Nightly Builds #160
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: "Nightly Builds" | |
on: | |
push: | |
branches: | |
- main | |
pull_request: | |
branches: | |
- main | |
workflow_dispatch: | |
jobs: | |
prepare: | |
runs-on: ubuntu-latest | |
outputs: | |
version: ${{ steps.get_version.outputs.VERSION }} | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Get version | |
id: get_version | |
run: echo "VERSION=$(node -p "require('./src-tauri/tauri.conf.json').version")" >> $GITHUB_OUTPUT | |
build-macos: | |
needs: prepare | |
strategy: | |
matrix: | |
include: | |
- args: "--target aarch64-apple-darwin" | |
arch: "silicon" | |
- args: "--target x86_64-apple-darwin" | |
arch: "intel" | |
runs-on: macos-latest | |
env: | |
APPLE_ID: ${{ secrets.APPLE_ID }} | |
APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }} | |
TAURI_SIGNING_PRIVATE_KEY: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY }} | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Redact Sensitive Information | |
run: | | |
function redact_output { | |
sed -e "s/${{ secrets.REDACT_PATTERN }}/REDACTED/g" | |
} | |
exec > >(redact_output) 2>&1 | |
- uses: actions/setup-node@v4 | |
with: | |
node-version: 20 | |
- uses: dtolnay/rust-toolchain@stable | |
with: | |
targets: aarch64-apple-darwin,x86_64-apple-darwin | |
- uses: swatinem/rust-cache@v2 | |
with: | |
workspaces: "src-tauri -> target" | |
cache-directories: "~/.cargo/registry/index/,~/.cargo/registry/cache/,~/.cargo/git/db/" | |
shared-key: "macos-rust-cache" | |
save-if: "true" | |
- uses: actions/cache@v4 | |
with: | |
path: ~/.pnpm-store | |
key: ${{ runner.os }}-pnpm-${{ hashFiles('**/pnpm-lock.yaml') }} | |
restore-keys: | | |
${{ runner.os }}-pnpm- | |
- run: npm install -g pnpm && pnpm install | |
- name: Import Apple Developer Certificate | |
env: | |
APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }} | |
APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }} | |
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} | |
run: | | |
echo $APPLE_CERTIFICATE | base64 --decode > certificate.p12 | |
security create-keychain -p "$KEYCHAIN_PASSWORD" build.keychain | |
security default-keychain -s build.keychain | |
security unlock-keychain -p "$KEYCHAIN_PASSWORD" build.keychain | |
security import certificate.p12 -k build.keychain -P "$APPLE_CERTIFICATE_PASSWORD" -T /usr/bin/codesign | |
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$KEYCHAIN_PASSWORD" build.keychain | |
security find-identity -v -p codesigning build.keychain | |
- name: Verify Certificate | |
run: | | |
CERT_INFO=$(security find-identity -v -p codesigning build.keychain | grep "Apple Development") | |
CERT_ID=$(echo "$CERT_INFO" | awk -F'"' '{print $2}') | |
echo "CERT_ID=$CERT_ID" >> $GITHUB_ENV | |
echo "Certificate imported." | |
- uses: tauri-apps/tauri-action@v0 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }} | |
APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }} | |
TAURI_PRIVATE_KEY: ${{ secrets.TAURI_PRIVATE_KEY }} | |
TAURI_KEY_PASSWORD: ${{ secrets.TAURI_KEY_PASSWORD }} | |
APPLE_SIGNING_IDENTITY: ${{ env.CERT_ID }} | |
with: | |
args: ${{ matrix.args }} | |
- name: Debug Signing Process | |
if: failure() | |
run: | | |
echo "Attempting manual signing:" | |
codesign --force --options runtime --sign "$CERT_ID" --entitlements src-tauri/entitlements.plist src-tauri/target/aarch64-apple-darwin/release/bundle/macos/Qopy.app | |
echo "Verifying signature:" | |
codesign -dv --verbose=4 src-tauri/target/aarch64-apple-darwin/release/bundle/macos/Qopy.app | sed 's/.*Authority=.*/Authority=REDACTED/' | |
- name: Rename and Publish macOS Artifacts | |
run: | | |
mv src-tauri/target/${{ matrix.args == '--target aarch64-apple-darwin' && 'aarch64-apple-darwin' || 'x86_64-apple-darwin' }}/release/bundle/dmg/*.dmg src-tauri/target/${{ matrix.args == '--target aarch64-apple-darwin' && 'aarch64-apple-darwin' || 'x86_64-apple-darwin' }}/release/bundle/dmg/Qopy-${{ needs.prepare.outputs.version }}_${{ matrix.arch }}.dmg | |
mv src-tauri/target/${{ matrix.args == '--target aarch64-apple-darwin' && 'aarch64-apple-darwin' || 'x86_64-apple-darwin' }}/release/bundle/macos/*.app.tar.gz src-tauri/target/${{ matrix.args == '--target aarch64-apple-darwin' && 'aarch64-apple-darwin' || 'x86_64-apple-darwin' }}/release/bundle/macos/Qopy-${{ needs.prepare.outputs.version }}_${{ matrix.arch }}.app.tar.gz | |
mv src-tauri/target/${{ matrix.args == '--target aarch64-apple-darwin' && 'aarch64-apple-darwin' || 'x86_64-apple-darwin' }}/release/bundle/macos/*.app.tar.gz.sig src-tauri/target/${{ matrix.args == '--target aarch64-apple-darwin' && 'aarch64-apple-darwin' || 'x86_64-apple-darwin' }}/release/bundle/macos/Qopy-${{ needs.prepare.outputs.version }}_${{ matrix.arch }}.app.tar.gz.sig | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: macos-dmg-${{ matrix.arch }} | |
path: src-tauri/target/${{ matrix.args == '--target aarch64-apple-darwin' && 'aarch64-apple-darwin' || 'x86_64-apple-darwin' }}/release/bundle/dmg/*.dmg | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: updater-macos-${{ matrix.arch }} | |
path: | | |
src-tauri/target/${{ matrix.args == '--target aarch64-apple-darwin' && 'aarch64-apple-darwin' || 'x86_64-apple-darwin' }}/release/bundle/macos/*.app.tar.gz | |
src-tauri/target/${{ matrix.args == '--target aarch64-apple-darwin' && 'aarch64-apple-darwin' || 'x86_64-apple-darwin' }}/release/bundle/macos/*.app.tar.gz.sig | |
build-windows: | |
needs: prepare | |
strategy: | |
matrix: | |
include: | |
- args: "--target x86_64-pc-windows-msvc" | |
arch: "x64" | |
target: "x86_64-pc-windows-msvc" | |
- args: "--target aarch64-pc-windows-msvc" | |
arch: "arm64" | |
target: "aarch64-pc-windows-msvc" | |
runs-on: windows-latest | |
env: | |
TAURI_SIGNING_PRIVATE_KEY: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY }} | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-node@v4 | |
with: | |
node-version: 20 | |
- uses: dtolnay/rust-toolchain@stable | |
with: | |
targets: x86_64-pc-windows-msvc,aarch64-pc-windows-msvc | |
- uses: swatinem/rust-cache@v2 | |
with: | |
workspaces: "src-tauri -> target" | |
cache-directories: "~/.cargo/registry/index/,~/.cargo/registry/cache/,~/.cargo/git/db/" | |
shared-key: "windows-rust-cache" | |
save-if: "true" | |
- uses: actions/cache@v4 | |
with: | |
path: ~/.pnpm-store | |
key: ${{ runner.os }}-pnpm-${{ hashFiles('**/pnpm-lock.yaml') }} | |
restore-keys: | | |
${{ runner.os }}-pnpm- | |
- run: npm install -g pnpm && pnpm install | |
- uses: tauri-apps/tauri-action@v0 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
args: ${{ matrix.args }} | |
- name: List Bundle Directory | |
shell: pwsh | |
run: | | |
Write-Output "Checking build directories..." | |
Get-ChildItem -Path "src-tauri/target" -Recurse -Directory | Where-Object { $_.Name -eq "msi" } | ForEach-Object { | |
Write-Output "Found MSI directory: $($_.FullName)" | |
Get-ChildItem -Path $_.FullName -Filter "*.msi" | ForEach-Object { | |
Write-Output "Found MSI file: $($_.FullName)" | |
} | |
} | |
- name: Rename and Publish Windows Artifacts | |
run: | | |
mv src-tauri/target/${{ matrix.target }}/release/bundle/msi/*.msi src-tauri/target/${{ matrix.target }}/release/bundle/msi/Qopy-${{ needs.prepare.outputs.version }}_${{ matrix.arch }}.msi | |
mv src-tauri/target/${{ matrix.target }}/release/bundle/msi/*.msi.sig src-tauri/target/${{ matrix.target }}/release/bundle/msi/Qopy-${{ needs.prepare.outputs.version }}_${{ matrix.arch }}.msi.sig | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: windows-${{ matrix.arch }} | |
path: src-tauri/target/${{ matrix.target }}/release/bundle/msi/*.msi | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: updater-windows-${{ matrix.arch }} | |
path: | | |
src-tauri/target/${{ matrix.target }}/release/bundle/msi/*.msi | |
src-tauri/target/${{ matrix.target }}/release/bundle/msi/*.msi.sig | |
build-ubuntu: | |
needs: prepare | |
runs-on: ubuntu-latest | |
env: | |
TAURI_SIGNING_PRIVATE_KEY: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY }} | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-node@v4 | |
with: | |
node-version: 20 | |
- uses: dtolnay/rust-toolchain@stable | |
with: | |
targets: x86_64-unknown-linux-gnu | |
- uses: swatinem/rust-cache@v2 | |
with: | |
workspaces: "src-tauri -> target" | |
cache-directories: "~/.cargo/registry/index/,~/.cargo/registry/cache/,~/.cargo/git/db/" | |
shared-key: "ubuntu-rust-cache" | |
save-if: "true" | |
- uses: actions/cache@v4 | |
with: | |
path: ~/.pnpm-store | |
key: ${{ runner.os }}-pnpm-${{ hashFiles('**/pnpm-lock.yaml') }} | |
restore-keys: | | |
${{ runner.os }}-pnpm- | |
- name: Install dependencies | |
run: | | |
sudo apt update | |
sudo apt install -y libwebkit2gtk-4.1-dev build-essential curl wget file libssl-dev libayatana-appindicator3-dev librsvg2-dev libasound2-dev rpm | |
echo "PKG_CONFIG_PATH=/usr/lib/x86_64-linux-gnu/pkgconfig" >> $GITHUB_ENV | |
- run: npm install -g pnpm && pnpm install | |
- uses: tauri-apps/tauri-action@v0 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
args: --target x86_64-unknown-linux-gnu | |
- name: Rename Linux Artifacts | |
run: | | |
mv src-tauri/target/x86_64-unknown-linux-gnu/release/bundle/deb/*.deb src-tauri/target/x86_64-unknown-linux-gnu/release/bundle/deb/Qopy-${{ needs.prepare.outputs.version }}.deb | |
mv src-tauri/target/x86_64-unknown-linux-gnu/release/bundle/appimage/*.AppImage src-tauri/target/x86_64-unknown-linux-gnu/release/bundle/appimage/Qopy-${{ needs.prepare.outputs.version }}.AppImage | |
mv src-tauri/target/x86_64-unknown-linux-gnu/release/bundle/appimage/*.AppImage.sig src-tauri/target/x86_64-unknown-linux-gnu/release/bundle/appimage/Qopy-${{ needs.prepare.outputs.version }}.AppImage.sig | |
mv src-tauri/target/x86_64-unknown-linux-gnu/release/bundle/rpm/*.rpm src-tauri/target/x86_64-unknown-linux-gnu/release/bundle/rpm/Qopy-${{ needs.prepare.outputs.version }}.rpm | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: ubuntu-deb | |
path: src-tauri/target/x86_64-unknown-linux-gnu/release/bundle/deb/*.deb | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: ubuntu-appimage | |
path: src-tauri/target/x86_64-unknown-linux-gnu/release/bundle/appimage/*.AppImage | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: ubuntu-rpm | |
path: src-tauri/target/x86_64-unknown-linux-gnu/release/bundle/rpm/*.rpm | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: updater-ubuntu | |
path: | | |
src-tauri/target/x86_64-unknown-linux-gnu/release/bundle/appimage/*.AppImage | |
src-tauri/target/x86_64-unknown-linux-gnu/release/bundle/appimage/*.AppImage.sig |