-
Notifications
You must be signed in to change notification settings - Fork 294
124 lines (103 loc) · 4.61 KB
/
publish.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
name: "publish"
# change this when ready to release if you want CI/CD
on: workflow_dispatch
env:
CN_APPLICATION: cap/cap
APP_CARGO_TOML: apps/desktop-solid/src-tauri/Cargo.toml
jobs:
cap-desktop-release:
permissions:
contents: write
runs-on: macos-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Read version number
uses: SebRollen/[email protected]
id: read_version
with:
file: ${{ env.APP_CARGO_TOML }}
field: "package.version"
- name: create draft release
uses: crabnebula-dev/cloud-release@v0
with:
command: release draft ${{ env.CN_APPLICATION }} ${{ steps.read_version.outputs.value }} --framework tauri
api-key: ${{ secrets.CN_API_KEY }}
- name: Create API Key File
run: echo "${{ secrets.APPLE_API_KEY_FILE }}" > api.p8
- name: Ensure signing identity
env:
APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }}
APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
run: |
CERTIFICATE_PATH=${{ runner.temp }}/certificate.p12
KEYCHAIN_PATH=${{ runner.temp }}/build.keychain
echo -n "$APPLE_CERTIFICATE" | base64 --decode -o $CERTIFICATE_PATH
# Maybe set password in secrets?? This gets cleaned up at the beginning and end of each job though.
security create-keychain -p "" $KEYCHAIN_PATH
security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
security default-keychain -s $KEYCHAIN_PATH
security unlock-keychain -p "" $KEYCHAIN_PATH
security import $CERTIFICATE_PATH -P "$APPLE_CERTIFICATE_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
security set-key-partition-list -S apple-tool:,apple: -k "" $KEYCHAIN_PATH
security list-keychain -d user -s $KEYCHAIN_PATH
- name: Verify certificate
run: security find-identity -v -p codesigning ${{ runner.temp }}/build.keychain
- name: Rust setup
uses: dtolnay/rust-toolchain@stable
with:
targets: x86_64-apple-darwin, aarch64-apple-darwin
- name: Rust cache
uses: swatinem/rust-cache@v2
- name: Setup pnpm
uses: pnpm/action-setup@v4
with:
version: 8.10.5
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: "20"
cache: pnpm
- name: Install dependencies
run: pnpm install
- name: Create .env file in root
run: |
echo "appVersion=${{ steps.read_version.outputs.value }}" >> .env
echo "CAP_DESKTOP_SENTRY_URL=https://efd3156d9c0a8a49bee3ee675bec80d8@o4506859771527168.ingest.us.sentry.io/4506859844403200" >> .env
echo "NEXT_PUBLIC_URL=${{ secrets.NEXT_PUBLIC_URL }}" >> .env
echo 'NEXTAUTH_URL=${NEXT_PUBLIC_URL}' >> .env
echo 'VITE_SERVER_URL=${NEXT_PUBLIC_URL}' >> .env
- name: Copy .env to apps/desktop-solid
run: cp .env apps/desktop-solid/.env
- name: Output .env file
run: cat apps/desktop-solid/.env
- name: Build MacOS Apps
# Install x86_64-apple-darwin for mac and build Tauri binaries
# Build both intel and apple silicon
working-directory: apps/desktop-solid
run: |
pnpm install
node ${{ github.workspace }}/.github/prebuild.js x86_64
pnpm tauri build --target x86_64-apple-darwin
node ${{ github.workspace }}/.github/prebuild.js aarch64
pnpm tauri build --target aarch64-apple-darwin
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }}
APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
APPLE_SIGNING_IDENTITY: ${{ secrets.APPLE_SIGNING_IDENTITY }}
APPLE_ID: ${{ secrets.APPLE_ID }}
APPLE_PASSWORD: ${{ secrets.APPLE_PASSWORD }}
APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
APPLE_API_ISSUER: ${{ secrets.APPLE_API_ISSUER }}
APPLE_API_KEY: ${{ secrets.APPLE_API_KEY }}
APPLE_API_KEY_PATH: api.p8
APPLE_KEYCHAIN: ${{ runner.temp }}/build.keychain
TAURI_SIGNING_PRIVATE_KEY: ${{ secrets.TAURI_SIGNING_KEY }}
TAURI_SIGNING_PRIVATE_KEY_PASSWORD: ${{ secrets.TAURI_KEY_PASSWORD }}
- name: upload assets
uses: crabnebula-dev/cloud-release@v0
with:
command: release upload ${{ env.CN_APPLICATION }} --framework tauri
api-key: ${{ secrets.CN_API_KEY }}
working-directory: ./apps/desktop-solid/src-tauri