Release #352
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| sign-windows: | |
| description: 'Sign Windows binaries via remote YubiKey' | |
| type: boolean | |
| default: false | |
| sign-macos: | |
| description: 'Sign and notarize macOS binaries with Apple Developer ID' | |
| type: boolean | |
| default: false | |
| jobs: | |
| publish-tauri: | |
| timeout-minutes: 120 | |
| permissions: | |
| contents: write | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - platform: "macos-latest" | |
| args: "--target aarch64-apple-darwin" | |
| target_triple: "aarch64-apple-darwin" | |
| - platform: "macos-latest" | |
| args: "--target x86_64-apple-darwin" | |
| target_triple: "x86_64-apple-darwin" | |
| - platform: "ubuntu-22.04" | |
| args: "--target x86_64-unknown-linux-gnu" | |
| target_triple: "x86_64-unknown-linux-gnu" | |
| - platform: "ubuntu-22.04-arm" | |
| args: "--target aarch64-unknown-linux-gnu" | |
| target_triple: "aarch64-unknown-linux-gnu" | |
| - platform: "windows-latest" | |
| args: "--target x86_64-pc-windows-msvc" | |
| target_triple: "x86_64-pc-windows-msvc" | |
| runs-on: ${{ matrix.platform }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: setup pnpm | |
| uses: pnpm/action-setup@v4 | |
| with: | |
| package_json_file: desktop/package.json | |
| - name: setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: 22 | |
| cache: pnpm | |
| cache-dependency-path: desktop/pnpm-lock.yaml | |
| - name: setup uv | |
| uses: astral-sh/setup-uv@v5 | |
| - name: Rust cache | |
| uses: swatinem/rust-cache@v2 | |
| - name: Install Rust stable | |
| uses: dtolnay/rust-toolchain@stable | |
| with: | |
| # Those targets are only used on macos runners so it's in an `if` to slightly speed up windows and linux builds. | |
| targets: ${{ matrix.platform == 'macos-latest' && 'aarch64-apple-darwin,x86_64-apple-darwin' || '' }} | |
| - name: Install frontend dependencies | |
| run: pnpm install | |
| working-directory: ./desktop | |
| - name: Run pre_build.py on ${{ matrix.platform }} | |
| run: uv run scripts/pre_build.py --target ${{ matrix.target_triple }} | |
| - name: Build | |
| uses: tauri-apps/tauri-action@v0 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GH_TOKEN }} | |
| # Tauri Updater | |
| TAURI_SIGNING_PRIVATE_KEY: ${{ secrets.TAURI_PRIVATE_KEY }} | |
| TAURI_SIGNING_PRIVATE_KEY_PASSWORD: ${{ secrets.TAURI_KEY_PASSWORD }} | |
| # Analytics (Aptabase) | |
| APTABASE_APP_KEY: ${{ secrets.APTABASE_APP_KEY }} | |
| APTABASE_BASE_URL: ${{ secrets.APTABASE_BASE_URL }} | |
| # Windows signing (remote YubiKey sign server) | |
| SIGN_ENABLED: ${{ matrix.platform == 'windows-latest' && inputs.sign-windows && 'true' || 'false' }} | |
| SIGN_TUNNEL_URL: ${{ secrets.SIGN_TUNNEL_URL }} | |
| SIGN_TUNNEL_SECRET: ${{ secrets.SIGN_TUNNEL_SECRET }} | |
| # macOS signing and notarization (Apple Developer ID) | |
| APPLE_CERTIFICATE: ${{ matrix.platform == 'macos-latest' && inputs.sign-macos && secrets.APPLE_CERTIFICATE || '' }} | |
| APPLE_CERTIFICATE_PASSWORD: ${{ matrix.platform == 'macos-latest' && inputs.sign-macos && secrets.APPLE_CERTIFICATE_PASSWORD || '' }} | |
| APPLE_SIGNING_IDENTITY: ${{ matrix.platform == 'macos-latest' && inputs.sign-macos && secrets.APPLE_SIGNING_IDENTITY || '' }} | |
| APPLE_ID: ${{ matrix.platform == 'macos-latest' && inputs.sign-macos && secrets.APPLE_ID || '' }} | |
| APPLE_PASSWORD: ${{ matrix.platform == 'macos-latest' && inputs.sign-macos && secrets.APPLE_PASSWORD || '' }} | |
| APPLE_TEAM_ID: ${{ matrix.platform == 'macos-latest' && inputs.sign-macos && secrets.APPLE_TEAM_ID || '' }} | |
| with: | |
| tagName: v__VERSION__ # the action automatically replaces __VERSION__ with the app version. | |
| releaseName: "v__VERSION__" | |
| releaseBody: "What's new? 🎉📣" | |
| prerelease: true | |
| args: ${{ matrix.args }} | |
| projectPath: "./desktop" | |
| tauriScript: pnpm exec tauri | |
| test-release: | |
| runs-on: ubuntu-latest | |
| needs: publish-tauri | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Trigger test-release | |
| run: gh workflow run test-release.yml | |
| env: | |
| GH_TOKEN: ${{ secrets.GH_TOKEN }} |