Skip to content

[Snyk] Security upgrade vue-i18n from 9.14.1 to 9.14.2 (#143) #216

[Snyk] Security upgrade vue-i18n from 9.14.1 to 9.14.2 (#143)

[Snyk] Security upgrade vue-i18n from 9.14.1 to 9.14.2 (#143) #216

Workflow file for this run

name: distributions release
on:
push:
branches: [ master ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
pre-release:
strategy:
fail-fast: false
matrix:
os: [ macos-latest, windows-latest, ubuntu-latest ]
include:
- os: 'macos-latest'
args: '--target universal-apple-darwin'
target: 'aarch64-apple-darwin,x86_64-apple-darwin'
- os: 'windows-latest'
args: '--target aarch64-pc-windows-msvc'
target: 'aarch64-pc-windows-msvc'
aarch64: true
- os: 'windows-latest'
args: '--target x86_64-pc-windows-msvc'
target: 'x86_64-pc-windows-msvc'
x86_64: true
- os: 'ubuntu-latest'
args: '--target aarch64-unknown-linux-gnu'
target: 'aarch64-unknown-linux-gnu'
aarch64: true
- os: 'ubuntu-latest'
args: '--target x86_64-unknown-linux-gnu'
target: 'x86_64-unknown-linux-gnu'
x86_64: true
node-version: [ 20.x ]
runs-on: ${{ matrix.os }}
steps:
- name: Github checkout
uses: actions/checkout@v4
- name: install Rust stable
uses: dtolnay/rust-toolchain@stable
with:
targets: ${{ matrix.target }}
- name: Use Node.js 20.x
uses: actions/setup-node@v4
with:
node-version: ${{ matrix.node-version }}
cache: 'npm'
- name: install dependencies (ubuntu only)
if: matrix.os == 'ubuntu-latest'
run: |
echo "deb http://gb.archive.ubuntu.com/ubuntu jammy main" | sudo tee -a /etc/apt/sources.list
sudo apt-get update
sudo apt-get install -y libgtk-3-dev libwebkit2gtk-4.0-dev libappindicator3-dev librsvg2-dev patchelf pkg-config libssl-dev gcc-aarch64-linux-gnu
- name: install frontend dependencies
run: npm ci --legacy-peer-deps
- run: npm run lint:check
- run: npm audit --audit-level=critical
- run: npm run test:ci
- name: Upload coverage reports to Codecov
uses: codecov/codecov-action@v3
env:
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
- run: npm run build
- name: Build Distribution Binaries
uses: tauri-apps/tauri-action@v0
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
PKG_CONFIG_ALLOW_CROSS: 1
CC_aarch64_unknown_linux_gnu: aarch64-linux-gnu-gcc
APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }}
APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
APPLE_SIGNING_IDENTITY: ${{ secrets.APPLE_SIGNING_IDENTITY }}
with:
args: ${{ matrix.args }}
- name: Sign Binaries with Trusted Signing
if: matrix.os == 'windows-latest'
uses: azure/[email protected]
with:
azure-tenant-id: ${{ secrets.AZURE_TENANT_ID }}
azure-client-id: ${{ secrets.AZURE_CLIENT_ID }}
azure-client-secret: ${{ secrets.AZURE_CLIENT_SECRET }}
endpoint: https://eus.codesigning.azure.net/
trusted-signing-account-name: geek-fun
certificate-profile-name: geek-fun
files-folder: ${{ github.workspace }}\src-tauri\target\${{ matrix.target }}\release\bundle\nsis\
files-folder-depth: 7
files-folder-filter: exe
file-digest: SHA256
timestamp-rfc3161: http://timestamp.acs.microsoft.com
timestamp-digest: SHA256
- name: Collect Distribution Binaries
env:
PLATFORM: ${{ matrix.os }}
run: ./scripts/collect-binaries.sh
shell: bash
- name: Upload Distribution Binaries
uses: actions/upload-artifact@v4
with:
name: artifacts-${{ matrix.os }}
path: ${{ github.workspace }}/artifacts/*
release:
needs: pre-release
runs-on: ubuntu-latest
steps:
- name: Github checkout
uses: actions/checkout@v4
- name: Tag Release
uses: jaywcjlove/create-tag-action@main
id: tag_release
with:
prerelease: true
token: ${{ secrets.GITHUB_TOKEN }}
body: |
${{ steps.changelog.outputs.compareurl }}
${{ steps.changelog.outputs.changelog }}
- name: Download Distribution Binaries
uses: actions/download-artifact@v4
if: steps.tag_release.outputs.successful == 'true'
with:
path: artifacts
merge-multiple: true
- name: Generate changelog
uses: jaywcjlove/changelog-generator@main
if: steps.tag_release.outputs.successful == 'true'
id: changelog
with:
token: ${{ secrets.GITHUB_TOKEN }}
- name: Release App
uses: softprops/action-gh-release@v2
if: steps.tag_release.outputs.successful == 'true'
with:
tag_name: ${{ steps.tag_release.outputs.version }}
name: ${{ steps.tag_release.outputs.version }}
body: |
${{ steps.changelog.outputs.compareurl }}
${{ steps.changelog.outputs.changelog }}
files:
${{ github.workspace }}/artifacts/**/*
- name: Distribute Binaries to R2
if: steps.tag_release.outputs.successful == 'true'
uses: ryand56/r2-upload-action@master
with:
r2-account-id: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
r2-access-key-id: ${{ secrets.CLOUDFLARE_R2_ACCESS_KEY_ID }}
r2-secret-access-key: ${{ secrets.CLOUDFLARE_R2_SECRET_ACCESS_KEY }}
r2-bucket: ${{ secrets.CLOUDFLARE_ARTIFACTS_R2 }}
source-dir: ${{ github.workspace }}/artifacts/
destination-dir: dockit