diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 820e40975..02f122288 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -664,23 +664,26 @@ jobs: exit 1 fi - # Rename with _alpha-unsigned marker + # Tauri 2.x with createUpdaterArtifacts: true signs the NSIS + # installer in place (-setup.exe + -setup.exe.sig). + SIG="${EXE}.sig" + if [[ ! -f "$SIG" ]]; then + echo "::error::NSIS installer signature not found: $SIG" + exit 1 + fi + + # Rename with _alpha-unsigned marker, keeping the detached signature + # in lockstep so latest.json matches the uploaded updater artifact. EXE_DIR=$(dirname "$EXE") EXE_BASE=$(basename "$EXE" .exe) MARKED_EXE="${EXE_DIR}/${EXE_BASE}_alpha-unsigned.exe" + MARKED_SIG="${MARKED_EXE}.sig" mv "$EXE" "$MARKED_EXE" + mv "$SIG" "$MARKED_SIG" echo "exe=$MARKED_EXE" >> "$GITHUB_OUTPUT" - - # Find the updater .nsis.zip and .sig - ARCHIVE=$(find "$BUNDLE_DIR/nsis" -name '*.nsis.zip' ! -name '*.sig' -type f | head -1) - SIG="${ARCHIVE}.sig" - if [[ -z "$ARCHIVE" || ! -f "$SIG" ]]; then - echo "::error::NSIS updater archive or signature not found in $BUNDLE_DIR/nsis" - exit 1 - fi - echo "archive=$ARCHIVE" >> "$GITHUB_OUTPUT" - echo "archive_name=$(basename "$ARCHIVE")" >> "$GITHUB_OUTPUT" - echo "sig=$SIG" >> "$GITHUB_OUTPUT" + echo "archive=$MARKED_EXE" >> "$GITHUB_OUTPUT" + echo "archive_name=$(basename "$MARKED_EXE")" >> "$GITHUB_OUTPUT" + echo "sig=$MARKED_SIG" >> "$GITHUB_OUTPUT" - name: Read updater signature id: read-sig