Dashboard Release #8

Workflow file for this run

.github/workflows/dashboard-release.yml at dabec87

	name: Dashboard Release

	on:
	push:
	tags:
	- "dashboard-v*"
	workflow_dispatch:

	permissions:
	contents: write

	env:
	FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true

	jobs:
	build:
	name: Build Dashboard (${{ matrix.settings.label }})
	strategy:
	fail-fast: false
	matrix:
	settings:
	- host: macos-latest
	target: aarch64-apple-darwin
	label: macOS ARM64
	- host: macos-latest
	target: x86_64-apple-darwin
	label: macOS Intel
	- host: ubuntu-22.04
	target: x86_64-unknown-linux-gnu
	label: Linux x64
	- host: windows-latest
	target: x86_64-pc-windows-msvc
	label: Windows x64

	runs-on: ${{ matrix.settings.host }}
	steps:
	- uses: actions/checkout@v4

	- uses: oven-sh/setup-bun@v2
	with:
	bun-version: latest

	- name: Install Rust stable
	uses: dtolnay/rust-toolchain@stable
	with:
	targets: ${{ matrix.settings.target }}

	- name: Install Linux dependencies
	if: contains(matrix.settings.host, 'ubuntu')
	run: \|
	sudo apt-get update
	sudo apt-get install -y libwebkit2gtk-4.1-dev libappindicator3-dev librsvg2-dev patchelf

	- name: Install dependencies
	run: bun install

	# macOS: import Apple certificate for code signing
	- name: Import Apple certificate
	if: contains(matrix.settings.host, 'macos')
	env:
	APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }}
	APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
	run: \|
	CERTIFICATE_PATH=$RUNNER_TEMP/certificate.p12
	KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
	KEYCHAIN_PASSWORD=$(openssl rand -base64 32)

	echo -n "$APPLE_CERTIFICATE" \| base64 --decode -o $CERTIFICATE_PATH

	security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
	security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
	security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
	security import $CERTIFICATE_PATH -P "$APPLE_CERTIFICATE_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
	security set-key-partition-list -S apple-tool:,apple: -k "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
	security list-keychain -d user -s $KEYCHAIN_PATH

	# Extract signing identity — MUST be "Developer ID Application", not "Apple Development"
	IDENTITY=$(security find-identity -v -p codesigning $KEYCHAIN_PATH \| grep "Developer ID Application" \| head -1 \| sed 's/."$.$".*/\1/')
	if [ -z "$IDENTITY" ]; then
	echo "::error::No 'Developer ID Application' certificate found in keychain. Check APPLE_CERTIFICATE secret."
	security find-identity -v -p codesigning $KEYCHAIN_PATH
	exit 1
	fi
	echo "Found signing identity: $IDENTITY"
	echo "APPLE_SIGNING_IDENTITY=$IDENTITY" >> $GITHUB_ENV

	# macOS: write App Store Connect API key for notarization
	- name: Write Apple API key
	if: contains(matrix.settings.host, 'macos')
	env:
	APPLE_API_KEY_CONTENT: ${{ secrets.APPLE_API_KEY_CONTENT }}
	run: \|
	mkdir -p $RUNNER_TEMP
	echo "$APPLE_API_KEY_CONTENT" > $RUNNER_TEMP/apple-api-key.p8

	- name: Build and upload artifacts
	uses: tauri-apps/tauri-action@v0
	timeout-minutes: 60
	with:
	projectPath: packages/dashboard
	tauriScript: bunx tauri
	args: --target ${{ matrix.settings.target }}
	updaterJsonPreferNsis: true
	tagName: ${{ github.ref_name }}
	releaseName: "Dashboard ${{ github.ref_name }}"
	releaseDraft: true
	assetNamePattern: magic-context-dashboard-[platform]-[arch][ext]
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	TAURI_SIGNING_PRIVATE_KEY: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY }}
	TAURI_SIGNING_PRIVATE_KEY_PASSWORD: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY_PASSWORD }}
	# macOS code signing + notarization
	APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }}
	APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
	APPLE_SIGNING_IDENTITY: ${{ env.APPLE_SIGNING_IDENTITY }}
	APPLE_API_ISSUER: ${{ secrets.APPLE_API_ISSUER }}
	APPLE_API_KEY: ${{ secrets.APPLE_API_KEY }}
	APPLE_API_KEY_PATH: ${{ runner.temp }}/apple-api-key.p8

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Dashboard Release #8

Workflow file

Dashboard Release #8

Uh oh!

Workflow file for this run