drop/.github/workflows/client-release.yml at develop · Drop-OSS/drop · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
name: "Build and release desktop"

on:
  workflow_dispatch:
    inputs:
      tagName:
        required: false
        type: string
        description: "tagName to be associated with this release."
  release:
    types: [published]
  # This can be used to automatically publish nightlies at UTC nighttime
#  schedule:
#    - cron: "0 2 * * *" # run at 2 AM UTC

# This workflow will trigger on each push to the `release` branch to create or update a GitHub release, build your app, and upload the artifacts to the release.

jobs:
  publish-tauri:
    permissions:
      contents: write
    strategy:
      fail-fast: false
      matrix:
        include:
          - platform: "macos-14" # for Arm based macs (M1 and above).
            args: "--target aarch64-apple-darwin"
          - platform: "macos-14" # for Intel based macs.
            args: "--target x86_64-apple-darwin"
          - platform: "ubuntu-22.04" # for Tauri v1 you could replace this with ubuntu-20.04.
            args: ""
          - platform: "ubuntu-22.04-arm"
            args: "--target aarch64-unknown-linux-gnu"
          - platform: "windows-latest"
            args: ""

    runs-on: ${{ matrix.platform }}
    steps:
      - uses: actions/checkout@v4
        with:
          token: ${{ secrets.GITHUB_TOKEN }}

      - name: setup pnpm
        uses: pnpm/action-setup@v4
        with:
          run_install: false

      - name: setup node
        uses: actions/setup-node@v4
        with:
          node-version: lts/*
          cache: pnpm


      - name: install Rust nightly
        uses: dtolnay/rust-toolchain@nightly
        with:
          # Those targets are only used on macos runners so it's in an `if` to slightly speed up windows and linux builds.
          targets: ${{ matrix.platform == 'macos-14' && 'aarch64-apple-darwin,x86_64-apple-darwin' || '' }}

      - name: Rust cache
        uses: swatinem/rust-cache@v2
        with:
          workspaces: './desktop/src-tauri -> target'

      - name: install dependencies (ubuntu only)
        if: matrix.platform == 'ubuntu-22.04' || matrix.platform == 'ubuntu-22.04-arm' # This must match the platform value defined above.
        run: |
          sudo apt-get update
          sudo apt-get install -y libwebkit2gtk-4.1-dev libappindicator3-dev librsvg2-dev patchelf xdg-utils
        # webkitgtk 4.0 is for Tauri v1 - webkitgtk 4.1 is for Tauri v2.

      - name: Import Apple Developer Certificate
        if: matrix.platform == 'macos-14'
        env:
          APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }}
          APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
          KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
        run: |
          echo $APPLE_CERTIFICATE | base64 --decode > certificate.p12
          security create-keychain -p "$KEYCHAIN_PASSWORD" build.keychain
          security default-keychain -s build.keychain
          security unlock-keychain -p "$KEYCHAIN_PASSWORD" build.keychain
          security set-keychain-settings -t 3600 -u build.keychain


          echo "Created keychain"

          curl https://droposs.org/drop.der --output drop.der

          # swiftc libs/appletrust/add-certificate.swift
          # ./add-certificate drop.der
          # rm add-certificate

          # echo "Added certificate to keychain using swift util"

          ## Script is equivalent to:
          sudo security authorizationdb write com.apple.trust-settings.admin allow
          sudo security add-trusted-cert -d -r trustRoot -k build.keychain -p codeSign -u -1 drop.der
          sudo security authorizationdb remove com.apple.trust-settings.admin

          security import certificate.p12 -k build.keychain -P "$APPLE_CERTIFICATE_PASSWORD" -T /usr/bin/codesign
          echo "Imported certificate"
          security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$KEYCHAIN_PASSWORD" build.keychain
          security find-identity -v -p codesigning build.keychain

      - name: Verify Certificate
        if: matrix.platform == 'macos-14'
        run: |
          CERT_INFO=$(security find-identity -v -p codesigning build.keychain | grep "Drop OSS")
          CERT_ID=$(echo "$CERT_INFO" | awk -F'"' '{print $2}')
          echo "CERT_ID=$CERT_ID" >> $GITHUB_ENV
          echo "Certificate imported. Using identity: $CERT_ID"

      - name: install frontend dependencies
        run: pnpm install # change this to npm, pnpm or bun depending on which one you use.

      - uses: tauri-apps/tauri-action@v0
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }}
          APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
          APPLE_SIGNING_IDENTITY: ${{ env.CERT_ID }}
          NO_STRIP: true
        with:
          tagName: ${{ inputs.print_tags || 'v__VERSION__' }} # the action automatically replaces \_\_VERSION\_\_ with the app version.
          releaseName: "Auto-release v__VERSION__"
          releaseBody: "See the assets to download this version and install. This release was created automatically."
          releaseDraft: false
          prerelease: true
          args: ${{ matrix.args }}
          projectPath: './desktop'