[Snyk] Security upgrade vue-i18n from 9.14.1 to 9.14.2 (#143) #216
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: distributions release | |
on: | |
push: | |
branches: [ master ] | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: true | |
jobs: | |
pre-release: | |
strategy: | |
fail-fast: false | |
matrix: | |
os: [ macos-latest, windows-latest, ubuntu-latest ] | |
include: | |
- os: 'macos-latest' | |
args: '--target universal-apple-darwin' | |
target: 'aarch64-apple-darwin,x86_64-apple-darwin' | |
- os: 'windows-latest' | |
args: '--target aarch64-pc-windows-msvc' | |
target: 'aarch64-pc-windows-msvc' | |
aarch64: true | |
- os: 'windows-latest' | |
args: '--target x86_64-pc-windows-msvc' | |
target: 'x86_64-pc-windows-msvc' | |
x86_64: true | |
- os: 'ubuntu-latest' | |
args: '--target aarch64-unknown-linux-gnu' | |
target: 'aarch64-unknown-linux-gnu' | |
aarch64: true | |
- os: 'ubuntu-latest' | |
args: '--target x86_64-unknown-linux-gnu' | |
target: 'x86_64-unknown-linux-gnu' | |
x86_64: true | |
node-version: [ 20.x ] | |
runs-on: ${{ matrix.os }} | |
steps: | |
- name: Github checkout | |
uses: actions/checkout@v4 | |
- name: install Rust stable | |
uses: dtolnay/rust-toolchain@stable | |
with: | |
targets: ${{ matrix.target }} | |
- name: Use Node.js 20.x | |
uses: actions/setup-node@v4 | |
with: | |
node-version: ${{ matrix.node-version }} | |
cache: 'npm' | |
- name: install dependencies (ubuntu only) | |
if: matrix.os == 'ubuntu-latest' | |
run: | | |
echo "deb http://gb.archive.ubuntu.com/ubuntu jammy main" | sudo tee -a /etc/apt/sources.list | |
sudo apt-get update | |
sudo apt-get install -y libgtk-3-dev libwebkit2gtk-4.0-dev libappindicator3-dev librsvg2-dev patchelf pkg-config libssl-dev gcc-aarch64-linux-gnu | |
- name: install frontend dependencies | |
run: npm ci --legacy-peer-deps | |
- run: npm run lint:check | |
- run: npm audit --audit-level=critical | |
- run: npm run test:ci | |
- name: Upload coverage reports to Codecov | |
uses: codecov/codecov-action@v3 | |
env: | |
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} | |
- run: npm run build | |
- name: Build Distribution Binaries | |
uses: tauri-apps/tauri-action@v0 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
PKG_CONFIG_ALLOW_CROSS: 1 | |
CC_aarch64_unknown_linux_gnu: aarch64-linux-gnu-gcc | |
APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }} | |
APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }} | |
APPLE_SIGNING_IDENTITY: ${{ secrets.APPLE_SIGNING_IDENTITY }} | |
with: | |
args: ${{ matrix.args }} | |
- name: Sign Binaries with Trusted Signing | |
if: matrix.os == 'windows-latest' | |
uses: azure/[email protected] | |
with: | |
azure-tenant-id: ${{ secrets.AZURE_TENANT_ID }} | |
azure-client-id: ${{ secrets.AZURE_CLIENT_ID }} | |
azure-client-secret: ${{ secrets.AZURE_CLIENT_SECRET }} | |
endpoint: https://eus.codesigning.azure.net/ | |
trusted-signing-account-name: geek-fun | |
certificate-profile-name: geek-fun | |
files-folder: ${{ github.workspace }}\src-tauri\target\${{ matrix.target }}\release\bundle\nsis\ | |
files-folder-depth: 7 | |
files-folder-filter: exe | |
file-digest: SHA256 | |
timestamp-rfc3161: http://timestamp.acs.microsoft.com | |
timestamp-digest: SHA256 | |
- name: Collect Distribution Binaries | |
env: | |
PLATFORM: ${{ matrix.os }} | |
run: ./scripts/collect-binaries.sh | |
shell: bash | |
- name: Upload Distribution Binaries | |
uses: actions/upload-artifact@v4 | |
with: | |
name: artifacts-${{ matrix.os }} | |
path: ${{ github.workspace }}/artifacts/* | |
release: | |
needs: pre-release | |
runs-on: ubuntu-latest | |
steps: | |
- name: Github checkout | |
uses: actions/checkout@v4 | |
- name: Tag Release | |
uses: jaywcjlove/create-tag-action@main | |
id: tag_release | |
with: | |
prerelease: true | |
token: ${{ secrets.GITHUB_TOKEN }} | |
body: | | |
${{ steps.changelog.outputs.compareurl }} | |
${{ steps.changelog.outputs.changelog }} | |
- name: Download Distribution Binaries | |
uses: actions/download-artifact@v4 | |
if: steps.tag_release.outputs.successful == 'true' | |
with: | |
path: artifacts | |
merge-multiple: true | |
- name: Generate changelog | |
uses: jaywcjlove/changelog-generator@main | |
if: steps.tag_release.outputs.successful == 'true' | |
id: changelog | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
- name: Release App | |
uses: softprops/action-gh-release@v2 | |
if: steps.tag_release.outputs.successful == 'true' | |
with: | |
tag_name: ${{ steps.tag_release.outputs.version }} | |
name: ${{ steps.tag_release.outputs.version }} | |
body: | | |
${{ steps.changelog.outputs.compareurl }} | |
${{ steps.changelog.outputs.changelog }} | |
files: | |
${{ github.workspace }}/artifacts/**/* | |
- name: Distribute Binaries to R2 | |
if: steps.tag_release.outputs.successful == 'true' | |
uses: ryand56/r2-upload-action@master | |
with: | |
r2-account-id: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }} | |
r2-access-key-id: ${{ secrets.CLOUDFLARE_R2_ACCESS_KEY_ID }} | |
r2-secret-access-key: ${{ secrets.CLOUDFLARE_R2_SECRET_ACCESS_KEY }} | |
r2-bucket: ${{ secrets.CLOUDFLARE_ARTIFACTS_R2 }} | |
source-dir: ${{ github.workspace }}/artifacts/ | |
destination-dir: dockit |