Merge pull request #55 from maidsafe/development #15
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: 'publish' | |
on: | |
push: | |
branches: | |
- release | |
jobs: | |
publish-tauri: | |
permissions: | |
contents: write | |
strategy: | |
fail-fast: false | |
matrix: | |
include: | |
- platform: 'macos-latest' | |
args: '--target aarch64-apple-darwin' | |
- platform: 'macos-latest' | |
args: '--target x86_64-apple-darwin' | |
- platform: 'ubuntu-22.04' | |
args: '' | |
- platform: 'windows-latest' | |
args: '' | |
runs-on: ${{ matrix.platform }} | |
steps: | |
- uses: actions/checkout@v4 | |
- name: setup node | |
uses: actions/setup-node@v4 | |
with: | |
node-version: lts/* | |
- name: install Rust stable | |
uses: dtolnay/rust-toolchain@stable | |
with: | |
targets: ${{ matrix.platform == 'macos-latest' && 'aarch64-apple-darwin,x86_64-apple-darwin' || '' }} | |
- name: install dependencies (ubuntu only) | |
if: matrix.platform == 'ubuntu-22.04' | |
run: | | |
sudo apt-get update | |
sudo apt-get install -y libwebkit2gtk-4.1-dev libappindicator3-dev librsvg2-dev patchelf | |
- name: install frontend dependencies | |
run: npm install | |
- uses: tauri-apps/tauri-action@v0 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
TAURI_SIGNING_PRIVATE_KEY: ${{ secrets.TAURI_PRIVATE_KEY }} | |
TAURI_SIGNING_PRIVATE_KEY_PASSWORD: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY_PASSWORD }} | |
with: | |
tagName: app-v__VERSION__ | |
releaseName: 'App v__VERSION__' | |
releaseBody: 'See the assets to download this version and install.' | |
releaseDraft: true | |
prerelease: false | |
args: ${{ matrix.args }} | |
- name: Process macOS build | |
if: matrix.platform == 'macos-latest' | |
run: | | |
echo "Processing macOS build..." | |
# Find the app bundle | |
APP_PATH=$(find ./src-tauri/target/*/release/bundle/macos -name "*.app" -type d) | |
echo "Found app at: $APP_PATH" | |
# Create entitlements file | |
cat > entitlements.plist << EOF | |
<?xml version="1.0" encoding="UTF-8"?> | |
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> | |
<plist version="1.0"> | |
<dict> | |
<key>com.apple.security.cs.allow-unsigned-executable-memory</key> | |
<true/> | |
<key>com.apple.security.cs.allow-jit</key> | |
<true/> | |
<key>com.apple.security.cs.disable-library-validation</key> | |
<true/> | |
<key>com.apple.security.inherit</key> | |
<true/> | |
</dict> | |
</plist> | |
EOF | |
# Sign with hardened runtime and entitlements | |
codesign --force --deep --options runtime \ | |
--entitlements entitlements.plist \ | |
--sign - \ | |
"$APP_PATH" | |
# Process DMG | |
DMG_PATH=$(find ./src-tauri/target/*/release/bundle/dmg -name "*.dmg" -type f) | |
if [ ! -z "$DMG_PATH" ]; then | |
echo "Found DMG at: $DMG_PATH" | |
codesign --force --sign - "$DMG_PATH" | |
fi | |
# Remove quarantine attributes | |
find ./src-tauri/target/*/release/bundle -name "*.app" -o -name "*.dmg" -exec xattr -rd com.apple.quarantine {} \; |