.github/workflows/release.yml

name: distributions release

on:
  pull_request:
    branches:  [master]

concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: false

jobs:
  pre-release:
    strategy:
      matrix:
        os: [macos-latest, ubuntu-latest, windows-latest]
        include:
          - args: '--target universal-apple-darwin'
            os: 'macos-latest'
          - args: '--target aarch64-pc-windows-msvc' #,x86_64-pc-windows-msvc'
            os: 'windows-latest'
          - args: '--target aarch64-unknown-linux-gnu'
            os: 'ubuntu-latest'
        node-version: [20.x]
    runs-on: ${{ matrix.os }}

    steps:
      - name: Github checkout
        uses: actions/checkout@v4
      - name: install Rust stable
        uses: dtolnay/rust-toolchain@stable
        with:
          targets: ${{ matrix.os == 'macos-latest' && 'aarch64-apple-darwin,x86_64-apple-darwin' || matrix.os == 'windows-latest' && 'aarch64-pc-windows-msvc,x86_64-pc-windows-msvc' || matrix.os == 'ubuntu-latest' && 'aarch64-unknown-linux-gnu,x86_64-unknown-linux-gnu' }}
      - name: Use Node.js 20.x
        uses: actions/setup-node@v4
        with:
          node-version: ${{ matrix.node-version }}
          cache: 'npm'
      - name: install dependencies (ubuntu only)
        if: matrix.os == 'ubuntu-latest'
        run: |
          sudo apt-get update
          sudo apt-get install -y libgtk-3-dev libwebkit2gtk-4.0-dev libappindicator3-dev librsvg2-dev patchelf pkg-config libssl-dev gcc-aarch64-linux-gnu
          ls -la /usr/include/openssl
      - name: install frontend dependencies
        run: npm ci --legacy-peer-deps
      - run: npm run lint:check
      - run: npm audit --audit-level=critical
      - run: npm run test:ci
      - name: Upload coverage reports to Codecov
        uses: codecov/codecov-action@v3
        env:
          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
      - run: npm run build
      - name: Generate changelog
        uses: jaywcjlove/changelog-generator@main
        id: changelog
        with:
          token: ${{ secrets.GITHUB_TOKEN }}
#      - name: import windows certificate
#        if: matrix.os == 'windows-latest'
#        env:
#          WINDOWS_CERTIFICATE: ${{ secrets.WINDOWS_CERTIFICATE }}
#          WINDOWS_CERTIFICATE_PASSWORD: ${{ secrets.WINDOWS_CERTIFICATE_PASSWORD }}
#        run: |
#          New-Item -ItemType directory -Path certificate
#          Set-Content -Path certificate/tempCert.txt -Value $env:WINDOWS_CERTIFICATE
#          certutil -decode certificate/tempCert.txt certificate/certificate.pfx
#          Remove-Item -path certificate -include tempCert.txt
#          Import-PfxCertificate -FilePath certificate/certificate.pfx -CertStoreLocation Cert:\CurrentUser\My -Password (ConvertTo-SecureString -String $env:WINDOWS_CERTIFICATE_PASSWORD -Force -AsPlainText)
      - name: Tag Release
        uses: jaywcjlove/create-tag-action@main
        id: tag_release
        with:
          prerelease: true
          token: ${{ secrets.GITHUB_TOKEN }}
          body: |
            ${{ steps.changelog.outputs.compareurl }}

            ${{ steps.changelog.outputs.changelog }}
      - name: Release App
        uses: tauri-apps/tauri-action@v0
        if: steps.tag_release.outputs.successful
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          PKG_CONFIG_ALLOW_CROSS: 1
          CC_aarch64_unknown_linux_gnu: aarch64-linux-gnu-gcc
          OPENSSL_DIR: /usr/include/openssl
          #          APPLE_ID: ${{ secrets.APPLE_ID }}
          #          APPLE_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
          #          APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
#          APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }}
#          APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
#          APPLE_SIGNING_IDENTITY: ${{ secrets.APPLE_SIGNING_IDENTITY }}
        with:
          tagName: ${{ steps.tag_release.outputs.version }}
          releaseName: ${{ steps.tag_release.outputs.version }}
          appVersion: "${{ steps.tag_release.outputs.versionNumber }}"
          args: ${{ matrix.args }}
          releaseBody: |
            ${{ steps.changelog.outputs.compareurl }}

            ${{ steps.changelog.outputs.changelog }}

          releaseDraft: true
          prerelease: true
      - name: Sign files with Trusted Signing
        if: matrix.os == 'windows-latest'
        uses: azure/trusted-signing-action@v0.3.19
        with:
          azure-tenant-id: ${{ secrets.AZURE_TENANT_ID }}
          azure-client-id: ${{ secrets.AZURE_CLIENT_ID }}
          azure-client-secret: ${{ secrets.AZURE_CLIENT_SECRET }}
          endpoint: https://eus.codesigning.azure.net/
          trusted-signing-account-name: geek-fun
          certificate-profile-name: geek-fun
          files-folder: ${{ github.workspace }}\src-tauri\target\release\bundle\nsis\
          files-folder-depth: 7
          files-folder-filter: exe
          file-digest: SHA256
          timestamp-rfc3161: http://timestamp.acs.microsoft.com
          timestamp-digest: SHA256

#      - name: Distribute artifacts to R2
#        uses: ryand56/r2-upload-action@master
#        if: steps.tag_release.outputs.successful
#        with:
#          r2-account-id:  ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
#          r2-access-key-id: ${{ secrets.CLOUDFLARE_R2_ACCESS_KEY_ID }}
#          r2-secret-access-key: ${{ secrets.CLOUDFLARE_R2_SECRET_ACCESS_KEY }}
#          r2-bucket: ${{ secrets.CLOUDFLARE_ARTIFACTS_R2 }}
#          source-dir: out/make/
#          destination-dir: dockit