-
-
Notifications
You must be signed in to change notification settings - Fork 9
200 lines (189 loc) · 8.53 KB
/
tauri-build-dev.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
name: 'generate experimental/dev stage draft GitHub release'
on:
push:
branches: [ dev ]
jobs:
create-release:
permissions:
contents: write
runs-on: ubuntu-latest
outputs:
release_id: ${{ steps.create-release.outputs.result }}
steps:
- uses: actions/checkout@v4
- name: setup node
uses: actions/setup-node@v4
with:
node-version: lts/*
- name: get version
run: |
echo "PACKAGE_VERSION=$(node -p "require('./package.json').version")" >> $GITHUB_ENV
echo "GIT_TAG_NAME=dev-app-v$(node -p "require('./package.json').version")" >> $GITHUB_ENV
- name: create release
id: create-release
uses: actions/github-script@v6
with:
script: |
const { data } = await github.rest.repos.createRelease({
owner: context.repo.owner,
repo: context.repo.repo,
tag_name: `${process.env.GIT_TAG_NAME}`,
target_commitish: 'dev',
name: `Phoenix Code Experimental build v${process.env.PACKAGE_VERSION}`,
body: 'Take a look at the assets to download and install Phoenix Code For your platform.\n\n>UpdateNotification: <replace this text to show a 1 line **Release Notes** to the user in the notification dialogue . Wait for a new pull request in the repo.>',
draft: true,
prerelease: true
})
return data.id
build-tauri:
needs: create-release
permissions:
contents: write
strategy:
fail-fast: false
matrix:
platform: [ macos-latest, ubuntu-latest, windows-latest ]
runs-on: ${{ matrix.platform }}
steps:
- uses: actions/checkout@v4
- name: get Git Tag
shell: bash
run: echo "GIT_TAG_NAME=dev-app-v$(node -p "require('./package.json').version")" >> $GITHUB_ENV
- name: setup node
uses: actions/setup-node@v4
with:
node-version: lts/*
- name: install Rust stable
uses: dtolnay/rust-toolchain@stable
- name: install dependencies (ubuntu only)
if: matrix.platform == 'ubuntu-latest'
run: |
sudo apt-get update
sudo apt-get install -y libgtk-3-dev libwebkit2gtk-4.0-dev libayatana-appindicator3-dev librsvg2-dev
sudo apt-get install -y libwebrtc-audio-processing-dev
sudo apt-get install -y libunwind-dev
sudo apt-get install -y libgstreamer1.0-dev libgstreamer-plugins-base1.0-dev libgstreamer-plugins-bad1.0-dev gstreamer1.0-plugins-base gstreamer1.0-plugins-good gstreamer1.0-plugins-bad gstreamer1.0-plugins-ugly gstreamer1.0-libav gstreamer1.0-tools gstreamer1.0-x gstreamer1.0-alsa gstreamer1.0-gl gstreamer1.0-gtk3 gstreamer1.0-qt5 gstreamer1.0-pulseaudio
- name: install frontend dependencies
run: |
npm ci
npm run _ci-release:dev
- name: install AzureSignTool (windows only)
if: matrix.platform == 'windows-latest'
run: |
dotnet tool install --global AzureSignTool
- name: import certificate for signing (windows only)
if: matrix.platform == 'windows-latest'
run: |
echo "${{ secrets.AZURE_EV_CERT }}" > secret.cer
Import-Certificate -FilePath .\secret.cer -CertStoreLocation Cert:\LocalMachine\My
shell: powershell
- name: patch signTool (windows only)
if: matrix.platform == 'windows-latest'
run: Start-Process -FilePath .\src-build\win\copy_sign_tool.exe -Verb RunAs
shell: powershell
- name: setup env for signing (windows only)
if: matrix.platform == 'windows-latest'
env:
TAURI_PRIVATE_KEY: ${{ secrets.TAURI_PRIVATE_KEY }}
TAURI_KEY_PASSWORD: ${{ secrets.TAURI_KEY_PASSWORD }}
AZURE_KEY_VAULT_URI: ${{ secrets.AZURE_KEY_VAULT_URI }}
AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }}
AZURE_CERT_NAME: ${{ secrets.AZURE_CERT_NAME }}
AZURE_COMPANY_NAME: ${{ secrets.AZURE_COMPANY_NAME }}
run: |
$jsonContent = @{
"AZURE_KEY_VAULT_URI" = $env:AZURE_KEY_VAULT_URI
"AZURE_CLIENT_ID" = $env:AZURE_CLIENT_ID
"AZURE_TENANT_ID" = $env:AZURE_TENANT_ID
"AZURE_CLIENT_SECRET" = $env:AZURE_CLIENT_SECRET
"AZURE_CERT_NAME" = $env:AZURE_CERT_NAME
"AZURE_COMPANY_NAME" = $env:AZURE_COMPANY_NAME
}
$jsonContent | ConvertTo-Json | Out-File -FilePath ./secrets.json -Encoding utf8
# Load content from the file
$content = Get-Content -Path "./secrets.json" -Raw
# Replace \r\n with \n
$content = $content -replace "`r`n", "`n"
# Write the content back to the file
Set-Content -Path "./secrets.json" -Value $content
shell: powershell
- name: Sign embedded executables for Mac
if: matrix.platform == 'macos-latest'
env :
CERTIFICATE_NAME: ${{ secrets.APPLE_EXTERNAL_BINARY_SIGN_CERTIFICATE }}
APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }}
APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
run: |
cat ./src-build/mac/filesToSign
CERT_FILE="Certificate.p12"
echo "$APPLE_CERTIFICATE" | base64 --decode > $CERT_FILE
security import $CERT_FILE -k ~/Library/Keychains/login.keychain -P "$APPLE_CERTIFICATE_PASSWORD" -T /usr/bin/codesign
rm $CERT_FILE
cat ./src-build/mac/filesToSign | xargs codesign -s "$CERTIFICATE_NAME" --timestamp --options runtime
shell: bash
- uses: tauri-apps/tauri-action@v0
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
TAURI_PRIVATE_KEY: ${{ secrets.TAURI_PRIVATE_KEY }}
TAURI_KEY_PASSWORD: ${{ secrets.TAURI_KEY_PASSWORD }}
ENABLE_CODE_SIGNING: ${{ secrets.APPLE_CERTIFICATE }}
APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }}
APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
APPLE_SIGNING_IDENTITY: ${{ secrets.APPLE_SIGNING_IDENTITY }}
APPLE_ID: ${{ secrets.APPLE_ID }}
APPLE_PASSWORD: ${{ secrets.APPLE_PASSWORD }}
APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
with:
releaseId: ${{ needs.create-release.outputs.release_id }}
updaterJsonPreferNsis: true
tagName: ${{ env.GIT_TAG_NAME }}
- name: setup env for mac arm (Mac only)
if: matrix.platform == 'macos-latest'
run: |
rustup target add aarch64-apple-darwin
npm run installNodeArmDarwin
- name: build for mac arm (Mac only)
if: matrix.platform == 'macos-latest'
uses: tauri-apps/tauri-action@v0
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
TAURI_PRIVATE_KEY: ${{ secrets.TAURI_PRIVATE_KEY }}
TAURI_KEY_PASSWORD: ${{ secrets.TAURI_KEY_PASSWORD }}
ENABLE_CODE_SIGNING: ${{ secrets.APPLE_CERTIFICATE }}
APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }}
APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
APPLE_SIGNING_IDENTITY: ${{ secrets.APPLE_SIGNING_IDENTITY }}
APPLE_ID: ${{ secrets.APPLE_ID }}
APPLE_PASSWORD: ${{ secrets.APPLE_PASSWORD }}
APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
with:
releaseId: ${{ needs.create-release.outputs.release_id }}
args: --target aarch64-apple-darwin
tagName: ${{ env.GIT_TAG_NAME }}
publish-release:
permissions:
contents: write
runs-on: ubuntu-latest
needs: [ create-release, build-tauri ]
steps:
- uses: actions/checkout@v4
- name: get Git Tag
run: echo "GIT_TAG_NAME=dev-app-v$(node -p "require('./package.json').version")" >> $GITHUB_ENV
- name: publish release
id: publish-release
uses: actions/github-script@v6
env:
release_id: ${{ needs.create-release.outputs.release_id }}
with:
script: |
github.rest.repos.updateRelease({
owner: context.repo.owner,
repo: context.repo.repo,
tag_name: `${process.env.GIT_TAG_NAME}`,
target_commitish: 'dev',
release_id: process.env.release_id,
draft: true,
prerelease: true
})