publish #167
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: "publish" | |
# change this when ready to release if you want CI/CD | |
on: workflow_dispatch | |
env: | |
CN_APPLICATION: cap/cap | |
APP_CARGO_TOML: apps/desktop/src-tauri/Cargo.toml | |
SENTRY_ORG: cap-s2 | |
SENTRY_PROJECT: cap-desktop | |
jobs: | |
draft: | |
runs-on: ubuntu-latest | |
outputs: | |
version: ${{ steps.read_version.outputs.value }} | |
needs_release: ${{ steps.create_tag.outputs.tag_existed != 'true' }} | |
permissions: | |
contents: write | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Read version number | |
uses: SebRollen/[email protected] | |
id: read_version | |
with: | |
file: ${{ env.APP_CARGO_TOML }} | |
field: "package.version" | |
- name: Create tag | |
id: create_tag | |
if: ${{ steps.create_tag.outputs.tag_existed != 'true' }} | |
uses: actions/github-script@v7 | |
with: | |
script: | | |
const tag = "cap-v${{ steps.read_version.outputs.value }}"; | |
const tagRef = `tags/${tag}`; | |
const TAG_EXISTED = "tag_existed"; | |
async function main() { | |
let tagExisted = true; | |
try { | |
await github.rest.git.getRef({ | |
ref: tagRef, | |
owner: context.repo.owner, | |
repo: context.repo.repo, | |
}); | |
tagExisted = true; | |
core.notice(`Release skipped as tag '${tag}' already exists. Update the version in '${{ env.APP_CARGO_TOML }}' before starting another release.`); | |
} catch (error) { | |
if ("status" in error && error.status === 404) tagExisted = false; | |
else throw error; | |
} | |
core.setOutput(TAG_EXISTED, tagExisted); | |
if (!tagExisted) | |
await github.rest.git.createRef({ | |
ref: `refs/${tagRef}`, | |
owner: context.repo.owner, | |
repo: context.repo.repo, | |
sha: context.sha, | |
}); | |
} | |
main(); | |
- name: Create draft CN release | |
uses: crabnebula-dev/cloud-release@v0 | |
with: | |
command: release draft ${{ env.CN_APPLICATION }} ${{ steps.read_version.outputs.value }} --framework tauri | |
api-key: ${{ secrets.CN_API_KEY }} | |
- name: Create draft GH release | |
# TODO: Change to stable version when available | |
uses: softprops/action-gh-release@v2 | |
with: | |
draft: true | |
generate_release_notes: true | |
build: | |
needs: draft | |
if: ${{ needs.draft.outputs.needs_release == 'true' }} | |
permissions: | |
contents: write | |
runs-on: macos-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
settings: | |
- target: x86_64-apple-darwin | |
prebuild: x86_64 | |
- target: aarch64-apple-darwin | |
prebuild: aarch64 | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
- name: Create API Key File | |
run: echo "${{ secrets.APPLE_API_KEY_FILE }}" > api.p8 | |
- uses: apple-actions/import-codesign-certs@v2 | |
with: | |
p12-file-base64: ${{ secrets.APPLE_CERTIFICATE }} | |
p12-password: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }} | |
- name: Verify certificate | |
run: security find-identity -v -p codesigning ${{ runner.temp }}/build.keychain | |
- name: Rust setup | |
uses: dtolnay/rust-toolchain@stable | |
with: | |
targets: ${{ matrix.settings.target }} | |
- name: Rust cache | |
uses: swatinem/rust-cache@v2 | |
with: | |
shared-key: ${{ matrix.settings.target }} | |
- name: Setup pnpm | |
uses: pnpm/action-setup@v4 | |
with: | |
version: 9.8.0 | |
- name: Setup Node.js | |
uses: actions/setup-node@v4 | |
with: | |
node-version: "20" | |
cache: pnpm | |
- name: Install dependencies | |
run: pnpm install | |
- name: Create .env file in root | |
run: | | |
echo "appVersion=${{ needs.draft.outputs.version }}" >> .env | |
echo "CAP_DESKTOP_SENTRY_URL=https://6a3b6a09e6ae976c2ad6fff710e88748@o4506859771527168.ingest.us.sentry.io/4508330917101568" >> .env | |
echo "NEXT_PUBLIC_URL=${{ secrets.NEXT_PUBLIC_URL }}" >> .env | |
echo 'NEXTAUTH_URL=${NEXT_PUBLIC_URL}' >> .env | |
echo 'VITE_SERVER_URL=${NEXT_PUBLIC_URL}' >> .env | |
echo "NEXT_PUBLIC_CAP_AWS_REGION=${{ secrets.NEXT_PUBLIC_CAP_AWS_REGION }}" >> .env | |
echo "NEXT_PUBLIC_CAP_AWS_BUCKET=${{ secrets.NEXT_PUBLIC_CAP_AWS_BUCKET }}" >> .env | |
- name: Copy .env to apps/desktop | |
run: cp .env apps/desktop/.env | |
- name: Output .env file | |
run: cat apps/desktop/.env | |
- name: Cargo clean | |
run: cargo clean | |
- name: Build macOS apps | |
working-directory: apps/desktop | |
run: | | |
export TARGET_TRIPLE=${{ matrix.settings.target }} | |
node ${{ github.workspace }}/.github/prebuild.js darwin ${{ matrix.settings.prebuild }} | |
pnpm tauri build --target ${{ matrix.settings.target }} --config src-tauri/tauri.conf.prod.json | |
env: | |
# https://github.com/tauri-apps/tauri-action/issues/740 | |
CI: false | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
# codesigning | |
APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }} | |
APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }} | |
APPLE_SIGNING_IDENTITY: ${{ secrets.APPLE_SIGNING_IDENTITY }} | |
# notarization | |
APPLE_API_ISSUER: ${{ secrets.APPLE_API_ISSUER }} | |
APPLE_API_KEY: ${{ secrets.APPLE_API_KEY }} | |
APPLE_API_KEY_PATH: ${{ github.workspace }}/api.p8 | |
APPLE_KEYCHAIN: ${{ runner.temp }}/build.keychain | |
TAURI_SIGNING_PRIVATE_KEY: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY }} | |
TAURI_SIGNING_PRIVATE_KEY_PASSWORD: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY_PASSWORD }} | |
- name: Upload assets | |
uses: crabnebula-dev/cloud-release@v0 | |
with: | |
command: release upload ${{ env.CN_APPLICATION }} "${{ needs.draft.outputs.version }}" --framework tauri | |
api-key: ${{ secrets.CN_API_KEY }} | |
- name: Upload debug symbols to Sentry | |
env: | |
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} | |
working-directory: target | |
run: | | |
curl -sL https://sentry.io/get-cli/ | bash | |
sentry-cli debug-files upload -o ${{ env.SENTRY_ORG }} -p ${{ env.SENTRY_PROJECT }} Cap.dSYM |