ivabus/gui
1
0
Fork 0
mirror of https://github.com/ivabus/gui synced 2025-06-07 15:50:27 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

#114 update codesign process on main and release pipeline

Browse source
This commit is contained in:
neil 2023-01-04 12:22:15 +08:00
parent 1ff16281bd
commit b8077aad80
4 changed files with 83 additions and 36 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.github/notify-slack.js vendored
View file

@ -8,7 +8,7 @@ async function main() {
type: 'section', type: 'section',
text: { text: {
type: 'mrkdwn', type: 'mrkdwn',
text: `NEW BUILD FOR ${process.env.PLATFORM} <${process.env.DOWNLOAD_URL}|download ${process.env.VERSION || ''}>` text: `NEW BUILD FOR ${process.env.PLATFORM} <${process.env.DOWNLOAD_URL}|download ${process.env.EXT || 'bin'} ${process.env.VERSION || ''}>`
} }
} }
] ]

9
.github/workflows/ci.yml vendored
View file

@ -123,10 +123,13 @@ jobs:
platform: platform:
- os: macos-11 - os: macos-11
name: darwin+x86-64 name: darwin+x86-64
id: mac_latest
- os: ubuntu-latest - os: ubuntu-latest
name: linux+x86-64 name: linux+x86-64
id: linux
- os: [self-hosted, macOS, ARM64] - os: [self-hosted, macOS, ARM64]
name: darwin+aarch64 name: darwin+aarch64
id: mac_m1
# - os: [self-hosted, linux, ARM64] # - os: [self-hosted, linux, ARM64]
# name: linux+aarch64 # name: linux+aarch64
container: ${{ matrix.platform.container }} container: ${{ matrix.platform.container }}
@ -213,7 +216,6 @@ jobs:
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-east-1 aws-region: us-east-1
- name: cp package images from prod to preview bucket - name: cp package images from prod to preview bucket
env: env:
prefix: ${{ needs.changes.outputs.preview_folder }} prefix: ${{ needs.changes.outputs.preview_folder }}
@ -235,7 +237,7 @@ jobs:
if: matrix.platform.name == 'linux+x86-64' if: matrix.platform.name == 'linux+x86-64'
uses: mshick/add-pr-comment@v2 uses: mshick/add-pr-comment@v2
with: with:
message-id: ${{ matrix.platform.name }}-comment message-id: ${{ matrix.platform.id }}-comment
message: | message: |
**installer for Linux ${{ matrix.platform.name }} is at**: **installer for Linux ${{ matrix.platform.name }} is at**:
<a href="http://preview.gui.tea.xyz.s3-website-us-east-1.amazonaws.com/${{ needs.changes.outputs.preview_folder }}/tea_${{steps.build_platform.outputs.build_platform}}.${{steps.build_platform.outputs.extension}}" target="_blank">here</a> <a href="http://preview.gui.tea.xyz.s3-website-us-east-1.amazonaws.com/${{ needs.changes.outputs.preview_folder }}/tea_${{steps.build_platform.outputs.build_platform}}.${{steps.build_platform.outputs.extension}}" target="_blank">here</a>
@ -244,11 +246,12 @@ jobs:
http://preview.gui.tea.xyz.s3-website-us-east-1.amazonaws.com/${{ needs.changes.outputs.preview_folder }}/tea_${{ steps.build_platform.outputs.build_platform }}.${{ steps.build_platform.outputs.extension }} http://preview.gui.tea.xyz.s3-website-us-east-1.amazonaws.com/${{ needs.changes.outputs.preview_folder }}/tea_${{ steps.build_platform.outputs.build_platform }}.${{ steps.build_platform.outputs.extension }}
``` ```
copy-paste into a browser to download copy-paste into a browser to download
- name: comment install for MacOS - name: comment install for MacOS
if: matrix.platform.name == 'darwin+x86-64' || matrix.platform.name == 'darwin+aarch64' if: matrix.platform.name == 'darwin+x86-64' || matrix.platform.name == 'darwin+aarch64'
uses: mshick/add-pr-comment@v2 uses: mshick/add-pr-comment@v2
with: with:
message-id: ${{ matrix.platform.name }}-comment message-id: ${{ matrix.platform.id }}-comment
message: | message: |
**installers for MacOS ${{ matrix.platform.name }} is at**: **installers for MacOS ${{ matrix.platform.name }} is at**:
<a href="http://preview.gui.tea.xyz.s3-website-us-east-1.amazonaws.com/${{ needs.changes.outputs.preview_folder }}/tea_${{steps.build_platform.outputs.build_platform}}.zip" target="_blank">.zip</a> <a href="http://preview.gui.tea.xyz.s3-website-us-east-1.amazonaws.com/${{ needs.changes.outputs.preview_folder }}/tea_${{steps.build_platform.outputs.build_platform}}.zip" target="_blank">.zip</a>

52
.github/workflows/main.yml vendored
View file

@ -113,8 +113,23 @@ jobs:
restore-keys: | restore-keys: |
${{ matrix.platform.name }}-build-target-prod ${{ matrix.platform.name }}-build-target-prod
- name: test build tauri - name: test build tauri for MacOS
run: pnpm --filter gui tauri build if: matrix.platform.name == 'darwin+x86-64' || matrix.platform.name == 'darwin+aarch64'
# FROM: https://tauri.app/v1/guides/distribution/sign-macos
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
ENABLE_CODE_SIGNING: ${{ secrets.GUI_APPLE_CERTIFICATE }}
APPLE_CERTIFICATE: ${{ secrets.GUI_APPLE_CERTIFICATE }}
APPLE_CERTIFICATE_PASSWORD: ${{ secrets.GUI_APPLE_CERTIFICATE_PASSWORD }}
APPLE_SIGNING_IDENTITY: ${{ secrets.APPLE_SIGNING_IDENTITY }}
APPLE_ID: ${{ secrets.APPLE_ID }}
APPLE_PASSWORD: ${{ secrets.APPLE_PASSWORD }}
run: pnpm build:gui
- name: test build tauri for Linux
if: matrix.platform.name == 'linux+x86-64'
# TODO: https://tauri.app/v1/guides/distribution/sign-linux
run: pnpm build:gui
- name: Get current unix ts - seconds - name: Get current unix ts - seconds
id: date id: date
@ -137,20 +152,11 @@ jobs:
[[ $platform = "linux+x86-64" ]] && EXTENSION="deb" [[ $platform = "linux+x86-64" ]] && EXTENSION="deb"
echo "build_platform=$BUILD_PLATFORM" >> $GITHUB_OUTPUT echo "build_platform=$BUILD_PLATFORM" >> $GITHUB_OUTPUT
echo "extension=$EXTENSION" >> $GITHUB_OUTPUT echo "extension=$EXTENSION" >> $GITHUB_OUTPUT
- uses: apple-actions/import-codesign-certs@d54750db52a4d3eaed0fc107a8bab3958f3f7494 - name: zip .app for MacOS
if: matrix.platform.name == 'darwin+x86-64' || matrix.platform.name == 'darwin+aarch64' if: matrix.platform.name == 'darwin+x86-64' || matrix.platform.name == 'darwin+aarch64'
with:
p12-file-base64: ${{ secrets.APPLE_CERTIFICATE_P12 }}
p12-password: ${{ secrets.APPLE_CERTIFICATE_P12_PASSWORD }}
- name: Codesign package
if: matrix.platform.name == 'darwin+x86-64' || matrix.platform.name == 'darwin+aarch64'
env:
APPLE_SIGNING_IDENTITY: ${{ secrets.APPLE_SIGNING_IDENTITY }}
run: | run: |
codesign -s $APPLE_SIGNING_IDENTITY -v --force --deep --timestamp --preserve-metadata=entitlements -o runtime ./modules/gui/src-tauri/target/release/bundle/macos/tea.app || true cd ./modules/gui/src-tauri/target/release/bundle/macos/ && zip -r tea.zip tea.app
codesign -s $APPLE_SIGNING_IDENTITY -v --force --deep --timestamp --preserve-metadata=entitlements -o runtime ./modules/gui/src-tauri/target/release/bundle/dmg/tea_0.1.0_aarch64.dmg || true
- name: cp package images from prod to gui bucket - name: cp package images from prod to gui bucket
env: env:
@ -161,13 +167,27 @@ jobs:
aws s3 cp "./modules/gui/src-tauri/target/release/bundle/$extension/tea_0.1.0_$platform.$extension" \ aws s3 cp "./modules/gui/src-tauri/target/release/bundle/$extension/tea_0.1.0_$platform.$extension" \
"s3://preview.gui.tea.xyz/release/tea_${{ steps.date.outputs.unix_seconds }}_$platform.$extension" "s3://preview.gui.tea.xyz/release/tea_${{ steps.date.outputs.unix_seconds }}_$platform.$extension"
- name: Delete keychain - name: cp package zip for MacOS
if: matrix.platform.name == 'darwin+x86-64' || matrix.platform.name == 'darwin+aarch64' if: matrix.platform.name == 'darwin+x86-64' || matrix.platform.name == 'darwin+aarch64'
run: security delete-keychain signing_temp.keychain env:
platform: ${{ steps.build_platform.outputs.build_platform }}
build_platform: ${{ matrix.platform.name }}
run: |
aws s3 cp ./modules/gui/src-tauri/target/release/bundle/macos/tea.zip "s3://preview.gui.tea.xyz/release/tea_${{ steps.date.outputs.unix_seconds }}_$platform.zip"
- name: Slack Notification - name: Slack Notification
run: ./.github/notify-slack.js run: ./.github/notify-slack.js
env: env:
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
PLATFORM: ${{ matrix.platform.name }} PLATFORM: ${{ matrix.platform.name }}
EXT: ${{ steps.build_platform.outputs.extension }}
DOWNLOAD_URL: http://preview.gui.tea.xyz.s3-website-us-east-1.amazonaws.com/release/tea_${{ steps.date.outputs.unix_seconds }}_${{ steps.build_platform.outputs.build_platform }}.${{ steps.build_platform.outputs.extension }} DOWNLOAD_URL: http://preview.gui.tea.xyz.s3-website-us-east-1.amazonaws.com/release/tea_${{ steps.date.outputs.unix_seconds }}_${{ steps.build_platform.outputs.build_platform }}.${{ steps.build_platform.outputs.extension }}
- name: Slack Notification for .app Mac
run: ./.github/notify-slack.js
if: matrix.platform.name == 'darwin+x86-64' || matrix.platform.name == 'darwin+aarch64'
env:
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
PLATFORM: ${{ matrix.platform.name }}
EXT: .zip(.app)
DOWNLOAD_URL: http://preview.gui.tea.xyz.s3-website-us-east-1.amazonaws.com/release/tea_${{ steps.date.outputs.unix_seconds }}_${{ steps.build_platform.outputs.build_platform }}.zip

56
.github/workflows/release.yml vendored
View file

@ -70,22 +70,23 @@ jobs:
restore-keys: | restore-keys: |
${{ matrix.platform.name }}-build-target-prod ${{ matrix.platform.name }}-build-target-prod
- name: test build tauri - name: test build tauri for MacOS
run: pnpm --filter gui tauri build
- uses: apple-actions/import-codesign-certs@d54750db52a4d3eaed0fc107a8bab3958f3f7494
if: matrix.platform.name == 'darwin+x86-64' || matrix.platform.name == 'darwin+aarch64'
with:
p12-file-base64: ${{ secrets.APPLE_CERTIFICATE_P12 }}
p12-password: ${{ secrets.APPLE_CERTIFICATE_P12_PASSWORD }}
- name: Codesign package
if: matrix.platform.name == 'darwin+x86-64' || matrix.platform.name == 'darwin+aarch64' if: matrix.platform.name == 'darwin+x86-64' || matrix.platform.name == 'darwin+aarch64'
# FROM: https://tauri.app/v1/guides/distribution/sign-macos
env: env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
ENABLE_CODE_SIGNING: ${{ secrets.GUI_APPLE_CERTIFICATE }}
APPLE_CERTIFICATE: ${{ secrets.GUI_APPLE_CERTIFICATE }}
APPLE_CERTIFICATE_PASSWORD: ${{ secrets.GUI_APPLE_CERTIFICATE_PASSWORD }}
APPLE_SIGNING_IDENTITY: ${{ secrets.APPLE_SIGNING_IDENTITY }} APPLE_SIGNING_IDENTITY: ${{ secrets.APPLE_SIGNING_IDENTITY }}
run: | APPLE_ID: ${{ secrets.APPLE_ID }}
codesign -s $APPLE_SIGNING_IDENTITY -v --force --deep --timestamp --preserve-metadata=entitlements -o runtime ./modules/gui/src-tauri/target/release/bundle/macos/tea.app || true APPLE_PASSWORD: ${{ secrets.APPLE_PASSWORD }}
codesign -s $APPLE_SIGNING_IDENTITY -v --force --deep --timestamp --preserve-metadata=entitlements -o runtime ./modules/gui/src-tauri/target/release/bundle/dmg/tea_0.1.0_aarch64.dmg || true run: pnpm build:gui
- name: test build tauri for Linux
if: matrix.platform.name == 'linux+x86-64'
# TODO: https://tauri.app/v1/guides/distribution/sign-linux
run: pnpm build:gui
- name: Get current unix ts - seconds - name: Get current unix ts - seconds
id: date id: date
@ -111,15 +112,38 @@ jobs:
"s3://preview.gui.tea.xyz/release/tea_gui_latest_$platform.$extension" "s3://preview.gui.tea.xyz/release/tea_gui_latest_$platform.$extension"
aws s3 cp "./modules/gui/src-tauri/target/release/bundle/$extension/tea_0.1.0_$platform.$extension" \ aws s3 cp "./modules/gui/src-tauri/target/release/bundle/$extension/tea_0.1.0_$platform.$extension" \
"s3://preview.gui.tea.xyz/release/tea_gui_$tag_$platform.$extension" "s3://preview.gui.tea.xyz/release/tea_gui_$tag_$platform.$extension"
- name: Delete keychain - name: zip .app for MacOS
if: matrix.platform.name == 'darwin+x86-64' || matrix.platform.name == 'darwin+aarch64' if: matrix.platform.name == 'darwin+x86-64' || matrix.platform.name == 'darwin+aarch64'
run: security delete-keychain signing_temp.keychain run: |
cd ./modules/gui/src-tauri/target/release/bundle/macos/ && zip -r tea.zip tea.app
- name: publish .zip(.app) for MacOS
if: matrix.platform.name == 'darwin+x86-64' || matrix.platform.name == 'darwin+aarch64'
env:
platform: ${{ steps.build_platform.outputs.build_platform }}
extension: ${{ steps.build_platform.outputs.extension }}
tag: ${{ steps.tag.outputs.tag }}
run: |
aws s3 cp "./modules/gui/src-tauri/target/release/bundle/macos/tea.zip" \
"s3://preview.gui.tea.xyz/release/tea_gui_latest_$platform.zip"
aws s3 cp "./modules/gui/src-tauri/target/release/bundle/macos/tea.zip" \
"s3://preview.gui.tea.xyz/release/tea_gui_$tag_$platform.zip"
- name: Slack Notification - name: Slack Notification
run: ./.github/notify-slack.js run: ./.github/notify-slack.js
env: env:
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
PLATFORM: ${{ matrix.platform.name }} PLATFORM: ${{ matrix.platform.name }}
VERSION: ${{steps.tag.outputs.tag}} VERSION: ${{steps.tag.outputs.tag}}
EXT: ${{ steps.build_platform.outputs.extension }}
DOWNLOAD_URL: http://preview.gui.tea.xyz.s3-website-us-east-1.amazonaws.com/release/tea_gui_${{steps.tag.outputs.tag}}_${{steps.build_platform.outputs.build_platform}}.${{ steps.build_platform.outputs.extension }} DOWNLOAD_URL: http://preview.gui.tea.xyz.s3-website-us-east-1.amazonaws.com/release/tea_gui_${{steps.tag.outputs.tag}}_${{steps.build_platform.outputs.build_platform}}.${{ steps.build_platform.outputs.extension }}
- name: Slack Notification for .app Mac
run: ./.github/notify-slack.js
if: matrix.platform.name == 'darwin+x86-64' || matrix.platform.name == 'darwin+aarch64'
env:
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
PLATFORM: ${{ matrix.platform.name }}
VERSION: ${{steps.tag.outputs.tag}}
EXT: .zip(.app)
DOWNLOAD_URL: http://preview.gui.tea.xyz.s3-website-us-east-1.amazonaws.com/release/tea_gui_${{steps.tag.outputs.tag}}_${{steps.build_platform.outputs.build_platform}}.zip