v0.4.0-rc-2 hotfix #98
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "publish" | |
| on: | |
| workflow_dispatch: {} | |
| release: | |
| types: [published] | |
| # This can be used to automatically publish nightlies at UTC nighttime | |
| # schedule: | |
| # - cron: "0 2 * * *" # run at 2 AM UTC | |
| # This workflow will trigger on each push to the `release` branch to create or update a GitHub release, build your app, and upload the artifacts to the release. | |
| jobs: | |
| publish-tauri: | |
| permissions: | |
| contents: write | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - platform: "macos-14" # for Arm based macs (M1 and above). | |
| args: "--target aarch64-apple-darwin" | |
| - platform: "macos-14" # for Intel based macs. | |
| args: "--target x86_64-apple-darwin" | |
| - platform: "ubuntu-22.04" # for Tauri v1 you could replace this with ubuntu-20.04. | |
| args: "" | |
| - platform: "ubuntu-22.04-arm" | |
| args: "--target aarch64-unknown-linux-gnu" | |
| - platform: "windows-latest" | |
| args: "" | |
| runs-on: ${{ matrix.platform }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| submodules: true | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| - name: setup pnpm | |
| uses: pnpm/action-setup@v4 | |
| with: | |
| version: 10 | |
| run_install: false | |
| - name: setup node | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: lts/* | |
| cache: pnpm | |
| - name: install Rust nightly | |
| uses: dtolnay/rust-toolchain@nightly | |
| with: | |
| # Those targets are only used on macos runners so it's in an `if` to slightly speed up windows and linux builds. | |
| targets: ${{ matrix.platform == 'macos-14' && 'aarch64-apple-darwin,x86_64-apple-darwin' || '' }} | |
| - name: Rust cache | |
| uses: swatinem/rust-cache@v2 | |
| with: | |
| workspaces: './src-tauri -> target' | |
| - name: install dependencies (ubuntu only) | |
| if: matrix.platform == 'ubuntu-22.04' || matrix.platform == 'ubuntu-22.04-arm' # This must match the platform value defined above. | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y libwebkit2gtk-4.1-dev libappindicator3-dev librsvg2-dev patchelf xdg-utils | |
| # webkitgtk 4.0 is for Tauri v1 - webkitgtk 4.1 is for Tauri v2. | |
| - name: Import Apple Developer Certificate | |
| if: matrix.platform == 'macos-14' | |
| env: | |
| APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }} | |
| APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }} | |
| KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} | |
| run: | | |
| echo $APPLE_CERTIFICATE | base64 --decode > certificate.p12 | |
| security create-keychain -p "$KEYCHAIN_PASSWORD" build.keychain | |
| security default-keychain -s build.keychain | |
| security unlock-keychain -p "$KEYCHAIN_PASSWORD" build.keychain | |
| security set-keychain-settings -t 3600 -u build.keychain | |
| echo "Created keychain" | |
| curl https://droposs.org/drop.der --output drop.der | |
| # swiftc libs/appletrust/add-certificate.swift | |
| # ./add-certificate drop.der | |
| # rm add-certificate | |
| # echo "Added certificate to keychain using swift util" | |
| ## Script is equivalent to: | |
| sudo security authorizationdb write com.apple.trust-settings.admin allow | |
| sudo security add-trusted-cert -d -r trustRoot -k build.keychain -p codeSign -u -1 drop.der | |
| sudo security authorizationdb remove com.apple.trust-settings.admin | |
| security import certificate.p12 -k build.keychain -P "$APPLE_CERTIFICATE_PASSWORD" -T /usr/bin/codesign | |
| echo "Imported certificate" | |
| security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$KEYCHAIN_PASSWORD" build.keychain | |
| security find-identity -v -p codesigning build.keychain | |
| - name: Verify Certificate | |
| if: matrix.platform == 'macos-14' | |
| run: | | |
| CERT_INFO=$(security find-identity -v -p codesigning build.keychain | grep "Drop OSS") | |
| CERT_ID=$(echo "$CERT_INFO" | awk -F'"' '{print $2}') | |
| echo "CERT_ID=$CERT_ID" >> $GITHUB_ENV | |
| echo "Certificate imported. Using identity: $CERT_ID" | |
| - name: install frontend dependencies | |
| run: pnpm install # change this to npm, pnpm or bun depending on which one you use. | |
| - uses: tauri-apps/tauri-action@v0 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }} | |
| APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }} | |
| APPLE_SIGNING_IDENTITY: ${{ env.CERT_ID }} | |
| NO_STRIP: true | |
| with: | |
| tagName: v__VERSION__ # the action automatically replaces \_\_VERSION\_\_ with the app version. | |
| releaseName: "Auto-release v__VERSION__" | |
| releaseBody: "See the assets to download this version and install. This release was created automatically." | |
| releaseDraft: false | |
| prerelease: true | |
| args: ${{ matrix.args }} |