fix: csp for images #46
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Bundle | |
on: | |
push: | |
tags: | |
- "v*.*.*" | |
# on: | |
# pull_request: | |
jobs: | |
bundle_core: | |
defaults: | |
run: | |
working-directory: core | |
strategy: | |
fail-fast: false | |
matrix: | |
include: | |
- platform: "macos-latest" # for Arm based macs (M1 and above). | |
args: "--target aarch64-apple-darwin" | |
# - platform: 'macos-latest' # for Intel based macs. | |
# args: '--target x86_64-apple-darwin' | |
- platform: "ubuntu-22.04" # for Tauri v1 you could replace this with ubuntu-20.04. | |
args: "" | |
- platform: "windows-latest" | |
args: "" | |
runs-on: ${{ matrix.platform }} | |
environment: release | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-python@v5 | |
with: | |
python-version: "3.12.3" | |
- name: Install dependencies | |
run: | | |
python -m pip install --upgrade pip | |
pip install poetry | |
poetry install | |
- run: make bundle | |
- name: Sign MacOS App | |
if: matrix.platform == 'macos-latest' | |
timeout-minutes: 2 | |
env: | |
APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }} | |
APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }} | |
APPLE_ID: ${{ secrets.APPLE_ID }} | |
APPLE_SIGNING_IDENTITY: ${{ secrets.APPLE_SIGNING_IDENTITY }} | |
TMP_KEYCHAIN_PASSWORD: some | |
APP_PATH: dist/core-aarch64-apple-darwin | |
run: | | |
echo "Creating a temporary keychain" | |
security create-keychain -p $TMP_KEYCHAIN_PASSWORD build.keychain | |
security default-keychain -s build.keychain | |
security unlock-keychain -p $TMP_KEYCHAIN_PASSWORD build.keychain | |
echo "Importing the certificate" | |
echo "$APPLE_CERTIFICATE" | base64 --decode > certificate.p12 | |
security import certificate.p12 -k build.keychain -P $APPLE_CERTIFICATE_PASSWORD -T /usr/bin/codesign | |
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $TMP_KEYCHAIN_PASSWORD build.keychain | |
echo "Signing the binary" | |
/usr/bin/codesign --force -s $APPLE_SIGNING_IDENTITY $APP_PATH -v | |
echo "Deleting the temporary keychain" | |
security delete-keychain build.keychain | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: core-${{ matrix.platform }} | |
retention-days: 1 | |
path: core/dist/* | |
bundle_desktop: | |
needs: bundle_core | |
permissions: | |
contents: write | |
strategy: | |
fail-fast: false | |
matrix: | |
include: | |
- platform: "macos-latest" # for Arm based macs (M1 and above). | |
args: "--target aarch64-apple-darwin" | |
# - platform: 'macos-latest' # for Intel based macs. | |
# args: '--target x86_64-apple-darwin' | |
- platform: "ubuntu-22.04" # for Tauri v1 you could replace this with ubuntu-20.04. | |
args: "" | |
- platform: "windows-latest" | |
args: "" | |
runs-on: ${{ matrix.platform }} | |
environment: release | |
steps: | |
- name: Get Tags | |
id: tag | |
uses: ildug/get-tag-action@v1 | |
- name: Display version | |
run: | | |
echo "Version ${{ steps.tag.outputs.version }}" | |
echo "Tag ${{ steps.tag.outputs.tag }}" | |
- uses: actions/checkout@v4 | |
- name: Download bundle artifacts | |
uses: actions/download-artifact@v4 | |
with: | |
name: core-${{ matrix.platform }} | |
path: core/dist | |
- name: install Rust stable | |
uses: dtolnay/rust-toolchain@stable | |
with: | |
# Those targets are only used on macos runners so it's in an `if` to slightly speed up windows and linux builds. | |
targets: ${{ matrix.platform == 'macos-latest' && 'aarch64-apple-darwin,x86_64-apple-darwin' || '' }} | |
- name: install dependencies (ubuntu only) | |
if: matrix.platform == 'ubuntu-22.04' # This must match the platform value defined above. | |
run: | | |
sudo apt-get update | |
sudo apt-get install -y libwebkit2gtk-4.0-dev libappindicator3-dev librsvg2-dev patchelf | |
- name: Update Package Version | |
uses: jossef/[email protected] | |
with: | |
file: webapp/src-tauri/tauri.conf.json | |
field: package.version | |
value: ${{ steps.tag.outputs.version }} | |
- name: Setup Webapp | |
id: prepare-webapp | |
uses: ./.github/actions/prepare_webapp | |
with: | |
working-directory: webapp | |
- uses: tauri-apps/tauri-action@v0 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }} | |
APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }} | |
APPLE_SIGNING_IDENTITY: ${{ secrets.APPLE_SIGNING_IDENTITY }} | |
APPLE_ID: ${{ secrets.APPLE_ID }} | |
APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} | |
with: | |
# tagName: ${{ steps.tag.outputs.tag }} | |
# releaseName: ${{ steps.tag.outputs.tag }} | |
releaseDraft: true | |
args: ${{ matrix.args }} | |
- name: Release | |
uses: softprops/action-gh-release@v2 | |
if: startsWith(github.ref, 'refs/tags/') | |
with: | |
files: | | |
webapp/src-tauri/target/**/release/bundle/**/*.dmg | |
webapp/src-tauri/target/**/release/bundle/**/*.app | |
webapp/src-tauri/target/release/bundle/**/*.dmg | |
webapp/src-tauri/target/release/bundle/**/*.app | |
webapp/src-tauri/target/release/bundle/**/*.deb | |
webapp/src-tauri/target/release/bundle/**/*.rpm | |
webapp/src-tauri/target/release/bundle/**/*.AppImage | |
webapp/src-tauri/target/release/bundle/**/*.exe | |
webapp/src-tauri/target/release/bundle/**/*.msi | |
# # Project rules must be updated to push changes | |
# # GH013: Repository rule violations found for refs/heads/main. | |
# - uses: stefanzweifel/git-auto-commit-action@v5 | |
# with: | |
# commit_message: Bump version to ${{ env.VERSION }} | |
# branch: main |