This repository has been archived by the owner on Nov 26, 2024. It is now read-only.
Merge branch 'develop' #445
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "publish" | |
| on: | |
| push: | |
| branches: | |
| - main | |
| jobs: | |
| publish-tauri: | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| # platform: [ubuntu-22.04] | |
| platform: [windows-2019, macos-11, ubuntu-22.04] | |
| env: | |
| MACOSX_DEPLOYMENT_TARGET: 10.13 | |
| runs-on: ${{ matrix.platform }} | |
| steps: | |
| - uses: actions/checkout@v2 | |
| - name: setup node | |
| uses: actions/setup-node@v1 | |
| with: | |
| node-version: 16 | |
| - name: install Rust stable | |
| uses: actions-rs/toolchain@v1 | |
| with: | |
| override: true | |
| toolchain: stable | |
| - name: install Go stable | |
| uses: actions/setup-go@v4 | |
| with: | |
| go-version: "stable" | |
| - name: install app dependencies and info | |
| run: npm install && npm run tauri info | |
| - name: build libs | |
| run: npm run build -w @holochain/launcher-api-scripts | |
| - name: setup binaries (Windows only) | |
| if: matrix.platform == 'windows-2019' | |
| run: | | |
| mkdir src-tauri/bins | |
| cargo install --version 0.4.2 lair_keystore | |
| $LkPath = Get-Command lair-keystore | Select-Object -ExpandProperty Definition | |
| Copy-Item $LkPath -Destination src-tauri/bins/lair-keystore-v0.4.2-x86_64-pc-windows-msvc.exe | |
| cargo install holochain --version 0.2.6 --locked --features sqlite-encrypted | |
| $HcPath = Get-Command holochain | Select-Object -ExpandProperty Definition | |
| Copy-Item $HcPath -Destination src-tauri/bins/holochain-v0.2.6-x86_64-pc-windows-msvc.exe | |
| # NEW_VERSION: install new holochain version and copy its binary to the tauri path | |
| - name: setup binaries (macos only) | |
| if: matrix.platform == 'macos-11' | |
| run: | | |
| mkdir src-tauri/bins | |
| cargo install --version 0.4.2 lair_keystore | |
| LAIR_PATH=$(which lair-keystore) | |
| cp $LAIR_PATH src-tauri/bins/lair-keystore-v0.4.2-x86_64-apple-darwin | |
| cargo install holochain --version 0.2.6 --locked --features sqlite-encrypted | |
| HOLOCHAIN_PATH=$(which holochain) | |
| cp $HOLOCHAIN_PATH src-tauri/bins/holochain-v0.2.6-x86_64-apple-darwin | |
| # NEW_VERSION: install new holochain version and copy its binary to the tauri path | |
| - name: install dependencies (ubuntu only) | |
| if: matrix.platform == 'ubuntu-22.04' | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install libwebkit2gtk-4.0-dev \ | |
| build-essential \ | |
| curl \ | |
| wget \ | |
| file \ | |
| libssl-dev \ | |
| libgtk-3-dev \ | |
| libayatana-appindicator3-dev \ | |
| librsvg2-dev | |
| - name: setup binaries (ubuntu only) | |
| if: matrix.platform == 'ubuntu-22.04' | |
| run: | | |
| mkdir src-tauri/bins | |
| cargo install --version 0.4.2 lair_keystore | |
| LAIR_PATH=$(which lair-keystore) | |
| cp $LAIR_PATH src-tauri/bins/lair-keystore-v0.4.2-x86_64-unknown-linux-gnu | |
| cargo install holochain --version 0.2.6 --locked --features sqlite-encrypted | |
| HOLOCHAIN_PATH=$(which holochain) | |
| cp $HOLOCHAIN_PATH src-tauri/bins/holochain-v0.2.6-x86_64-unknown-linux-gnu | |
| # NEW_VERSION: install new holochain version and copy its binary to the tauri path | |
| - name: build the app (macOS and Linux only) | |
| if: matrix.platform == 'ubuntu-22.04' || matrix.platform == 'macos-11' | |
| uses: tauri-apps/tauri-action@dev | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| ENABLE_CODE_SIGNING: ${{ secrets.APPLE_CERTIFICATE }} | |
| APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }} | |
| APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }} | |
| APPLE_SIGNING_IDENTITY: ${{ secrets.APPLE_SIGNING_IDENTITY }} | |
| APPLE_ID: ${{ secrets.APPLE_ID }} | |
| APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} | |
| APPLE_PASSWORD: ${{ secrets.APPLE_PASSWORD }} | |
| TAURI_PRIVATE_KEY: ${{ secrets.TAURI_PRIVATE_KEY_0_2 }} | |
| TAURI_KEY_PASSWORD: ${{ secrets.TAURI_KEY_PASSWORD }} | |
| with: | |
| projectPath: src-tauri # specifying to prevent action from looking for artifacts in crates/hc_launch/src-tauri | |
| tagName: v__VERSION__ # the action automatically replaces \_\_VERSION\_\_ with the app version | |
| releaseName: "Holochain Launcher v__VERSION__" | |
| releaseBody: "See assets below to download and install this version." | |
| releaseDraft: true | |
| prerelease: true | |
| - name: build and sign the app (Windows only) | |
| if: matrix.platform == 'windows-2019' | |
| run: | | |
| npm run build -- --verbose | |
| # NEW_VERSION change version number in filenames here wherever needed | |
| # log hashes before and after code signing to verify that the uploaded assets are the right ones | |
| CertUtil -hashfile "D:\a\launcher\launcher\target\release\bundle\msi\Holochain Launcher Beta 2_0.11.5_x64_en-US.msi" SHA256 | |
| CertUtil -hashfile "D:\a\launcher\launcher\target\release\bundle\msi\Holochain Launcher Beta 2_0.11.5_x64_en-US.msi.zip" SHA256 | |
| CertUtil -hashfile "D:\a\launcher\launcher\target\release\bundle\msi\Holochain Launcher Beta 2_0.11.5_x64_en-US.msi.zip.sig" SHA256 | |
| CertUtil -hashfile "D:\a\launcher\launcher\target\release\bundle\nsis\Holochain Launcher Beta 2_0.11.5_x64-setup.exe" SHA256 | |
| CertUtil -hashfile "D:\a\launcher\launcher\target\release\bundle\nsis\Holochain Launcher Beta 2_0.11.5_x64-setup.nsis.zip" SHA256 | |
| CertUtil -hashfile "D:\a\launcher\launcher\target\release\bundle\nsis\Holochain Launcher Beta 2_0.11.5_x64-setup.nsis.zip.sig" SHA256 | |
| dotnet tool install --global AzureSignTool | |
| # sign the .msi file | |
| AzureSignTool sign -kvu "${{ secrets.AZURE_KEY_VAULT_URI }}" -kvi "${{ secrets.AZURE_CLIENT_ID }}" -kvt "${{ secrets.AZURE_TENANT_ID }}" -kvs "${{ secrets.AZURE_CLIENT_SECRET }}" -kvc ${{ secrets.AZURE_CERT_NAME }} -tr http://timestamp.digicert.com -v "D:\a\launcher\launcher\target\release\bundle\msi\Holochain Launcher Beta 2_0.11.5_x64_en-US.msi" | |
| # sign the .exe file | |
| AzureSignTool sign -kvu "${{ secrets.AZURE_KEY_VAULT_URI }}" -kvi "${{ secrets.AZURE_CLIENT_ID }}" -kvt "${{ secrets.AZURE_TENANT_ID }}" -kvs "${{ secrets.AZURE_CLIENT_SECRET }}" -kvc ${{ secrets.AZURE_CERT_NAME }} -tr http://timestamp.digicert.com -v "D:\a\launcher\launcher\target\release\bundle\nsis\Holochain Launcher Beta 2_0.11.5_x64-setup.exe" | |
| # remove the .msi.zip, .msi.zip.sig, nsis.zip and nsis.zip.sig files generated by tauri's build command as they are not code signed | |
| rm "D:\a\launcher\launcher\target\release\bundle\msi\Holochain Launcher Beta 2_0.11.5_x64_en-US.msi.zip" | |
| rm "D:\a\launcher\launcher\target\release\bundle\msi\Holochain Launcher Beta 2_0.11.5_x64_en-US.msi.zip.sig" | |
| rm "D:\a\launcher\launcher\target\release\bundle\nsis\Holochain Launcher Beta 2_0.11.5_x64-setup.nsis.zip" | |
| rm "D:\a\launcher\launcher\target\release\bundle\nsis\Holochain Launcher Beta 2_0.11.5_x64-setup.nsis.zip.sig" | |
| # zip and sign the code signed .msi and .exe | |
| 7z a -mx=0 "D:\a\launcher\launcher\target\release\bundle\msi\Holochain Launcher Beta 2_0.11.5_x64_en-US.msi.zip" "D:\a\launcher\launcher\target\release\bundle\msi\Holochain Launcher Beta 2_0.11.5_x64_en-US.msi" | |
| npm run tauri signer sign "D:\a\launcher\launcher\target\release\bundle\msi\Holochain Launcher Beta 2_0.11.5_x64_en-US.msi.zip" -- -k ${{ secrets.TAURI_PRIVATE_KEY_0_2 }} -p "${{ secrets.TAURI_KEY_PASSWORD }}" | |
| 7z a -mx=0 "D:\a\launcher\launcher\target\release\bundle\nsis\Holochain Launcher Beta 2_0.11.5_x64-setup.nsis.zip" "D:\a\launcher\launcher\target\release\bundle\nsis\Holochain Launcher Beta 2_0.11.5_x64-setup.exe" | |
| npm run tauri signer sign "D:\a\launcher\launcher\target\release\bundle\nsis\Holochain Launcher Beta 2_0.11.5_x64-setup.nsis.zip" -- -k ${{ secrets.TAURI_PRIVATE_KEY_0_2 }} -p "${{ secrets.TAURI_KEY_PASSWORD }}" | |
| # log hashes before and after code signing to verify that the uploaded assets are the right ones | |
| CertUtil -hashfile "D:\a\launcher\launcher\target\release\bundle\msi\Holochain Launcher Beta 2_0.11.5_x64_en-US.msi" SHA256 | |
| CertUtil -hashfile "D:\a\launcher\launcher\target\release\bundle\msi\Holochain Launcher Beta 2_0.11.5_x64_en-US.msi.zip" SHA256 | |
| CertUtil -hashfile "D:\a\launcher\launcher\target\release\bundle\msi\Holochain Launcher Beta 2_0.11.5_x64_en-US.msi.zip.sig" SHA256 | |
| CertUtil -hashfile "D:\a\launcher\launcher\target\release\bundle\nsis\Holochain Launcher Beta 2_0.11.5_x64-setup.exe" SHA256 | |
| CertUtil -hashfile "D:\a\launcher\launcher\target\release\bundle\nsis\Holochain Launcher Beta 2_0.11.5_x64-setup.nsis.zip" SHA256 | |
| CertUtil -hashfile "D:\a\launcher\launcher\target\release\bundle\nsis\Holochain Launcher Beta 2_0.11.5_x64-setup.nsis.zip.sig" SHA256 | |
| env: | |
| TAURI_PRIVATE_KEY: ${{ secrets.TAURI_PRIVATE_KEY_0_2 }} | |
| TAURI_KEY_PASSWORD: ${{ secrets.TAURI_KEY_PASSWORD }} | |
| - name: upload signed .msi, .msi.zip, .msi.zip.sig, .exe, .nsis.zip, .nsis.zip.sig files to github release (Windows only) | |
| uses: matthme/tauri-action-ev-signing@upload-only | |
| if: matrix.platform == 'windows-2019' | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| with: | |
| projectPath: src-tauri # specifying to prevent action from looking for artifacts in crates/hc_launch/src-tauri | |
| tagName: v__VERSION__ # the action automatically replaces \_\_VERSION\_\_ with the app version | |
| releaseName: "Holochain Launcher v__VERSION__" | |
| releaseBody: "See assets below to download and install this version." | |
| releaseDraft: true | |
| prerelease: true |