-
Notifications
You must be signed in to change notification settings - Fork 1
191 lines (171 loc) · 7.12 KB
/
desktop-tauri.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
name: "Reusable desktop tauri build workflow"
on:
workflow_call:
inputs:
tagName:
required: false
type: string
releaseBody:
required: false
type: string
releaseName:
required: false
type: string
secrets:
TAURI_PRIVATE_KEY:
required: true
TAURI_KEY_PASSWORD:
required: true
jobs:
build:
strategy:
fail-fast: false
matrix:
include:
- os: "macos-latest" # for Arm based macs (M1 and above).
args: "--target aarch64-apple-darwin"
symbol: 🍏
- os: "macos-latest" # for Intel based macs.
args: "--target x86_64-apple-darwin"
symbol: 🍎
- os: "ubuntu-22.04"
symbol: 🐧
install: |
sudo apt-get update
sudo apt-get install -y libwebkit2gtk-4.1-dev libappindicator3-dev librsvg2-dev patchelf python3-pip
- os: "windows-latest"
symbol: 🪟
install: |
choco install wget -y
name: ${{matrix.symbol}}
runs-on: ${{ matrix.os }}
steps:
- name: 🔄 Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
- name: 🦀 Install rust stable
uses: dtolnay/rust-toolchain@stable
with:
components: rustfmt, clippy
targets: ${{ matrix.os == 'macos-latest' && 'aarch64-apple-darwin,x86_64-apple-darwin,wasm32-unknown-unknown' || 'wasm32-unknown-unknown' }}
- name: 🌍 Export GitHub Actions cache environment variables windows
if: contains(matrix.os, 'windows')
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7
with:
script: |
core.exportVariable('ACTIONS_CACHE_URL', process.env.ACTIONS_CACHE_URL || '');
core.exportVariable('ACTIONS_RUNTIME_TOKEN', process.env.ACTIONS_RUNTIME_TOKEN || '');
- name: 🛠️ Setup | Install dependencies
if: matrix.install != ''
run: ${{ matrix.install }}
- name: 📝 Check spelling using typos-action
uses: crate-ci/typos@11ca4583f2f3f74c7e7785c0ecb20fe2c99a4308 # v1.29.5
- name: 📥 Cached install leptosfmt (macos only)
if: contains(matrix.os, 'macos')
uses: baptiste0928/cargo-install@91c5da15570085bcde6f4d7aed98cb82d6769fd3 # v3
with:
crate: leptosfmt
version: 0.1.33
locked: true
- name: 📐 Run leptosfmt and fail if any warnings (macos only)
if: contains(matrix.os, 'macos')
run: |
leptosfmt --check src
- name: 📐 Run rustfmt and fail if any warnings (macos only)
if: contains(matrix.os, 'macos')
run: |
cargo fmt -- --check
cd src-tauri
cargo fmt -- --check
- name: 📎 Run clippy and fail if any warnings (macos only)
if: contains(matrix.os, 'macos')
run: |
cargo clippy -- -D warnings
cd src-tauri
cargo clippy -- -D warnings
- name: ✅ Run tests (macos only)
if: contains(matrix.os, 'macos')
run: |
cargo test --all
- name: 📥 Cached Install trunk
uses: baptiste0928/cargo-install@91c5da15570085bcde6f4d7aed98cb82d6769fd3 # v3
with:
crate: trunk
version: 0.21.7
locked: true
args: --no-default-features
features: rustls
- name: 📥 Cached install cargo-auditable
uses: baptiste0928/cargo-install@91c5da15570085bcde6f4d7aed98cb82d6769fd3 # v3
with:
crate: cargo-auditable
version: 0.6.6
locked: true
- name: 📥 Cached install tauri-cli
uses: baptiste0928/cargo-install@91c5da15570085bcde6f4d7aed98cb82d6769fd3 # v3
with:
crate: tauri-cli
version: 2.2.7
locked: true
- name: 🔑 Import windows signing certificate
if: contains(matrix.os, 'windows')
env:
WINDOWS_CERTIFICATE: ${{ secrets.WINDOWS_CERTIFICATE }}
WINDOWS_CERTIFICATE_PASSWORD: ${{ secrets.WINDOWS_CERTIFICATE_PASSWORD }}
run: |
New-Item -ItemType directory -Path certificate
Set-Content -Path certificate/tempCert.txt -Value $env:WINDOWS_CERTIFICATE
certutil -decode certificate/tempCert.txt certificate/certificate.pfx
Remove-Item -path certificate -include tempCert.txt
Import-PfxCertificate -FilePath certificate/certificate.pfx -CertStoreLocation Cert:\CurrentUser\My -Password (ConvertTo-SecureString -String $env:WINDOWS_CERTIFICATE_PASSWORD -Force -AsPlainText)
- name: 🔨 Build using tauri action (publish artifacts on release)
uses: tauri-apps/tauri-action@94571df7fd79dbe2aee6d279c0a6b66d086d3b3b # v0.5.19
env:
RUSTFLAGS: "-D warnings"
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
TAURI_SIGNING_PRIVATE_KEY: ${{ secrets.TAURI_PRIVATE_KEY }}
TAURI_SIGNING_PRIVATE_KEY_PASSWORD: ${{ secrets.TAURI_KEY_PASSWORD }}
with:
tagName: ${{ inputs.tagName }}
releaseBody: ${{ inputs.releaseBody }}
releaseName: ${{ inputs.releaseName }}
releaseDraft: false
prerelease: false
tauriScript: cargo --locked auditable tauri
args: ${{ matrix.args }}
- name: 📤 Upload build artifacts (push or pr builds only)
if: (inputs.tagName == '')
uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
with:
name: "bundles-${{matrix.os}}${{matrix.args}}"
path: |
target/**/release/bundle
target/**/release/mdns-browser*
- name: 🛡️ Attest build provenance (publish release only)
if: inputs.tagName != ''
uses: actions/attest-build-provenance@520d128f165991a6c774bcb264f323e3d70747f4 # v2.2.0
with:
subject-path: |
target/release/bundle/nsis/*
target/**/release/bundle/macos/*.tar.gz*
target/**/release/bundle/dmg/*.dmg
target/release/bundle/deb/*.deb
target/release/bundle/rpm/*.rpm
target/**/release/mdns-browser
target/release/mdns-browser.exe
- name: 📜 Create SBOM
uses: anchore/sbom-action@f325610c9f50a54015d37c8d16cb3b0e2c8f4de0 # v0
with:
format: "spdx-json"
output-file: "sbom.spdx.json"
artifact-name: "${{ matrix.os }}${{ matrix.args }}.sbom.spdx.json"
- name: 🛡️ Attest SBOM
if: inputs.tagName != ''
uses: actions/attest-sbom@115c3be05ff3974bcbd596578934b3f9ce39bf68 # v2
with:
subject-path: ${{
contains(matrix.os, 'ubuntu') && 'target/release/mdns-browser' ||
contains(matrix.os, 'windows') && 'target/release/mdns-browser.exe' ||
(contains(matrix.os, 'macos') && contains(matrix.args, 'x86_64')) && 'target/x86_64-apple-darwin/release/mdns-browser' ||
(contains(matrix.os, 'macos') && contains(matrix.args, 'aarch64')) && 'target/aarch64-apple-darwin/release/mdns-browser'
}}
sbom-path: "sbom.spdx.json"