release.yml

name: Release

on:
  workflow_dispatch:
# NOTE: For Linux builds, we can only build with Ubuntu. It should be the oldest base system we intend to support. See PR-759 & https://tauri.app/v1/guides/building/linux for reference.

# From: https://github.com/rust-lang/rust-analyzer/blob/master/.github/workflows/release.yaml#L13-L21
env:
  CARGO_INCREMENTAL: 0
  CARGO_NET_RETRY: 10
  RUSTUP_MAX_RETRIES: 10

jobs:
  desktop-main:
    strategy:
      matrix:
        settings:
          - host: macos-13
            target: x86_64-apple-darwin
            bundles: app,dmg
            os: darwin
            arch: x86_64
          - host: macos-14
            target: aarch64-apple-darwin
            bundles: app,dmg
            os: darwin
            arch: aarch64
          - host: windows-latest
            target: x86_64-pc-windows-msvc
            bundles: msi
            os: windows
            arch: x86_64
          # - host: windows-latest
          #   target: aarch64-pc-windows-msvc
          - host: ubuntu-20.04
            target: x86_64-unknown-linux-gnu
            bundles: deb
            os: linux
            arch: x86_64
          # - host: ubuntu-20.04
          #   target: x86_64-unknown-linux-musl
          # - host: ubuntu-20.04
          #   target: aarch64-unknown-linux-gnu
          #   bundles: deb
          # - host: ubuntu-20.04
          #   target: aarch64-unknown-linux-musl
    name: Desktop - Main ${{ matrix.settings.target }}
    runs-on: ${{ matrix.settings.host }}
    steps:
      - name: Maximize build space
        if: ${{ runner.os == 'Linux' }}
        uses: easimon/maximize-build-space@master
        with:
          swap-size-mb: 3072
          root-reserve-mb: 6144
          remove-dotnet: 'true'
          remove-codeql: 'true'
          remove-haskell: 'true'
          remove-docker-images: 'true'

      - name: Symlink target to C:\
        if: ${{ runner.os == 'Windows' }}
        shell: powershell
        run: |
          New-Item -ItemType Directory -Force -Path C:\spacedrive_target
          New-Item -Path target -ItemType Junction -Value C:\spacedrive_target

      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Install Apple API key
        if: ${{ runner.os == 'macOS' }}
        run: |
          mkdir -p ~/.appstoreconnect/private_keys/
          cd ~/.appstoreconnect/private_keys/
          echo ${{ secrets.APPLE_API_KEY_BASE64 }} >> AuthKey_${{ secrets.APPLE_API_KEY }}.p8.base64
          base64 --decode -i AuthKey_${{ secrets.APPLE_API_KEY }}.p8.base64 -o AuthKey_${{ secrets.APPLE_API_KEY }}.p8
          rm AuthKey_${{ secrets.APPLE_API_KEY }}.p8.base64

      - name: Install Codesigning Certificate
        if: ${{ runner.os == 'macOS' }}
        uses: apple-actions/import-codesign-certs@v2
        with:
          p12-file-base64: ${{ secrets.APPLE_CERTIFICATE }}
          p12-password: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}

      - name: Setup System and Rust
        uses: ./.github/actions/setup-system
        env:
          APPLE_SIGNING_IDENTITY: ${{ secrets.APPLE_SIGNING_IDENTITY }}
        with:
          token: ${{ secrets.GITHUB_TOKEN }}
          target: ${{ matrix.settings.target }}

      - name: Setup Node.js, pnpm and dependencies
        uses: ./.github/actions/setup-pnpm
        with:
          token: ${{ secrets.GITHUB_TOKEN }}

      - name: Build
        run: |
          pnpm tauri build --ci -v --target ${{ matrix.settings.target }} --bundles ${{ matrix.settings.bundles }},updater
        env:
          TAURI_PRIVATE_KEY: ${{ secrets.TAURI_PRIVATE_KEY }}
          TAURI_KEY_PASSWORD: ${{ secrets.TAURI_KEY_PASSWORD }}
          ENABLE_CODE_SIGNING: ${{ secrets.APPLE_CERTIFICATE }}
          APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }}
          APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
          APPLE_SIGNING_IDENTITY: ${{ secrets.APPLE_SIGNING_IDENTITY }}
          APPLE_PROVIDER_SHORT_NAME: ${{ secrets.APPLE_PROVIDER_SHORT_NAME }}
          APPLE_API_ISSUER: ${{ secrets.APPLE_API_ISSUER }}
          APPLE_API_KEY: ${{ secrets.APPLE_API_KEY }}
          SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}

      - name: Build AppImage in Docker
        if: ${{ runner.os == 'Linux' && ( matrix.settings.target == 'x86_64-unknown-linux-gnu' || matrix.settings.target == 'aarch64-unknown-linux-gnu' ) }}
        run: |
          set -euxo pipefail
          docker run --rm -v $(pwd):/srv -e 'CI=true' -e 'TARGET=${{ matrix.settings.target }}' -w /srv debian:bookworm scripts/appimage/build_appimage.sh
          cd 'target/${{ matrix.settings.target }}/release/bundle/appimage'
          sudo chown "$(id -u):$(id -g)" -R .
          tar -czf Updater.AppImage.tar.gz *.AppImage
          pnpm tauri signer sign -k '${{ secrets.TAURI_PRIVATE_KEY }}' -p '${{ secrets.TAURI_KEY_PASSWORD }}' "$(pwd)/Updater.AppImage.tar.gz"

      - name: Publish Artifacts
        uses: ./.github/actions/publish-artifacts
        with:
          os: ${{ matrix.settings.os }}
          arch: ${{ matrix.settings.arch }}
          target: ${{ matrix.settings.target }}
          profile: release

  release:
    if: startsWith(github.ref, 'refs/tags/')
    runs-on: ubuntu-latest
    name: Create Release
    needs: desktop-main
    permissions:
      contents: write
    steps:
      - name: Download artifacts
        uses: actions/download-artifact@v4

      - name: Create Release
        # TODO: Change to stable version when available
        uses: softprops/action-gh-release@4634c16e79c963813287e889244c50009e7f0981
        with:
          draft: true
          files: '*/**'