-
-
Notifications
You must be signed in to change notification settings - Fork 12
418 lines (387 loc) · 17.2 KB
/
tauri-build-prod.yml
File metadata and controls
418 lines (387 loc) · 17.2 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
name: 'generate production draft GitHub release'
on:
push:
branches: [ prod ]
jobs:
create-release:
permissions:
contents: write
runs-on: ubuntu-22.04
outputs:
release_id: ${{ steps.create-release.outputs.result }}
steps:
- uses: actions/checkout@v4
- name: setup node
uses: actions/setup-node@v4
with:
node-version: 20
- name: get version
run: |
echo "PACKAGE_VERSION=$(node -p "require('./package.json').version")" >> $GITHUB_ENV
echo "GIT_TAG_NAME=prod-app-v$(node -p "require('./package.json').version")" >> $GITHUB_ENV
- name: create release
id: create-release
uses: actions/github-script@v7
with:
script: |
const { data } = await github.rest.repos.createRelease({
owner: context.repo.owner,
repo: context.repo.repo,
tag_name: `${process.env.GIT_TAG_NAME}`,
target_commitish: 'prod',
name: `Phoenix Code Stable Release v${process.env.PACKAGE_VERSION}`,
body: `**Phoenix Code Release Notes**\n\nPlease include detailed release notes here, highlighting new features, bug fixes, and improvements. Ensure to make these notes informative and clear for end-users.\n\n**For Maintainers:**\nTo distribute these release notes through the desktop application:\n1. Wait for a pull request with the updated release notes.\n3. Once the pull request is merged, merge to the update-notifications branch and the release notes will be automatically shown in the desktop builds.`,
draft: true,
prerelease: false
})
return data.id
build-mac-m1-node-modules:
permissions:
contents: write
timeout-minutes: 15
runs-on: macos-15
steps:
- uses: actions/checkout@v4
- name: macos hardware info
run: system_profiler SPSoftwareDataType SPHardwareDataType
- name: setup node
uses: actions/setup-node@v4
with:
node-version: 20
- name: install frontend dependencies
env:
GH_TOKEN: ${{ github.token }}
PRO_REPO_URL: ${{ secrets.PRO_REPO_URL }}
PRO_REPO_ACCESS_TOKEN: ${{ secrets.PRO_REPO_ACCESS_TOKEN }}
run: |
npm ci
npm run _ci-cloneAndBuildPhoenix
npm run _ci_make_src-node
cd src-tauri
mv src-node src-node-darwin-arm64
tar -czvf src-node-darwin-arm64.tar.gz src-node-darwin-arm64
mv src-node-darwin-arm64 src-node
cd ..
- name: Upload src-node.tar.gz with installed mac bins
uses: actions/upload-artifact@v4
with:
name: src-node-darwin-arm64.tar.gz
path: src-tauri/src-node-darwin-arm64.tar.gz
build-tauri:
needs: [create-release, build-mac-m1-node-modules]
permissions:
contents: write
timeout-minutes: 60
strategy:
fail-fast: false
matrix:
platform: [ macos-15-intel, windows-latest ]
runs-on: ${{ matrix.platform }}
steps:
- uses: actions/checkout@v4
- name: get Git Tag
shell: bash
run: echo "GIT_TAG_NAME=prod-app-v$(node -p "require('./package.json').version")" >> $GITHUB_ENV
- name: setup node
uses: actions/setup-node@v4
with:
node-version: 20
- name: Download src-node built on mac arm (Mac only)
if: matrix.platform == 'macos-15-intel'
uses: actions/download-artifact@v4
with:
name: src-node-darwin-arm64.tar.gz
path: /tmp/src-node-darwin-arm64.tar.gz
- name: install Rust stable
uses: dtolnay/rust-toolchain@stable
with:
toolchain: 1.85.1
- name: install frontend dependencies
env:
GH_TOKEN: ${{ github.token }}
PRO_REPO_URL: ${{ secrets.PRO_REPO_URL }}
PRO_REPO_ACCESS_TOKEN: ${{ secrets.PRO_REPO_ACCESS_TOKEN }}
run: |
npm ci
npm run _ci-release:prod
- name: setup src-node built on mac arm (Mac only)
if: matrix.platform == 'macos-15-intel'
run: |
ls /tmp/src-node-darwin-arm64.tar.gz
rm -rf src-node
tar -xzvf /tmp/src-node-darwin-arm64.tar.gz/src-node-darwin-arm64.tar.gz
ls src-node-darwin-arm64
mv src-node-darwin-arm64 src-node
- name: install AzureSignTool (windows only)
if: matrix.platform == 'windows-latest'
run: |
dotnet tool install --global AzureSignTool
- name: import certificate for signing (windows only)
if: matrix.platform == 'windows-latest'
run: |
echo "${{ secrets.AZURE_EV_CERT }}" > secret.cer
Import-Certificate -FilePath .\secret.cer -CertStoreLocation Cert:\LocalMachine\My
shell: powershell
- name: patch signTool (windows only)
if: matrix.platform == 'windows-latest'
run: Start-Process -FilePath .\src-build\win\copy_sign_tool.exe -Verb RunAs
shell: powershell
- name: setup env for signing (windows only)
if: matrix.platform == 'windows-latest'
env:
TAURI_PRIVATE_KEY: ${{ secrets.TAURI_PRIVATE_KEY }}
TAURI_KEY_PASSWORD: ${{ secrets.TAURI_KEY_PASSWORD }}
AZURE_KEY_VAULT_URI: ${{ secrets.AZURE_KEY_VAULT_URI }}
AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }}
AZURE_CERT_NAME: ${{ secrets.AZURE_CERT_NAME }}
AZURE_COMPANY_NAME: ${{ secrets.AZURE_COMPANY_NAME }}
run: |
$jsonContent = @{
"AZURE_KEY_VAULT_URI" = $env:AZURE_KEY_VAULT_URI
"AZURE_CLIENT_ID" = $env:AZURE_CLIENT_ID
"AZURE_TENANT_ID" = $env:AZURE_TENANT_ID
"AZURE_CLIENT_SECRET" = $env:AZURE_CLIENT_SECRET
"AZURE_CERT_NAME" = $env:AZURE_CERT_NAME
"AZURE_COMPANY_NAME" = $env:AZURE_COMPANY_NAME
}
$jsonContent | ConvertTo-Json | Out-File -FilePath ./secrets.json -Encoding utf8
# Load content from the file
$content = Get-Content -Path "./secrets.json" -Raw
# Replace \r\n with \n
$content = $content -replace "`r`n", "`n"
# Write the content back to the file
Set-Content -Path "./secrets.json" -Value $content
shell: powershell
- name: Sign embedded executables for (Mac Only)
if: matrix.platform == 'macos-15-intel'
env :
APPLE_KEY_IDENTITY_NAME: ${{ secrets.APPLE_KEY_IDENTITY_NAME }}
APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }}
APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
run: |
echo "Listing all files in src-tauri/src-node"
echo "======================================="
find src-tauri/src-node -type f
echo "======================================="
echo "Listing all files in src-node/"
echo "======================================="
find src-node/ -type f
certificate_encoded="$APPLE_CERTIFICATE"
certificate_password="$APPLE_CERTIFICATE_PASSWORD"
echo "Setting up keychain from environment variables..."
# Creating a temporary directory
tmp_dir=$(mktemp -d)
cert_path="$tmp_dir/cert.p12"
# Decode the encoded certificate and write it to the cert_path
echo "$certificate_encoded" | base64 --decode > "$cert_path"
# Generate a random password for the keychain
KEYCHAIN_PASSWORD=$(openssl rand -base64 16)
# Create a new keychain with the random password
security create-keychain -p "$KEYCHAIN_PASSWORD" build.keychain
security default-keychain -s build.keychain
security unlock-keychain -p "$KEYCHAIN_PASSWORD" build.keychain
security import "$cert_path" -k build.keychain -P "$certificate_password" -T /usr/bin/codesign
security set-key-partition-list -S apple-tool:,apple: -s -k "$KEYCHAIN_PASSWORD" build.keychain
# Sign the files specified in src-build/mac/filesToSign
while IFS= read -r file; do
if [ -f "$file" ]; then
codesign --sign "$APPLE_KEY_IDENTITY_NAME" --keychain build.keychain --timestamp --options runtime "$file"
else
echo "File to sign not found, ignoring: $file"
fi
done < src-build/mac/filesToSign
# Clean up
security delete-keychain build.keychain
rm -rf "$tmp_dir" # removes the temporary directory and the certificate file within it
shell: bash
- name: Run Tauri Action (Attempt 1)
id: tauri_attempt_1
continue-on-error: true
uses: tauri-apps/tauri-action@v0
env:
GITHUB_TOKEN: ${{ github.token }}
TAURI_PRIVATE_KEY: ${{ secrets.TAURI_PRIVATE_KEY }}
TAURI_KEY_PASSWORD: ${{ secrets.TAURI_KEY_PASSWORD }}
ENABLE_CODE_SIGNING: ${{ secrets.APPLE_CERTIFICATE }}
APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }}
APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
APPLE_SIGNING_IDENTITY: ${{ secrets.APPLE_SIGNING_IDENTITY }}
APPLE_ID: ${{ secrets.APPLE_ID }}
APPLE_PASSWORD: ${{ secrets.APPLE_PASSWORD }}
APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
PRO_REPO_URL: ${{ secrets.PRO_REPO_URL }}
PRO_REPO_ACCESS_TOKEN: ${{ secrets.PRO_REPO_ACCESS_TOKEN }}
with:
releaseId: ${{ needs.create-release.outputs.release_id }}
updaterJsonPreferNsis: true
tagName: ${{ env.GIT_TAG_NAME }}
- name: Run Tauri Action (Attempt 2)
id: tauri_attempt_2
if: steps.tauri_attempt_1.outcome == 'failure'
continue-on-error: true
uses: tauri-apps/tauri-action@v0
env:
GITHUB_TOKEN: ${{ github.token }}
TAURI_PRIVATE_KEY: ${{ secrets.TAURI_PRIVATE_KEY }}
TAURI_KEY_PASSWORD: ${{ secrets.TAURI_KEY_PASSWORD }}
ENABLE_CODE_SIGNING: ${{ secrets.APPLE_CERTIFICATE }}
APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }}
APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
APPLE_SIGNING_IDENTITY: ${{ secrets.APPLE_SIGNING_IDENTITY }}
APPLE_ID: ${{ secrets.APPLE_ID }}
APPLE_PASSWORD: ${{ secrets.APPLE_PASSWORD }}
APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
PRO_REPO_URL: ${{ secrets.PRO_REPO_URL }}
PRO_REPO_ACCESS_TOKEN: ${{ secrets.PRO_REPO_ACCESS_TOKEN }}
with:
releaseId: ${{ needs.create-release.outputs.release_id }}
updaterJsonPreferNsis: true
tagName: ${{ env.GIT_TAG_NAME }}
- name: Run Tauri Action (Attempt 3 - Final)
id: tauri_attempt_3
if: steps.tauri_attempt_2.outcome == 'failure'
uses: tauri-apps/tauri-action@v0
env:
GITHUB_TOKEN: ${{ github.token }}
TAURI_PRIVATE_KEY: ${{ secrets.TAURI_PRIVATE_KEY }}
TAURI_KEY_PASSWORD: ${{ secrets.TAURI_KEY_PASSWORD }}
ENABLE_CODE_SIGNING: ${{ secrets.APPLE_CERTIFICATE }}
APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }}
APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
APPLE_SIGNING_IDENTITY: ${{ secrets.APPLE_SIGNING_IDENTITY }}
APPLE_ID: ${{ secrets.APPLE_ID }}
APPLE_PASSWORD: ${{ secrets.APPLE_PASSWORD }}
APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
PRO_REPO_URL: ${{ secrets.PRO_REPO_URL }}
PRO_REPO_ACCESS_TOKEN: ${{ secrets.PRO_REPO_ACCESS_TOKEN }}
with:
releaseId: ${{ needs.create-release.outputs.release_id }}
updaterJsonPreferNsis: true
tagName: ${{ env.GIT_TAG_NAME }}
- name: inject src-node built on mac arm (Mac only)
if: matrix.platform == 'macos-15-intel'
run: |
ls src-node
rm -rf src-tauri/src-node
mv src-node src-tauri/src-node
ls src-tauri/src-node
- name: setup env for mac arm (Mac only)
env:
GH_TOKEN: ${{ github.token }}
if: matrix.platform == 'macos-15-intel'
run: |
rustup target add aarch64-apple-darwin
npm run installNodeArmDarwin
- name: build for mac arm (Mac only)
if: matrix.platform == 'macos-15-intel'
uses: tauri-apps/tauri-action@v0
env:
GITHUB_TOKEN: ${{ github.token }}
TAURI_PRIVATE_KEY: ${{ secrets.TAURI_PRIVATE_KEY }}
TAURI_KEY_PASSWORD: ${{ secrets.TAURI_KEY_PASSWORD }}
ENABLE_CODE_SIGNING: ${{ secrets.APPLE_CERTIFICATE }}
APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }}
APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
APPLE_SIGNING_IDENTITY: ${{ secrets.APPLE_SIGNING_IDENTITY }}
APPLE_ID: ${{ secrets.APPLE_ID }}
APPLE_PASSWORD: ${{ secrets.APPLE_PASSWORD }}
APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
PRO_REPO_URL: ${{ secrets.PRO_REPO_URL }}
PRO_REPO_ACCESS_TOKEN: ${{ secrets.PRO_REPO_ACCESS_TOKEN }}
with:
releaseId: ${{ needs.create-release.outputs.release_id }}
args: --target aarch64-apple-darwin
tagName: ${{ env.GIT_TAG_NAME }}
build-linux-bins:
needs: [ create-release ]
permissions:
contents: write
timeout-minutes: 60
strategy:
fail-fast: false
matrix:
platform: [ ubuntu-20.04, ubuntu-22.04]
runs-on: ${{ matrix.platform }}
steps:
- uses: actions/checkout@v4
- name: get Git Tag
run: echo "GIT_TAG_NAME=prod-app-v$(node -p "require('./package.json').version")" >> $GITHUB_ENV
- name: setup node
uses: actions/setup-node@v4
with:
node-version: 20
- name: GLIBC version
run: |
ldd --version
- name: install Rust stable
uses: dtolnay/rust-toolchain@stable
with:
toolchain: 1.85.1
- name: install dependencies (ubuntu only)
run: |
sudo apt-get update
sudo apt-get install -y libgtk-3-dev libwebkit2gtk-4.0-dev libayatana-appindicator3-dev librsvg2-dev
sudo apt-get install -y libwebrtc-audio-processing-dev
sudo apt-get install -y libunwind-dev
sudo apt-get install -y libgstreamer1.0-dev libgstreamer-plugins-base1.0-dev libgstreamer-plugins-bad1.0-dev gstreamer1.0-plugins-base gstreamer1.0-plugins-good gstreamer1.0-plugins-bad gstreamer1.0-plugins-ugly gstreamer1.0-libav gstreamer1.0-tools gstreamer1.0-x gstreamer1.0-alsa gstreamer1.0-gl gstreamer1.0-gtk3 gstreamer1.0-qt5 gstreamer1.0-pulseaudio
- name: install frontend dependencies
env:
GH_TOKEN: ${{ github.token }}
PRO_REPO_URL: ${{ secrets.PRO_REPO_URL }}
PRO_REPO_ACCESS_TOKEN: ${{ secrets.PRO_REPO_ACCESS_TOKEN }}
run: |
npm ci
npm run _ci-release:prod
npm run _ci-disableBundleConfig
npm run tauri build
ls -alh ./src-tauri/target/release
mkdir ./src-tauri/target/release/binDist
cp ./src-tauri/target/release/phoenix-code ./src-tauri/target/release/binDist
cp ./src-build/linux/install-readme.txt ./src-tauri/target/release/binDist/readme.txt
cp ./src-tauri/target/release/phnode ./src-tauri/target/release/binDist
cp -r ./src-tauri/target/release/src-node ./src-tauri/target/release/binDist
ls -alh ./src-tauri/target/release/binDist
mv ./src-tauri/target/release/phoenix-code ./src-tauri/target/release/phoenix-code-backup
mv ./src-tauri/target/release/binDist ./src-tauri/target/release/phoenix-code
tar -cvzf phoenix-code.tar.gz -C ./src-tauri/target/release phoenix-code
ls -alh phoenix-code.tar.gz
GLIBC_VER=$(ldd --version | head -n1 | awk '{print $NF}')
OUTPUT_FILENAME="phoenix-code_$(node -p "require('./package.json').version")_amd64_linux_bin-GLIBC-${GLIBC_VER}.tar.gz"
mv phoenix-code.tar.gz "$OUTPUT_FILENAME"
echo "OUTPUT_FILENAME=$OUTPUT_FILENAME" >> $GITHUB_ENV
ls
- name: Upload Release Asset
uses: softprops/action-gh-release@v2
with:
files: ${{ env.OUTPUT_FILENAME }}
tag_name: ${{ env.GIT_TAG_NAME }}
draft: true
env:
GITHUB_TOKEN: ${{ github.token }}
publish-release:
permissions:
contents: write
runs-on: ubuntu-22.04
needs: [ create-release, build-tauri, build-linux-bins ]
steps:
- uses: actions/checkout@v4
- name: get Git Tag
run: echo "GIT_TAG_NAME=prod-app-v$(node -p "require('./package.json').version")" >> $GITHUB_ENV
- name: publish release
id: publish-release
uses: actions/github-script@v7
env:
release_id: ${{ needs.create-release.outputs.release_id }}
with:
script: |
github.rest.repos.updateRelease({
owner: context.repo.owner,
repo: context.repo.repo,
tag_name: `${process.env.GIT_TAG_NAME}`,
target_commitish: 'prod',
release_id: process.env.release_id,
draft: true,
prerelease: false
})