chore(ci): update macos ci (#837) #10
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build Windows Release | |
| on: | |
| push: | |
| tags: | |
| - "*" | |
| jobs: | |
| build-windows-release: | |
| permissions: write-all | |
| runs-on: windows-latest | |
| env: | |
| RELEASE_VERSION: ${{ github.ref_name }} # Set the release version from the tag | |
| steps: | |
| - uses: actions/[email protected] | |
| - name: Setup Node | |
| uses: actions/[email protected] | |
| with: | |
| node-version: lts/* | |
| - name: Install Rust Stable | |
| uses: dtolnay/rust-toolchain@stable | |
| - name: Install Frontend Dependencies | |
| run: npm install | |
| - name: Build Tauri App | |
| uses: tauri-apps/[email protected] | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Setup Certificate for Windows Signing | |
| run: | | |
| echo "${{ secrets.SM_CLIENT_CERT_FILE_B64 }}" | base64 --decode > certificate.p12 | |
| shell: bash | |
| - name: Set Variables for Windows Signing | |
| id: variables | |
| run: | | |
| dir | |
| echo "version=${GITHUB_REF#refs/tags/v}" >> $GITHUB_OUTPUT | |
| echo "KEYPAIR_NAME=gt-standard-keypair" >> $GITHUB_OUTPUT | |
| echo "CERTIFICATE_NAME=gt-certificate" >> $GITHUB_OUTPUT | |
| echo "SM_HOST=${{ secrets.SM_HOST }}" >> "$GITHUB_ENV" | |
| echo "SM_API_KEY=${{ secrets.SM_API_KEY }}" >> "$GITHUB_ENV" | |
| echo "SM_CLIENT_CERT_FILE=certificate.p12" >> "$GITHUB_ENV" | |
| echo "SM_CLIENT_CERT_PASSWORD=${{ secrets.SM_CLIENT_CERT_PASSWORD }}" >> "$GITHUB_ENV" | |
| echo "C:\Program Files (x86)\Windows Kits\10\App Certification Kit" >> $GITHUB_PATH | |
| echo "C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools" >> $GITHUB_PATH | |
| echo "C:\Program Files\DigiCert\DigiCert Keylocker Tools" >> $GITHUB_PATH | |
| shell: bash | |
| - name: Setup Keylocker KSP on Windows | |
| run: | | |
| curl -X GET https://one.digicert.com/signingmanager/api-ui/v1/releases/Keylockertools-windows-x64.msi/download -H "x-api-key:%SM_API_KEY%" -o Keylockertools-windows-x64.msi | |
| msiexec /i Keylockertools-windows-x64.msi /quiet /qn | |
| smksp_registrar.exe list | |
| smctl.exe keypair ls | |
| C:\Windows\System32\certutil.exe -csp "DigiCert Signing Manager KSP" -key -user | |
| shell: cmd | |
| - name: Certificates Sync | |
| run: | | |
| smctl windows certsync | |
| shell: cmd | |
| - name: Signing using Signtool | |
| run: | | |
| signtool.exe sign /sha1 ${{ secrets.SM_CODE_SIGNING_CERT_SHA1_HASH }} /tr http://timestamp.digicert.com /td SHA256 /fd SHA256 "./src-tauri/target/release/bundle/msi/*.msi" | |
| - name: Delete Cert File | |
| run: Remove-Item -Force certificate.p12 | |
| - name: Rename MSI File | |
| run: | | |
| # Use PowerShell syntax to find and rename the .msi file | |
| $MSI_FILE = Get-ChildItem "src-tauri/target/release/bundle/msi" -Filter "*.msi" | Select-Object -First 1 | |
| $NEW_MSI_FILE = "src-tauri/target/release/bundle/msi/Uplink_${{ env.RELEASE_VERSION }}.msi" | |
| Move-Item -Path $MSI_FILE.FullName -Destination $NEW_MSI_FILE | |
| - name: Upload Signed Windows Installer | |
| uses: actions/[email protected] | |
| with: | |
| name: build-windows | |
| path: src-tauri/target/release/bundle/msi/Uplink_${{ env.RELEASE_VERSION }}.msi | |
| retention-days: 5 | |
| - name: GitHub Release Windows | |
| uses: softprops/action-gh-release@v2 | |
| with: | |
| files: | | |
| src-tauri/target/release/bundle/msi/Uplink_${{ env.RELEASE_VERSION }}.msi |