new windows signing approach #31
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: 'publish' | |
| on: | |
| push: | |
| branches: | |
| - release | |
| jobs: | |
| publish-tauri: | |
| permissions: | |
| contents: write | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| platform: [macos-latest, ubuntu-22.04, windows-latest] | |
| runs-on: ${{ matrix.platform }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: setup node | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: 20 | |
| - name: install Rust stable | |
| uses: dtolnay/rust-toolchain@stable | |
| - name: install dependencies (ubuntu) | |
| if: matrix.platform == 'ubuntu-22.04' | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y libgtk-3-dev libwebkit2gtk-4.1-dev libappindicator3-dev librsvg2-dev patchelf | |
| - name: install dependencies (macos) | |
| if: matrix.platform == 'macos-latest' | |
| run: | | |
| rustup target add aarch64-apple-darwin | |
| rustup target add x86_64-apple-darwin | |
| - name: install signtool (windows) | |
| if: matrix.platform == 'windows-latest' | |
| shell: bash # env might not work with powershell | |
| env: | |
| WINDOWS_SIGN_COMMAND: trusted-signing-cli -e ${{secrets.WINDOWS_SIGNING_ENDPOINT}} -a ${{secrets.WINDOWS_SIGNING_ACCOUNT}} -c ${{secrets.WINDOWS_SIGNING_PROFILE}} %1 | |
| run: | | |
| cd "$GITHUB_WORKSPACE" | |
| cat './src-tauri/tauri.conf.json' | jq '.bundle .windows += {"signCommand": env.WINDOWS_SIGN_COMMAND}' > './src-tauri/temp.json' && mv './src-tauri/temp.json' './src-tauri/tauri.conf.json' | |
| cargo install [email protected] | |
| - name: install frontend dependencies | |
| run: npm install --package-lock=false | |
| - uses: tauri-apps/tauri-action@v0 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }} | |
| APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }} | |
| APPLE_SIGNING_IDENTITY: ${{ secrets.APPLE_SIGNING_IDENTITY }} | |
| APPLE_ID: ${{ secrets.APPLE_ID }} | |
| APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} | |
| APPLE_PASSWORD: ${{ secrets.APPLE_PASSWORD }} | |
| AZURE_TENANT_ID: ${{ matrix.platform == 'windows-latest' && secrets.AZURE_TENANT_ID }} | |
| AZURE_CLIENT_ID: ${{ matrix.platform == 'windows-latest' && secrets.AZURE_CLIENT_ID }} | |
| AZURE_CLIENT_SECRET: ${{ matrix.platform == 'windows-latest' && secrets.AZURE_CLIENT_SECRET }} | |
| with: | |
| args: ${{ matrix.platform == 'macos-latest' && '--target universal-apple-darwin' || ''}} | |
| tagName: v__VERSION__ | |
| releaseName: 'GG __VERSION__' | |
| releaseBody: 'See the assets to download this version and install.' | |
| releaseDraft: true | |
| prerelease: true |