Release CI #27
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release CI | |
| on: workflow_dispatch | |
| permissions: write-all | |
| jobs: | |
| release-update: | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - os: windows-latest | |
| target: x86_64-pc-windows-msvc | |
| - os: windows-latest | |
| target: i686-pc-windows-msvc | |
| - os: windows-latest | |
| target: aarch64-pc-windows-msvc | |
| - os: ubuntu-latest | |
| target: x86_64-unknown-linux-gnu | |
| - os: ubuntu-latest | |
| target: i686-unknown-linux-gnu | |
| - os: ubuntu-latest | |
| target: aarch64-unknown-linux-gnu | |
| - os: ubuntu-latest | |
| target: armv7-unknown-linux-gnueabihf | |
| - os: macos-latest | |
| target: aarch64-apple-darwin | |
| - os: macos-latest | |
| target: x86_64-apple-darwin | |
| runs-on: ${{ matrix.os }} | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Install Rust | |
| if: matrix.os != 'ubuntu-latest' | |
| uses: dtolnay/[email protected] | |
| - name: Add Rust Target | |
| if: matrix.os != 'ubuntu-latest' | |
| run: rustup target add ${{ matrix.target }} | |
| - name: Build | |
| if: matrix.os != 'ubuntu-latest' | |
| run: cargo build --release --target ${{ matrix.target }} | |
| - name: Build | |
| if: matrix.os == 'ubuntu-latest' | |
| uses: ./.github/build-for-linux | |
| with: | |
| target: ${{ matrix.target }} | |
| - name: Update Tag | |
| uses: richardsimko/update-tag@v1 | |
| with: | |
| tag_name: ${{ matrix.target }} | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: CodeSign | |
| if: matrix.os == 'macos-latest' | |
| run: | | |
| # 设置证书 | |
| echo "${{ secrets.APPLE_CERTIFICATE }}" | base64 --decode > cert.p12 | |
| security create-keychain -p github-actions github-actions.keychain | |
| security default-keychain -s github-actions.keychain | |
| security unlock-keychain -p github-actions github-actions.keychain | |
| security import cert.p12 -k github-actions.keychain -P "${{ secrets.APPLE_CERTIFICATE_PASSWORD }}" -T /usr/bin/codesign | |
| security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k github-actions github-actions.keychain | |
| # 对服务程序进行签名 | |
| codesign --force \ | |
| -s "${{ secrets.APPLE_SIGNING_IDENTITY }}" \ | |
| --keychain github-actions.keychain \ | |
| --options runtime \ | |
| --timestamp \ | |
| --identifier "io.github.clash-verge-rev.clash-verge-rev.service" \ | |
| target/${{ matrix.target }}/release/clash-verge-service | |
| # 对安装程序进行签名 | |
| codesign --force \ | |
| -s "${{ secrets.APPLE_SIGNING_IDENTITY }}" \ | |
| --keychain github-actions.keychain \ | |
| --options runtime \ | |
| --timestamp \ | |
| --identifier "io.github.clash-verge-rev.clash-verge-rev.service.install" \ | |
| target/${{ matrix.target }}/release/install-service | |
| # 对卸载程序进行签名 | |
| codesign --force \ | |
| -s "${{ secrets.APPLE_SIGNING_IDENTITY }}" \ | |
| --keychain github-actions.keychain \ | |
| --options runtime \ | |
| --timestamp \ | |
| --identifier "io.github.clash-verge-rev.clash-verge-rev.service.uninstall" \ | |
| target/${{ matrix.target }}/release/uninstall-service | |
| # 验证签名 | |
| codesign -dvv target/${{ matrix.target }}/release/clash-verge-service | |
| codesign -d --entitlements :- target/${{ matrix.target }}/release/clash-verge-service | |
| - name: Release | |
| if: matrix.os == 'windows-latest' | |
| uses: softprops/action-gh-release@v2 | |
| with: | |
| name: ${{ matrix.target }} | |
| tag_name: ${{ matrix.target }} | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| files: | | |
| target/${{ matrix.target }}/release/clash-verge-service.exe | |
| target/${{ matrix.target }}/release/install-service.exe | |
| target/${{ matrix.target }}/release/uninstall-service.exe | |
| - name: Release | |
| if: matrix.os != 'windows-latest' | |
| uses: softprops/action-gh-release@v2 | |
| with: | |
| name: ${{ matrix.target }} | |
| tag_name: ${{ matrix.target }} | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| files: | | |
| target/${{ matrix.target }}/release/clash-verge-service | |
| target/${{ matrix.target }}/release/install-service | |
| target/${{ matrix.target }}/release/uninstall-service |