust stable
uses: actions-rs/toolchain@v1
with:
override: true
toolchain: 1.80.1
- name: install Go stable
uses: actions/setup-go@v4
with:
go-version: "stable"
- name: install dependencies (ubuntu only)
run: |
sudo apt update
sudo apt install libwebkit2gtk-4.1-dev \
build-essential \
curl \
wget \
file \
libxdo-dev \
libssl-dev \
libayatana-appindicator3-dev \
librsvg2-dev
- name: Install and prepare
run: |
npm install
npm run setup:happ-release
- id: build-app
uses: tauri-apps/tauri-action@v0
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
releaseId: ${{ needs.create-release.outputs.releaseId }}
args: --verbose
release-tauri-app-android:
permissions: write-all
needs:
- release-tauri-app-linux
- create-release
runs-on: 'ubuntu-22.04'
steps:
- uses: actions/checkout@v3
- name: Extend space
uses: ./.github/actions/extend-space
- name: Install nix
uses: cachix/install-nix-action@v27
with:
github_access_token: ${{ secrets.GITHUB_TOKEN }}
nix_path: nixpkgs=channel:nixos-24.05
- uses: cachix/cachix-action@v15
with:
name: holochain-ci
- uses: cachix/cachix-action@v15
with:
name: holochain-open-dev
- uses: cachix/cachix-action@v15
with:
name: darksoil-studio
- name: Install and prepare
run: |
nix develop --no-update-lock-file --command npm install && npm run setup:happ-release
- name: setup Android signing
run: |
cd src-tauri/gen/android
echo "keyAlias=${{ secrets.ANDROID_KEY_ALIAS }}" > keystore.properties
echo "keyPassword=${{ secrets.ANDROID_KEY_PASSWORD }}" >> keystore.properties
base64 -d <<< "${{ secrets.ANDROID_KEY_BASE64 }}" > $RUNNER_TEMP/keystore.jks
echo "storeFile=$RUNNER_TEMP/keystore.jks" >> keystore.properties
echo "storePassword=${{ secrets.ANDROID_KEY_PASSWORD }}" >> keystore.properties
- name: Build android APKs
run: |
nix develop .#androidDev --no-update-lock-file --command bash -c "npm run tauri android build -- --apk --split-per-abi --target aarch64 --target i686 --target x86_64"
- uses: AButler/[email protected]
with:
files: src-tauri/gen/android/app/build/outputs/apk/*/release/app-*
repo-token: ${{ secrets.GITHUB_TOKEN }}
releaseId: ${{ needs.create-release.outputs.releaseId }}
release-tauri-app-windows:
needs: create-release
permissions: write-all
runs-on: windows-latest
steps:
- uses: actions/checkout@v3
- name: setup node
uses: actions/setup-node@v1
with:
node-version: 20
- name: install Rust stable
uses: actions-rs/toolchain@v1
with:
override: true
toolchain: 1.80.1
- name: install Go stable
uses: actions/setup-go@v4
with:
go-version: "stable"
- name: Install and prepare
run: |
npm install
npm run setup:happ-release
- name: Build the App
uses: tauri-apps/tauri-action@v0
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
args: --verbose
### Everything below this line is code signing for Windows via azure key vault, following these instructions:
### https://melatonin.dev/blog/how-to-code-sign-windows-installers-with-an-ev-cert-on-github-actions/
- name: Sign the App
run: |
# read name and version from tauri.conf.json
$TAURI_CONF = (Get-Content src-tauri\tauri.conf.json | Out-String | ConvertFrom-Json)
$APP_PRODUCT_NAME_VERSION = "$($TAURI_CONF.productName)_$($TAURI_CONF.version)"
dotnet tool install --global AzureSignTool
# sign the .msi file
AzureSignTool sign -kvu "${{ secrets.AZURE_KEY_VAULT_URI }}" -kvi "${{ secrets.AZURE_CLIENT_ID }}" -kvt "${{ secrets.AZURE_TENANT_ID }}" -kvs "${{ secrets.AZURE_CLIENT_SECRET }}" -kvc ${{ secrets.AZURE_CERT_NAME }} -tr http://timestamp.digicert.com -v "src-tauri\target\release\bundle\msi\$($APP_PRODUCT_NAME_VERSION)_x64_en-US.msi"
# sign the .exe file
AzureSignTool sign -kvu "${{ secrets.AZURE_KEY_VAULT_URI }}" -kvi "${{ secrets.AZURE_CLIENT_ID }}" -kvt "${{ secrets.AZURE_TENANT_ID }}" -kvs "${{ secrets.AZURE_CLIENT_SECRET }}" -kvc ${{ secrets.AZURE_CERT_NAME }} -tr http://timestamp.digicert.com -v "src-tauri\target\release\bundle\nsis\$($APP_PRODUCT_NAME_VERSION)_x64-setup.exe"
# log hashes before and after code signing to verify that the uploaded assets are the right ones
CertUtil -hashfile "D:\a\${{ github.event.repository.name }}\${{ github.event.repository.name }}\target\release\bundle\msi\$($APP_PRODUCT_NAME_VERSION)_x64_en-US.msi" SHA256
CertUtil -hashfile "D:\a\${{ github.event.repository.name }}\${{ github.event.repository.name }}\target\release\bundle\nsis\$($APP_PRODUCT_NAME_VERSION)_x64-setup.exe" SHA256
- name: Upload the Signed App
uses: AButler/[email protected]
with:
files: D:\a\${{ github.event.repository.name }}\${{ github.event.repository.name }}\target\release\bundle\msi\*;D:\a\${{ github.event.repository.name }}\${{ github.event.repository.name }}\target\release\bundle\nsis\*
repo-token: ${{ secrets.GITHUB_TOKEN }}
release-id: ${{ needs.create-release.outputs.releaseId }}
release-tauri-app-macos:
needs: create-release
permissions: write-all
strategy:
fail-fast: false
matrix:
include:
- platform: 'macos-latest' # for Arm based macs (M1 and above).
- platform: 'macos-13' # for Intel based macs.
runs-on: ${{ matrix.platform }}
steps:
- uses: actions/checkout@v3
- name: setup node
uses: actions/setup-node@v1
with:
node-version: 20
- name: install Rust stable
uses: actions-rs/toolchain@v1
with:
override: true
toolchain: 1.80.1
- name: install Go stable
uses: actions/setup-go@v4
with:
go-version: stable
- name: Install and prepare
run: |
npm install
npm run setup:happ-release
- name: Build the App
uses: tauri-apps/tauri-action@v0
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }}
APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
APPLE_SIGNING_IDENTITY: ${{ secrets.APPLE_SIGNING_IDENTITY }}
APPLE_ID: ${{ secrets.APPLE_ID }}
APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
APPLE_PASSWORD: ${{ secrets.APPLE_PASSWORD }}
with:
releaseId: ${{ needs.create-release.outputs.releaseId }}
args: --verbose