diff --git a/.github/actions/nym-hash-releases/.gitignore b/.github/actions/nym-hash-releases/.gitignore new file mode 100644 index 0000000..5fe9fda --- /dev/null +++ b/.github/actions/nym-hash-releases/.gitignore @@ -0,0 +1,2 @@ +.tmp +hashes.json diff --git a/.github/actions/nym-hash-releases/action.yml b/.github/actions/nym-hash-releases/action.yml new file mode 100644 index 0000000..fbd57ea --- /dev/null +++ b/.github/actions/nym-hash-releases/action.yml @@ -0,0 +1,25 @@ +name: 'Nym Hash Release' +author: 'Nym Technologies SA' +description: 'Generate hashes and signatures for assets in Nym releases' +inputs: + hash-type: + description: 'Type of hash to generate (md5, sha1, sha256, sha512)' + required: false + default: 'sha256' + file-name: + description: 'File name to save as if desired' + required: false + default: 'hashes.json' + release-tag-or-name-or-id: + description: 'The tag/release to process. Uses the release id when trigger from a release.' + required: false + default: '' +outputs: + hashes: + description: 'A string containing JSON with the release asset hashes and signatures' +runs: + using: 'node16' + main: 'index.js' +branding: + icon: 'hash' + color: 'green' diff --git a/.github/actions/nym-hash-releases/create-hashes.mjs b/.github/actions/nym-hash-releases/create-hashes.mjs new file mode 100644 index 0000000..8eb81dd --- /dev/null +++ b/.github/actions/nym-hash-releases/create-hashes.mjs @@ -0,0 +1,282 @@ +import hasha from "hasha"; +import fetch from "node-fetch"; +import { Octokit } from "@octokit/rest"; +import fs from "fs"; +import path from "path"; +import { execSync } from "child_process"; + +function getBinInfo(path) { + // let's be super naive about it. add a+x bits on the file and try to run the command + try { + let mode = fs.statSync(path).mode + fs.chmodSync(path, mode | 0o111) + + const raw = execSync(`${path} build-info --output=json`, { stdio: 'pipe', encoding: "utf8" }); + const parsed = JSON.parse(raw) + return parsed + } catch (_) { + return undefined + } +} + +async function run(assets, algorithm, filename, cache) { + if (!cache) { + console.warn("cache is set to 'false', but we we no longer support it") + } + + try { + fs.mkdirSync('.tmp'); + } catch(e) { + // ignore + } + + const hashes = {}; + let numAwaiting = 0; + for (const asset of assets) { + if (filename === "" || asset.name !== filename) { // don't hash the hash file (if the file has the same name) + numAwaiting++; + + let buffer = null; + let sig = null; + + // cache in `${WORKING_DIR}/.tmp/` + const cacheFilename = path.resolve(`.tmp/${asset.name}`); + if(!fs.existsSync(cacheFilename)) { + console.log(`Downloading ${asset.browser_download_url}... to ${cacheFilename}`); + buffer = Buffer.from(await fetch(asset.browser_download_url).then(res => res.arrayBuffer())); + fs.writeFileSync(cacheFilename, buffer); + } else { + console.log(`Loading from ${cacheFilename}`); + buffer = Buffer.from(fs.readFileSync(cacheFilename)); + + // console.log('Reading signature from content'); + // if(asset.name.endsWith('.sig')) { + // sig = fs.readFileSync(cacheFilename).toString(); + // } + } + + const binInfo = getBinInfo(cacheFilename) + + if(!hashes[asset.name]) { + hashes[asset.name] = {}; + } + + if(asset.name.endsWith('.sig')) { + sig = buffer.toString(); + } + + hashes[asset.name][algorithm] = hasha(new Uint8Array(buffer), {algorithm: algorithm}); + + let platform; + let kind; + if(asset.name.endsWith('.sig')) { + kind = 'signature'; + } + if(asset.name.endsWith('.app.tar.gz')) { + platform = 'MacOS'; + kind = 'auto-updater'; + } + if(asset.name.endsWith('.app.tar.gz.sig')) { + platform = 'MacOS'; + kind = 'auto-updater-signature'; + } + if(asset.name.endsWith('.dmg')) { + platform = 'MacOS'; + kind = 'installer'; + } + if(asset.name.endsWith('.msi.zip')) { + platform = 'Windows'; + kind = 'auto-updater'; + } + if(asset.name.endsWith('.msi.zip.sig')) { + platform = 'Windows'; + kind = 'auto-updater-signature'; + } + if(asset.name.endsWith('.msi')) { + platform = 'Windows'; + kind = 'installer'; + } + if(asset.name.endsWith('.AppImage.tar.gz')) { + platform = 'Linux'; + kind = 'auto-updater'; + } + if(asset.name.endsWith('.AppImage.tar.gz.sig')) { + platform = 'Linux'; + kind = 'auto-updater-signature'; + } + if(asset.name.endsWith('.AppImage')) { + platform = 'Linux'; + kind = 'installer'; + } + + hashes[asset.name].downloadUrl = asset.browser_download_url; + + if(platform) { + hashes[asset.name].platform = platform; + } + if(kind) { + hashes[asset.name].kind = kind; + } + if(binInfo) { + hashes[asset.name].details = binInfo; + } + + // process Tauri signature files + if(asset.name.endsWith('.sig')) { + const otherFilename = asset.name.replace('.sig', ''); + if(!hashes[otherFilename]) { + hashes[otherFilename] = {}; + } + hashes[otherFilename].signature = sig; + } + } + } + return hashes; +} + +export async function createHashes({ assets, algorithm, filename, cache }) { + const output = await run(assets, algorithm, filename, cache); + if(filename?.length) { + fs.writeFileSync(filename, JSON.stringify(output, null, 2)); + } + return output; +} + +export async function createHashesFromReleaseTagOrNameOrId({ releaseTagOrNameOrId, algorithm = 'sha256', filename = 'hashes.json', cache = false, upload = true }) { + console.log("🚀🚀🚀 Getting releases"); + + let auth; + let authStrategy; + if(process.env.GITHUB_TOKEN) { + console.log('Using GITHUB_TOKEN for auth'); + // authStrategy = createActionAuth(); + // auth = await authStrategy(); + } + + const octokit = new Octokit({ + auth: process.env.GITHUB_TOKEN, + request: { fetch } + }); + const owner = "nymtech"; + const repo = "ci-playground"; + + let releases; + if(cache) { + const cacheFilename = path.resolve(`.tmp/releases.json`); + if(!fs.existsSync(cacheFilename)) { + releases = await octokit.paginate( + octokit.rest.repos.listReleases, + { + owner, + repo, + per_page: 100, + }, + (response) => response.data + ); + fs.writeFileSync(cacheFilename, JSON.stringify(releases, null, 2)); + } else { + console.log('Loading releases from cache...'); + releases = JSON.parse(fs.readFileSync(cacheFilename)); + } + } else { + releases = await octokit.paginate( + octokit.rest.repos.listReleases, + { + owner, + repo, + per_page: 100, + }, + (response) => response.data + ) + } + + // process all releases by default + let releasesToProcess = releases; + + // process a single release + if(releaseTagOrNameOrId) { + releasesToProcess = releases.filter(r => { + if (r.tag_name === releaseTagOrNameOrId) { + return true; + } + if (`${r.id}` === `${releaseTagOrNameOrId}`) { + return true; + } + if (r.name === releaseTagOrNameOrId) { + return true; + } + + return false; + }); + } + + releasesToProcess.forEach(release => { + const {tag_name, name} = release; + const tagComponents = tag_name.split('-v'); + const componentName = tagComponents[0]; + const componentVersion = 'v' + tagComponents[1]; + + if(!tagComponents[1] || !name) { + return; + } + + release.componentName = componentName; + release.componentVersion = componentVersion; + }) + + releasesToProcess = releasesToProcess.filter(release => + !!release.name && !!release.componentVersion + ); + + console.log('Releases to process:'); + console.table(releasesToProcess.map(r => { + const { id, name, tag_name, componentName, componentVersion, assets } = r; + return { id, name, tag_name, componentName, componentVersion, assetCount: assets.length }; + })); + + for(const release of releasesToProcess) { + const {id, name, tag_name, html_url, componentName, componentVersion} = release; + + const hashes = await createHashes({ assets: release.assets, algorithm, filename, cache }); + + const output = { + id, name, tag_name, html_url, + componentName, + componentVersion, + assets: hashes, + }; + + console.log(output) + + if(upload) { + console.log(`🚚 Uploading ${filename} to release name="${release.name}" id=${release.id} (${release.upload_url})...`); + + const exists = (await octokit.repos.listReleaseAssets({ owner, repo, release_id: release.id })).data.find(a => a.name === filename) + if (exists) { + console.log(`Deleting existing asset ${filename}...`); + await octokit.repos.deleteReleaseAsset({ owner, repo, asset_id: exists.id }) + console.log('Deleted existing asset'); + } + + try { + const data = JSON.stringify(output, null, 2); + await octokit.rest.repos.uploadReleaseAsset({ + owner, + repo, + release_id: release.id, + headers: { + 'X-GitHub-Api-Version': '2022-11-28' + }, + name: filename, + data, + }); + console.log('✅ Upload to release is complete.'); + } catch(e) { + console.log('❌ failed to upload:', e.message, e.status, e.response.data); + console.log(e); + process.exit(-1); + } + } + } +} + diff --git a/.github/actions/nym-hash-releases/index.js b/.github/actions/nym-hash-releases/index.js new file mode 100644 index 0000000..eecccba --- /dev/null +++ b/.github/actions/nym-hash-releases/index.js @@ -0,0 +1,15 @@ +import core from "@actions/core"; +import github from "@actions/github"; +import { createHashesFromReleaseTagOrNameOrId } from './create-hashes.mjs'; + +const algorithm = core.getInput('hash-type'); +const filename = core.getInput("file-name"); + +// use the release id from the payload if it is set +const releaseTagOrNameOrId = core.getInput("release-tag-or-name-or-id") || github.context.payload.release?.id; + +try { + await createHashesFromReleaseTagOrNameOrId({ releaseTagOrNameOrId, algorithm, filename }) +} catch (error) { + core.setFailed(error.message); +} diff --git a/.github/actions/nym-hash-releases/package-lock.json b/.github/actions/nym-hash-releases/package-lock.json new file mode 100644 index 0000000..ce1cc09 --- /dev/null +++ b/.github/actions/nym-hash-releases/package-lock.json @@ -0,0 +1,536 @@ +{ + "name": "ghaction-generate-release-hashes", + "version": "1.0.0", + "lockfileVersion": 3, + "requires": true, + "packages": { + "": { + "name": "ghaction-generate-release-hashes", + "version": "1.0.0", + "license": "MIT", + "dependencies": { + "@actions/core": "^1.10.0", + "@actions/github": "^5.1.1", + "@octokit/auth-action": "^4.0.0", + "@octokit/rest": "^20.0.1", + "hasha": "^5.2.0", + "node-fetch": "^3.2.10" + } + }, + "node_modules/@actions/core": { + "version": "1.10.0", + "resolved": "https://registry.npmjs.org/@actions/core/-/core-1.10.0.tgz", + "integrity": "sha512-2aZDDa3zrrZbP5ZYg159sNoLRb61nQ7awl5pSvIq5Qpj81vwDzdMRKzkWJGJuwVvWpvZKx7vspJALyvaaIQyug==", + "dependencies": { + "@actions/http-client": "^2.0.1", + "uuid": "^8.3.2" + } + }, + "node_modules/@actions/github": { + "version": "5.1.1", + "resolved": "https://registry.npmjs.org/@actions/github/-/github-5.1.1.tgz", + "integrity": "sha512-Nk59rMDoJaV+mHCOJPXuvB1zIbomlKS0dmSIqPGxd0enAXBnOfn4VWF+CGtRCwXZG9Epa54tZA7VIRlJDS8A6g==", + "dependencies": { + "@actions/http-client": "^2.0.1", + "@octokit/core": "^3.6.0", + "@octokit/plugin-paginate-rest": "^2.17.0", + "@octokit/plugin-rest-endpoint-methods": "^5.13.0" + } + }, + "node_modules/@actions/http-client": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/@actions/http-client/-/http-client-2.1.1.tgz", + "integrity": "sha512-qhrkRMB40bbbLo7gF+0vu+X+UawOvQQqNAA/5Unx774RS8poaOhThDOG6BGmxvAnxhQnDp2BG/ZUm65xZILTpw==", + "dependencies": { + "tunnel": "^0.0.6" + } + }, + "node_modules/@octokit/auth-action": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/@octokit/auth-action/-/auth-action-4.0.0.tgz", + "integrity": "sha512-sMm9lWZdiX6e89YFaLrgE9EFs94k58BwIkvjOtozNWUqyTmsrnWFr/M5LolaRzZ7Kmb5FbhF9hi7FEeE274SoQ==", + "dependencies": { + "@octokit/auth-token": "^4.0.0", + "@octokit/types": "^11.0.0" + }, + "engines": { + "node": ">= 18" + } + }, + "node_modules/@octokit/auth-action/node_modules/@octokit/auth-token": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/@octokit/auth-token/-/auth-token-4.0.0.tgz", + "integrity": "sha512-tY/msAuJo6ARbK6SPIxZrPBms3xPbfwBrulZe0Wtr/DIY9lje2HeV1uoebShn6mx7SjCHif6EjMvoREj+gZ+SA==", + "engines": { + "node": ">= 18" + } + }, + "node_modules/@octokit/auth-action/node_modules/@octokit/openapi-types": { + "version": "18.0.0", + "resolved": "https://registry.npmjs.org/@octokit/openapi-types/-/openapi-types-18.0.0.tgz", + "integrity": "sha512-V8GImKs3TeQRxRtXFpG2wl19V7444NIOTDF24AWuIbmNaNYOQMWRbjcGDXV5B+0n887fgDcuMNOmlul+k+oJtw==" + }, + "node_modules/@octokit/auth-action/node_modules/@octokit/types": { + "version": "11.1.0", + "resolved": "https://registry.npmjs.org/@octokit/types/-/types-11.1.0.tgz", + "integrity": "sha512-Fz0+7GyLm/bHt8fwEqgvRBWwIV1S6wRRyq+V6exRKLVWaKGsuy6H9QFYeBVDV7rK6fO3XwHgQOPxv+cLj2zpXQ==", + "dependencies": { + "@octokit/openapi-types": "^18.0.0" + } + }, + "node_modules/@octokit/auth-token": { + "version": "2.5.0", + "resolved": "https://registry.npmjs.org/@octokit/auth-token/-/auth-token-2.5.0.tgz", + "integrity": "sha512-r5FVUJCOLl19AxiuZD2VRZ/ORjp/4IN98Of6YJoJOkY75CIBuYfmiNHGrDwXr+aLGG55igl9QrxX3hbiXlLb+g==", + "dependencies": { + "@octokit/types": "^6.0.3" + } + }, + "node_modules/@octokit/core": { + "version": "3.6.0", + "resolved": "https://registry.npmjs.org/@octokit/core/-/core-3.6.0.tgz", + "integrity": "sha512-7RKRKuA4xTjMhY+eG3jthb3hlZCsOwg3rztWh75Xc+ShDWOfDDATWbeZpAHBNRpm4Tv9WgBMOy1zEJYXG6NJ7Q==", + "dependencies": { + "@octokit/auth-token": "^2.4.4", + "@octokit/graphql": "^4.5.8", + "@octokit/request": "^5.6.3", + "@octokit/request-error": "^2.0.5", + "@octokit/types": "^6.0.3", + "before-after-hook": "^2.2.0", + "universal-user-agent": "^6.0.0" + } + }, + "node_modules/@octokit/endpoint": { + "version": "6.0.12", + "resolved": "https://registry.npmjs.org/@octokit/endpoint/-/endpoint-6.0.12.tgz", + "integrity": "sha512-lF3puPwkQWGfkMClXb4k/eUT/nZKQfxinRWJrdZaJO85Dqwo/G0yOC434Jr2ojwafWJMYqFGFa5ms4jJUgujdA==", + "dependencies": { + "@octokit/types": "^6.0.3", + "is-plain-object": "^5.0.0", + "universal-user-agent": "^6.0.0" + } + }, + "node_modules/@octokit/graphql": { + "version": "4.8.0", + "resolved": "https://registry.npmjs.org/@octokit/graphql/-/graphql-4.8.0.tgz", + "integrity": "sha512-0gv+qLSBLKF0z8TKaSKTsS39scVKF9dbMxJpj3U0vC7wjNWFuIpL/z76Qe2fiuCbDRcJSavkXsVtMS6/dtQQsg==", + "dependencies": { + "@octokit/request": "^5.6.0", + "@octokit/types": "^6.0.3", + "universal-user-agent": "^6.0.0" + } + }, + "node_modules/@octokit/openapi-types": { + "version": "12.11.0", + "resolved": "https://registry.npmjs.org/@octokit/openapi-types/-/openapi-types-12.11.0.tgz", + "integrity": "sha512-VsXyi8peyRq9PqIz/tpqiL2w3w80OgVMwBHltTml3LmVvXiphgeqmY9mvBw9Wu7e0QWk/fqD37ux8yP5uVekyQ==" + }, + "node_modules/@octokit/plugin-paginate-rest": { + "version": "2.21.3", + "resolved": "https://registry.npmjs.org/@octokit/plugin-paginate-rest/-/plugin-paginate-rest-2.21.3.tgz", + "integrity": "sha512-aCZTEf0y2h3OLbrgKkrfFdjRL6eSOo8komneVQJnYecAxIej7Bafor2xhuDJOIFau4pk0i/P28/XgtbyPF0ZHw==", + "dependencies": { + "@octokit/types": "^6.40.0" + }, + "peerDependencies": { + "@octokit/core": ">=2" + } + }, + "node_modules/@octokit/plugin-rest-endpoint-methods": { + "version": "5.16.2", + "resolved": "https://registry.npmjs.org/@octokit/plugin-rest-endpoint-methods/-/plugin-rest-endpoint-methods-5.16.2.tgz", + "integrity": "sha512-8QFz29Fg5jDuTPXVtey05BLm7OB+M8fnvE64RNegzX7U+5NUXcOcnpTIK0YfSHBg8gYd0oxIq3IZTe9SfPZiRw==", + "dependencies": { + "@octokit/types": "^6.39.0", + "deprecation": "^2.3.1" + }, + "peerDependencies": { + "@octokit/core": ">=3" + } + }, + "node_modules/@octokit/request": { + "version": "5.6.3", + "resolved": "https://registry.npmjs.org/@octokit/request/-/request-5.6.3.tgz", + "integrity": "sha512-bFJl0I1KVc9jYTe9tdGGpAMPy32dLBXXo1dS/YwSCTL/2nd9XeHsY616RE3HPXDVk+a+dBuzyz5YdlXwcDTr2A==", + "dependencies": { + "@octokit/endpoint": "^6.0.1", + "@octokit/request-error": "^2.1.0", + "@octokit/types": "^6.16.1", + "is-plain-object": "^5.0.0", + "node-fetch": "^2.6.7", + "universal-user-agent": "^6.0.0" + } + }, + "node_modules/@octokit/request-error": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/@octokit/request-error/-/request-error-2.1.0.tgz", + "integrity": "sha512-1VIvgXxs9WHSjicsRwq8PlR2LR2x6DwsJAaFgzdi0JfJoGSO8mYI/cHJQ+9FbN21aa+DrgNLnwObmyeSC8Rmpg==", + "dependencies": { + "@octokit/types": "^6.0.3", + "deprecation": "^2.0.0", + "once": "^1.4.0" + } + }, + "node_modules/@octokit/request/node_modules/node-fetch": { + "version": "2.7.0", + "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-2.7.0.tgz", + "integrity": "sha512-c4FRfUm/dbcWZ7U+1Wq0AwCyFL+3nt2bEw05wfxSz+DWpWsitgmSgYmy2dQdWyKC1694ELPqMs/YzUSNozLt8A==", + "dependencies": { + "whatwg-url": "^5.0.0" + }, + "engines": { + "node": "4.x || >=6.0.0" + }, + "peerDependencies": { + "encoding": "^0.1.0" + }, + "peerDependenciesMeta": { + "encoding": { + "optional": true + } + } + }, + "node_modules/@octokit/rest": { + "version": "20.0.1", + "resolved": "https://registry.npmjs.org/@octokit/rest/-/rest-20.0.1.tgz", + "integrity": "sha512-wROV21RwHQIMNb2Dgd4+pY+dVy1Dwmp85pBrgr6YRRDYRBu9Gb+D73f4Bl2EukZSj5hInq2Tui9o7gAQpc2k2Q==", + "dependencies": { + "@octokit/core": "^5.0.0", + "@octokit/plugin-paginate-rest": "^8.0.0", + "@octokit/plugin-request-log": "^4.0.0", + "@octokit/plugin-rest-endpoint-methods": "^9.0.0" + }, + "engines": { + "node": ">= 18" + } + }, + "node_modules/@octokit/rest/node_modules/@octokit/auth-token": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/@octokit/auth-token/-/auth-token-4.0.0.tgz", + "integrity": "sha512-tY/msAuJo6ARbK6SPIxZrPBms3xPbfwBrulZe0Wtr/DIY9lje2HeV1uoebShn6mx7SjCHif6EjMvoREj+gZ+SA==", + "engines": { + "node": ">= 18" + } + }, + "node_modules/@octokit/rest/node_modules/@octokit/core": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/@octokit/core/-/core-5.0.0.tgz", + "integrity": "sha512-YbAtMWIrbZ9FCXbLwT9wWB8TyLjq9mxpKdgB3dUNxQcIVTf9hJ70gRPwAcqGZdY6WdJPZ0I7jLaaNDCiloGN2A==", + "dependencies": { + "@octokit/auth-token": "^4.0.0", + "@octokit/graphql": "^7.0.0", + "@octokit/request": "^8.0.2", + "@octokit/request-error": "^5.0.0", + "@octokit/types": "^11.0.0", + "before-after-hook": "^2.2.0", + "universal-user-agent": "^6.0.0" + }, + "engines": { + "node": ">= 18" + } + }, + "node_modules/@octokit/rest/node_modules/@octokit/endpoint": { + "version": "9.0.0", + "resolved": "https://registry.npmjs.org/@octokit/endpoint/-/endpoint-9.0.0.tgz", + "integrity": "sha512-szrQhiqJ88gghWY2Htt8MqUDO6++E/EIXqJ2ZEp5ma3uGS46o7LZAzSLt49myB7rT+Hfw5Y6gO3LmOxGzHijAQ==", + "dependencies": { + "@octokit/types": "^11.0.0", + "is-plain-object": "^5.0.0", + "universal-user-agent": "^6.0.0" + }, + "engines": { + "node": ">= 18" + } + }, + "node_modules/@octokit/rest/node_modules/@octokit/graphql": { + "version": "7.0.1", + "resolved": "https://registry.npmjs.org/@octokit/graphql/-/graphql-7.0.1.tgz", + "integrity": "sha512-T5S3oZ1JOE58gom6MIcrgwZXzTaxRnxBso58xhozxHpOqSTgDS6YNeEUvZ/kRvXgPrRz/KHnZhtb7jUMRi9E6w==", + "dependencies": { + "@octokit/request": "^8.0.1", + "@octokit/types": "^11.0.0", + "universal-user-agent": "^6.0.0" + }, + "engines": { + "node": ">= 18" + } + }, + "node_modules/@octokit/rest/node_modules/@octokit/openapi-types": { + "version": "18.0.0", + "resolved": "https://registry.npmjs.org/@octokit/openapi-types/-/openapi-types-18.0.0.tgz", + "integrity": "sha512-V8GImKs3TeQRxRtXFpG2wl19V7444NIOTDF24AWuIbmNaNYOQMWRbjcGDXV5B+0n887fgDcuMNOmlul+k+oJtw==" + }, + "node_modules/@octokit/rest/node_modules/@octokit/plugin-paginate-rest": { + "version": "8.0.0", + "resolved": "https://registry.npmjs.org/@octokit/plugin-paginate-rest/-/plugin-paginate-rest-8.0.0.tgz", + "integrity": "sha512-2xZ+baZWUg+qudVXnnvXz7qfrTmDeYPCzangBVq/1gXxii/OiS//4shJp9dnCCvj1x+JAm9ji1Egwm1BA47lPQ==", + "dependencies": { + "@octokit/types": "^11.0.0" + }, + "engines": { + "node": ">= 18" + }, + "peerDependencies": { + "@octokit/core": ">=5" + } + }, + "node_modules/@octokit/rest/node_modules/@octokit/plugin-request-log": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/@octokit/plugin-request-log/-/plugin-request-log-4.0.0.tgz", + "integrity": "sha512-2uJI1COtYCq8Z4yNSnM231TgH50bRkheQ9+aH8TnZanB6QilOnx8RMD2qsnamSOXtDj0ilxvevf5fGsBhBBzKA==", + "engines": { + "node": ">= 18" + }, + "peerDependencies": { + "@octokit/core": ">=5" + } + }, + "node_modules/@octokit/rest/node_modules/@octokit/plugin-rest-endpoint-methods": { + "version": "9.0.0", + "resolved": "https://registry.npmjs.org/@octokit/plugin-rest-endpoint-methods/-/plugin-rest-endpoint-methods-9.0.0.tgz", + "integrity": "sha512-KquMF/VB1IkKNiVnzJKspY5mFgGyLd7HzdJfVEGTJFzqu9BRFNWt+nwTCMuUiWc72gLQhRWYubTwOkQj+w/1PA==", + "dependencies": { + "@octokit/types": "^11.0.0" + }, + "engines": { + "node": ">= 18" + }, + "peerDependencies": { + "@octokit/core": ">=5" + } + }, + "node_modules/@octokit/rest/node_modules/@octokit/request": { + "version": "8.1.1", + "resolved": "https://registry.npmjs.org/@octokit/request/-/request-8.1.1.tgz", + "integrity": "sha512-8N+tdUz4aCqQmXl8FpHYfKG9GelDFd7XGVzyN8rc6WxVlYcfpHECnuRkgquzz+WzvHTK62co5di8gSXnzASZPQ==", + "dependencies": { + "@octokit/endpoint": "^9.0.0", + "@octokit/request-error": "^5.0.0", + "@octokit/types": "^11.1.0", + "is-plain-object": "^5.0.0", + "universal-user-agent": "^6.0.0" + }, + "engines": { + "node": ">= 18" + } + }, + "node_modules/@octokit/rest/node_modules/@octokit/request-error": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/@octokit/request-error/-/request-error-5.0.0.tgz", + "integrity": "sha512-1ue0DH0Lif5iEqT52+Rf/hf0RmGO9NWFjrzmrkArpG9trFfDM/efx00BJHdLGuro4BR/gECxCU2Twf5OKrRFsQ==", + "dependencies": { + "@octokit/types": "^11.0.0", + "deprecation": "^2.0.0", + "once": "^1.4.0" + }, + "engines": { + "node": ">= 18" + } + }, + "node_modules/@octokit/rest/node_modules/@octokit/types": { + "version": "11.1.0", + "resolved": "https://registry.npmjs.org/@octokit/types/-/types-11.1.0.tgz", + "integrity": "sha512-Fz0+7GyLm/bHt8fwEqgvRBWwIV1S6wRRyq+V6exRKLVWaKGsuy6H9QFYeBVDV7rK6fO3XwHgQOPxv+cLj2zpXQ==", + "dependencies": { + "@octokit/openapi-types": "^18.0.0" + } + }, + "node_modules/@octokit/types": { + "version": "6.41.0", + "resolved": "https://registry.npmjs.org/@octokit/types/-/types-6.41.0.tgz", + "integrity": "sha512-eJ2jbzjdijiL3B4PrSQaSjuF2sPEQPVCPzBvTHJD9Nz+9dw2SGH4K4xeQJ77YfTq5bRQ+bD8wT11JbeDPmxmGg==", + "dependencies": { + "@octokit/openapi-types": "^12.11.0" + } + }, + "node_modules/before-after-hook": { + "version": "2.2.3", + "resolved": "https://registry.npmjs.org/before-after-hook/-/before-after-hook-2.2.3.tgz", + "integrity": "sha512-NzUnlZexiaH/46WDhANlyR2bXRopNg4F/zuSA3OpZnllCUgRaOF2znDioDWrmbNVsuZk6l9pMquQB38cfBZwkQ==" + }, + "node_modules/data-uri-to-buffer": { + "version": "4.0.1", + "resolved": "https://registry.npmjs.org/data-uri-to-buffer/-/data-uri-to-buffer-4.0.1.tgz", + "integrity": "sha512-0R9ikRb668HB7QDxT1vkpuUBtqc53YyAwMwGeUFKRojY/NWKvdZ+9UYtRfGmhqNbRkTSVpMbmyhXipFFv2cb/A==", + "engines": { + "node": ">= 12" + } + }, + "node_modules/deprecation": { + "version": "2.3.1", + "resolved": "https://registry.npmjs.org/deprecation/-/deprecation-2.3.1.tgz", + "integrity": "sha512-xmHIy4F3scKVwMsQ4WnVaS8bHOx0DmVwRywosKhaILI0ywMDWPtBSku2HNxRvF7jtwDRsoEwYQSfbxj8b7RlJQ==" + }, + "node_modules/fetch-blob": { + "version": "3.2.0", + "resolved": "https://registry.npmjs.org/fetch-blob/-/fetch-blob-3.2.0.tgz", + "integrity": "sha512-7yAQpD2UMJzLi1Dqv7qFYnPbaPx7ZfFK6PiIxQ4PfkGPyNyl2Ugx+a/umUonmKqjhM4DnfbMvdX6otXq83soQQ==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/jimmywarting" + }, + { + "type": "paypal", + "url": "https://paypal.me/jimmywarting" + } + ], + "dependencies": { + "node-domexception": "^1.0.0", + "web-streams-polyfill": "^3.0.3" + }, + "engines": { + "node": "^12.20 || >= 14.13" + } + }, + "node_modules/formdata-polyfill": { + "version": "4.0.10", + "resolved": "https://registry.npmjs.org/formdata-polyfill/-/formdata-polyfill-4.0.10.tgz", + "integrity": "sha512-buewHzMvYL29jdeQTVILecSaZKnt/RJWjoZCF5OW60Z67/GmSLBkOFM7qh1PI3zFNtJbaZL5eQu1vLfazOwj4g==", + "dependencies": { + "fetch-blob": "^3.1.2" + }, + "engines": { + "node": ">=12.20.0" + } + }, + "node_modules/hasha": { + "version": "5.2.2", + "resolved": "https://registry.npmjs.org/hasha/-/hasha-5.2.2.tgz", + "integrity": "sha512-Hrp5vIK/xr5SkeN2onO32H0MgNZ0f17HRNH39WfL0SYUNOTZ5Lz1TJ8Pajo/87dYGEFlLMm7mIc/k/s6Bvz9HQ==", + "dependencies": { + "is-stream": "^2.0.0", + "type-fest": "^0.8.0" + }, + "engines": { + "node": ">=8" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/is-plain-object": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/is-plain-object/-/is-plain-object-5.0.0.tgz", + "integrity": "sha512-VRSzKkbMm5jMDoKLbltAkFQ5Qr7VDiTFGXxYFXXowVj387GeGNOCsOH6Msy00SGZ3Fp84b1Naa1psqgcCIEP5Q==", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/is-stream": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/is-stream/-/is-stream-2.0.1.tgz", + "integrity": "sha512-hFoiJiTl63nn+kstHGBtewWSKnQLpyb155KHheA1l39uvtO9nWIop1p3udqPcUd/xbF1VLMO4n7OI6p7RbngDg==", + "engines": { + "node": ">=8" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/node-domexception": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/node-domexception/-/node-domexception-1.0.0.tgz", + "integrity": "sha512-/jKZoMpw0F8GRwl4/eLROPA3cfcXtLApP0QzLmUT/HuPCZWyB7IY9ZrMeKw2O/nFIqPQB3PVM9aYm0F312AXDQ==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/jimmywarting" + }, + { + "type": "github", + "url": "https://paypal.me/jimmywarting" + } + ], + "engines": { + "node": ">=10.5.0" + } + }, + "node_modules/node-fetch": { + "version": "3.3.2", + "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-3.3.2.tgz", + "integrity": "sha512-dRB78srN/l6gqWulah9SrxeYnxeddIG30+GOqK/9OlLVyLg3HPnr6SqOWTWOXKRwC2eGYCkZ59NNuSgvSrpgOA==", + "dependencies": { + "data-uri-to-buffer": "^4.0.0", + "fetch-blob": "^3.1.4", + "formdata-polyfill": "^4.0.10" + }, + "engines": { + "node": "^12.20.0 || ^14.13.1 || >=16.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/node-fetch" + } + }, + "node_modules/once": { + "version": "1.4.0", + "resolved": "https://registry.npmjs.org/once/-/once-1.4.0.tgz", + "integrity": "sha512-lNaJgI+2Q5URQBkccEKHTQOPaXdUxnZZElQTZY0MFUAuaEqe1E+Nyvgdz/aIyNi6Z9MzO5dv1H8n58/GELp3+w==", + "dependencies": { + "wrappy": "1" + } + }, + "node_modules/tr46": { + "version": "0.0.3", + "resolved": "https://registry.npmjs.org/tr46/-/tr46-0.0.3.tgz", + "integrity": "sha512-N3WMsuqV66lT30CrXNbEjx4GEwlow3v6rr4mCcv6prnfwhS01rkgyFdjPNBYd9br7LpXV1+Emh01fHnq2Gdgrw==" + }, + "node_modules/tunnel": { + "version": "0.0.6", + "resolved": "https://registry.npmjs.org/tunnel/-/tunnel-0.0.6.tgz", + "integrity": "sha512-1h/Lnq9yajKY2PEbBadPXj3VxsDDu844OnaAo52UVmIzIvwwtBPIuNvkjuzBlTWpfJyUbG3ez0KSBibQkj4ojg==", + "engines": { + "node": ">=0.6.11 <=0.7.0 || >=0.7.3" + } + }, + "node_modules/type-fest": { + "version": "0.8.1", + "resolved": "https://registry.npmjs.org/type-fest/-/type-fest-0.8.1.tgz", + "integrity": "sha512-4dbzIzqvjtgiM5rw1k5rEHtBANKmdudhGyBEajN01fEyhaAIhsoKNy6y7+IN93IfpFtwY9iqi7kD+xwKhQsNJA==", + "engines": { + "node": ">=8" + } + }, + "node_modules/universal-user-agent": { + "version": "6.0.0", + "resolved": "https://registry.npmjs.org/universal-user-agent/-/universal-user-agent-6.0.0.tgz", + "integrity": "sha512-isyNax3wXoKaulPDZWHQqbmIx1k2tb9fb3GGDBRxCscfYV2Ch7WxPArBsFEG8s/safwXTT7H4QGhaIkTp9447w==" + }, + "node_modules/uuid": { + "version": "8.3.2", + "resolved": "https://registry.npmjs.org/uuid/-/uuid-8.3.2.tgz", + "integrity": "sha512-+NYs2QeMWy+GWFOEm9xnn6HCDp0l7QBD7ml8zLUmJ+93Q5NF0NocErnwkTkXVFNiX3/fpC6afS8Dhb/gz7R7eg==", + "bin": { + "uuid": "dist/bin/uuid" + } + }, + "node_modules/web-streams-polyfill": { + "version": "3.2.1", + "resolved": "https://registry.npmjs.org/web-streams-polyfill/-/web-streams-polyfill-3.2.1.tgz", + "integrity": "sha512-e0MO3wdXWKrLbL0DgGnUV7WHVuw9OUvL4hjgnPkIeEvESk74gAITi5G606JtZPp39cd8HA9VQzCIvA49LpPN5Q==", + "engines": { + "node": ">= 8" + } + }, + "node_modules/webidl-conversions": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-3.0.1.tgz", + "integrity": "sha512-2JAn3z8AR6rjK8Sm8orRC0h/bcl/DqL7tRPdGZ4I1CjdF+EaMLmYxBHyXuKL849eucPFhvBoxMsflfOb8kxaeQ==" + }, + "node_modules/whatwg-url": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/whatwg-url/-/whatwg-url-5.0.0.tgz", + "integrity": "sha512-saE57nupxk6v3HY35+jzBwYa0rKSy0XR8JSxZPwgLr7ys0IBzhGviA1/TUGJLmSVqs8pb9AnvICXEuOHLprYTw==", + "dependencies": { + "tr46": "~0.0.3", + "webidl-conversions": "^3.0.0" + } + }, + "node_modules/wrappy": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz", + "integrity": "sha512-l4Sp/DRseor9wL6EvV2+TuQn63dMkPjZ/sp9XkghTEbV9KlPS1xUsZ3u7/IQO4wxtcFB4bgpQPRcR3QCvezPcQ==" + } + } +} diff --git a/.github/actions/nym-hash-releases/package.json b/.github/actions/nym-hash-releases/package.json new file mode 100644 index 0000000..6dcd690 --- /dev/null +++ b/.github/actions/nym-hash-releases/package.json @@ -0,0 +1,18 @@ +{ + "name": "nym-hash-release", + "version": "1.0.0", + "description": "Generate hashes and signatures for assets in Nym releases", + "main": "index.js", + "type": "module", + "scripts": { + "local": "node run-local.mjs" + }, + "dependencies": { + "@actions/core": "^1.10.0", + "@actions/github": "^5.1.1", + "@octokit/auth-action": "^4.0.0", + "@octokit/rest": "^20.0.1", + "hasha": "^5.2.0", + "node-fetch": "^3.2.10" + } +} diff --git a/.github/actions/nym-hash-releases/run-local.mjs b/.github/actions/nym-hash-releases/run-local.mjs new file mode 100644 index 0000000..f2fc6ad --- /dev/null +++ b/.github/actions/nym-hash-releases/run-local.mjs @@ -0,0 +1,6 @@ +import {createHashesFromReleaseTagOrNameOrId} from './create-hashes.mjs'; + +await createHashesFromReleaseTagOrNameOrId({releaseTagOrNameOrId: 119065724, cache: true, upload: false}); +await createHashesFromReleaseTagOrNameOrId({releaseTagOrNameOrId: '119065724', cache: true, upload: false}); +await createHashesFromReleaseTagOrNameOrId({releaseTagOrNameOrId: 'nym-connect-v1.1.19-snickers', cache: true, upload: false}); +await createHashesFromReleaseTagOrNameOrId({releaseTagOrNameOrId: 'Nym Connect v1.1.19-snickers', cache: true, upload: false}); diff --git a/.github/workflows/nymvpn-desktop.yml b/.github/workflows/nymvpn-desktop.yml new file mode 100644 index 0000000..9925394 --- /dev/null +++ b/.github/workflows/nymvpn-desktop.yml @@ -0,0 +1,109 @@ +name: 'publish' +on: + push: + branches: + - main + +jobs: + publish-tauri: + strategy: + fail-fast: false + matrix: + platform: [windows-latest, macos-latest, ubuntu-latest] + runs-on: ${{ matrix.platform }} + env: + working-directory: ./nym-vpn/desktop + steps: + - name: Checkout tools repo + uses: actions/checkout@v4 + with: + repository: nymtech/nym + fetch-depth: 0 + ref: feature/nymvpn-desktop + - name: setup node + uses: actions/setup-node@v1 + with: + node-version: 21 + - name: install Rust stable + uses: actions-rs/toolchain@v1 + with: + toolchain: 1.73 + - name: install cargo dependencies + continue-on-error: true + run: | + cargo install cargo-deb + cargo install cargo-generate-rpm + cargo install --force cargo-make + cargo install sd + cargo install ripgrep + cargo install cargo-about + - name: install ubuntu dependencies + if: matrix.platform == 'ubuntu-latest' + run: | + sudo apt install -y build-essential \ + pkg-config \ + libgtk-3-dev \ + libssl-dev \ + libsoup2.4-dev \ + libjavascriptcoregtk-4.0-dev \ + libwebkit2gtk-4.0-dev \ + libmnl-dev \ + libnftnl-dev \ + protobuf-compiler \ + zip \ + - name: install protobuf macos + if: matrix.platform == 'macos-latest' + run: | + brew install protobuf + - name: install protobuf windows + if: matrix.platform == 'windows-latest' + uses: crazy-max/ghaction-chocolatey@v3 + with: + args: install protoc + - name: setup go + uses: actions/setup-go@v4 + with: + go-version: 'stable' + - name: build ubuntu deb package + if: matrix.platform == 'ubuntu-latest' + run: cargo make deb + working-directory: ${{ env.working-directory }} + - name: inport apple certs + if: matrix.platform == 'macos-latest' + uses: apple-actions/import-codesign-certs@v2 + with: + p12-file-base64: ${{ secrets.APPLE_SIGNING_CERT_BASE64 }} + p12-password: ${{ secrets.APPLE_SIGNING_CERT_PASSWORD }} + - uses: Apple-Actions/download-provisioning-profiles@v1 + continue-on-error: true + if: matrix.platform == 'macos-latest' + with: + bundle-id: net.nymtech.vpn + issuer-id: ${{ secrets.APPLE_APPSTORE_ISSUER_ID }} + api-key-id: ${{ secrets.APPLE_APPSTORE_KEY_ID }} + api-private-key: ${{ secrets.APPLE_APPSTORE_PRIVATE_KEY }} + - name: build macos pkg + if: matrix.platform == 'macos-latest' + run: cargo make pkg + working-directory: ${{ env.working-directory }} + env: + APPLE_TEAM_ID: VW5DZLFHM5 + APPLICATION_SIGNING_IDENTITY: Nym Technologies SA + INSTALLER_SIGNING_IDENTITY: Nym Technologies SA + - name: Create env file + uses: timheuer/base64-to-file@v1.2 + if: matrix.platform == 'windows-latest' + with: + fileName: 'signing.pfx' + encodedString: ${{ secrets.WINDOWS_SIGNING_PFX_BASE64 }} + - name: build windows installer + if: matrix.platform == 'windows-latest' + run: cargo make msi + working-directory: ${{ env.working-directory }} + env: + SIGN: true + CERT_FILE: "signing.pfx" + CERT_FILE_PASSWORD: ${{ secrets.WINDOWS_SIGNING_PFX_PASSWORD }} + + + diff --git a/.github/workflows/publish-nym-binaries.yml b/.github/workflows/publish-nym-binaries.yml new file mode 100644 index 0000000..a19fe9a --- /dev/null +++ b/.github/workflows/publish-nym-binaries.yml @@ -0,0 +1,99 @@ +name: Publish Nym binaries + +on: + workflow_dispatch: + inputs: + add_tokio_unstable: + description: 'True to add RUSTFLAGS="--cfg tokio_unstable"' + required: true + default: false + type: boolean + release: + types: [created] + +env: + NETWORK: mainnet + +jobs: + publish-nym: + if: ${{ (startsWith(github.ref, 'refs/tags/nym-binaries-') && github.event_name == 'release') || github.event_name == 'workflow_dispatch' }} + strategy: + fail-fast: false + matrix: + platform: [custom-ubuntu-20.04] + runs-on: ${{ matrix.platform }} + + outputs: + release_id: ${{ steps.create-release.outputs.id }} + release_date: ${{ fromJSON(steps.create-release.outputs.assets)[0].published_at }} + client_hash: ${{ steps.binary-hashes.outputs.client_hash }} + mixnode_hash: ${{ steps.binary-hashes.outputs.mixnode_hash }} + gateway_hash: ${{ steps.binary-hashes.outputs.gateway_hash }} + socks5_hash: ${{ steps.binary-hashes.outputs.socks5_hash }} + netreq_hash: ${{ steps.binary-hashes.outputs.netreq_hash }} + cli_hash: ${{ steps.binary-hashes.outputs.cli_hash }} + netstat_hash: ${{ steps.binary-hashes.outputs.netstat_hash }} + client_version: ${{ steps.binary-versions.outputs.client_version }} + mixnode_version: ${{ steps.binary-versions.outputs.mixnode_version }} + gateway_version: ${{ steps.binary-versions.outputs.gateway_version }} + socks5_version: ${{ steps.binary-versions.outputs.socks5_version }} + netreq_version: ${{ steps.binary-versions.outputs.netreq_version }} + cli_version: ${{ steps.binary-versions.outputs.cli_version }} + netstat_version: ${{ steps.binary-versions.outputs.netstat_version }} + + steps: + - uses: actions/checkout@v3 + + - name: Install Dependencies (Linux) + run: sudo apt-get update && sudo apt-get -y install ripgrep libwebkit2gtk-4.0-dev build-essential curl wget libssl-dev libgtk-3-dev libudev-dev squashfs-tools + continue-on-error: true + + - name: Check out repository code + uses: actions/checkout@v4 + with: + repository: nymtech/nym + ref: ${{ inputs.ref }} + + - name: Sets env vars for tokio if set in manual dispatch inputs + run: | + echo 'RUSTFLAGS="--cfg tokio_unstable"' >> $GITHUB_ENV + if: github.event_name == 'workflow_dispatch' && inputs.add_tokio_unstable == true + + - name: Install Rust stable + uses: actions-rs/toolchain@v1 + with: + toolchain: stable + + - name: Build all binaries + uses: actions-rs/cargo@v1 + with: + command: build + args: --release + + - name: Upload Artifact + uses: actions/upload-artifact@v3 + with: + name: my-artifact + path: | + target/release/nym-mixnode + target/release/nym-api + target/release/explorer-api + retention-days: 30 + + - id: create-release + name: Upload to release based on tag name + uses: softprops/action-gh-release@v1 + if: github.event_name == 'release' + with: + files: | + target/release/nym-mixnode + target/release/nym-api + target/release/explorer-api + + push-release-data-client: + if: ${{ (startsWith(github.ref, 'refs/tags/nym-binaries-') && github.event_name == 'release') || github.event_name == 'workflow_dispatch' }} + uses: ./.github/workflows/release-calculate-hash.yml + needs: publish-nym + with: + release_tag: ${{ github.ref_name }} + secrets: inherit diff --git a/.github/workflows/release-calculate-hash.yml b/.github/workflows/release-calculate-hash.yml new file mode 100644 index 0000000..4695b08 --- /dev/null +++ b/.github/workflows/release-calculate-hash.yml @@ -0,0 +1,39 @@ +name: Releases - calculate file hashes + +on: + workflow_call: + inputs: + release_tag: + description: 'Release tag' + required: true + type: string + workflow_dispatch: + release_tag: + tag: + description: 'Release tag' + required: true + type: string + +jobs: + build: + name: Calculate hash for assets in release + runs-on: ubuntu-latest + steps: + - name: Check out repository code + uses: actions/checkout@v3 + - uses: actions/setup-node@v3 + with: + node-version: 18 + - name: Install packages + run: cd ./.github/actions/nym-hash-releases && npm i + + - uses: ./.github/actions/nym-hash-releases + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + release-tag-or-name-or-id: ${{ inputs.release_tag }} + + - uses: actions/upload-artifact@v2 + with: + name: Asset Hashes + path: hashes.json diff --git a/.github/workflows/tauri-build-publish.yml b/.github/workflows/tauri-build-publish.yml new file mode 100644 index 0000000..82fe373 --- /dev/null +++ b/.github/workflows/tauri-build-publish.yml @@ -0,0 +1,62 @@ +name: 'publish' +on: + push: + branches: + - develop + +jobs: + publish-tauri: + strategy: + fail-fast: false + matrix: + platform: [windows-latest] + env: + working-directory: ./nym/nym-vpn/ui + + runs-on: ${{ matrix.platform }} + steps: + - name: Checkout tools repo + uses: actions/checkout@v4 + with: + repository: nymtech/nym + path: nym/nym-vpn/ui + ref: feature/tauri-windows-service + - name: setup node + uses: actions/setup-node@v1 + with: + node-version: 21 + - name: install Rust stable + uses: actions-rs/toolchain@v1 + with: + toolchain: stable + # - name: install webkit2gtk (ubuntu only) + # if: matrix.platform == 'ubuntu-latest' + # run: | + # sudo apt-get update + # sudo apt-get install -y webkit2gtk-4.0 + - name: import windows certificate + if: matrix.platform == 'windows-latest' + env: + WINDOWS_CERTIFICATE: ${{ secrets.WINDOWS_SIGNING_PFX_BASE64 }} + WINDOWS_CERTIFICATE_PASSWORD: ${{ secrets.WINDOWS_SIGNING_PFX_PASSWORD }} + run: | + New-Item -ItemType directory -Path certificate + Set-Content -Path certificate/tempCert.txt -Value $env:WINDOWS_CERTIFICATE + certutil -decode certificate/tempCert.txt certificate/certificate.pfx + Remove-Item -path certificate -include tempCert.txt + Import-PfxCertificate -FilePath certificate/certificate.pfx -CertStoreLocation Cert:\CurrentUser\My -Password (ConvertTo-SecureString -String $env:WINDOWS_CERTIFICATE_PASSWORD -Force -AsPlainText) + - name: install app dependencies and build it + run: yarn install --network-timeout 1000000 && yarn build + working-directory: ${{env.working-directory}} + - uses: tauri-apps/tauri-action@v0 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + TAURI_PRIVATE_KEY: ${{ secrets.TAURI_PRIVATE_KEY }} + TAURI_KEY_PASSWORD: ${{ secrets.TAURI_KEY_PASSWORD }} + with: + tagName: app-v__VERSION__ # the action automatically replaces \_\_VERSION\_\_ with the app version + releaseName: 'App v__VERSION__' + releaseBody: 'See the assets to download this version and install.' + releaseDraft: true + prerelease: false + projectPath: ${{ env.working-directory }} diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..723ef36 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.idea \ No newline at end of file diff --git a/dummy.tmp b/dummy.tmp new file mode 100644 index 0000000..e69de29