fix: workflow faliure #56
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: 'generate experimental/dev stage draft GitHub release' | |
on: | |
push: | |
branches: [ dev ] | |
jobs: | |
create-release: | |
permissions: | |
contents: write | |
runs-on: ubuntu-latest | |
outputs: | |
release_id: ${{ steps.create-release.outputs.result }} | |
steps: | |
- uses: actions/checkout@v4 | |
- name: setup node | |
uses: actions/setup-node@v4 | |
with: | |
node-version: lts/* | |
- name: get version | |
run: | | |
echo "PACKAGE_VERSION=$(node -p "require('./package.json').version")" >> $GITHUB_ENV | |
echo "GIT_TAG_NAME=dev-app-v$(node -p "require('./package.json').version")" >> $GITHUB_ENV | |
- name: create release | |
id: create-release | |
uses: actions/github-script@v6 | |
with: | |
script: | | |
const { data } = await github.rest.repos.createRelease({ | |
owner: context.repo.owner, | |
repo: context.repo.repo, | |
tag_name: `${process.env.GIT_TAG_NAME}`, | |
target_commitish: 'dev', | |
name: `Phoenix Code Experimental build v${process.env.PACKAGE_VERSION}`, | |
body: 'Take a look at the assets to download and install Phoenix Code For your platform.\n\n>UpdateNotification: <replace this text to show a 1 line **Release Notes** to the user in the notification dialogue ![image](https://github.com/abose/phoenix-desktop/assets/5336369/c747898a-29ef-43c7-b74e-dddd5104a56c). Wait for a new pull request in the repo.>', | |
draft: true, | |
prerelease: true | |
}) | |
return data.id | |
build-tauri: | |
needs: create-release | |
permissions: | |
contents: write | |
strategy: | |
fail-fast: false | |
matrix: | |
platform: [ macos-latest, ubuntu-latest, windows-latest ] | |
runs-on: ${{ matrix.platform }} | |
steps: | |
- uses: actions/checkout@v4 | |
- name: get Git Tag | |
shell: bash | |
run: echo "GIT_TAG_NAME=dev-app-v$(node -p "require('./package.json').version")" >> $GITHUB_ENV | |
- name: setup node | |
uses: actions/setup-node@v4 | |
with: | |
node-version: lts/* | |
- name: install Rust stable | |
uses: dtolnay/rust-toolchain@stable | |
- name: install dependencies (ubuntu only) | |
if: matrix.platform == 'ubuntu-latest' | |
run: | | |
sudo apt-get update | |
sudo apt-get install -y libgtk-3-dev libwebkit2gtk-4.0-dev libayatana-appindicator3-dev librsvg2-dev | |
sudo apt-get install -y libwebrtc-audio-processing-dev | |
sudo apt-get install -y libunwind-dev | |
sudo apt-get install -y libgstreamer1.0-dev libgstreamer-plugins-base1.0-dev libgstreamer-plugins-bad1.0-dev gstreamer1.0-plugins-base gstreamer1.0-plugins-good gstreamer1.0-plugins-bad gstreamer1.0-plugins-ugly gstreamer1.0-libav gstreamer1.0-tools gstreamer1.0-x gstreamer1.0-alsa gstreamer1.0-gl gstreamer1.0-gtk3 gstreamer1.0-qt5 gstreamer1.0-pulseaudio | |
- name: install frontend dependencies | |
run: | | |
npm ci | |
npm run _ci-release:dev | |
- name: install AzureSignTool (windows only) | |
if: matrix.platform == 'windows-latest' | |
run: | | |
dotnet tool install --global AzureSignTool | |
- name: import certificate for signing (windows only) | |
if: matrix.platform == 'windows-latest' | |
run: | | |
echo "${{ secrets.AZURE_EV_CERT }}" > secret.cer | |
Import-Certificate -FilePath .\secret.cer -CertStoreLocation Cert:\LocalMachine\My | |
shell: powershell | |
- name: patch signTool (windows only) | |
if: matrix.platform == 'windows-latest' | |
run: Start-Process -FilePath .\src-build\win\copy_sign_tool.exe -Verb RunAs | |
shell: powershell | |
- name: setup env for signing (windows only) | |
if: matrix.platform == 'windows-latest' | |
env: | |
TAURI_PRIVATE_KEY: ${{ secrets.TAURI_PRIVATE_KEY }} | |
TAURI_KEY_PASSWORD: ${{ secrets.TAURI_KEY_PASSWORD }} | |
AZURE_KEY_VAULT_URI: ${{ secrets.AZURE_KEY_VAULT_URI }} | |
AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} | |
AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} | |
AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }} | |
AZURE_CERT_NAME: ${{ secrets.AZURE_CERT_NAME }} | |
AZURE_COMPANY_NAME: ${{ secrets.AZURE_COMPANY_NAME }} | |
run: | | |
$jsonContent = @{ | |
"AZURE_KEY_VAULT_URI" = $env:AZURE_KEY_VAULT_URI | |
"AZURE_CLIENT_ID" = $env:AZURE_CLIENT_ID | |
"AZURE_TENANT_ID" = $env:AZURE_TENANT_ID | |
"AZURE_CLIENT_SECRET" = $env:AZURE_CLIENT_SECRET | |
"AZURE_CERT_NAME" = $env:AZURE_CERT_NAME | |
"AZURE_COMPANY_NAME" = $env:AZURE_COMPANY_NAME | |
} | |
$jsonContent | ConvertTo-Json | Out-File -FilePath ./secrets.json -Encoding utf8 | |
# Load content from the file | |
$content = Get-Content -Path "./secrets.json" -Raw | |
# Replace \r\n with \n | |
$content = $content -replace "`r`n", "`n" | |
# Write the content back to the file | |
Set-Content -Path "./secrets.json" -Value $content | |
shell: powershell | |
- name: Sign embedded executables for Mac | |
if: matrix.platform == 'macos-latest' | |
env : | |
MAC_IDENTITY: ${{ secrets.APPLE_EXTERNAL_BINARY_SIGN_CERTIFICATE }} | |
APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }} | |
APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }} | |
KEYCHAIN_PWD: ${{ secrets.KEYCHAIN_PWD }} | |
KEYCHAIN_ID: ${{ secrets.KEYCHAIN_ID }} | |
run: | | |
certificate_encoded="$APPLE_CERTIFICATE" | |
certificate_password="$APPLE_CERTIFICATE_PASSWORD" | |
echo "Setting up keychain from environment variables..." | |
# List the keychains | |
security list-keychain -d user | |
# Creating a temporary directory | |
tmp_dir=$(mktemp -d) | |
cert_path="$tmp_dir/cert.p12" | |
# Check if base64 decoding is necessary or just a simple echo would suffice | |
# Assuming base64 decoding is needed | |
echo "$certificate_encoded" | base64 --decode > "$cert_path" | |
# Importing the certificate to the keychain | |
security create-keychain -p "$KEYCHAIN_PWD" "$KEYCHAIN_ID" | |
security unlock-keychain -p "$KEYCHAIN_PWD" "$KEYCHAIN_ID" | |
security import "$cert_path" -k "$KEYCHAIN_ID" -P "$certificate_password" -T /usr/bin/codesign -T /usr/bin/pkgbuild -T /usr/bin/productbuild | |
security set-keychain-settings -t 3600 -u "$KEYCHAIN_ID" | |
security set-key-partition-list -S "apple-tool:,apple:,codesign:" -s -k "$KEYCHAIN_PWD" "$KEYCHAIN_ID" | |
codesign --force --sign "$MAC_IDENTITY" --keychain "$KEYCHAIN_ID" --timestamp --options runtime ./src-tauri/src-node/node_modules/fsevents/fsevents.node | |
# cat ./src-build/mac/filesToSign | xargs codesign --force -s "$CERTIFICATE_NAME" --keychain "$KEYCHAIN_ID" --timestamp --options runtime | |
shell: bash | |
- uses: tauri-apps/tauri-action@v0 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
TAURI_PRIVATE_KEY: ${{ secrets.TAURI_PRIVATE_KEY }} | |
TAURI_KEY_PASSWORD: ${{ secrets.TAURI_KEY_PASSWORD }} | |
ENABLE_CODE_SIGNING: ${{ secrets.APPLE_CERTIFICATE }} | |
APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }} | |
APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }} | |
APPLE_SIGNING_IDENTITY: ${{ secrets.APPLE_SIGNING_IDENTITY }} | |
APPLE_ID: ${{ secrets.APPLE_ID }} | |
APPLE_PASSWORD: ${{ secrets.APPLE_PASSWORD }} | |
APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} | |
with: | |
releaseId: ${{ needs.create-release.outputs.release_id }} | |
updaterJsonPreferNsis: true | |
tagName: ${{ env.GIT_TAG_NAME }} | |
- name: setup env for mac arm (Mac only) | |
if: matrix.platform == 'macos-latest' | |
run: | | |
rustup target add aarch64-apple-darwin | |
npm run installNodeArmDarwin | |
- name: build for mac arm (Mac only) | |
if: matrix.platform == 'macos-latest' | |
uses: tauri-apps/tauri-action@v0 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
TAURI_PRIVATE_KEY: ${{ secrets.TAURI_PRIVATE_KEY }} | |
TAURI_KEY_PASSWORD: ${{ secrets.TAURI_KEY_PASSWORD }} | |
ENABLE_CODE_SIGNING: ${{ secrets.APPLE_CERTIFICATE }} | |
APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }} | |
APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }} | |
APPLE_SIGNING_IDENTITY: ${{ secrets.APPLE_SIGNING_IDENTITY }} | |
APPLE_ID: ${{ secrets.APPLE_ID }} | |
APPLE_PASSWORD: ${{ secrets.APPLE_PASSWORD }} | |
APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} | |
with: | |
releaseId: ${{ needs.create-release.outputs.release_id }} | |
args: --target aarch64-apple-darwin | |
tagName: ${{ env.GIT_TAG_NAME }} | |
publish-release: | |
permissions: | |
contents: write | |
runs-on: ubuntu-latest | |
needs: [ create-release, build-tauri ] | |
steps: | |
- uses: actions/checkout@v4 | |
- name: get Git Tag | |
run: echo "GIT_TAG_NAME=dev-app-v$(node -p "require('./package.json').version")" >> $GITHUB_ENV | |
- name: publish release | |
id: publish-release | |
uses: actions/github-script@v6 | |
env: | |
release_id: ${{ needs.create-release.outputs.release_id }} | |
with: | |
script: | | |
github.rest.repos.updateRelease({ | |
owner: context.repo.owner, | |
repo: context.repo.repo, | |
tag_name: `${process.env.GIT_TAG_NAME}`, | |
target_commitish: 'dev', | |
release_id: process.env.release_id, | |
draft: true, | |
prerelease: true | |
}) |