Create Release #117

Workflow file for this run

.github/workflows/release.yaml at d85b8c7

	name: "Create Release"

	on:
	# Allow manual
	workflow_dispatch:
	# push:

	jobs:
	create-release:
	permissions:
	contents: write
	runs-on: ubuntu-latest
	outputs:
	release_id: ${{ steps.create-release.outputs.result }}
	steps:
	- uses: actions/checkout@v4
	- name: setup node
	uses: actions/setup-node@v4
	with:
	node-version: 20
	- name: Get app version
	run: echo "PACKAGE_VERSION=$(node -p "require('./apps/desktop/src-tauri/tauri.conf.json').package.version")" >> $GITHUB_ENV
	- name: Create release or skip
	id: create-release
	uses: actions/github-script@v7
	with:
	script: \|
	const { script } = await import('${{ github.workspace }}/scripts/actions/create-release.js')
	return await script({ github, context });

	build-tauri:
	needs: create-release
	permissions:
	contents: write
	strategy:
	fail-fast: false
	matrix:
	platform: [macos-latest, ubuntu-latest, windows-latest]
	env:
	APP_DIR: "apps/desktop"
	runs-on: ${{ matrix.platform }}
	steps:
	- uses: actions/checkout@v4
	- name: Setup node
	uses: actions/setup-node@v4
	with:
	node-version: 20
	- name: install Rust stable
	uses: dtolnay/rust-toolchain@stable
	with:
	target: "x86_64-pc-windows-msvc,aarch64-apple-darwin,x86_64-apple-darwin,x86_64-unknown-linux-gnu"
	- name: install dependencies (ubuntu only)
	if: matrix.platform == 'ubuntu-latest'
	run: \|
	sudo apt-get update
	sudo apt-get install -y libgtk-3-dev libwebkit2gtk-4.0-dev libappindicator3-dev librsvg2-dev patchelf
	- uses: pnpm/action-setup@v2
	with:
	version: 8
	- name: install frontend dependencies
	run: pnpm install
	- uses: tauri-apps/tauri-action@v0
	env:
	APPLE_ID: "${{ secrets.APPLE_ID }}"
	APPLE_PASSWORD: "${{ secrets.APPLE_PASSWORD }}"
	APPLE_TEAM_ID: "${{ secrets.APPLE_TEAM_ID }}"
	APPLE_SIGNING_IDENTITY: "${{ secrets.APPLE_SIGNING_IDENTITY }}"
	APPLE_CERTIFICATE: "${{ secrets.APPLE_CERTIFICATE }}"
	APPLE_CERTIFICATE_PASSWORD: "${{ secrets.APPLE_CERTIFICATE_PASSWORD }}"
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	with:
	projectPath: "${{ env.APP_DIR }}"
	releaseId: ${{ needs.create-release.outputs.release_id }}

	sign-windows:
	runs-on: ubuntu-latest
	needs: [create-release, build-tauri]
	permissions:
	contents: write
	steps:
	- uses: actions/checkout@v4
	- name: setup node
	uses: actions/setup-node@v4
	with:
	node-version: 20
	- name: Download draft binaries
	uses: actions/github-script@v7
	with:
	script: \|
	const { script } = await import('${{ github.workspace }}/scripts/actions/download-draft-bins.js')
	const id = "${{ needs.create-release.outputs.release_id }}";
	await script({ github, context }, id);
	env:
	# TODO: is this even needed or does it auto inject?
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	- name: Presign
	run: \|
	ls -hal binaries
	sha1sum binaries/*
	- name: Sign Windows Binaries
	run: \|
	docker run -v "./binaries:/code/binaries" ghcr.io/sslcom/codesigner:latest batch_sign \
	-username=${ES_USERNAME} \
	-password=${ES_PASSWORD} \
	-credential_id=${ES_CREDENTIAL_ID} \
	-totp_secret=${ES_TOTP_SECRET} \
	-input_dir_path="/code/binaries" \
	-output_dir_path="/code/binaries/signed"
	env:
	ES_USERNAME: "${{ secrets.ES_USERNAME }}"
	ES_PASSWORD: "${{ secrets.ES_PASSWORD }}"
	ES_CREDENTIAL_ID: "${{ secrets.ES_CREDENTIAL_ID }}"
	ES_TOTP_SECRET: "${{ secrets.ES_TOTP_SECRET }}"
	- name: Postsign
	run: \|
	ls -hal binaries/signed
	sha1sum binaries/signed/*
	- name: Sign & upload windows binaries
	uses: actions/github-script@v7
	with:
	script: \|
	const { script } = await import('${{ github.workspace }}/scripts/actions/sign.js')
	await script({ github, context });

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Create Release #117

Workflow file

Create Release #117

Jobs

Run details

Workflow file for this run