From 3b717b25c25f2c473df5315d51aa29841168261a Mon Sep 17 00:00:00 2001
From: neil <neil@neils-MacBook-Pro.local>
Date: Wed, 28 Dec 2022 10:39:19 +0800
Subject: [PATCH 01/40] test m1

---
 .github/workflows/m1.yml | 65 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 65 insertions(+)
 create mode 100644 .github/workflows/m1.yml

diff --git a/.github/workflows/m1.yml b/.github/workflows/m1.yml
new file mode 100644
index 0000000..73b1f67
--- /dev/null
+++ b/.github/workflows/m1.yml
@@ -0,0 +1,65 @@
+name: "deploy"
+
+on:
+  push:
+    branches:
+      - m1-test
+
+
+jobs:
+  build_tauri:
+    timeout-minutes: 6
+    runs-on: ${{ matrix.platform.os }}
+    strategy:
+      matrix:
+        platform:
+          # - os: macos-11
+          #   name: darwin+x86-64
+          # - os: ubuntu-latest
+          #   name: linux+x86-64
+          - os: [self-hosted, macOS, ARM64]
+            name: darwin+aarch64
+          # - os: [self-hosted, linux, ARM64]
+          #   name: linux+aarch64
+    container: ${{ matrix.platform.container }}
+    steps:
+    - uses: actions/checkout@v2
+
+    - uses: pnpm/action-setup@v2
+      with:
+        version: 7
+    - name: setup node
+      uses: actions/setup-node@v1
+      with:
+        node-version: 18
+        cache: 'pnpm'
+        cache-dependency-path: pnpm-lock.yaml
+    - name: install Rust stable
+      uses: actions-rs/toolchain@v1
+      with:
+        toolchain: stable
+    - uses: Swatinem/rust-cache@v2
+      with:
+        # The prefix cache key, this can be changed to start a new cache manually.
+        # default: "v0-rust"
+        prefix-key: ${{ matrix.platform.name }}
+        shared-key: prod
+        cache-targets: false
+    # - name: install dependencies (ubuntu only)
+    #   if: matrix.platform.name == 'linux+x86-64'
+    #   run: |
+    #     sudo apt-get update
+    #     sudo apt-get install -y libgtk-3-dev webkit2gtk-4.0 libappindicator3-dev librsvg2-dev patchelf
+    - name: install app dependencies
+      run: pnpm install
+
+    - name: Cache Tauri Target
+      uses: actions/cache@v3
+      with:
+        path: |
+          ./modules/gui/src-tauri/target
+        key: m1-test
+        restore-keys: m1-test
+
+    - name: test dev tauri
+      run: pnpm dev:gui

From 23a1684946b1cb886862db80a8ff885a9a740914 Mon Sep 17 00:00:00 2001
From: neil <neil@neils-MacBook-Pro.local>
Date: Thu, 29 Dec 2022 13:16:20 +0800
Subject: [PATCH 02/40] test build

---
 .github/workflows/m1.yml | 15 ++++++++++++++-
 package.json             |  2 +-
 2 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/m1.yml b/.github/workflows/m1.yml
index 73b1f67..1e1a55d 100644
--- a/.github/workflows/m1.yml
+++ b/.github/workflows/m1.yml
@@ -62,4 +62,17 @@ jobs:
         restore-keys: m1-test
 
     - name: test dev tauri
-      run: pnpm dev:gui
+      run: pnpm build:gui
+
+    - name: zip app
+      run: zip -r tea.zip ./modules/gui/src-tauri/target/release/bundle/macos/tea.app
+
+    - uses: aws-actions/configure-aws-credentials@v1
+      with:
+        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        aws-region: us-east-1
+
+    - name: cp package images from prod to preview bucket
+      run: |
+        aws s3 cp ./tea.zip "s3://preview.gui.tea.xyz/release/tea.zip"
\ No newline at end of file
diff --git a/package.json b/package.json
index 84dd8f0..9bf9d25 100644
--- a/package.json
+++ b/package.json
@@ -4,7 +4,7 @@
     "private": true,
     "scripts": {
         "release": "sh ./.github/update-latest-binary.sh",
-        "build:gui": "pnpm --filter gui exec tauri build",
+        "build:gui": "pnpm --filter gui exec tauri build -b app",
         "dev:gui": "pnpm --filter gui exec tauri dev",
         "web:gui": "BUILD_FOR=preview pnpm --filter gui dev"
     },

From 2bf0daa4569a608e10ff16fde3d477d3d831599c Mon Sep 17 00:00:00 2001
From: neil <neil@neils-MacBook-Pro.local>
Date: Thu, 29 Dec 2022 13:30:14 +0800
Subject: [PATCH 03/40] test using tea setup

---
 .github/workflows/m1.yml | 39 ++-------------------------------------
 1 file changed, 2 insertions(+), 37 deletions(-)

diff --git a/.github/workflows/m1.yml b/.github/workflows/m1.yml
index 1e1a55d..3fb8ac5 100644
--- a/.github/workflows/m1.yml
+++ b/.github/workflows/m1.yml
@@ -25,44 +25,9 @@ jobs:
     steps:
     - uses: actions/checkout@v2
 
-    - uses: pnpm/action-setup@v2
+    - uses: teaxyz/setup@v0
       with:
-        version: 7
-    - name: setup node
-      uses: actions/setup-node@v1
-      with:
-        node-version: 18
-        cache: 'pnpm'
-        cache-dependency-path: pnpm-lock.yaml
-    - name: install Rust stable
-      uses: actions-rs/toolchain@v1
-      with:
-        toolchain: stable
-    - uses: Swatinem/rust-cache@v2
-      with:
-        # The prefix cache key, this can be changed to start a new cache manually.
-        # default: "v0-rust"
-        prefix-key: ${{ matrix.platform.name }}
-        shared-key: prod
-        cache-targets: false
-    # - name: install dependencies (ubuntu only)
-    #   if: matrix.platform.name == 'linux+x86-64'
-    #   run: |
-    #     sudo apt-get update
-    #     sudo apt-get install -y libgtk-3-dev webkit2gtk-4.0 libappindicator3-dev librsvg2-dev patchelf
-    - name: install app dependencies
-      run: pnpm install
-
-    - name: Cache Tauri Target
-      uses: actions/cache@v3
-      with:
-        path: |
-          ./modules/gui/src-tauri/target
-        key: m1-test
-        restore-keys: m1-test
-
-    - name: test dev tauri
-      run: pnpm build:gui
+        target: build
 
     - name: zip app
       run: zip -r tea.zip ./modules/gui/src-tauri/target/release/bundle/macos/tea.app

From 7658988c845bb7449a55d1cee0ce16aad1ae8916 Mon Sep 17 00:00:00 2001
From: neil <neil@neils-MacBook-Pro.local>
Date: Fri, 30 Dec 2022 07:32:26 +0800
Subject: [PATCH 04/40] retry

---
 README.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/README.md b/README.md
index ab04839..58f57aa 100644
--- a/README.md
+++ b/README.md
@@ -30,6 +30,7 @@ $ pnpm web:gui
 ```
 # Build
 ```sh
+pnpm install
 pnpm build:gui
 ```
 

From e0e779e219abf9687181e1f8290e780dc538592c Mon Sep 17 00:00:00 2001
From: neil <neil@neils-MacBook-Pro.local>
Date: Sat, 31 Dec 2022 12:03:15 +0800
Subject: [PATCH 05/40] test build

---
 .github/workflows/m1.yml | 19 +++++++++++++++++--
 1 file changed, 17 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/m1.yml b/.github/workflows/m1.yml
index 3fb8ac5..c350b91 100644
--- a/.github/workflows/m1.yml
+++ b/.github/workflows/m1.yml
@@ -25,12 +25,27 @@ jobs:
     steps:
     - uses: actions/checkout@v2
 
+
+    # Needed for self-hosted runner, since it doesn't destroy itself automatically.
+    - name: Delete keychain
+      if: always() && matrix.platform.name == 'darwin+aarch64'
+      run: security delete-keychain signing_temp.keychain
+
     - uses: teaxyz/setup@v0
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        ENABLE_CODE_SIGNING: ${{ secrets.BUILD_CERTIFICATE_BASE64 }}
+        APPLE_CERTIFICATE: ${{ secrets.BUILD_CERTIFICATE_BASE64 }}
+        APPLE_CERTIFICATE_PASSWORD: ${{ secrets.P12_PASSWORD }}
+        APPLE_SIGNING_IDENTITY: ${{ secrets.APPLE_SIGNING_IDENTITY }}
+        APPLE_ID: ${{ secrets.APPLE_ID }}
+        APPLE_PASSWORD: ${{ secrets.APPLE_PASSWORD }}
       with:
         target: build
 
     - name: zip app
-      run: zip -r tea.zip ./modules/gui/src-tauri/target/release/bundle/macos/tea.app
+      run: |
+        cd ./modules/gui/src-tauri/target/release/bundle/macos/ && zip -r tea.zip tea.app
 
     - uses: aws-actions/configure-aws-credentials@v1
       with:
@@ -40,4 +55,4 @@ jobs:
 
     - name: cp package images from prod to preview bucket
       run: |
-        aws s3 cp ./tea.zip "s3://preview.gui.tea.xyz/release/tea.zip"
\ No newline at end of file
+        aws s3 cp ./modules/gui/src-tauri/target/release/bundle/macos/tea.zip "s3://preview.gui.tea.xyz/release/tea.zip"

From da0fab1034a035f612f2718f07d0ab4fc129be6f Mon Sep 17 00:00:00 2001
From: neil <neil@neils-MacBook-Pro.local>
Date: Sat, 31 Dec 2022 12:08:22 +0800
Subject: [PATCH 06/40] fix

---
 .github/workflows/m1.yml | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/.github/workflows/m1.yml b/.github/workflows/m1.yml
index c350b91..de71509 100644
--- a/.github/workflows/m1.yml
+++ b/.github/workflows/m1.yml
@@ -25,12 +25,6 @@ jobs:
     steps:
     - uses: actions/checkout@v2
 
-
-    # Needed for self-hosted runner, since it doesn't destroy itself automatically.
-    - name: Delete keychain
-      if: always() && matrix.platform.name == 'darwin+aarch64'
-      run: security delete-keychain signing_temp.keychain
-
     - uses: teaxyz/setup@v0
       env:
         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

From 2ce401f003e1b537be7e3ef45e00452d0884bd2a Mon Sep 17 00:00:00 2001
From: neil <neil@neils-MacBook-Pro.local>
Date: Mon, 2 Jan 2023 10:25:43 +0800
Subject: [PATCH 07/40] apply org level apple secrets

---
 .github/workflows/m1.yml | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/m1.yml b/.github/workflows/m1.yml
index de71509..97b030e 100644
--- a/.github/workflows/m1.yml
+++ b/.github/workflows/m1.yml
@@ -28,12 +28,10 @@ jobs:
     - uses: teaxyz/setup@v0
       env:
         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        ENABLE_CODE_SIGNING: ${{ secrets.BUILD_CERTIFICATE_BASE64 }}
-        APPLE_CERTIFICATE: ${{ secrets.BUILD_CERTIFICATE_BASE64 }}
-        APPLE_CERTIFICATE_PASSWORD: ${{ secrets.P12_PASSWORD }}
+        ENABLE_CODE_SIGNING: ${{ secrets.APPLE_CERTIFICATE_P12 }}
+        APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE_P12 }}
+        APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_P12_PASSWORD }}
         APPLE_SIGNING_IDENTITY: ${{ secrets.APPLE_SIGNING_IDENTITY }}
-        APPLE_ID: ${{ secrets.APPLE_ID }}
-        APPLE_PASSWORD: ${{ secrets.APPLE_PASSWORD }}
       with:
         target: build
 

From 23b948f200a23315fcf192851b4064a0850733e0 Mon Sep 17 00:00:00 2001
From: neil <neil@neils-MacBook-Pro.local>
Date: Mon, 2 Jan 2023 10:34:00 +0800
Subject: [PATCH 08/40] add apple_id and password accounts

---
 .github/workflows/m1.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/m1.yml b/.github/workflows/m1.yml
index 97b030e..dfcc0d1 100644
--- a/.github/workflows/m1.yml
+++ b/.github/workflows/m1.yml
@@ -32,6 +32,8 @@ jobs:
         APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE_P12 }}
         APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_P12_PASSWORD }}
         APPLE_SIGNING_IDENTITY: ${{ secrets.APPLE_SIGNING_IDENTITY }}
+        APPLE_ID: ${{ secrets.APPLE_ID }}
+        APPLE_PASSWORD: ${{ secrets.APPLE_PASSWORD }}
       with:
         target: build
 

From 7474a1c11f7a5e3f14e148d49b682a5f3b9176fe Mon Sep 17 00:00:00 2001
From: neil <neil@neils-MacBook-Pro.local>
Date: Mon, 2 Jan 2023 10:49:36 +0800
Subject: [PATCH 09/40] verbose build logging

---
 package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/package.json b/package.json
index 9bf9d25..05ee493 100644
--- a/package.json
+++ b/package.json
@@ -4,7 +4,7 @@
     "private": true,
     "scripts": {
         "release": "sh ./.github/update-latest-binary.sh",
-        "build:gui": "pnpm --filter gui exec tauri build -b app",
+        "build:gui": "pnpm --filter gui exec tauri build -b app --verbose",
         "dev:gui": "pnpm --filter gui exec tauri dev",
         "web:gui": "BUILD_FOR=preview pnpm --filter gui dev"
     },

From 8ec8635f2f44e22b2c940cd81005f422ed75587d Mon Sep 17 00:00:00 2001
From: neil <neil@neils-MacBook-Pro.local>
Date: Mon, 2 Jan 2023 11:59:14 +0800
Subject: [PATCH 10/40] run different process

---
 .github/workflows/m1.yml | 56 +++++++++++++++++++++++++++++-----------
 1 file changed, 41 insertions(+), 15 deletions(-)

diff --git a/.github/workflows/m1.yml b/.github/workflows/m1.yml
index dfcc0d1..60ce4fa 100644
--- a/.github/workflows/m1.yml
+++ b/.github/workflows/m1.yml
@@ -25,8 +25,45 @@ jobs:
     steps:
     - uses: actions/checkout@v2
 
-    - uses: teaxyz/setup@v0
-      env:
+    # - uses: teaxyz/setup@v0
+    #   env:
+    #     GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+    #     ENABLE_CODE_SIGNING: ${{ secrets.APPLE_CERTIFICATE_P12 }}
+    #     APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE_P12 }}
+    #     APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_P12_PASSWORD }}
+    #     APPLE_SIGNING_IDENTITY: ${{ secrets.APPLE_SIGNING_IDENTITY }}
+    #     APPLE_ID: ${{ secrets.APPLE_ID }}
+    #     APPLE_PASSWORD: ${{ secrets.APPLE_PASSWORD }}
+    #   with:
+    #     target: build
+
+    # - name: zip app
+    #   run: |
+    #     cd ./modules/gui/src-tauri/target/release/bundle/macos/ && zip -r tea.zip tea.app
+
+    # - uses: aws-actions/configure-aws-credentials@v1
+    #   with:
+    #     aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+    #     aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+    #     aws-region: us-east-1
+
+    # - name: cp package images from prod to preview bucket
+    #   run: |
+    #     aws s3 cp ./modules/gui/src-tauri/target/release/bundle/macos/tea.zip "s3://preview.gui.tea.xyz/release/tea.zip"
+    - name: setup node
+      uses: actions/setup-node@v2
+      with:
+        node-version: 16
+    - name: install Rust stable
+      uses: actions-rs/toolchain@v1
+      with:
+        toolchain: stable
+    - uses: pnpm/action-setup@v2
+      with:
+        version: 7.18.2
+        run_install: true
+
+    - env:
         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         ENABLE_CODE_SIGNING: ${{ secrets.APPLE_CERTIFICATE_P12 }}
         APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE_P12 }}
@@ -34,19 +71,8 @@ jobs:
         APPLE_SIGNING_IDENTITY: ${{ secrets.APPLE_SIGNING_IDENTITY }}
         APPLE_ID: ${{ secrets.APPLE_ID }}
         APPLE_PASSWORD: ${{ secrets.APPLE_PASSWORD }}
-      with:
-        target: build
-
-    - name: zip app
-      run: |
-        cd ./modules/gui/src-tauri/target/release/bundle/macos/ && zip -r tea.zip tea.app
-
-    - uses: aws-actions/configure-aws-credentials@v1
-      with:
-        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
-        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-        aws-region: us-east-1
+      run: pnpm build:gui
 
     - name: cp package images from prod to preview bucket
       run: |
-        aws s3 cp ./modules/gui/src-tauri/target/release/bundle/macos/tea.zip "s3://preview.gui.tea.xyz/release/tea.zip"
+        aws s3 cp ./modules/gui/src-tauri/target/release/bundle/macos/tea.zip "s3://preview.gui.tea.xyz/release/tea.zip"
\ No newline at end of file

From 10631e1303b8e60b8b4ad3ca6d23f5c0a31655a7 Mon Sep 17 00:00:00 2001
From: neil <neil@neils-MacBook-Pro.local>
Date: Mon, 2 Jan 2023 12:11:04 +0800
Subject: [PATCH 11/40] import codesign

---
 .github/workflows/m1.yml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/.github/workflows/m1.yml b/.github/workflows/m1.yml
index 60ce4fa..f729502 100644
--- a/.github/workflows/m1.yml
+++ b/.github/workflows/m1.yml
@@ -62,6 +62,11 @@ jobs:
       with:
         version: 7.18.2
         run_install: true
+  
+    - uses: apple-actions/import-codesign-certs@d54750db52a4d3eaed0fc107a8bab3958f3f7494
+      with:
+        p12-file-base64: ${{ secrets.APPLE_CERTIFICATE_P12 }}
+        p12-password: ${{ secrets.APPLE_CERTIFICATE_P12_PASSWORD }}
 
     - env:
         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

From 53cf5e1c9a5306110c57659bcb7f2521376183d7 Mon Sep 17 00:00:00 2001
From: neil <neil@neils-MacBook-Pro.local>
Date: Mon, 2 Jan 2023 12:22:38 +0800
Subject: [PATCH 12/40] more manual test

---
 .github/workflows/m1.yml | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/.github/workflows/m1.yml b/.github/workflows/m1.yml
index f729502..f196013 100644
--- a/.github/workflows/m1.yml
+++ b/.github/workflows/m1.yml
@@ -67,16 +67,16 @@ jobs:
       with:
         p12-file-base64: ${{ secrets.APPLE_CERTIFICATE_P12 }}
         p12-password: ${{ secrets.APPLE_CERTIFICATE_P12_PASSWORD }}
+    - run: pnpm build:gui
 
-    - env:
-        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        ENABLE_CODE_SIGNING: ${{ secrets.APPLE_CERTIFICATE_P12 }}
-        APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE_P12 }}
-        APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_P12_PASSWORD }}
-        APPLE_SIGNING_IDENTITY: ${{ secrets.APPLE_SIGNING_IDENTITY }}
-        APPLE_ID: ${{ secrets.APPLE_ID }}
-        APPLE_PASSWORD: ${{ secrets.APPLE_PASSWORD }}
-      run: pnpm build:gui
+    - name: Codesign package
+      run: |
+        codesign -s "Developer ID Application: Tea Inc. (7WV56FL599)" -v --force --deep --timestamp --preserve-metadata=entitlements -o runtime /modules/gui/src-tauri/target/release/bundle/macos/tea.app/* || true
+        done
+
+    - name: zip app
+      run: |
+        cd ./modules/gui/src-tauri/target/release/bundle/macos/ && zip -r tea.zip tea.app
 
     - name: cp package images from prod to preview bucket
       run: |

From ea92211bd004faf3e17cbde96025045b7fe5942d Mon Sep 17 00:00:00 2001
From: neil <neil@neils-MacBook-Pro.local>
Date: Mon, 2 Jan 2023 12:24:41 +0800
Subject: [PATCH 13/40] polluted workspace temp

---
 .github/workflows/m1.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/m1.yml b/.github/workflows/m1.yml
index f196013..61d2521 100644
--- a/.github/workflows/m1.yml
+++ b/.github/workflows/m1.yml
@@ -63,10 +63,10 @@ jobs:
         version: 7.18.2
         run_install: true
   
-    - uses: apple-actions/import-codesign-certs@d54750db52a4d3eaed0fc107a8bab3958f3f7494
-      with:
-        p12-file-base64: ${{ secrets.APPLE_CERTIFICATE_P12 }}
-        p12-password: ${{ secrets.APPLE_CERTIFICATE_P12_PASSWORD }}
+    # - uses: apple-actions/import-codesign-certs@d54750db52a4d3eaed0fc107a8bab3958f3f7494
+    #   with:
+    #     p12-file-base64: ${{ secrets.APPLE_CERTIFICATE_P12 }}
+    #     p12-password: ${{ secrets.APPLE_CERTIFICATE_P12_PASSWORD }}
     - run: pnpm build:gui
 
     - name: Codesign package

From d51714f473045f40c0bd9dbe1d3b6cdb57ad938c Mon Sep 17 00:00:00 2001
From: neil <neil@neils-MacBook-Pro.local>
Date: Mon, 2 Jan 2023 12:27:25 +0800
Subject: [PATCH 14/40] fix path

---
 .github/workflows/m1.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/m1.yml b/.github/workflows/m1.yml
index 61d2521..ad7cdfa 100644
--- a/.github/workflows/m1.yml
+++ b/.github/workflows/m1.yml
@@ -71,7 +71,7 @@ jobs:
 
     - name: Codesign package
       run: |
-        codesign -s "Developer ID Application: Tea Inc. (7WV56FL599)" -v --force --deep --timestamp --preserve-metadata=entitlements -o runtime /modules/gui/src-tauri/target/release/bundle/macos/tea.app/* || true
+        codesign -s "Developer ID Application: Tea Inc. (7WV56FL599)" -v --force --deep --timestamp --preserve-metadata=entitlements -o runtime ./modules/gui/src-tauri/target/release/bundle/macos/tea.app/* || true
         done
 
     - name: zip app

From bf680850a9aa01a84293afec8dbc4b0562475365 Mon Sep 17 00:00:00 2001
From: neil <neil@neils-MacBook-Pro.local>
Date: Mon, 2 Jan 2023 12:31:44 +0800
Subject: [PATCH 15/40] fix to .app only

---
 .github/workflows/m1.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/m1.yml b/.github/workflows/m1.yml
index ad7cdfa..2391cd3 100644
--- a/.github/workflows/m1.yml
+++ b/.github/workflows/m1.yml
@@ -71,7 +71,7 @@ jobs:
 
     - name: Codesign package
       run: |
-        codesign -s "Developer ID Application: Tea Inc. (7WV56FL599)" -v --force --deep --timestamp --preserve-metadata=entitlements -o runtime ./modules/gui/src-tauri/target/release/bundle/macos/tea.app/* || true
+        codesign -s "Developer ID Application: Tea Inc. (7WV56FL599)" -v --force --deep --timestamp --preserve-metadata=entitlements -o runtime ./modules/gui/src-tauri/target/release/bundle/macos/tea.app || true
         done
 
     - name: zip app

From 16dbc90c8ac104e2677e7388bd1180edd74ee2de Mon Sep 17 00:00:00 2001
From: neil <neil@neils-MacBook-Pro.local>
Date: Mon, 2 Jan 2023 12:33:17 +0800
Subject: [PATCH 16/40] rm done

---
 .github/workflows/m1.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.github/workflows/m1.yml b/.github/workflows/m1.yml
index 2391cd3..126c1a3 100644
--- a/.github/workflows/m1.yml
+++ b/.github/workflows/m1.yml
@@ -72,7 +72,6 @@ jobs:
     - name: Codesign package
       run: |
         codesign -s "Developer ID Application: Tea Inc. (7WV56FL599)" -v --force --deep --timestamp --preserve-metadata=entitlements -o runtime ./modules/gui/src-tauri/target/release/bundle/macos/tea.app || true
-        done
 
     - name: zip app
       run: |

From cf6a2dec3f7eb280276799e090fda1bdf0203cea Mon Sep 17 00:00:00 2001
From: neil <neil@neils-MacBook-Pro.local>
Date: Mon, 2 Jan 2023 12:40:34 +0800
Subject: [PATCH 17/40] test regular build process

---
 .github/workflows/m1.yml | 93 ++++++++++++++++++++--------------------
 package.json             |  2 +-
 2 files changed, 47 insertions(+), 48 deletions(-)

diff --git a/.github/workflows/m1.yml b/.github/workflows/m1.yml
index 126c1a3..8209f4b 100644
--- a/.github/workflows/m1.yml
+++ b/.github/workflows/m1.yml
@@ -25,58 +25,57 @@ jobs:
     steps:
     - uses: actions/checkout@v2
 
-    # - uses: teaxyz/setup@v0
-    #   env:
-    #     GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-    #     ENABLE_CODE_SIGNING: ${{ secrets.APPLE_CERTIFICATE_P12 }}
-    #     APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE_P12 }}
-    #     APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_P12_PASSWORD }}
-    #     APPLE_SIGNING_IDENTITY: ${{ secrets.APPLE_SIGNING_IDENTITY }}
-    #     APPLE_ID: ${{ secrets.APPLE_ID }}
-    #     APPLE_PASSWORD: ${{ secrets.APPLE_PASSWORD }}
-    #   with:
-    #     target: build
-
-    # - name: zip app
-    #   run: |
-    #     cd ./modules/gui/src-tauri/target/release/bundle/macos/ && zip -r tea.zip tea.app
-
-    # - uses: aws-actions/configure-aws-credentials@v1
-    #   with:
-    #     aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
-    #     aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-    #     aws-region: us-east-1
-
-    # - name: cp package images from prod to preview bucket
-    #   run: |
-    #     aws s3 cp ./modules/gui/src-tauri/target/release/bundle/macos/tea.zip "s3://preview.gui.tea.xyz/release/tea.zip"
-    - name: setup node
-      uses: actions/setup-node@v2
+    - uses: teaxyz/setup@v0
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        ENABLE_CODE_SIGNING: ${{ secrets.APPLE_CERTIFICATE_P12 }}
+        APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE_P12 }}
+        APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_P12_PASSWORD }}
+        APPLE_SIGNING_IDENTITY: ${{ secrets.APPLE_SIGNING_IDENTITY }}
       with:
-        node-version: 16
-    - name: install Rust stable
-      uses: actions-rs/toolchain@v1
-      with:
-        toolchain: stable
-    - uses: pnpm/action-setup@v2
-      with:
-        version: 7.18.2
-        run_install: true
-  
-    # - uses: apple-actions/import-codesign-certs@d54750db52a4d3eaed0fc107a8bab3958f3f7494
-    #   with:
-    #     p12-file-base64: ${{ secrets.APPLE_CERTIFICATE_P12 }}
-    #     p12-password: ${{ secrets.APPLE_CERTIFICATE_P12_PASSWORD }}
-    - run: pnpm build:gui
-
-    - name: Codesign package
-      run: |
-        codesign -s "Developer ID Application: Tea Inc. (7WV56FL599)" -v --force --deep --timestamp --preserve-metadata=entitlements -o runtime ./modules/gui/src-tauri/target/release/bundle/macos/tea.app || true
+        target: build
 
     - name: zip app
       run: |
         cd ./modules/gui/src-tauri/target/release/bundle/macos/ && zip -r tea.zip tea.app
 
+    - uses: aws-actions/configure-aws-credentials@v1
+      with:
+        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        aws-region: us-east-1
+
     - name: cp package images from prod to preview bucket
       run: |
-        aws s3 cp ./modules/gui/src-tauri/target/release/bundle/macos/tea.zip "s3://preview.gui.tea.xyz/release/tea.zip"
\ No newline at end of file
+        aws s3 cp ./modules/gui/src-tauri/target/release/bundle/macos/tea.zip "s3://preview.gui.tea.xyz/release/tea.zip"
+
+    # - name: setup node
+    #   uses: actions/setup-node@v2
+    #   with:
+    #     node-version: 16
+    # - name: install Rust stable
+    #   uses: actions-rs/toolchain@v1
+    #   with:
+    #     toolchain: stable
+    # - uses: pnpm/action-setup@v2
+    #   with:
+    #     version: 7.18.2
+    #     run_install: true
+  
+    # # - uses: apple-actions/import-codesign-certs@d54750db52a4d3eaed0fc107a8bab3958f3f7494
+    # #   with:
+    # #     p12-file-base64: ${{ secrets.APPLE_CERTIFICATE_P12 }}
+    # #     p12-password: ${{ secrets.APPLE_CERTIFICATE_P12_PASSWORD }}
+    # - run: pnpm build:gui
+
+    # - name: Codesign package
+    #   run: |
+    #     codesign -s "Developer ID Application: Tea Inc. (7WV56FL599)" -v --force --deep --timestamp --preserve-metadata=entitlements -o runtime ./modules/gui/src-tauri/target/release/bundle/macos/tea.app || true
+
+    # - name: zip app
+    #   run: |
+    #     cd ./modules/gui/src-tauri/target/release/bundle/macos/ && zip -r tea.zip tea.app
+
+    # - name: cp package images from prod to preview bucket
+    #   run: |
+    #     aws s3 cp ./modules/gui/src-tauri/target/release/bundle/macos/tea.zip "s3://preview.gui.tea.xyz/release/tea.zip"
\ No newline at end of file
diff --git a/package.json b/package.json
index 05ee493..5f005a0 100644
--- a/package.json
+++ b/package.json
@@ -4,7 +4,7 @@
     "private": true,
     "scripts": {
         "release": "sh ./.github/update-latest-binary.sh",
-        "build:gui": "pnpm --filter gui exec tauri build -b app --verbose",
+        "build:gui": "pnpm --filter gui exec tauri build --verbose",
         "dev:gui": "pnpm --filter gui exec tauri dev",
         "web:gui": "BUILD_FOR=preview pnpm --filter gui dev"
     },

From 7e7e99b5ffb39fdc81fa17884ce3645991e530ea Mon Sep 17 00:00:00 2001
From: neil <neil@neils-MacBook-Pro.local>
Date: Mon, 2 Jan 2023 12:45:25 +0800
Subject: [PATCH 18/40] test codesign dmg only

---
 package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/package.json b/package.json
index 5f005a0..de66530 100644
--- a/package.json
+++ b/package.json
@@ -4,7 +4,7 @@
     "private": true,
     "scripts": {
         "release": "sh ./.github/update-latest-binary.sh",
-        "build:gui": "pnpm --filter gui exec tauri build --verbose",
+        "build:gui": "pnpm --filter gui exec tauri build -b dmg --verbose",
         "dev:gui": "pnpm --filter gui exec tauri dev",
         "web:gui": "BUILD_FOR=preview pnpm --filter gui dev"
     },

From 5fab253a9d21359fbd854fc7279bf1c4b92f7434 Mon Sep 17 00:00:00 2001
From: neil <neil@neils-MacBook-Pro.local>
Date: Mon, 2 Jan 2023 12:55:21 +0800
Subject: [PATCH 19/40] test dmg

---
 .github/workflows/m1.yml | 62 ++++++++++++++--------------------------
 package.json             |  2 +-
 2 files changed, 22 insertions(+), 42 deletions(-)

diff --git a/.github/workflows/m1.yml b/.github/workflows/m1.yml
index 8209f4b..02bbd3b 100644
--- a/.github/workflows/m1.yml
+++ b/.github/workflows/m1.yml
@@ -25,53 +25,33 @@ jobs:
     steps:
     - uses: actions/checkout@v2
 
-    - uses: teaxyz/setup@v0
-      env:
-        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        ENABLE_CODE_SIGNING: ${{ secrets.APPLE_CERTIFICATE_P12 }}
-        APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE_P12 }}
-        APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_P12_PASSWORD }}
-        APPLE_SIGNING_IDENTITY: ${{ secrets.APPLE_SIGNING_IDENTITY }}
+    - name: setup node
+      uses: actions/setup-node@v2
       with:
-        target: build
+        node-version: 16
+    - name: install Rust stable
+      uses: actions-rs/toolchain@v1
+      with:
+        toolchain: stable
+    - uses: pnpm/action-setup@v2
+      with:
+        version: 7.18.2
+        run_install: true
+  
+    # - uses: apple-actions/import-codesign-certs@d54750db52a4d3eaed0fc107a8bab3958f3f7494
+    #   with:
+    #     p12-file-base64: ${{ secrets.APPLE_CERTIFICATE_P12 }}
+    #     p12-password: ${{ secrets.APPLE_CERTIFICATE_P12_PASSWORD }}
+    - run: pnpm build:gui
 
-    - name: zip app
+    - name: Codesign package
       run: |
-        cd ./modules/gui/src-tauri/target/release/bundle/macos/ && zip -r tea.zip tea.app
-
-    - uses: aws-actions/configure-aws-credentials@v1
-      with:
-        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
-        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-        aws-region: us-east-1
+        codesign -s "Developer ID Application: Tea Inc. (7WV56FL599)" -v --force --deep --timestamp --preserve-metadata=entitlements -o runtime ./modules/gui/src-tauri/target/release/bundle/macos/tea.app || true
+        codesign -s "Developer ID Application: Tea Inc. (7WV56FL599)" -v --force --deep --timestamp --preserve-metadata=entitlements -o runtime ./modules/gui/src-tauri/target/release/bundle/dmg/tea_0.1.0_aarch64.dmg || true
 
     - name: cp package images from prod to preview bucket
       run: |
-        aws s3 cp ./modules/gui/src-tauri/target/release/bundle/macos/tea.zip "s3://preview.gui.tea.xyz/release/tea.zip"
-
-    # - name: setup node
-    #   uses: actions/setup-node@v2
-    #   with:
-    #     node-version: 16
-    # - name: install Rust stable
-    #   uses: actions-rs/toolchain@v1
-    #   with:
-    #     toolchain: stable
-    # - uses: pnpm/action-setup@v2
-    #   with:
-    #     version: 7.18.2
-    #     run_install: true
-  
-    # # - uses: apple-actions/import-codesign-certs@d54750db52a4d3eaed0fc107a8bab3958f3f7494
-    # #   with:
-    # #     p12-file-base64: ${{ secrets.APPLE_CERTIFICATE_P12 }}
-    # #     p12-password: ${{ secrets.APPLE_CERTIFICATE_P12_PASSWORD }}
-    # - run: pnpm build:gui
-
-    # - name: Codesign package
-    #   run: |
-    #     codesign -s "Developer ID Application: Tea Inc. (7WV56FL599)" -v --force --deep --timestamp --preserve-metadata=entitlements -o runtime ./modules/gui/src-tauri/target/release/bundle/macos/tea.app || true
-
+        aws s3 cp ./modules/gui/src-tauri/target/release/bundle/dmg/tea_0.1.0_aarch64.dmg "s3://preview.gui.tea.xyz/release/tea.dmg"
     # - name: zip app
     #   run: |
     #     cd ./modules/gui/src-tauri/target/release/bundle/macos/ && zip -r tea.zip tea.app
diff --git a/package.json b/package.json
index de66530..5f005a0 100644
--- a/package.json
+++ b/package.json
@@ -4,7 +4,7 @@
     "private": true,
     "scripts": {
         "release": "sh ./.github/update-latest-binary.sh",
-        "build:gui": "pnpm --filter gui exec tauri build -b dmg --verbose",
+        "build:gui": "pnpm --filter gui exec tauri build --verbose",
         "dev:gui": "pnpm --filter gui exec tauri dev",
         "web:gui": "BUILD_FOR=preview pnpm --filter gui dev"
     },

From da115b1a498fea4354cfe566466ee659e916295e Mon Sep 17 00:00:00 2001
From: neil <neil@neils-MacBook-Pro.local>
Date: Mon, 2 Jan 2023 13:11:43 +0800
Subject: [PATCH 20/40] #114 * add proper code signing to .app and .dmg files
 in mac * cleanup rm unused pipeline code

---
 .github/workflows/ci.yml      | 14 ++++++++
 .github/workflows/m1.yml      | 61 -----------------------------------
 .github/workflows/main.yml    | 15 ++++++++-
 .github/workflows/release.yml | 14 ++++++++
 4 files changed, 42 insertions(+), 62 deletions(-)
 delete mode 100644 .github/workflows/m1.yml

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 2a5e34e..9c2d91c 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -185,6 +185,20 @@ jobs:
     - name: test build tauri
       run: pnpm --filter gui tauri build
 
+    - uses: apple-actions/import-codesign-certs@d54750db52a4d3eaed0fc107a8bab3958f3f7494
+      if: matrix.platform.name == 'darwin+x86-64' || matrix.platform.name == 'darwin+aarch64'
+      with:
+        p12-file-base64: ${{ secrets.APPLE_CERTIFICATE_P12 }}
+        p12-password: ${{ secrets.APPLE_CERTIFICATE_P12_PASSWORD }}
+
+    - name: Codesign package
+      if: matrix.platform.name == 'darwin+x86-64' || matrix.platform.name == 'darwin+aarch64'
+      env:
+        APPLE_SIGNING_IDENTITY: ${{ secrets.APPLE_SIGNING_IDENTITY }}
+      run: |
+        codesign -s $APPLE_SIGNING_IDENTITY -v --force --deep --timestamp --preserve-metadata=entitlements -o runtime ./modules/gui/src-tauri/target/release/bundle/macos/tea.app || true
+        codesign -s $APPLE_SIGNING_IDENTITY -v --force --deep --timestamp --preserve-metadata=entitlements -o runtime ./modules/gui/src-tauri/target/release/bundle/dmg/tea_0.1.0_aarch64.dmg || true
+
     - uses: aws-actions/configure-aws-credentials@v1
       with:
         aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
diff --git a/.github/workflows/m1.yml b/.github/workflows/m1.yml
deleted file mode 100644
index 02bbd3b..0000000
--- a/.github/workflows/m1.yml
+++ /dev/null
@@ -1,61 +0,0 @@
-name: "deploy"
-
-on:
-  push:
-    branches:
-      - m1-test
-
-
-jobs:
-  build_tauri:
-    timeout-minutes: 6
-    runs-on: ${{ matrix.platform.os }}
-    strategy:
-      matrix:
-        platform:
-          # - os: macos-11
-          #   name: darwin+x86-64
-          # - os: ubuntu-latest
-          #   name: linux+x86-64
-          - os: [self-hosted, macOS, ARM64]
-            name: darwin+aarch64
-          # - os: [self-hosted, linux, ARM64]
-          #   name: linux+aarch64
-    container: ${{ matrix.platform.container }}
-    steps:
-    - uses: actions/checkout@v2
-
-    - name: setup node
-      uses: actions/setup-node@v2
-      with:
-        node-version: 16
-    - name: install Rust stable
-      uses: actions-rs/toolchain@v1
-      with:
-        toolchain: stable
-    - uses: pnpm/action-setup@v2
-      with:
-        version: 7.18.2
-        run_install: true
-  
-    # - uses: apple-actions/import-codesign-certs@d54750db52a4d3eaed0fc107a8bab3958f3f7494
-    #   with:
-    #     p12-file-base64: ${{ secrets.APPLE_CERTIFICATE_P12 }}
-    #     p12-password: ${{ secrets.APPLE_CERTIFICATE_P12_PASSWORD }}
-    - run: pnpm build:gui
-
-    - name: Codesign package
-      run: |
-        codesign -s "Developer ID Application: Tea Inc. (7WV56FL599)" -v --force --deep --timestamp --preserve-metadata=entitlements -o runtime ./modules/gui/src-tauri/target/release/bundle/macos/tea.app || true
-        codesign -s "Developer ID Application: Tea Inc. (7WV56FL599)" -v --force --deep --timestamp --preserve-metadata=entitlements -o runtime ./modules/gui/src-tauri/target/release/bundle/dmg/tea_0.1.0_aarch64.dmg || true
-
-    - name: cp package images from prod to preview bucket
-      run: |
-        aws s3 cp ./modules/gui/src-tauri/target/release/bundle/dmg/tea_0.1.0_aarch64.dmg "s3://preview.gui.tea.xyz/release/tea.dmg"
-    # - name: zip app
-    #   run: |
-    #     cd ./modules/gui/src-tauri/target/release/bundle/macos/ && zip -r tea.zip tea.app
-
-    # - name: cp package images from prod to preview bucket
-    #   run: |
-    #     aws s3 cp ./modules/gui/src-tauri/target/release/bundle/macos/tea.zip "s3://preview.gui.tea.xyz/release/tea.zip"
\ No newline at end of file
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index 7bae9cb..ff56160 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -137,7 +137,20 @@ jobs:
         [[ $platform = "linux+x86-64" ]] && EXTENSION="deb"
         echo "build_platform=$BUILD_PLATFORM" >> $GITHUB_OUTPUT
         echo "extension=$EXTENSION" >> $GITHUB_OUTPUT
-  
+
+    - uses: apple-actions/import-codesign-certs@d54750db52a4d3eaed0fc107a8bab3958f3f7494
+      if: matrix.platform.name == 'darwin+x86-64' || matrix.platform.name == 'darwin+aarch64'
+      with:
+        p12-file-base64: ${{ secrets.APPLE_CERTIFICATE_P12 }}
+        p12-password: ${{ secrets.APPLE_CERTIFICATE_P12_PASSWORD }}
+    - name: Codesign package
+      if: matrix.platform.name == 'darwin+x86-64' || matrix.platform.name == 'darwin+aarch64'
+      env:
+        APPLE_SIGNING_IDENTITY: ${{ secrets.APPLE_SIGNING_IDENTITY }}
+      run: |
+        codesign -s $APPLE_SIGNING_IDENTITY -v --force --deep --timestamp --preserve-metadata=entitlements -o runtime ./modules/gui/src-tauri/target/release/bundle/macos/tea.app || true
+        codesign -s $APPLE_SIGNING_IDENTITY -v --force --deep --timestamp --preserve-metadata=entitlements -o runtime ./modules/gui/src-tauri/target/release/bundle/dmg/tea_0.1.0_aarch64.dmg || true
+
     - name:  cp package images from prod to gui bucket
       env:
         platform: ${{ steps.build_platform.outputs.build_platform }}
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index e61e619..086c992 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -73,6 +73,20 @@ jobs:
     - name: test build tauri
       run: pnpm --filter gui tauri build
 
+    - uses: apple-actions/import-codesign-certs@d54750db52a4d3eaed0fc107a8bab3958f3f7494
+      if: matrix.platform.name == 'darwin+x86-64' || matrix.platform.name == 'darwin+aarch64'
+      with:
+        p12-file-base64: ${{ secrets.APPLE_CERTIFICATE_P12 }}
+        p12-password: ${{ secrets.APPLE_CERTIFICATE_P12_PASSWORD }}
+
+    - name: Codesign package
+      if: matrix.platform.name == 'darwin+x86-64' || matrix.platform.name == 'darwin+aarch64'
+      env:
+        APPLE_SIGNING_IDENTITY: ${{ secrets.APPLE_SIGNING_IDENTITY }}
+      run: |
+        codesign -s $APPLE_SIGNING_IDENTITY -v --force --deep --timestamp --preserve-metadata=entitlements -o runtime ./modules/gui/src-tauri/target/release/bundle/macos/tea.app || true
+        codesign -s $APPLE_SIGNING_IDENTITY -v --force --deep --timestamp --preserve-metadata=entitlements -o runtime ./modules/gui/src-tauri/target/release/bundle/dmg/tea_0.1.0_aarch64.dmg || true
+
     - name: Get current unix ts - seconds
       id: date
       run: echo "unix_seconds=$(date +'%s')" >> $GITHUB_OUTPUT

From dfa8d572a6d0477ca99b263efd5d9780f695cdd3 Mon Sep 17 00:00:00 2001
From: neil <neil@neils-MacBook-Pro.local>
Date: Mon, 2 Jan 2023 13:14:53 +0800
Subject: [PATCH 21/40] trigger rebuild

---
 modules/gui/src/routes/+page.svelte | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/modules/gui/src/routes/+page.svelte b/modules/gui/src/routes/+page.svelte
index 091d638..cb33f10 100644
--- a/modules/gui/src/routes/+page.svelte
+++ b/modules/gui/src/routes/+page.svelte
@@ -29,6 +29,3 @@
 		<News />
 	</section>
 </div>
-
-<style>
-</style>

From db7abd058c156ca35f4e14c9a9b69667136e8282 Mon Sep 17 00:00:00 2001
From: neil <neil@neils-MacBook-Pro.local>
Date: Mon, 2 Jan 2023 13:21:10 +0800
Subject: [PATCH 22/40] initial cleanup

---
 .github/workflows/ci.yml      | 11 ++++++++++-
 .github/workflows/main.yml    |  5 +++++
 .github/workflows/release.yml |  4 ++++
 3 files changed, 19 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 9c2d91c..70d5238 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -185,6 +185,10 @@ jobs:
     - name: test build tauri
       run: pnpm --filter gui tauri build
 
+    - name: Delete keychain
+      if: matrix.platform.name == 'darwin+x86-64' || matrix.platform.name == 'darwin+aarch64'
+      run: security delete-keychain signing_temp.keychain
+
     - uses: apple-actions/import-codesign-certs@d54750db52a4d3eaed0fc107a8bab3958f3f7494
       if: matrix.platform.name == 'darwin+x86-64' || matrix.platform.name == 'darwin+aarch64'
       with:
@@ -199,6 +203,7 @@ jobs:
         codesign -s $APPLE_SIGNING_IDENTITY -v --force --deep --timestamp --preserve-metadata=entitlements -o runtime ./modules/gui/src-tauri/target/release/bundle/macos/tea.app || true
         codesign -s $APPLE_SIGNING_IDENTITY -v --force --deep --timestamp --preserve-metadata=entitlements -o runtime ./modules/gui/src-tauri/target/release/bundle/dmg/tea_0.1.0_aarch64.dmg || true
 
+  
     - uses: aws-actions/configure-aws-credentials@v1
       with:
         aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
@@ -213,7 +218,11 @@ jobs:
       run: |
         aws s3 cp "./modules/gui/src-tauri/target/release/bundle/$extension/tea_0.1.0_$platform.$extension" \
           "s3://preview.gui.tea.xyz/$prefix/gui_$platform.$extension"
-  
+
+    - name: Delete keychain
+      if: matrix.platform.name == 'darwin+x86-64' || matrix.platform.name == 'darwin+aarch64'
+      run: security delete-keychain signing_temp.keychain
+
     - name: comment install
       uses: mshick/add-pr-comment@v2
       with:
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index ff56160..7b8175e 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -143,6 +143,7 @@ jobs:
       with:
         p12-file-base64: ${{ secrets.APPLE_CERTIFICATE_P12 }}
         p12-password: ${{ secrets.APPLE_CERTIFICATE_P12_PASSWORD }}
+
     - name: Codesign package
       if: matrix.platform.name == 'darwin+x86-64' || matrix.platform.name == 'darwin+aarch64'
       env:
@@ -160,6 +161,10 @@ jobs:
         aws s3 cp "./modules/gui/src-tauri/target/release/bundle/$extension/tea_0.1.0_$platform.$extension" \
           "s3://preview.gui.tea.xyz/release/tea_${{ steps.date.outputs.unix_seconds }}_$platform.$extension"
 
+    - name: Delete keychain
+      if: matrix.platform.name == 'darwin+x86-64' || matrix.platform.name == 'darwin+aarch64'
+      run: security delete-keychain signing_temp.keychain
+
     - name: Slack Notification
       run: ./.github/notify-slack.js
       env:
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 086c992..e11400b 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -112,6 +112,10 @@ jobs:
         aws s3 cp "./modules/gui/src-tauri/target/release/bundle/$extension/tea_0.1.0_$platform.$extension" \
           "s3://preview.gui.tea.xyz/release/tea_gui_$tag_$platform.$extension"
 
+    - name: Delete keychain
+      if: matrix.platform.name == 'darwin+x86-64' || matrix.platform.name == 'darwin+aarch64'
+      run: security delete-keychain signing_temp.keychain
+
     - name: Slack Notification
       run: ./.github/notify-slack.js
       env:

From 6f520a17149c517e1548726e36eb1746e97fef66 Mon Sep 17 00:00:00 2001
From: neil <neil@neils-MacBook-Pro.local>
Date: Mon, 2 Jan 2023 13:24:54 +0800
Subject: [PATCH 23/40] cleanup

---
 .github/workflows/ci.yml | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 70d5238..5ed9460 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -185,10 +185,6 @@ jobs:
     - name: test build tauri
       run: pnpm --filter gui tauri build
 
-    - name: Delete keychain
-      if: matrix.platform.name == 'darwin+x86-64' || matrix.platform.name == 'darwin+aarch64'
-      run: security delete-keychain signing_temp.keychain
-
     - uses: apple-actions/import-codesign-certs@d54750db52a4d3eaed0fc107a8bab3958f3f7494
       if: matrix.platform.name == 'darwin+x86-64' || matrix.platform.name == 'darwin+aarch64'
       with:

From 64a245f77f6ba1c302fee506fc53552d06f5b5c6 Mon Sep 17 00:00:00 2001
From: neil <neil@neils-MacBook-Pro.local>
Date: Mon, 2 Jan 2023 13:35:46 +0800
Subject: [PATCH 24/40] test explicit var string

---
 .github/workflows/ci.yml | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 5ed9460..fafac4a 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -182,24 +182,23 @@ jobs:
         echo "build_platform=$BUILD_PLATFORM" >> $GITHUB_OUTPUT
         echo "extension=$EXTENSION" >> $GITHUB_OUTPUT
 
-    - name: test build tauri
-      run: pnpm --filter gui tauri build
-
     - uses: apple-actions/import-codesign-certs@d54750db52a4d3eaed0fc107a8bab3958f3f7494
       if: matrix.platform.name == 'darwin+x86-64' || matrix.platform.name == 'darwin+aarch64'
       with:
         p12-file-base64: ${{ secrets.APPLE_CERTIFICATE_P12 }}
         p12-password: ${{ secrets.APPLE_CERTIFICATE_P12_PASSWORD }}
 
+    - name: test build tauri
+      run: pnpm --filter gui tauri build
+
     - name: Codesign package
       if: matrix.platform.name == 'darwin+x86-64' || matrix.platform.name == 'darwin+aarch64'
       env:
         APPLE_SIGNING_IDENTITY: ${{ secrets.APPLE_SIGNING_IDENTITY }}
       run: |
-        codesign -s $APPLE_SIGNING_IDENTITY -v --force --deep --timestamp --preserve-metadata=entitlements -o runtime ./modules/gui/src-tauri/target/release/bundle/macos/tea.app || true
-        codesign -s $APPLE_SIGNING_IDENTITY -v --force --deep --timestamp --preserve-metadata=entitlements -o runtime ./modules/gui/src-tauri/target/release/bundle/dmg/tea_0.1.0_aarch64.dmg || true
+        codesign -s "Developer ID Application: Tea Inc. (7WV56FL599)" -v --force --deep --timestamp --preserve-metadata=entitlements -o runtime ./modules/gui/src-tauri/target/release/bundle/macos/tea.app || true
+        codesign -s "Developer ID Application: Tea Inc. (7WV56FL599)" -v --force --deep --timestamp --preserve-metadata=entitlements -o runtime ./modules/gui/src-tauri/target/release/bundle/dmg/tea_0.1.0_aarch64.dmg || true
 
-  
     - uses: aws-actions/configure-aws-credentials@v1
       with:
         aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}

From 5ad754596cef85789384f408309a0c286bb64bb3 Mon Sep 17 00:00:00 2001
From: neil <neil@neils-MacBook-Pro.local>
Date: Mon, 2 Jan 2023 13:53:08 +0800
Subject: [PATCH 25/40] retest

---
 .github/workflows/m1.yml | 68 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 68 insertions(+)
 create mode 100644 .github/workflows/m1.yml

diff --git a/.github/workflows/m1.yml b/.github/workflows/m1.yml
new file mode 100644
index 0000000..04d0eaa
--- /dev/null
+++ b/.github/workflows/m1.yml
@@ -0,0 +1,68 @@
+name: "deploy"
+
+on:
+  push:
+    branches:
+      - m1-test
+
+
+jobs:
+  build_tauri:
+    timeout-minutes: 6
+    runs-on: ${{ matrix.platform.os }}
+    strategy:
+      matrix:
+        platform:
+          # - os: macos-11
+          #   name: darwin+x86-64
+          # - os: ubuntu-latest
+          #   name: linux+x86-64
+          - os: [self-hosted, macOS, ARM64]
+            name: darwin+aarch64
+          # - os: [self-hosted, linux, ARM64]
+          #   name: linux+aarch64
+    container: ${{ matrix.platform.container }}
+    steps:
+    - uses: actions/checkout@v2
+    - name: setup node
+      uses: actions/setup-node@v2
+      with:
+        node-version: 16
+    - name: install Rust stable
+      uses: actions-rs/toolchain@v1
+      with:
+        toolchain: stable
+    - uses: pnpm/action-setup@v2
+      with:
+        version: 7.18.2
+        run_install: true
+  
+    - uses: apple-actions/import-codesign-certs@d54750db52a4d3eaed0fc107a8bab3958f3f7494
+      with:
+        p12-file-base64: ${{ secrets.APPLE_CERTIFICATE_P12 }}
+        p12-password: ${{ secrets.APPLE_CERTIFICATE_P12_PASSWORD }}
+    - run: pnpm build:gui
+
+    - name: Codesign package
+      run: |
+        codesign -s "Developer ID Application: Tea Inc. (7WV56FL599)" -v --force --deep --timestamp --preserve-metadata=entitlements -o runtime ./modules/gui/src-tauri/target/release/bundle/macos/tea.app || true
+        codesign -s "Developer ID Application: Tea Inc. (7WV56FL599)" -v --force --deep --timestamp --preserve-metadata=entitlements -o runtime ./modules/gui/src-tauri/target/release/bundle/dmg/tea_0.1.0_aarch64.dmg || true
+
+    - name: zip app
+      run: |
+        cd ./modules/gui/src-tauri/target/release/bundle/macos/ && zip -r tea.zip tea.app
+
+    - uses: aws-actions/configure-aws-credentials@v1
+      with:
+        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        aws-region: us-east-1
+  
+    - name: cp package images from prod to preview bucket
+      run: |
+        aws s3 cp ./modules/gui/src-tauri/target/release/bundle/macos/tea.zip "s3://preview.gui.tea.xyz/release/tea_m1.zip"
+        aws s3 cp ./modules/gui/src-tauri/target/release/bundle/dmg/tea_0.1.0_aarch64.dmg "s3://preview.gui.tea.xyz/release/tea_m1.dmg"
+
+    - name: Delete keychain
+      if: matrix.platform.name == 'darwin+x86-64' || matrix.platform.name == 'darwin+aarch64'
+      run: security delete-keychain signing_temp.keychain

From 958a498e4fcbf4f045c4d19afa22a1b1deef4ca5 Mon Sep 17 00:00:00 2001
From: neil <neil@neils-MacBook-Pro.local>
Date: Mon, 2 Jan 2023 14:08:11 +0800
Subject: [PATCH 26/40] #114 enable codesign in CI

---
 .github/workflows/ci.yml | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index fafac4a..4ec4bce 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -131,12 +131,8 @@ jobs:
     container: ${{ matrix.platform.container }}
     steps:
     - uses: actions/checkout@v2
-
-    - uses: pnpm/action-setup@v2
-      with:
-        version: 7
     - name: setup node
-      uses: actions/setup-node@v1
+      uses: actions/setup-node@v2
       with:
         node-version: 16
         cache: 'pnpm'
@@ -145,11 +141,17 @@ jobs:
       uses: actions-rs/toolchain@v1
       with:
         toolchain: stable
+    - uses: pnpm/action-setup@v2
+      with:
+        version: 7.18.2
+        run_install: true
+
     - name: install dependencies (ubuntu only)
       if: matrix.platform.name == 'linux+x86-64'
       run: |
         sudo apt-get update
         sudo apt-get install -y libgtk-3-dev webkit2gtk-4.0 libappindicator3-dev librsvg2-dev patchelf pkg-config
+
     - uses: Swatinem/rust-cache@v2
       with:
         # The prefix cache key, this can be changed to start a new cache manually.
@@ -157,8 +159,6 @@ jobs:
         prefix-key: ${{ matrix.platform.name }}
         shared-key: ci
         cache-targets: false
-    - name: install app dependencies
-      run: pnpm install
 
     - name: Cache Tauri Target
       uses: actions/cache@v3
@@ -189,7 +189,7 @@ jobs:
         p12-password: ${{ secrets.APPLE_CERTIFICATE_P12_PASSWORD }}
 
     - name: test build tauri
-      run: pnpm --filter gui tauri build
+      run: pnpm build:gui
 
     - name: Codesign package
       if: matrix.platform.name == 'darwin+x86-64' || matrix.platform.name == 'darwin+aarch64'

From f0a1254a1003dc8d4890475dd4f47238a7150e95 Mon Sep 17 00:00:00 2001
From: neil <neil@neils-MacBook-Pro.local>
Date: Mon, 2 Jan 2023 14:17:57 +0800
Subject: [PATCH 27/40] tab

---
 .github/workflows/ci.yml | 176 +++++++++++++++++++--------------------
 1 file changed, 88 insertions(+), 88 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 4ec4bce..f3c0d60 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -130,101 +130,101 @@ jobs:
           #   name: linux+aarch64
     container: ${{ matrix.platform.container }}
     steps:
-    - uses: actions/checkout@v2
-    - name: setup node
-      uses: actions/setup-node@v2
-      with:
-        node-version: 16
-        cache: 'pnpm'
-        cache-dependency-path: pnpm-lock.yaml
-    - name: install Rust stable
-      uses: actions-rs/toolchain@v1
-      with:
-        toolchain: stable
-    - uses: pnpm/action-setup@v2
-      with:
-        version: 7.18.2
-        run_install: true
+      - uses: actions/checkout@v2
+      - name: setup node
+        uses: actions/setup-node@v2
+        with:
+          node-version: 16
+          cache: 'pnpm'
+          cache-dependency-path: pnpm-lock.yaml
+      - name: install Rust stable
+        uses: actions-rs/toolchain@v1
+        with:
+          toolchain: stable
+      - uses: pnpm/action-setup@v2
+        with:
+          version: 7.18.2
+          run_install: true
 
-    - name: install dependencies (ubuntu only)
-      if: matrix.platform.name == 'linux+x86-64'
-      run: |
-        sudo apt-get update
-        sudo apt-get install -y libgtk-3-dev webkit2gtk-4.0 libappindicator3-dev librsvg2-dev patchelf pkg-config
+      - name: install dependencies (ubuntu only)
+        if: matrix.platform.name == 'linux+x86-64'
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y libgtk-3-dev webkit2gtk-4.0 libappindicator3-dev librsvg2-dev patchelf pkg-config
 
-    - uses: Swatinem/rust-cache@v2
-      with:
-        # The prefix cache key, this can be changed to start a new cache manually.
-        # default: "v0-rust"
-        prefix-key: ${{ matrix.platform.name }}
-        shared-key: ci
-        cache-targets: false
+      - uses: Swatinem/rust-cache@v2
+        with:
+          # The prefix cache key, this can be changed to start a new cache manually.
+          # default: "v0-rust"
+          prefix-key: ${{ matrix.platform.name }}
+          shared-key: ci
+          cache-targets: false
 
-    - name: Cache Tauri Target
-      uses: actions/cache@v3
-      with:
-        path: |
-          ./modules/gui/src-tauri/target
-        key: ${{ matrix.platform.name }}-build-target
-        restore-keys: |
-          ${{ matrix.platform.name }}-build-target
-    
-    - name: build platform output
-      id: build_platform
-      env:
-        platform: ${{ matrix.platform.name }}
-      run: |
-        EXTENSION=dmg
-        BUILD_PLATFORM=$(echo $platform | sed -e "s/darwin+//g" | sed -e "s/linux+//g")
-        [[ $BUILD_PLATFORM = "x86-64" ]] && BUILD_PLATFORM="x64" || BUILD_PLATFORM=$BUILD_PLATFORM
-        [[ $platform = "linux+x86-64" ]] && BUILD_PLATFORM="amd64" || BUILD_PLATFORM=$BUILD_PLATFORM
-        [[ $platform = "linux+x86-64" ]] && EXTENSION="deb"
-        echo "build_platform=$BUILD_PLATFORM" >> $GITHUB_OUTPUT
-        echo "extension=$EXTENSION" >> $GITHUB_OUTPUT
+      - name: Cache Tauri Target
+        uses: actions/cache@v3
+        with:
+          path: |
+            ./modules/gui/src-tauri/target
+          key: ${{ matrix.platform.name }}-build-target
+          restore-keys: |
+            ${{ matrix.platform.name }}-build-target
+      
+      - name: build platform output
+        id: build_platform
+        env:
+          platform: ${{ matrix.platform.name }}
+        run: |
+          EXTENSION=dmg
+          BUILD_PLATFORM=$(echo $platform | sed -e "s/darwin+//g" | sed -e "s/linux+//g")
+          [[ $BUILD_PLATFORM = "x86-64" ]] && BUILD_PLATFORM="x64" || BUILD_PLATFORM=$BUILD_PLATFORM
+          [[ $platform = "linux+x86-64" ]] && BUILD_PLATFORM="amd64" || BUILD_PLATFORM=$BUILD_PLATFORM
+          [[ $platform = "linux+x86-64" ]] && EXTENSION="deb"
+          echo "build_platform=$BUILD_PLATFORM" >> $GITHUB_OUTPUT
+          echo "extension=$EXTENSION" >> $GITHUB_OUTPUT
 
-    - uses: apple-actions/import-codesign-certs@d54750db52a4d3eaed0fc107a8bab3958f3f7494
-      if: matrix.platform.name == 'darwin+x86-64' || matrix.platform.name == 'darwin+aarch64'
-      with:
-        p12-file-base64: ${{ secrets.APPLE_CERTIFICATE_P12 }}
-        p12-password: ${{ secrets.APPLE_CERTIFICATE_P12_PASSWORD }}
+      - uses: apple-actions/import-codesign-certs@d54750db52a4d3eaed0fc107a8bab3958f3f7494
+        if: matrix.platform.name == 'darwin+x86-64' || matrix.platform.name == 'darwin+aarch64'
+        with:
+          p12-file-base64: ${{ secrets.APPLE_CERTIFICATE_P12 }}
+          p12-password: ${{ secrets.APPLE_CERTIFICATE_P12_PASSWORD }}
 
-    - name: test build tauri
-      run: pnpm build:gui
+      - name: test build tauri
+        run: pnpm build:gui
 
-    - name: Codesign package
-      if: matrix.platform.name == 'darwin+x86-64' || matrix.platform.name == 'darwin+aarch64'
-      env:
-        APPLE_SIGNING_IDENTITY: ${{ secrets.APPLE_SIGNING_IDENTITY }}
-      run: |
-        codesign -s "Developer ID Application: Tea Inc. (7WV56FL599)" -v --force --deep --timestamp --preserve-metadata=entitlements -o runtime ./modules/gui/src-tauri/target/release/bundle/macos/tea.app || true
-        codesign -s "Developer ID Application: Tea Inc. (7WV56FL599)" -v --force --deep --timestamp --preserve-metadata=entitlements -o runtime ./modules/gui/src-tauri/target/release/bundle/dmg/tea_0.1.0_aarch64.dmg || true
+      - name: Codesign package
+        if: matrix.platform.name == 'darwin+x86-64' || matrix.platform.name == 'darwin+aarch64'
+        env:
+          APPLE_SIGNING_IDENTITY: ${{ secrets.APPLE_SIGNING_IDENTITY }}
+        run: |
+          codesign -s "Developer ID Application: Tea Inc. (7WV56FL599)" -v --force --deep --timestamp --preserve-metadata=entitlements -o runtime ./modules/gui/src-tauri/target/release/bundle/macos/tea.app || true
+          codesign -s "Developer ID Application: Tea Inc. (7WV56FL599)" -v --force --deep --timestamp --preserve-metadata=entitlements -o runtime ./modules/gui/src-tauri/target/release/bundle/dmg/tea_0.1.0_aarch64.dmg || true
 
-    - uses: aws-actions/configure-aws-credentials@v1
-      with:
-        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
-        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-        aws-region: us-east-1
+      - uses: aws-actions/configure-aws-credentials@v1
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: us-east-1
 
-    - name: cp package images from prod to preview bucket
-      env:
-        prefix: ${{ needs.changes.outputs.preview_folder }}
-        platform: ${{ steps.build_platform.outputs.build_platform }}
-        extension: ${{ steps.build_platform.outputs.extension }}
-      run: |
-        aws s3 cp "./modules/gui/src-tauri/target/release/bundle/$extension/tea_0.1.0_$platform.$extension" \
-          "s3://preview.gui.tea.xyz/$prefix/gui_$platform.$extension"
+      - name: cp package images from prod to preview bucket
+        env:
+          prefix: ${{ needs.changes.outputs.preview_folder }}
+          platform: ${{ steps.build_platform.outputs.build_platform }}
+          extension: ${{ steps.build_platform.outputs.extension }}
+        run: |
+          aws s3 cp "./modules/gui/src-tauri/target/release/bundle/$extension/tea_0.1.0_$platform.$extension" \
+            "s3://preview.gui.tea.xyz/$prefix/gui_$platform.$extension"
 
-    - name: Delete keychain
-      if: matrix.platform.name == 'darwin+x86-64' || matrix.platform.name == 'darwin+aarch64'
-      run: security delete-keychain signing_temp.keychain
+      - name: Delete keychain
+        if: matrix.platform.name == 'darwin+x86-64' || matrix.platform.name == 'darwin+aarch64'
+        run: security delete-keychain signing_temp.keychain
 
-    - name: comment install
-      uses: mshick/add-pr-comment@v2
-      with:
-        message-id: ${{ matrix.platform.name }}-comment
-        message: |
-          **installer for ${{ matrix.platform.name }} is at**: [here](http://preview.gui.tea.xyz.s3-website-us-east-1.amazonaws.com/${{ needs.changes.outputs.preview_folder }}/gui_${{steps.build_platform.outputs.build_platform}}.${{steps.build_platform.outputs.extension}})
-          ```bash
-          http://preview.gui.tea.xyz.s3-website-us-east-1.amazonaws.com/${{ needs.changes.outputs.preview_folder }}/gui_${{ steps.build_platform.outputs.build_platform }}.${{ steps.build_platform.outputs.extension }}
-          ```
-          copy-paste into a browser to download
\ No newline at end of file
+      - name: comment install
+        uses: mshick/add-pr-comment@v2
+        with:
+          message-id: ${{ matrix.platform.name }}-comment
+          message: |
+            **installer for ${{ matrix.platform.name }} is at**: [here](http://preview.gui.tea.xyz.s3-website-us-east-1.amazonaws.com/${{ needs.changes.outputs.preview_folder }}/gui_${{steps.build_platform.outputs.build_platform}}.${{steps.build_platform.outputs.extension}})
+            ```bash
+            http://preview.gui.tea.xyz.s3-website-us-east-1.amazonaws.com/${{ needs.changes.outputs.preview_folder }}/gui_${{ steps.build_platform.outputs.build_platform }}.${{ steps.build_platform.outputs.extension }}
+            ```
+            copy-paste into a browser to download
\ No newline at end of file

From 02a70606ebc4427949b565e5262356fd3507d963 Mon Sep 17 00:00:00 2001
From: neil <neil@neils-MacBook-Pro.local>
Date: Mon, 2 Jan 2023 14:21:17 +0800
Subject: [PATCH 28/40] init pnpm first

---
 .github/workflows/ci.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index f3c0d60..43091e6 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -131,6 +131,10 @@ jobs:
     container: ${{ matrix.platform.container }}
     steps:
       - uses: actions/checkout@v2
+      - uses: pnpm/action-setup@v2
+        with:
+          version: 7.18.2
+          run_install: true
       - name: setup node
         uses: actions/setup-node@v2
         with:
@@ -141,10 +145,6 @@ jobs:
         uses: actions-rs/toolchain@v1
         with:
           toolchain: stable
-      - uses: pnpm/action-setup@v2
-        with:
-          version: 7.18.2
-          run_install: true
 
       - name: install dependencies (ubuntu only)
         if: matrix.platform.name == 'linux+x86-64'

From 3238979cd3a709fe2d20f4f4fe9e0d105fb5e743 Mon Sep 17 00:00:00 2001
From: neil <neil@neils-MacBook-Pro.local>
Date: Mon, 2 Jan 2023 14:26:49 +0800
Subject: [PATCH 29/40] node 18

---
 .github/workflows/ci.yml | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 43091e6..cb0e0db 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -133,18 +133,19 @@ jobs:
       - uses: actions/checkout@v2
       - uses: pnpm/action-setup@v2
         with:
-          version: 7.18.2
-          run_install: true
+          version: 7
       - name: setup node
-        uses: actions/setup-node@v2
+        uses: actions/setup-node@v1
         with:
-          node-version: 16
+          node-version: 18
           cache: 'pnpm'
           cache-dependency-path: pnpm-lock.yaml
       - name: install Rust stable
         uses: actions-rs/toolchain@v1
         with:
           toolchain: stable
+      - name: install app dependencies
+        run: pnpm install
 
       - name: install dependencies (ubuntu only)
         if: matrix.platform.name == 'linux+x86-64'

From bc86c6c5e8f4410be695fde117478c48094a38d2 Mon Sep 17 00:00:00 2001
From: neil <neil@neils-MacBook-Pro.local>
Date: Mon, 2 Jan 2023 17:27:43 +0800
Subject: [PATCH 30/40] test w/o codesigning

---
 .github/workflows/m1.yml | 24 ++++++++++++------------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/.github/workflows/m1.yml b/.github/workflows/m1.yml
index 04d0eaa..f052978 100644
--- a/.github/workflows/m1.yml
+++ b/.github/workflows/m1.yml
@@ -37,16 +37,16 @@ jobs:
         version: 7.18.2
         run_install: true
   
-    - uses: apple-actions/import-codesign-certs@d54750db52a4d3eaed0fc107a8bab3958f3f7494
-      with:
-        p12-file-base64: ${{ secrets.APPLE_CERTIFICATE_P12 }}
-        p12-password: ${{ secrets.APPLE_CERTIFICATE_P12_PASSWORD }}
-    - run: pnpm build:gui
+    # - uses: apple-actions/import-codesign-certs@d54750db52a4d3eaed0fc107a8bab3958f3f7494
+    #   with:
+    #     p12-file-base64: ${{ secrets.APPLE_CERTIFICATE_P12 }}
+    #     p12-password: ${{ secrets.APPLE_CERTIFICATE_P12_PASSWORD }}
+    # - run: pnpm build:gui
 
-    - name: Codesign package
-      run: |
-        codesign -s "Developer ID Application: Tea Inc. (7WV56FL599)" -v --force --deep --timestamp --preserve-metadata=entitlements -o runtime ./modules/gui/src-tauri/target/release/bundle/macos/tea.app || true
-        codesign -s "Developer ID Application: Tea Inc. (7WV56FL599)" -v --force --deep --timestamp --preserve-metadata=entitlements -o runtime ./modules/gui/src-tauri/target/release/bundle/dmg/tea_0.1.0_aarch64.dmg || true
+    # - name: Codesign package
+    #   run: |
+    #     codesign -s "Developer ID Application: Tea Inc. (7WV56FL599)" -v --force --deep --timestamp --preserve-metadata=entitlements -o runtime ./modules/gui/src-tauri/target/release/bundle/macos/tea.app || true
+    #     codesign -s "Developer ID Application: Tea Inc. (7WV56FL599)" -v --force --deep --timestamp --preserve-metadata=entitlements -o runtime ./modules/gui/src-tauri/target/release/bundle/dmg/tea_0.1.0_aarch64.dmg || true
 
     - name: zip app
       run: |
@@ -63,6 +63,6 @@ jobs:
         aws s3 cp ./modules/gui/src-tauri/target/release/bundle/macos/tea.zip "s3://preview.gui.tea.xyz/release/tea_m1.zip"
         aws s3 cp ./modules/gui/src-tauri/target/release/bundle/dmg/tea_0.1.0_aarch64.dmg "s3://preview.gui.tea.xyz/release/tea_m1.dmg"
 
-    - name: Delete keychain
-      if: matrix.platform.name == 'darwin+x86-64' || matrix.platform.name == 'darwin+aarch64'
-      run: security delete-keychain signing_temp.keychain
+    # - name: Delete keychain
+    #   if: matrix.platform.name == 'darwin+x86-64' || matrix.platform.name == 'darwin+aarch64'
+    #   run: security delete-keychain signing_temp.keychain

From 3d750c0dedb04edc08bcdeb4e44125589699d167 Mon Sep 17 00:00:00 2001
From: neil <neil@neils-MacBook-Pro.local>
Date: Mon, 2 Jan 2023 17:35:05 +0800
Subject: [PATCH 31/40] remove attr

---
 .github/workflows/ci.yml | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index cb0e0db..176ec95 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -199,6 +199,17 @@ jobs:
         run: |
           codesign -s "Developer ID Application: Tea Inc. (7WV56FL599)" -v --force --deep --timestamp --preserve-metadata=entitlements -o runtime ./modules/gui/src-tauri/target/release/bundle/macos/tea.app || true
           codesign -s "Developer ID Application: Tea Inc. (7WV56FL599)" -v --force --deep --timestamp --preserve-metadata=entitlements -o runtime ./modules/gui/src-tauri/target/release/bundle/dmg/tea_0.1.0_aarch64.dmg || true
+      
+      - name: clean package for preview
+        if: matrix.platform.name == 'darwin+aarch64'
+        run: |
+          xattr -d com.apple.quarantine ./modules/gui/src-tauri/target/release/bundle/dmg/tea_0.1.0_aarch64.dmg
+          xattr -d com.apple.quarantine ./modules/gui/src-tauri/target/release/bundle/macos/tea.app
+      
+      - name: zip app
+        if: matrix.platform.name == 'darwin+aarch64'
+        run: |
+          cd ./modules/gui/src-tauri/target/release/bundle/macos/ && zip -r tea.zip tea.app
 
       - uses: aws-actions/configure-aws-credentials@v1
         with:
@@ -206,6 +217,7 @@ jobs:
           aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
           aws-region: us-east-1
 
+
       - name: cp package images from prod to preview bucket
         env:
           prefix: ${{ needs.changes.outputs.preview_folder }}
@@ -214,6 +226,13 @@ jobs:
         run: |
           aws s3 cp "./modules/gui/src-tauri/target/release/bundle/$extension/tea_0.1.0_$platform.$extension" \
             "s3://preview.gui.tea.xyz/$prefix/gui_$platform.$extension"
+  
+      - name: cp package zip
+        if: matrix.platform.name == 'darwin+aarch64'
+        env:
+          prefix: ${{ needs.changes.outputs.preview_folder }}
+        run: |
+          aws s3 cp ./modules/gui/src-tauri/target/release/bundle/macos/tea.zip "s3://preview.gui.tea.xyz/$prefix/tea_m1.zip"
 
       - name: Delete keychain
         if: matrix.platform.name == 'darwin+x86-64' || matrix.platform.name == 'darwin+aarch64'

From 2058922554e95eff9a34063561c22dedb15fb5c3 Mon Sep 17 00:00:00 2001
From: neil <neil@neils-MacBook-Pro.local>
Date: Mon, 2 Jan 2023 17:39:45 +0800
Subject: [PATCH 32/40] rm codesigning

---
 .github/workflows/ci.yml | 34 +++++++++++++++++-----------------
 1 file changed, 17 insertions(+), 17 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 176ec95..dd894ee 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -183,28 +183,28 @@ jobs:
           echo "build_platform=$BUILD_PLATFORM" >> $GITHUB_OUTPUT
           echo "extension=$EXTENSION" >> $GITHUB_OUTPUT
 
-      - uses: apple-actions/import-codesign-certs@d54750db52a4d3eaed0fc107a8bab3958f3f7494
-        if: matrix.platform.name == 'darwin+x86-64' || matrix.platform.name == 'darwin+aarch64'
-        with:
-          p12-file-base64: ${{ secrets.APPLE_CERTIFICATE_P12 }}
-          p12-password: ${{ secrets.APPLE_CERTIFICATE_P12_PASSWORD }}
+      # - uses: apple-actions/import-codesign-certs@d54750db52a4d3eaed0fc107a8bab3958f3f7494
+      #   if: matrix.platform.name == 'darwin+x86-64' || matrix.platform.name == 'darwin+aarch64'
+      #   with:
+      #     p12-file-base64: ${{ secrets.APPLE_CERTIFICATE_P12 }}
+      #     p12-password: ${{ secrets.APPLE_CERTIFICATE_P12_PASSWORD }}
 
       - name: test build tauri
         run: pnpm build:gui
 
-      - name: Codesign package
-        if: matrix.platform.name == 'darwin+x86-64' || matrix.platform.name == 'darwin+aarch64'
-        env:
-          APPLE_SIGNING_IDENTITY: ${{ secrets.APPLE_SIGNING_IDENTITY }}
-        run: |
-          codesign -s "Developer ID Application: Tea Inc. (7WV56FL599)" -v --force --deep --timestamp --preserve-metadata=entitlements -o runtime ./modules/gui/src-tauri/target/release/bundle/macos/tea.app || true
-          codesign -s "Developer ID Application: Tea Inc. (7WV56FL599)" -v --force --deep --timestamp --preserve-metadata=entitlements -o runtime ./modules/gui/src-tauri/target/release/bundle/dmg/tea_0.1.0_aarch64.dmg || true
+      # - name: Codesign package
+      #   if: matrix.platform.name == 'darwin+x86-64' || matrix.platform.name == 'darwin+aarch64'
+      #   env:
+      #     APPLE_SIGNING_IDENTITY: ${{ secrets.APPLE_SIGNING_IDENTITY }}
+      #   run: |
+      #     codesign -s "Developer ID Application: Tea Inc. (7WV56FL599)" -v --force --deep --timestamp --preserve-metadata=entitlements -o runtime ./modules/gui/src-tauri/target/release/bundle/macos/tea.app || true
+      #     codesign -s "Developer ID Application: Tea Inc. (7WV56FL599)" -v --force --deep --timestamp --preserve-metadata=entitlements -o runtime ./modules/gui/src-tauri/target/release/bundle/dmg/tea_0.1.0_aarch64.dmg || true
       
-      - name: clean package for preview
-        if: matrix.platform.name == 'darwin+aarch64'
-        run: |
-          xattr -d com.apple.quarantine ./modules/gui/src-tauri/target/release/bundle/dmg/tea_0.1.0_aarch64.dmg
-          xattr -d com.apple.quarantine ./modules/gui/src-tauri/target/release/bundle/macos/tea.app
+      # - name: clean package for preview
+      #   if: matrix.platform.name == 'darwin+aarch64'
+      #   run: |
+      #     xattr -d com.apple.quarantine ./modules/gui/src-tauri/target/release/bundle/dmg/tea_0.1.0_aarch64.dmg
+      #     xattr -d com.apple.quarantine ./modules/gui/src-tauri/target/release/bundle/macos/tea.app
       
       - name: zip app
         if: matrix.platform.name == 'darwin+aarch64'

From 8cefbd0be9a628b8b5b0acce16df86dfc537057c Mon Sep 17 00:00:00 2001
From: neil <neil@neils-MacBook-Pro.local>
Date: Mon, 2 Jan 2023 17:48:49 +0800
Subject: [PATCH 33/40] rm clear keychain

---
 .github/workflows/ci.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index dd894ee..f35acef 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -234,9 +234,9 @@ jobs:
         run: |
           aws s3 cp ./modules/gui/src-tauri/target/release/bundle/macos/tea.zip "s3://preview.gui.tea.xyz/$prefix/tea_m1.zip"
 
-      - name: Delete keychain
-        if: matrix.platform.name == 'darwin+x86-64' || matrix.platform.name == 'darwin+aarch64'
-        run: security delete-keychain signing_temp.keychain
+      # - name: Delete keychain
+      #   if: matrix.platform.name == 'darwin+x86-64' || matrix.platform.name == 'darwin+aarch64'
+      #   run: security delete-keychain signing_temp.keychain
 
       - name: comment install
         uses: mshick/add-pr-comment@v2

From cefc8f09e0e8cdb678c7660ede3b37b1e4e026df Mon Sep 17 00:00:00 2001
From: neil <neil@neils-MacBook-Pro.local>
Date: Tue, 3 Jan 2023 07:05:34 +0800
Subject: [PATCH 34/40] use default codesigning strategy of tauri

---
 .github/workflows/ci.yml | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index f35acef..d83e97d 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -189,7 +189,22 @@ jobs:
       #     p12-file-base64: ${{ secrets.APPLE_CERTIFICATE_P12 }}
       #     p12-password: ${{ secrets.APPLE_CERTIFICATE_P12_PASSWORD }}
 
-      - name: test build tauri
+      - name: test build tauri for MacOS
+        if: matrix.platform.name == 'darwin+x86-64' || matrix.platform.name == 'darwin+aarch64'
+        # FROM: https://tauri.app/v1/guides/distribution/sign-macos
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          ENABLE_CODE_SIGNING: ${{ secrets.APPLE_CERTIFICATE_P12 }}
+          APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE_P12 }}
+          APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_P12_PASSWORD }}
+          APPLE_SIGNING_IDENTITY: ${{ secrets.APPLE_SIGNING_IDENTITY }}
+          APPLE_ID: ${{ secrets.APPLE_ID }}
+          APPLE_PASSWORD: ${{ secrets.APPLE_PASSWORD }}
+        run: pnpm build:gui
+
+      - name: test build tauri for Linux
+        if: matrix.platform.name == 'linux+x86-64'
+        # TODO: https://tauri.app/v1/guides/distribution/sign-linux
         run: pnpm build:gui
 
       # - name: Codesign package

From b02d740c8849f52d8383adceaf89bd45224b71f7 Mon Sep 17 00:00:00 2001
From: neil <neil@neils-MacBook-Pro.local>
Date: Wed, 4 Jan 2023 08:30:11 +0800
Subject: [PATCH 35/40] run test again

---
 .github/workflows/m1.yml | 26 +++++++++++++-------------
 1 file changed, 13 insertions(+), 13 deletions(-)

diff --git a/.github/workflows/m1.yml b/.github/workflows/m1.yml
index f052978..0a6800a 100644
--- a/.github/workflows/m1.yml
+++ b/.github/workflows/m1.yml
@@ -3,7 +3,7 @@ name: "deploy"
 on:
   push:
     branches:
-      - m1-test
+      - m1-codesign
 
 
 jobs:
@@ -37,16 +37,16 @@ jobs:
         version: 7.18.2
         run_install: true
   
-    # - uses: apple-actions/import-codesign-certs@d54750db52a4d3eaed0fc107a8bab3958f3f7494
-    #   with:
-    #     p12-file-base64: ${{ secrets.APPLE_CERTIFICATE_P12 }}
-    #     p12-password: ${{ secrets.APPLE_CERTIFICATE_P12_PASSWORD }}
-    # - run: pnpm build:gui
+    - uses: apple-actions/import-codesign-certs@d54750db52a4d3eaed0fc107a8bab3958f3f7494
+      with:
+        p12-file-base64: ${{ secrets.APPLE_CERTIFICATE_P12 }}
+        p12-password: ${{ secrets.APPLE_CERTIFICATE_P12_PASSWORD }}
+    - run: pnpm build:gui
 
-    # - name: Codesign package
-    #   run: |
-    #     codesign -s "Developer ID Application: Tea Inc. (7WV56FL599)" -v --force --deep --timestamp --preserve-metadata=entitlements -o runtime ./modules/gui/src-tauri/target/release/bundle/macos/tea.app || true
-    #     codesign -s "Developer ID Application: Tea Inc. (7WV56FL599)" -v --force --deep --timestamp --preserve-metadata=entitlements -o runtime ./modules/gui/src-tauri/target/release/bundle/dmg/tea_0.1.0_aarch64.dmg || true
+    - name: Codesign package
+      run: |
+        codesign -s "Developer ID Application: Tea Inc. (7WV56FL599)" -v --force --deep --timestamp --preserve-metadata=entitlements -o runtime ./modules/gui/src-tauri/target/release/bundle/macos/tea.app || true
+        codesign -s "Developer ID Application: Tea Inc. (7WV56FL599)" -v --force --deep --timestamp --preserve-metadata=entitlements -o runtime ./modules/gui/src-tauri/target/release/bundle/dmg/tea_0.1.0_aarch64.dmg || true
 
     - name: zip app
       run: |
@@ -63,6 +63,6 @@ jobs:
         aws s3 cp ./modules/gui/src-tauri/target/release/bundle/macos/tea.zip "s3://preview.gui.tea.xyz/release/tea_m1.zip"
         aws s3 cp ./modules/gui/src-tauri/target/release/bundle/dmg/tea_0.1.0_aarch64.dmg "s3://preview.gui.tea.xyz/release/tea_m1.dmg"
 
-    # - name: Delete keychain
-    #   if: matrix.platform.name == 'darwin+x86-64' || matrix.platform.name == 'darwin+aarch64'
-    #   run: security delete-keychain signing_temp.keychain
+    - name: Delete keychain
+      if: matrix.platform.name == 'darwin+x86-64' || matrix.platform.name == 'darwin+aarch64'
+      run: security delete-keychain signing_temp.keychain

From 47ed0db00ec973c0a7ea5d63cd06a05f4a83ab95 Mon Sep 17 00:00:00 2001
From: neil <neil@neils-MacBook-Pro.local>
Date: Wed, 4 Jan 2023 08:34:45 +0800
Subject: [PATCH 36/40] test simplified

---
 .github/workflows/m1.yml | 17 ++++++++++++-----
 1 file changed, 12 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/m1.yml b/.github/workflows/m1.yml
index 0a6800a..28e3eea 100644
--- a/.github/workflows/m1.yml
+++ b/.github/workflows/m1.yml
@@ -43,10 +43,14 @@ jobs:
         p12-password: ${{ secrets.APPLE_CERTIFICATE_P12_PASSWORD }}
     - run: pnpm build:gui
 
-    - name: Codesign package
+    # - name: Codesign package
+    #   run: |
+    #     codesign -s "Developer ID Application: Tea Inc. (7WV56FL599)" -v --force --deep --timestamp --preserve-metadata=entitlements -o runtime ./modules/gui/src-tauri/target/release/bundle/macos/tea.app || true
+    #     codesign -s "Developer ID Application: Tea Inc. (7WV56FL599)" -v --force --deep --timestamp --preserve-metadata=entitlements -o runtime ./modules/gui/src-tauri/target/release/bundle/dmg/tea_0.1.0_aarch64.dmg || true
+
+    - name: Codesign package .app only
       run: |
-        codesign -s "Developer ID Application: Tea Inc. (7WV56FL599)" -v --force --deep --timestamp --preserve-metadata=entitlements -o runtime ./modules/gui/src-tauri/target/release/bundle/macos/tea.app || true
-        codesign -s "Developer ID Application: Tea Inc. (7WV56FL599)" -v --force --deep --timestamp --preserve-metadata=entitlements -o runtime ./modules/gui/src-tauri/target/release/bundle/dmg/tea_0.1.0_aarch64.dmg || true
+        codesign -s "Developer ID Application: Tea Inc. (7WV56FL599)" --force ./modules/gui/src-tauri/target/release/bundle/macos/tea.app
 
     - name: zip app
       run: |
@@ -58,10 +62,13 @@ jobs:
         aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
         aws-region: us-east-1
   
+    # - name: cp package images from prod to preview bucket
+    #   run: |
+    #     aws s3 cp ./modules/gui/src-tauri/target/release/bundle/macos/tea.zip "s3://preview.gui.tea.xyz/release/tea_m1.zip"
+    #     aws s3 cp ./modules/gui/src-tauri/target/release/bundle/dmg/tea_0.1.0_aarch64.dmg "s3://preview.gui.tea.xyz/release/tea_m1.dmg"
     - name: cp package images from prod to preview bucket
       run: |
-        aws s3 cp ./modules/gui/src-tauri/target/release/bundle/macos/tea.zip "s3://preview.gui.tea.xyz/release/tea_m1.zip"
-        aws s3 cp ./modules/gui/src-tauri/target/release/bundle/dmg/tea_0.1.0_aarch64.dmg "s3://preview.gui.tea.xyz/release/tea_m1.dmg"
+        aws s3 cp ./modules/gui/src-tauri/target/release/bundle/macos/tea.zip "s3://preview.gui.tea.xyz/release/tea_m1_simplified.zip"
 
     - name: Delete keychain
       if: matrix.platform.name == 'darwin+x86-64' || matrix.platform.name == 'darwin+aarch64'

From e9f837e241323e9f2e5099450f71a4fcb4196cdf Mon Sep 17 00:00:00 2001
From: neil <neil@neils-MacBook-Pro.local>
Date: Wed, 4 Jan 2023 10:17:10 +0800
Subject: [PATCH 37/40] try different certificate with developer distribution
 config

---
 .github/workflows/ci.yml | 6 +++---
 .github/workflows/m1.yml | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index d83e97d..e297a23 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -194,9 +194,9 @@ jobs:
         # FROM: https://tauri.app/v1/guides/distribution/sign-macos
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          ENABLE_CODE_SIGNING: ${{ secrets.APPLE_CERTIFICATE_P12 }}
-          APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE_P12 }}
-          APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_P12_PASSWORD }}
+          ENABLE_CODE_SIGNING: ${{ secrets.GUI_APPLE_CERTIFICATE }}
+          APPLE_CERTIFICATE: ${{ secrets.GUI_APPLE_CERTIFICATE }}
+          APPLE_CERTIFICATE_PASSWORD: ${{ secrets.GUI_APPLE_CERTIFICATE_PASSWORD }}
           APPLE_SIGNING_IDENTITY: ${{ secrets.APPLE_SIGNING_IDENTITY }}
           APPLE_ID: ${{ secrets.APPLE_ID }}
           APPLE_PASSWORD: ${{ secrets.APPLE_PASSWORD }}
diff --git a/.github/workflows/m1.yml b/.github/workflows/m1.yml
index 28e3eea..1df199f 100644
--- a/.github/workflows/m1.yml
+++ b/.github/workflows/m1.yml
@@ -3,7 +3,7 @@ name: "deploy"
 on:
   push:
     branches:
-      - m1-codesign
+      - m1-codesign-x
 
 
 jobs:

From b7d99e1d8b1a32a017b4560409f31946e7929663 Mon Sep 17 00:00:00 2001
From: neil <neil@neils-MacBook-Pro.local>
Date: Wed, 4 Jan 2023 11:55:13 +0800
Subject: [PATCH 38/40] #114 improve gha comments

---
 .github/workflows/ci.yml | 61 ++++++++++++++++----------------
 .github/workflows/m1.yml | 75 ----------------------------------------
 2 files changed, 29 insertions(+), 107 deletions(-)
 delete mode 100644 .github/workflows/m1.yml

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index e297a23..0ddf3b7 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -107,7 +107,8 @@ jobs:
         with:
           message-id: preview-comment-${{needs.changes.outputs.preview_folder}}
           message: |
-            **preview is at**: [https://${{steps.preview_setup.outputs.domain}}](https://${{steps.preview_setup.outputs.domain}})
+            **preview is at**: 
+            <a href="https://${{steps.preview_setup.outputs.domain}}" target="_blank">here</a>
             ```bash
             https://${{steps.preview_setup.outputs.domain}}
             ```
@@ -183,12 +184,6 @@ jobs:
           echo "build_platform=$BUILD_PLATFORM" >> $GITHUB_OUTPUT
           echo "extension=$EXTENSION" >> $GITHUB_OUTPUT
 
-      # - uses: apple-actions/import-codesign-certs@d54750db52a4d3eaed0fc107a8bab3958f3f7494
-      #   if: matrix.platform.name == 'darwin+x86-64' || matrix.platform.name == 'darwin+aarch64'
-      #   with:
-      #     p12-file-base64: ${{ secrets.APPLE_CERTIFICATE_P12 }}
-      #     p12-password: ${{ secrets.APPLE_CERTIFICATE_P12_PASSWORD }}
-
       - name: test build tauri for MacOS
         if: matrix.platform.name == 'darwin+x86-64' || matrix.platform.name == 'darwin+aarch64'
         # FROM: https://tauri.app/v1/guides/distribution/sign-macos
@@ -207,22 +202,8 @@ jobs:
         # TODO: https://tauri.app/v1/guides/distribution/sign-linux
         run: pnpm build:gui
 
-      # - name: Codesign package
-      #   if: matrix.platform.name == 'darwin+x86-64' || matrix.platform.name == 'darwin+aarch64'
-      #   env:
-      #     APPLE_SIGNING_IDENTITY: ${{ secrets.APPLE_SIGNING_IDENTITY }}
-      #   run: |
-      #     codesign -s "Developer ID Application: Tea Inc. (7WV56FL599)" -v --force --deep --timestamp --preserve-metadata=entitlements -o runtime ./modules/gui/src-tauri/target/release/bundle/macos/tea.app || true
-      #     codesign -s "Developer ID Application: Tea Inc. (7WV56FL599)" -v --force --deep --timestamp --preserve-metadata=entitlements -o runtime ./modules/gui/src-tauri/target/release/bundle/dmg/tea_0.1.0_aarch64.dmg || true
-      
-      # - name: clean package for preview
-      #   if: matrix.platform.name == 'darwin+aarch64'
-      #   run: |
-      #     xattr -d com.apple.quarantine ./modules/gui/src-tauri/target/release/bundle/dmg/tea_0.1.0_aarch64.dmg
-      #     xattr -d com.apple.quarantine ./modules/gui/src-tauri/target/release/bundle/macos/tea.app
-      
-      - name: zip app
-        if: matrix.platform.name == 'darwin+aarch64'
+      - name: zip .app for MacOS
+        if: matrix.platform.name == 'darwin+x86-64' || matrix.platform.name == 'darwin+aarch64'
         run: |
           cd ./modules/gui/src-tauri/target/release/bundle/macos/ && zip -r tea.zip tea.app
 
@@ -242,24 +223,40 @@ jobs:
           aws s3 cp "./modules/gui/src-tauri/target/release/bundle/$extension/tea_0.1.0_$platform.$extension" \
             "s3://preview.gui.tea.xyz/$prefix/gui_$platform.$extension"
   
-      - name: cp package zip
-        if: matrix.platform.name == 'darwin+aarch64'
+      - name: cp package zip for MacOS
+        if: matrix.platform.name == 'darwin+x86-64' || matrix.platform.name == 'darwin+aarch64'
         env:
           prefix: ${{ needs.changes.outputs.preview_folder }}
+          platform: ${{ steps.build_platform.outputs.build_platform }}
         run: |
-          aws s3 cp ./modules/gui/src-tauri/target/release/bundle/macos/tea.zip "s3://preview.gui.tea.xyz/$prefix/tea_m1.zip"
+          aws s3 cp ./modules/gui/src-tauri/target/release/bundle/macos/tea.zip "s3://preview.gui.tea.xyz/$prefix/tea_$platform.zip"
 
-      # - name: Delete keychain
-      #   if: matrix.platform.name == 'darwin+x86-64' || matrix.platform.name == 'darwin+aarch64'
-      #   run: security delete-keychain signing_temp.keychain
-
-      - name: comment install
+      - name: comment install for Linux
+        if: matrix.platform.name == 'linux+x86-64'
         uses: mshick/add-pr-comment@v2
         with:
           message-id: ${{ matrix.platform.name }}-comment
           message: |
-            **installer for ${{ matrix.platform.name }} is at**: [here](http://preview.gui.tea.xyz.s3-website-us-east-1.amazonaws.com/${{ needs.changes.outputs.preview_folder }}/gui_${{steps.build_platform.outputs.build_platform}}.${{steps.build_platform.outputs.extension}})
+            **installer for Linux ${{ matrix.platform.name }} is at**: 
+            <a href="http://preview.gui.tea.xyz.s3-website-us-east-1.amazonaws.com/${{ needs.changes.outputs.preview_folder }}/gui_${{steps.build_platform.outputs.build_platform}}.${{steps.build_platform.outputs.extension}}" target="_blank">here</a>
+
             ```bash
             http://preview.gui.tea.xyz.s3-website-us-east-1.amazonaws.com/${{ needs.changes.outputs.preview_folder }}/gui_${{ steps.build_platform.outputs.build_platform }}.${{ steps.build_platform.outputs.extension }}
             ```
+            copy-paste into a browser to download
+      - name: comment install for MacOS
+        if: matrix.platform.name == 'darwin+x86-64' || matrix.platform.name == 'darwin+aarch64'
+        uses: mshick/add-pr-comment@v2
+        with:
+          message-id: ${{ matrix.platform.name }}-comment
+          message: |
+            **installers for MacOS ${{ matrix.platform.name }} is at**: 
+            <a href="http://preview.gui.tea.xyz.s3-website-us-east-1.amazonaws.com/${{ needs.changes.outputs.preview_folder }}/gui_${{steps.build_platform.outputs.build_platform}}.zip" target="_blank">.zip</a>
+            or
+            <a href="http://preview.gui.tea.xyz.s3-website-us-east-1.amazonaws.com/${{ needs.changes.outputs.preview_folder }}/gui_${{steps.build_platform.outputs.build_platform}}.dmg" target="_blank">.dmg</a>
+
+            ```bash
+            http://preview.gui.tea.xyz.s3-website-us-east-1.amazonaws.com/${{ needs.changes.outputs.preview_folder }}/gui_${{ steps.build_platform.outputs.build_platform }}.zip
+            http://preview.gui.tea.xyz.s3-website-us-east-1.amazonaws.com/${{ needs.changes.outputs.preview_folder }}/gui_${{ steps.build_platform.outputs.build_platform }}.dmg
+            ```
             copy-paste into a browser to download
\ No newline at end of file
diff --git a/.github/workflows/m1.yml b/.github/workflows/m1.yml
deleted file mode 100644
index 1df199f..0000000
--- a/.github/workflows/m1.yml
+++ /dev/null
@@ -1,75 +0,0 @@
-name: "deploy"
-
-on:
-  push:
-    branches:
-      - m1-codesign-x
-
-
-jobs:
-  build_tauri:
-    timeout-minutes: 6
-    runs-on: ${{ matrix.platform.os }}
-    strategy:
-      matrix:
-        platform:
-          # - os: macos-11
-          #   name: darwin+x86-64
-          # - os: ubuntu-latest
-          #   name: linux+x86-64
-          - os: [self-hosted, macOS, ARM64]
-            name: darwin+aarch64
-          # - os: [self-hosted, linux, ARM64]
-          #   name: linux+aarch64
-    container: ${{ matrix.platform.container }}
-    steps:
-    - uses: actions/checkout@v2
-    - name: setup node
-      uses: actions/setup-node@v2
-      with:
-        node-version: 16
-    - name: install Rust stable
-      uses: actions-rs/toolchain@v1
-      with:
-        toolchain: stable
-    - uses: pnpm/action-setup@v2
-      with:
-        version: 7.18.2
-        run_install: true
-  
-    - uses: apple-actions/import-codesign-certs@d54750db52a4d3eaed0fc107a8bab3958f3f7494
-      with:
-        p12-file-base64: ${{ secrets.APPLE_CERTIFICATE_P12 }}
-        p12-password: ${{ secrets.APPLE_CERTIFICATE_P12_PASSWORD }}
-    - run: pnpm build:gui
-
-    # - name: Codesign package
-    #   run: |
-    #     codesign -s "Developer ID Application: Tea Inc. (7WV56FL599)" -v --force --deep --timestamp --preserve-metadata=entitlements -o runtime ./modules/gui/src-tauri/target/release/bundle/macos/tea.app || true
-    #     codesign -s "Developer ID Application: Tea Inc. (7WV56FL599)" -v --force --deep --timestamp --preserve-metadata=entitlements -o runtime ./modules/gui/src-tauri/target/release/bundle/dmg/tea_0.1.0_aarch64.dmg || true
-
-    - name: Codesign package .app only
-      run: |
-        codesign -s "Developer ID Application: Tea Inc. (7WV56FL599)" --force ./modules/gui/src-tauri/target/release/bundle/macos/tea.app
-
-    - name: zip app
-      run: |
-        cd ./modules/gui/src-tauri/target/release/bundle/macos/ && zip -r tea.zip tea.app
-
-    - uses: aws-actions/configure-aws-credentials@v1
-      with:
-        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
-        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-        aws-region: us-east-1
-  
-    # - name: cp package images from prod to preview bucket
-    #   run: |
-    #     aws s3 cp ./modules/gui/src-tauri/target/release/bundle/macos/tea.zip "s3://preview.gui.tea.xyz/release/tea_m1.zip"
-    #     aws s3 cp ./modules/gui/src-tauri/target/release/bundle/dmg/tea_0.1.0_aarch64.dmg "s3://preview.gui.tea.xyz/release/tea_m1.dmg"
-    - name: cp package images from prod to preview bucket
-      run: |
-        aws s3 cp ./modules/gui/src-tauri/target/release/bundle/macos/tea.zip "s3://preview.gui.tea.xyz/release/tea_m1_simplified.zip"
-
-    - name: Delete keychain
-      if: matrix.platform.name == 'darwin+x86-64' || matrix.platform.name == 'darwin+aarch64'
-      run: security delete-keychain signing_temp.keychain

From 1ff16281bddba8b0df2102bf768b21ea84750276 Mon Sep 17 00:00:00 2001
From: neil <neil@neils-MacBook-Pro.local>
Date: Wed, 4 Jan 2023 12:01:36 +0800
Subject: [PATCH 39/40] #114 rename gui -> tea

---
 .github/workflows/ci.yml | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 0ddf3b7..29a6488 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -221,7 +221,7 @@ jobs:
           extension: ${{ steps.build_platform.outputs.extension }}
         run: |
           aws s3 cp "./modules/gui/src-tauri/target/release/bundle/$extension/tea_0.1.0_$platform.$extension" \
-            "s3://preview.gui.tea.xyz/$prefix/gui_$platform.$extension"
+            "s3://preview.gui.tea.xyz/$prefix/tea_$platform.$extension"
   
       - name: cp package zip for MacOS
         if: matrix.platform.name == 'darwin+x86-64' || matrix.platform.name == 'darwin+aarch64'
@@ -238,10 +238,10 @@ jobs:
           message-id: ${{ matrix.platform.name }}-comment
           message: |
             **installer for Linux ${{ matrix.platform.name }} is at**: 
-            <a href="http://preview.gui.tea.xyz.s3-website-us-east-1.amazonaws.com/${{ needs.changes.outputs.preview_folder }}/gui_${{steps.build_platform.outputs.build_platform}}.${{steps.build_platform.outputs.extension}}" target="_blank">here</a>
+            <a href="http://preview.gui.tea.xyz.s3-website-us-east-1.amazonaws.com/${{ needs.changes.outputs.preview_folder }}/tea_${{steps.build_platform.outputs.build_platform}}.${{steps.build_platform.outputs.extension}}" target="_blank">here</a>
 
             ```bash
-            http://preview.gui.tea.xyz.s3-website-us-east-1.amazonaws.com/${{ needs.changes.outputs.preview_folder }}/gui_${{ steps.build_platform.outputs.build_platform }}.${{ steps.build_platform.outputs.extension }}
+            http://preview.gui.tea.xyz.s3-website-us-east-1.amazonaws.com/${{ needs.changes.outputs.preview_folder }}/tea_${{ steps.build_platform.outputs.build_platform }}.${{ steps.build_platform.outputs.extension }}
             ```
             copy-paste into a browser to download
       - name: comment install for MacOS
@@ -251,12 +251,12 @@ jobs:
           message-id: ${{ matrix.platform.name }}-comment
           message: |
             **installers for MacOS ${{ matrix.platform.name }} is at**: 
-            <a href="http://preview.gui.tea.xyz.s3-website-us-east-1.amazonaws.com/${{ needs.changes.outputs.preview_folder }}/gui_${{steps.build_platform.outputs.build_platform}}.zip" target="_blank">.zip</a>
+            <a href="http://preview.gui.tea.xyz.s3-website-us-east-1.amazonaws.com/${{ needs.changes.outputs.preview_folder }}/tea_${{steps.build_platform.outputs.build_platform}}.zip" target="_blank">.zip</a>
             or
-            <a href="http://preview.gui.tea.xyz.s3-website-us-east-1.amazonaws.com/${{ needs.changes.outputs.preview_folder }}/gui_${{steps.build_platform.outputs.build_platform}}.dmg" target="_blank">.dmg</a>
+            <a href="http://preview.gui.tea.xyz.s3-website-us-east-1.amazonaws.com/${{ needs.changes.outputs.preview_folder }}/tea_${{steps.build_platform.outputs.build_platform}}.dmg" target="_blank">.dmg</a>
 
             ```bash
-            http://preview.gui.tea.xyz.s3-website-us-east-1.amazonaws.com/${{ needs.changes.outputs.preview_folder }}/gui_${{ steps.build_platform.outputs.build_platform }}.zip
-            http://preview.gui.tea.xyz.s3-website-us-east-1.amazonaws.com/${{ needs.changes.outputs.preview_folder }}/gui_${{ steps.build_platform.outputs.build_platform }}.dmg
+            http://preview.gui.tea.xyz.s3-website-us-east-1.amazonaws.com/${{ needs.changes.outputs.preview_folder }}/tea_${{ steps.build_platform.outputs.build_platform }}.zip
+            http://preview.gui.tea.xyz.s3-website-us-east-1.amazonaws.com/${{ needs.changes.outputs.preview_folder }}/tea_${{ steps.build_platform.outputs.build_platform }}.dmg
             ```
             copy-paste into a browser to download
\ No newline at end of file

From b8077aad808f7cae50ec380c1e15ac8f63032892 Mon Sep 17 00:00:00 2001
From: neil <neil@neils-MacBook-Pro.local>
Date: Wed, 4 Jan 2023 12:22:15 +0800
Subject: [PATCH 40/40] #114 update codesign process on main and release
 pipeline

---
 .github/notify-slack.js       |  2 +-
 .github/workflows/ci.yml      |  9 ++++--
 .github/workflows/main.yml    | 52 ++++++++++++++++++++++----------
 .github/workflows/release.yml | 56 +++++++++++++++++++++++++----------
 4 files changed, 83 insertions(+), 36 deletions(-)

diff --git a/.github/notify-slack.js b/.github/notify-slack.js
index 0b96f7b..ca5adf3 100755
--- a/.github/notify-slack.js
+++ b/.github/notify-slack.js
@@ -8,7 +8,7 @@ async function main() {
         type: 'section',
         text: {
           type: 'mrkdwn',
-          text: `NEW BUILD FOR ${process.env.PLATFORM}  <${process.env.DOWNLOAD_URL}|download ${process.env.VERSION || ''}>`
+          text: `NEW BUILD FOR ${process.env.PLATFORM}  <${process.env.DOWNLOAD_URL}|download ${process.env.EXT || 'bin'} ${process.env.VERSION || ''}>`
         }
       }
     ]
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 29a6488..3629467 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -123,10 +123,13 @@ jobs:
         platform:
           - os: macos-11
             name: darwin+x86-64
+            id: mac_latest
           - os: ubuntu-latest
             name: linux+x86-64
+            id: linux
           - os: [self-hosted, macOS, ARM64]
             name: darwin+aarch64
+            id: mac_m1
           # - os: [self-hosted, linux, ARM64]
           #   name: linux+aarch64
     container: ${{ matrix.platform.container }}
@@ -213,7 +216,6 @@ jobs:
           aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
           aws-region: us-east-1
 
-
       - name: cp package images from prod to preview bucket
         env:
           prefix: ${{ needs.changes.outputs.preview_folder }}
@@ -235,7 +237,7 @@ jobs:
         if: matrix.platform.name == 'linux+x86-64'
         uses: mshick/add-pr-comment@v2
         with:
-          message-id: ${{ matrix.platform.name }}-comment
+          message-id: ${{ matrix.platform.id }}-comment
           message: |
             **installer for Linux ${{ matrix.platform.name }} is at**: 
             <a href="http://preview.gui.tea.xyz.s3-website-us-east-1.amazonaws.com/${{ needs.changes.outputs.preview_folder }}/tea_${{steps.build_platform.outputs.build_platform}}.${{steps.build_platform.outputs.extension}}" target="_blank">here</a>
@@ -244,11 +246,12 @@ jobs:
             http://preview.gui.tea.xyz.s3-website-us-east-1.amazonaws.com/${{ needs.changes.outputs.preview_folder }}/tea_${{ steps.build_platform.outputs.build_platform }}.${{ steps.build_platform.outputs.extension }}
             ```
             copy-paste into a browser to download
+
       - name: comment install for MacOS
         if: matrix.platform.name == 'darwin+x86-64' || matrix.platform.name == 'darwin+aarch64'
         uses: mshick/add-pr-comment@v2
         with:
-          message-id: ${{ matrix.platform.name }}-comment
+          message-id: ${{ matrix.platform.id }}-comment
           message: |
             **installers for MacOS ${{ matrix.platform.name }} is at**: 
             <a href="http://preview.gui.tea.xyz.s3-website-us-east-1.amazonaws.com/${{ needs.changes.outputs.preview_folder }}/tea_${{steps.build_platform.outputs.build_platform}}.zip" target="_blank">.zip</a>
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index 7b8175e..2722de6 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -113,8 +113,23 @@ jobs:
         restore-keys: |
           ${{ matrix.platform.name }}-build-target-prod
 
-    - name: test build tauri
-      run: pnpm --filter gui tauri build
+    - name: test build tauri for MacOS
+      if: matrix.platform.name == 'darwin+x86-64' || matrix.platform.name == 'darwin+aarch64'
+      # FROM: https://tauri.app/v1/guides/distribution/sign-macos
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        ENABLE_CODE_SIGNING: ${{ secrets.GUI_APPLE_CERTIFICATE }}
+        APPLE_CERTIFICATE: ${{ secrets.GUI_APPLE_CERTIFICATE }}
+        APPLE_CERTIFICATE_PASSWORD: ${{ secrets.GUI_APPLE_CERTIFICATE_PASSWORD }}
+        APPLE_SIGNING_IDENTITY: ${{ secrets.APPLE_SIGNING_IDENTITY }}
+        APPLE_ID: ${{ secrets.APPLE_ID }}
+        APPLE_PASSWORD: ${{ secrets.APPLE_PASSWORD }}
+      run: pnpm build:gui
+
+    - name: test build tauri for Linux
+      if: matrix.platform.name == 'linux+x86-64'
+      # TODO: https://tauri.app/v1/guides/distribution/sign-linux
+      run: pnpm build:gui
 
     - name: Get current unix ts - seconds
       id: date
@@ -137,20 +152,11 @@ jobs:
         [[ $platform = "linux+x86-64" ]] && EXTENSION="deb"
         echo "build_platform=$BUILD_PLATFORM" >> $GITHUB_OUTPUT
         echo "extension=$EXTENSION" >> $GITHUB_OUTPUT
-
-    - uses: apple-actions/import-codesign-certs@d54750db52a4d3eaed0fc107a8bab3958f3f7494
+  
+    - name: zip .app for MacOS
       if: matrix.platform.name == 'darwin+x86-64' || matrix.platform.name == 'darwin+aarch64'
-      with:
-        p12-file-base64: ${{ secrets.APPLE_CERTIFICATE_P12 }}
-        p12-password: ${{ secrets.APPLE_CERTIFICATE_P12_PASSWORD }}
-
-    - name: Codesign package
-      if: matrix.platform.name == 'darwin+x86-64' || matrix.platform.name == 'darwin+aarch64'
-      env:
-        APPLE_SIGNING_IDENTITY: ${{ secrets.APPLE_SIGNING_IDENTITY }}
       run: |
-        codesign -s $APPLE_SIGNING_IDENTITY -v --force --deep --timestamp --preserve-metadata=entitlements -o runtime ./modules/gui/src-tauri/target/release/bundle/macos/tea.app || true
-        codesign -s $APPLE_SIGNING_IDENTITY -v --force --deep --timestamp --preserve-metadata=entitlements -o runtime ./modules/gui/src-tauri/target/release/bundle/dmg/tea_0.1.0_aarch64.dmg || true
+        cd ./modules/gui/src-tauri/target/release/bundle/macos/ && zip -r tea.zip tea.app
 
     - name:  cp package images from prod to gui bucket
       env:
@@ -161,13 +167,27 @@ jobs:
         aws s3 cp "./modules/gui/src-tauri/target/release/bundle/$extension/tea_0.1.0_$platform.$extension" \
           "s3://preview.gui.tea.xyz/release/tea_${{ steps.date.outputs.unix_seconds }}_$platform.$extension"
 
-    - name: Delete keychain
+    - name: cp package zip for MacOS
       if: matrix.platform.name == 'darwin+x86-64' || matrix.platform.name == 'darwin+aarch64'
-      run: security delete-keychain signing_temp.keychain
+      env:
+        platform: ${{ steps.build_platform.outputs.build_platform }}
+        build_platform: ${{ matrix.platform.name }}
+      run: |
+        aws s3 cp ./modules/gui/src-tauri/target/release/bundle/macos/tea.zip "s3://preview.gui.tea.xyz/release/tea_${{ steps.date.outputs.unix_seconds }}_$platform.zip"
 
     - name: Slack Notification
       run: ./.github/notify-slack.js
       env:
         SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
         PLATFORM: ${{ matrix.platform.name }}
+        EXT: ${{ steps.build_platform.outputs.extension }}
         DOWNLOAD_URL:  http://preview.gui.tea.xyz.s3-website-us-east-1.amazonaws.com/release/tea_${{ steps.date.outputs.unix_seconds }}_${{ steps.build_platform.outputs.build_platform }}.${{ steps.build_platform.outputs.extension }}
+
+    - name: Slack Notification for .app Mac
+      run: ./.github/notify-slack.js
+      if: matrix.platform.name == 'darwin+x86-64' || matrix.platform.name == 'darwin+aarch64'
+      env:
+        SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
+        PLATFORM: ${{ matrix.platform.name }}
+        EXT: .zip(.app)
+        DOWNLOAD_URL:  http://preview.gui.tea.xyz.s3-website-us-east-1.amazonaws.com/release/tea_${{ steps.date.outputs.unix_seconds }}_${{ steps.build_platform.outputs.build_platform }}.zip
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index e11400b..d4d1cc9 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -70,22 +70,23 @@ jobs:
         restore-keys: |
           ${{ matrix.platform.name }}-build-target-prod
 
-    - name: test build tauri
-      run: pnpm --filter gui tauri build
-
-    - uses: apple-actions/import-codesign-certs@d54750db52a4d3eaed0fc107a8bab3958f3f7494
-      if: matrix.platform.name == 'darwin+x86-64' || matrix.platform.name == 'darwin+aarch64'
-      with:
-        p12-file-base64: ${{ secrets.APPLE_CERTIFICATE_P12 }}
-        p12-password: ${{ secrets.APPLE_CERTIFICATE_P12_PASSWORD }}
-
-    - name: Codesign package
+    - name: test build tauri for MacOS
       if: matrix.platform.name == 'darwin+x86-64' || matrix.platform.name == 'darwin+aarch64'
+      # FROM: https://tauri.app/v1/guides/distribution/sign-macos
       env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        ENABLE_CODE_SIGNING: ${{ secrets.GUI_APPLE_CERTIFICATE }}
+        APPLE_CERTIFICATE: ${{ secrets.GUI_APPLE_CERTIFICATE }}
+        APPLE_CERTIFICATE_PASSWORD: ${{ secrets.GUI_APPLE_CERTIFICATE_PASSWORD }}
         APPLE_SIGNING_IDENTITY: ${{ secrets.APPLE_SIGNING_IDENTITY }}
-      run: |
-        codesign -s $APPLE_SIGNING_IDENTITY -v --force --deep --timestamp --preserve-metadata=entitlements -o runtime ./modules/gui/src-tauri/target/release/bundle/macos/tea.app || true
-        codesign -s $APPLE_SIGNING_IDENTITY -v --force --deep --timestamp --preserve-metadata=entitlements -o runtime ./modules/gui/src-tauri/target/release/bundle/dmg/tea_0.1.0_aarch64.dmg || true
+        APPLE_ID: ${{ secrets.APPLE_ID }}
+        APPLE_PASSWORD: ${{ secrets.APPLE_PASSWORD }}
+      run: pnpm build:gui
+
+    - name: test build tauri for Linux
+      if: matrix.platform.name == 'linux+x86-64'
+      # TODO: https://tauri.app/v1/guides/distribution/sign-linux
+      run: pnpm build:gui
 
     - name: Get current unix ts - seconds
       id: date
@@ -111,15 +112,38 @@ jobs:
           "s3://preview.gui.tea.xyz/release/tea_gui_latest_$platform.$extension"
         aws s3 cp "./modules/gui/src-tauri/target/release/bundle/$extension/tea_0.1.0_$platform.$extension" \
           "s3://preview.gui.tea.xyz/release/tea_gui_$tag_$platform.$extension"
-
-    - name: Delete keychain
+  
+    - name: zip .app for MacOS
       if: matrix.platform.name == 'darwin+x86-64' || matrix.platform.name == 'darwin+aarch64'
-      run: security delete-keychain signing_temp.keychain
+      run: |
+        cd ./modules/gui/src-tauri/target/release/bundle/macos/ && zip -r tea.zip tea.app
 
+    - name: publish .zip(.app) for MacOS
+      if: matrix.platform.name == 'darwin+x86-64' || matrix.platform.name == 'darwin+aarch64'
+      env:
+        platform: ${{ steps.build_platform.outputs.build_platform }}
+        extension: ${{ steps.build_platform.outputs.extension }}
+        tag: ${{ steps.tag.outputs.tag }}
+      run: |
+        aws s3 cp "./modules/gui/src-tauri/target/release/bundle/macos/tea.zip" \
+          "s3://preview.gui.tea.xyz/release/tea_gui_latest_$platform.zip"
+        aws s3 cp "./modules/gui/src-tauri/target/release/bundle/macos/tea.zip" \
+          "s3://preview.gui.tea.xyz/release/tea_gui_$tag_$platform.zip"
     - name: Slack Notification
       run: ./.github/notify-slack.js
       env:
         SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
         PLATFORM: ${{ matrix.platform.name }}
         VERSION: ${{steps.tag.outputs.tag}}
+        EXT: ${{ steps.build_platform.outputs.extension }}
         DOWNLOAD_URL:  http://preview.gui.tea.xyz.s3-website-us-east-1.amazonaws.com/release/tea_gui_${{steps.tag.outputs.tag}}_${{steps.build_platform.outputs.build_platform}}.${{ steps.build_platform.outputs.extension }}
+
+    - name: Slack Notification for .app Mac
+      run: ./.github/notify-slack.js
+      if: matrix.platform.name == 'darwin+x86-64' || matrix.platform.name == 'darwin+aarch64'
+      env:
+        SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
+        PLATFORM: ${{ matrix.platform.name }}
+        VERSION: ${{steps.tag.outputs.tag}}
+        EXT: .zip(.app)
+        DOWNLOAD_URL:  http://preview.gui.tea.xyz.s3-website-us-east-1.amazonaws.com/release/tea_gui_${{steps.tag.outputs.tag}}_${{steps.build_platform.outputs.build_platform}}.zip