Skip to content

Merge pull request #263 from holochain-apps/backport/262 #232

Merge pull request #263 from holochain-apps/backport/262

Merge pull request #263 from holochain-apps/backport/262 #232

name: "release-tauri-app"
on:
push:
tags:
- 'v[0-9]+.[0-9]+.[0-9]+'
- 'v[0-9]+.[0-9]+.[0-9]+-[a-z]+'
- 'v[0-9]+.[0-9]+.[0-9]+-[a-z]+.[0-9]+'
jobs:
create-release:
permissions: write-all
environment: Relay Release
runs-on: ubuntu-latest
outputs:
releaseId: ${{ steps.step1.outputs.id }}
steps:
- id: step1
uses: ncipollo/release-action@v1
with:
name: "Volla Messages ${{ github.ref_name }}"
body: "See the assets to download this version and install."
prerelease: true
draft: true
release-tauri-app-linux:
needs: create-release
permissions: write-all
environment: Relay Release
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v3
- name: setup node
uses: actions/setup-node@v1
with:
node-version: 20
- name: install Rust stable
uses: actions-rs/toolchain@v1
with:
override: true
toolchain: 1.80.1
- name: install Go stable
uses: actions/setup-go@v4
with:
go-version: "stable"
- name: install dependencies (ubuntu only)
run: |
sudo apt update
sudo apt install libwebkit2gtk-4.1-dev \
build-essential \
curl \
wget \
file \
libxdo-dev \
libssl-dev \
libayatana-appindicator3-dev \
librsvg2-dev
- name: Install and prepare
run: |
npm install
npm run setup:happ-release
- id: build-app
uses: tauri-apps/tauri-action@v0
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
releaseId: ${{ needs.create-release.outputs.releaseId }}
args: --verbose
release-tauri-app-android:
permissions: write-all
environment: Relay Release
needs:
- release-tauri-app-linux
- create-release
runs-on: 'ubuntu-22.04'
steps:
- uses: actions/checkout@v3
- name: Extend space
uses: ./.github/actions/extend-space
- name: Install nix
uses: cachix/install-nix-action@v27
with:
github_access_token: ${{ secrets.GITHUB_TOKEN }}
nix_path: nixpkgs=channel:nixos-24.05
- uses: cachix/cachix-action@v15
with:
name: holochain-ci
- uses: cachix/cachix-action@v15
with:
name: holochain-open-dev
- uses: cachix/cachix-action@v15
with:
name: darksoil-studio
- name: Install and prepare
run: |
nix develop --no-update-lock-file --command npm install && npm run setup:happ-release
- name: setup Android signing
run: |
cd src-tauri/gen/android
base64 -d <<< "${{ secrets.ANDROID_KEY_BASE64 }}" > $RUNNER_TEMP/keystore.jks
echo "keyAlias=${{ secrets.ANDROID_KEY_ALIAS }}" > keystore.properties
echo "keyPassword=${{ secrets.ANDROID_KEY_PASSWORD }}" >> keystore.properties
echo "storeFile=$RUNNER_TEMP/keystore.jks" >> keystore.properties
echo "storePassword=${{ secrets.ANDROID_KEY_PASSWORD }}" >> keystore.properties
- name: Build android APKs
run: |
nix develop .#androidDev --no-update-lock-file --command bash -c "npm run tauri android build -- --apk --split-per-abi --target aarch64 --target i686 --target x86_64"
- uses: AButler/[email protected]
with:
files: src-tauri/gen/android/app/build/outputs/apk/*/release/app-*
repo-token: ${{ secrets.GITHUB_TOKEN }}
release-id: ${{ needs.create-release.outputs.releaseId }}
release-tauri-app-windows:
needs: create-release
permissions: write-all
environment: Relay Release
runs-on: windows-latest
steps:
- uses: actions/checkout@v3
- name: setup node
uses: actions/setup-node@v1
with:
node-version: 20
- name: install Rust stable
uses: actions-rs/toolchain@v1
with:
override: true
toolchain: 1.80.1
- name: install Go stable
uses: actions/setup-go@v4
with:
go-version: "stable"
- name: Install and prepare
run: |
npm install
npm run setup:happ-release
- name: Build the App
uses: tauri-apps/tauri-action@v0
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
args: --verbose
- name: Sign the App
run: |
# Powershell settings to make the script exit on error
# If the github env variable IGNORE_WINDOWS_CODESIGNING_ERROR is "true",
# then any errors in this script will not be fatal to the job.
$IGNORE_WINDOWS_CODESIGNING_ERROR = "${{ vars.IGNORE_WINDOWS_CODESIGNING_ERROR }}"
if ( "true" -ne $IGNORE_WINDOWS_CODESIGNING_ERROR )
{
$ErrorActionPreference = "Stop"
Set-StrictMode -Version Latest
$PSNativeCommandUseErrorActionPreference = $true
}
# read name and version from tauri.conf.json
$TAURI_CONF = (Get-Content src-tauri\tauri.conf.json | Out-String | ConvertFrom-Json)
$APP_PRODUCT_NAME_VERSION = "$($TAURI_CONF.productName)_$($TAURI_CONF.version)"
$BUNDLE_OUT_PATH_1 = "D:\a\${{ github.event.repository.name }}\${{ github.event.repository.name }}\target\release\bundle\nsis\$($APP_PRODUCT_NAME_VERSION)_x64-setup.exe"
$BUNDLE_OUT_PATH_2 = "D:\a\${{ github.event.repository.name }}\${{ github.event.repository.name }}\target\release\bundle\msi\$($APP_PRODUCT_NAME_VERSION)_x64_en-US.msi"
# log hashes before code signing
CertUtil -hashfile $BUNDLE_OUT_PATH_1 SHA256
CertUtil -hashfile $BUNDLE_OUT_PATH_2 SHA256
# Code sign the output bundles via azure key vault, following these instructions:
# https://melatonin.dev/blog/how-to-code-sign-windows-installers-with-an-ev-cert-on-github-actions/ dotnet tool install --global AzureSignTool
dotnet tool install --global AzureSignTool
AzureSignTool sign -kvu "${{ secrets.AZURE_KEY_VAULT_URI }}" -kvi "${{ secrets.AZURE_CLIENT_ID }}" -kvt "${{ secrets.AZURE_TENANT_ID }}" -kvs "${{ secrets.AZURE_CLIENT_SECRET }}" -kvc ${{ secrets.AZURE_CERT_NAME }} -tr http://timestamp.digicert.com -v $BUNDLE_OUT_PATH_1
AzureSignTool sign -kvu "${{ secrets.AZURE_KEY_VAULT_URI }}" -kvi "${{ secrets.AZURE_CLIENT_ID }}" -kvt "${{ secrets.AZURE_TENANT_ID }}" -kvs "${{ secrets.AZURE_CLIENT_SECRET }}" -kvc ${{ secrets.AZURE_CERT_NAME }} -tr http://timestamp.digicert.com -v $BUNDLE_OUT_PATH_2
# log hashes after code signing
CertUtil -hashfile $BUNDLE_OUT_PATH_1 SHA256
CertUtil -hashfile $BUNDLE_OUT_PATH_2 SHA256
- name: Upload the Signed App
uses: AButler/[email protected]
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
release-id: ${{ needs.create-release.outputs.releaseId }}
# We use forward slashes for glob expressions, even though these are windows paths.
# See the docs for the fast-glob library used by this gh action:
# https://www.npmjs.com/package/fast-glob#how-to-write-patterns-on-windows
files: D:/a/${{ github.event.repository.name }}/${{ github.event.repository.name }}/target/release/bundle/msi/*;D:/a/${{ github.event.repository.name }}/${{ github.event.repository.name }}/target/release/bundle/nsis/*
release-tauri-app-macos:
needs: create-release
permissions: write-all
environment: Relay Release
strategy:
fail-fast: false
matrix:
include:
- platform: 'macos-latest' # for Arm based macs (M1 and above).
- platform: 'macos-13' # for Intel based macs.
runs-on: ${{ matrix.platform }}
steps:
- uses: actions/checkout@v3
- name: setup node
uses: actions/setup-node@v1
with:
node-version: 20
- name: install Rust stable
uses: actions-rs/toolchain@v1
with:
override: true
toolchain: 1.80.1
- name: install Go stable
uses: actions/setup-go@v4
with:
go-version: stable
- name: Install and prepare
run: |
npm install
npm run setup:happ-release
- name: Build the App
uses: tauri-apps/tauri-action@v0
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }}
APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
APPLE_SIGNING_IDENTITY: ${{ secrets.APPLE_SIGNING_IDENTITY }}
APPLE_ID: ${{ secrets.APPLE_ID }}
APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
APPLE_PASSWORD: ${{ secrets.APPLE_PASSWORD }}
with:
releaseId: ${{ needs.create-release.outputs.releaseId }}
args: --verbose