opencode-magic-context/.github/workflows/dashboard-release.yml at master · cortexkit/opencode-magic-context · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
name: Dashboard Release

on:
  push:
    tags:
      - "dashboard-v*"
  workflow_dispatch:

permissions:
  contents: write

env:
  FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true

jobs:
  build:
    name: Build Dashboard (${{ matrix.settings.label }})
    strategy:
      fail-fast: false
      matrix:
        settings:
          - host: macos-latest
            target: aarch64-apple-darwin
            label: macOS ARM64
          - host: macos-latest
            target: x86_64-apple-darwin
            label: macOS Intel
          - host: ubuntu-22.04
            target: x86_64-unknown-linux-gnu
            label: Linux x64
          - host: windows-latest
            target: x86_64-pc-windows-msvc
            label: Windows x64

    runs-on: ${{ matrix.settings.host }}
    steps:
      - uses: actions/checkout@v4

      - uses: oven-sh/setup-bun@v2
        with:
          bun-version: latest

      - name: Install Rust stable
        uses: dtolnay/rust-toolchain@stable
        with:
          targets: ${{ matrix.settings.target }}

      - name: Install Linux dependencies
        if: contains(matrix.settings.host, 'ubuntu')
        run: |
          sudo apt-get update
          sudo apt-get install -y libwebkit2gtk-4.1-dev libappindicator3-dev librsvg2-dev patchelf

      - name: Install dependencies
        run: bun install

      # macOS: import Apple certificate for code signing
      - name: Import Apple certificate
        if: contains(matrix.settings.host, 'macos')
        env:
          APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }}
          APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
        run: |
          CERTIFICATE_PATH=$RUNNER_TEMP/certificate.p12
          KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
          KEYCHAIN_PASSWORD=$(openssl rand -base64 32)

          echo -n "$APPLE_CERTIFICATE" | base64 --decode -o $CERTIFICATE_PATH

          security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
          security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
          security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
          security import $CERTIFICATE_PATH -P "$APPLE_CERTIFICATE_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
          security set-key-partition-list -S apple-tool:,apple: -k "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
          security list-keychain -d user -s $KEYCHAIN_PATH

          # Extract signing identity — MUST be "Developer ID Application", not "Apple Development"
          IDENTITY=$(security find-identity -v -p codesigning $KEYCHAIN_PATH | grep "Developer ID Application" | head -1 | sed 's/.*"\(.*\)".*/\1/')
          if [ -z "$IDENTITY" ]; then
            echo "::error::No 'Developer ID Application' certificate found in keychain. Check APPLE_CERTIFICATE secret."
            security find-identity -v -p codesigning $KEYCHAIN_PATH
            exit 1
          fi
          echo "Found signing identity: $IDENTITY"
          echo "APPLE_SIGNING_IDENTITY=$IDENTITY" >> $GITHUB_ENV

      # macOS: write App Store Connect API key for notarization
      - name: Write Apple API key
        if: contains(matrix.settings.host, 'macos')
        env:
          APPLE_API_KEY_CONTENT: ${{ secrets.APPLE_API_KEY_CONTENT }}
        run: |
          mkdir -p $RUNNER_TEMP
          echo "$APPLE_API_KEY_CONTENT" > $RUNNER_TEMP/apple-api-key.p8

      - name: Build and upload artifacts
        uses: tauri-apps/tauri-action@v0
        timeout-minutes: 60
        with:
          projectPath: packages/dashboard
          tauriScript: bunx tauri
          args: --target ${{ matrix.settings.target }}
          updaterJsonPreferNsis: true
          tagName: ${{ github.ref_name }}
          releaseName: "Dashboard ${{ github.ref_name }}"
          releaseDraft: true
          assetNamePattern: magic-context-dashboard-[platform]-[arch][ext]
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          TAURI_SIGNING_PRIVATE_KEY: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY }}
          TAURI_SIGNING_PRIVATE_KEY_PASSWORD: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY_PASSWORD }}
          # macOS code signing + notarization
          APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }}
          APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
          APPLE_SIGNING_IDENTITY: ${{ env.APPLE_SIGNING_IDENTITY }}
          APPLE_API_ISSUER: ${{ secrets.APPLE_API_ISSUER }}
          APPLE_API_KEY: ${{ secrets.APPLE_API_KEY }}
          APPLE_API_KEY_PATH: ${{ runner.temp }}/apple-api-key.p8