Skip to content

fix: csp for images #46

fix: csp for images

fix: csp for images #46

Workflow file for this run

name: Bundle
on:
push:
tags:
- "v*.*.*"
# on:
# pull_request:
jobs:
bundle_core:
defaults:
run:
working-directory: core
strategy:
fail-fast: false
matrix:
include:
- platform: "macos-latest" # for Arm based macs (M1 and above).
args: "--target aarch64-apple-darwin"
# - platform: 'macos-latest' # for Intel based macs.
# args: '--target x86_64-apple-darwin'
- platform: "ubuntu-22.04" # for Tauri v1 you could replace this with ubuntu-20.04.
args: ""
- platform: "windows-latest"
args: ""
runs-on: ${{ matrix.platform }}
environment: release
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: "3.12.3"
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install poetry
poetry install
- run: make bundle
- name: Sign MacOS App
if: matrix.platform == 'macos-latest'
timeout-minutes: 2
env:
APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }}
APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
APPLE_ID: ${{ secrets.APPLE_ID }}
APPLE_SIGNING_IDENTITY: ${{ secrets.APPLE_SIGNING_IDENTITY }}
TMP_KEYCHAIN_PASSWORD: some
APP_PATH: dist/core-aarch64-apple-darwin
run: |
echo "Creating a temporary keychain"
security create-keychain -p $TMP_KEYCHAIN_PASSWORD build.keychain
security default-keychain -s build.keychain
security unlock-keychain -p $TMP_KEYCHAIN_PASSWORD build.keychain
echo "Importing the certificate"
echo "$APPLE_CERTIFICATE" | base64 --decode > certificate.p12
security import certificate.p12 -k build.keychain -P $APPLE_CERTIFICATE_PASSWORD -T /usr/bin/codesign
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $TMP_KEYCHAIN_PASSWORD build.keychain
echo "Signing the binary"
/usr/bin/codesign --force -s $APPLE_SIGNING_IDENTITY $APP_PATH -v
echo "Deleting the temporary keychain"
security delete-keychain build.keychain
- uses: actions/upload-artifact@v4
with:
name: core-${{ matrix.platform }}
retention-days: 1
path: core/dist/*
bundle_desktop:
needs: bundle_core
permissions:
contents: write
strategy:
fail-fast: false
matrix:
include:
- platform: "macos-latest" # for Arm based macs (M1 and above).
args: "--target aarch64-apple-darwin"
# - platform: 'macos-latest' # for Intel based macs.
# args: '--target x86_64-apple-darwin'
- platform: "ubuntu-22.04" # for Tauri v1 you could replace this with ubuntu-20.04.
args: ""
- platform: "windows-latest"
args: ""
runs-on: ${{ matrix.platform }}
environment: release
steps:
- name: Get Tags
id: tag
uses: ildug/get-tag-action@v1
- name: Display version
run: |
echo "Version ${{ steps.tag.outputs.version }}"
echo "Tag ${{ steps.tag.outputs.tag }}"
- uses: actions/checkout@v4
- name: Download bundle artifacts
uses: actions/download-artifact@v4
with:
name: core-${{ matrix.platform }}
path: core/dist
- name: install Rust stable
uses: dtolnay/rust-toolchain@stable
with:
# Those targets are only used on macos runners so it's in an `if` to slightly speed up windows and linux builds.
targets: ${{ matrix.platform == 'macos-latest' && 'aarch64-apple-darwin,x86_64-apple-darwin' || '' }}
- name: install dependencies (ubuntu only)
if: matrix.platform == 'ubuntu-22.04' # This must match the platform value defined above.
run: |
sudo apt-get update
sudo apt-get install -y libwebkit2gtk-4.0-dev libappindicator3-dev librsvg2-dev patchelf
- name: Update Package Version
uses: jossef/[email protected]
with:
file: webapp/src-tauri/tauri.conf.json
field: package.version
value: ${{ steps.tag.outputs.version }}
- name: Setup Webapp
id: prepare-webapp
uses: ./.github/actions/prepare_webapp
with:
working-directory: webapp
- uses: tauri-apps/tauri-action@v0
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }}
APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
APPLE_SIGNING_IDENTITY: ${{ secrets.APPLE_SIGNING_IDENTITY }}
APPLE_ID: ${{ secrets.APPLE_ID }}
APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
with:
# tagName: ${{ steps.tag.outputs.tag }}
# releaseName: ${{ steps.tag.outputs.tag }}
releaseDraft: true
args: ${{ matrix.args }}
- name: Release
uses: softprops/action-gh-release@v2
if: startsWith(github.ref, 'refs/tags/')
with:
files: |
webapp/src-tauri/target/**/release/bundle/**/*.dmg
webapp/src-tauri/target/**/release/bundle/**/*.app
webapp/src-tauri/target/release/bundle/**/*.dmg
webapp/src-tauri/target/release/bundle/**/*.app
webapp/src-tauri/target/release/bundle/**/*.deb
webapp/src-tauri/target/release/bundle/**/*.rpm
webapp/src-tauri/target/release/bundle/**/*.AppImage
webapp/src-tauri/target/release/bundle/**/*.exe
webapp/src-tauri/target/release/bundle/**/*.msi
# # Project rules must be updated to push changes
# # GH013: Repository rule violations found for refs/heads/main.
# - uses: stefanzweifel/git-auto-commit-action@v5
# with:
# commit_message: Bump version to ${{ env.VERSION }}
# branch: main