diff --git a/.github/workflows/release-codesigned.yaml b/.github/workflows/release-codesigned.yaml index cfab944..f50276a 100644 --- a/.github/workflows/release-codesigned.yaml +++ b/.github/workflows/release-codesigned.yaml @@ -34,55 +34,12 @@ jobs: - name: install app dependencies and info run: npm install && npm run tauri info - - name: setup binaries (Windows only) - if: matrix.platform == 'windows-2019' - run: | - mkdir src-tauri/bins - - cargo install --version 0.3.0 lair_keystore - $LkPath = Get-Command lair-keystore | Select-Object -ExpandProperty Definition - Copy-Item $LkPath -Destination src-tauri/bins/lair-keystore-v0.3.0-x86_64-pc-windows-msvc.exe - - - cargo install holochain --version holochain-v0.2.3-beta-rc.1 --locked --features sqlite-encrypted - $HcPath = Get-Command holochain | Select-Object -ExpandProperty Definition - Copy-Item $HcPath -Destination src-tauri/bins/holochain-v0.2.3-beta-rc.1-x86_64-pc-windows-msvc.exe - - - - name: setup binaries (macos only) - if: matrix.platform == 'macos-11' - run: | - mkdir src-tauri/bins - - cargo install --version 0.3.0 lair_keystore - LAIR_PATH=$(which lair-keystore) - cp $LAIR_PATH src-tauri/bins/lair-keystore-v0.3.0-x86_64-apple-darwin - - cargo install holochain --version holochain-v0.2.3-beta-rc.1 --locked --features sqlite-encrypted - HOLOCHAIN_PATH=$(which holochain) - cp $HOLOCHAIN_PATH src-tauri/bins/holochain-v0.2.3-beta-rc.1-x86_64-apple-darwin - - - name: install dependencies (ubuntu only) if: matrix.platform == 'ubuntu-20.04' run: | sudo apt-get update sudo apt-get install -y libwebkit2gtk-4.0-dev libcanberra-gtk-module libcanberra-gtk3-module build-essential curl wget libssl-dev libgtk-3-dev squashfs-tools libgtksourceview-3.0-dev libappindicator3-dev patchelf librsvg2-dev ayatana-indicator-application - - name: setup binaries (ubuntu only) - if: matrix.platform == 'ubuntu-20.04' - run: | - mkdir src-tauri/bins - - cargo install --version 0.3.0 lair_keystore - LAIR_PATH=$(which lair-keystore) - cp $LAIR_PATH src-tauri/bins/lair-keystore-v0.3.0-x86_64-unknown-linux-gnu - - cargo install holochain --version holochain-v0.2.3-beta-rc.1 --locked --features sqlite-encrypted - HOLOCHAIN_PATH=$(which holochain) - cp $HOLOCHAIN_PATH src-tauri/bins/holochain-v0.2.3-beta-rc.1-x86_64-unknown-linux-gnu - - - name: generate dist folder run: npm run dist @@ -102,6 +59,7 @@ jobs: TAURI_KEY_PASSWORD: ${{ secrets.TAURI_KEY_PASSWORD }} with: + projectPath: src-tauri # specifying to prevent action from looking for artifacts in crates/hc_launch/src-tauri tagName: v__VERSION__ # the action automatically replaces \_\_VERSION\_\_ with the app version releaseName: "talking-stickies v__VERSION__" releaseBody: "See assets below to download and install this version." @@ -118,14 +76,15 @@ jobs: if: matrix.platform == 'windows-2019' run: | - npm run tauri build -- --verbose # building in verbose mode to get reasonable logging output in case of failure + npm run dist + npm run tauri -- build --verbose # building in verbose mode to get reasonable logging output in case of failure dotnet tool install --global AzureSignTool # replace-me -- HELP - # 1. replace all occurrences of talking-stickies-kangaroo-1 with the name you of your GitHub repository - # 2. replace all occurrences of TalkingStickies with the productName field in tauri.conf.json - # 3. replace all occurrences of 0.0.1 with the version field in tauri.conf.json + # 1. replace all occurrences of talking-stickies with the name you gave your package in srct-tauri/Cargo.toml + # 2. replace all occurrences of talking-stickies with the productName field in tauri.conf.json + # 3. replace all occurrences of 0.0.8 with the version field in tauri.conf.json # !! NOTE: The version field needs to be updated manually here with each new version of your app, otherwise the Windows build will fail. # sign the .msi file @@ -135,39 +94,34 @@ jobs: # # Uncomment the lines below if you have the updater enabled # # ========================================================= - # # remove the .msi.zip and .msi.zip.sig files generated by tauri's build command as they are not code signed # rm "D:\a\talking-stickies-kangaroo-1\talking-stickies-kangaroo-1\src-tauri\target\release\bundle\msi\TalkingStickies_0.0.1_x64_en-US.msi.zip" # rm "D:\a\talking-stickies-kangaroo-1\talking-stickies-kangaroo-1\src-tauri\target\release\bundle\msi\TalkingStickies_0.0.1_x64_en-US.msi.zip.sig" - # rm "D:\a\talking-stickies-kangaroo-1\talking-stickies-kangaroo-1\target\release\bundle\nsis\TalkingStickies_0.0.1_x64-setup.nsis.zip" - # rm "D:\a\talking-stickies-kangaroo-1\talking-stickies-kangaroo-1\target\release\bundle\nsis\TalkingStickies_0.0.1_x64-setup.nsis.zip.sig" - + # # # zip and sign the code signed .msi # 7z a -mx=0 "D:\a\talking-stickies-kangaroo-1\talking-stickies-kangaroo-1\src-tauri\target\release\bundle\msi\TalkingStickies_0.0.1_x64_en-US.msi.zip" "D:\a\talking-stickies-kangaroo-1\talking-stickies-kangaroo-1\target\release\bundle\msi\TalkingStickies_0.0.1_x64_en-US.msi" # npm run tauri signer sign "D:\a\talking-stickies-kangaroo-1\talking-stickies-kangaroo-1\src-tauri\target\release\bundle\msi\TalkingStickies_0.0.1_x64_en-US.msi.zip" -- -k ${{ secrets.TAURI_PRIVATE_KEY }} -p "${{ secrets.TAURI_KEY_PASSWORD }}" - - # 7z a -mx=0 "D:\a\talking-stickies-kangaroo-1\talking-stickies-kangaroo-1\target\release\bundle\nsis\TalkingStickies_0.0.1_x64-setup.nsis.zip" "D:\a\talking-stickies-kangaroo-1\talking-stickies-kangaroo-1\target\release\bundle\nsis\TalkingStickies_0.0.1_x64-setup.exe" - # npm run tauri signer sign "D:\a\talking-stickies-kangaroo-1\talking-stickies-kangaroo-1\target\release\bundle\nsis\TalkingStickies_0.0.1_x64-setup.nsis.zip" -- -k ${{ secrets.TAURI_PRIVATE_KEY_0_2 }} -p "${{ secrets.TAURI_KEY_PASSWORD }}" - # # ========================================================= + # log hashes before and after code signing to verify that the uploaded assets are the right ones - CertUtil -hashfile "D:\a\talking-stickies-kangaroo-1\talking-stickies-kangaroo-1\src-tauri\target\release\bundle\msi\TalkingStickies_0.0.1_x64_en-US.msi" SHA256 CertUtil -hashfile "D:\a\talking-stickies-kangaroo-1\talking-stickies-kangaroo-1\src-tauri\target\release\bundle\nsis\TalkingStickies_0.0.1_x64-setup.exe" SHA256 # # Uncomment the lines below if you have the updater enabled # CertUtil -hashfile "D:\a\talking-stickies-kangaroo-1\talking-stickies-kangaroo-1\src-tauri\target\release\bundle\msi\TalkingStickies_0.0.1_x64_en-US.msi.zip" SHA256 # CertUtil -hashfile "D:\a\talking-stickies-kangaroo-1\talking-stickies-kangaroo-1\src-tauri\target\release\bundle\msi\TalkingStickies_0.0.1_x64_en-US.msi.zip.sig" SHA256 + env: TAURI_PRIVATE_KEY: ${{ secrets.TAURI_PRIVATE_KEY }} TAURI_KEY_PASSWORD: ${{ secrets.TAURI_KEY_PASSWORD }} - - name: upload signed .msi, .msi.zip, .msi.zip.sig, .exe, .nsis.zip, .nsis.zip.sig files to github release (Windows only) + - name: upload signed .msi, .exe, .msi.zip, .msi.zip.sig files to github release (Windows only) uses: matthme/tauri-action-ev-signing@upload-only if: matrix.platform == 'windows-2019' env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: + projectPath: src-tauri # specifying to prevent action from looking for artifacts in crates/hc_launch/src-tauri tagName: v__VERSION__ # the action automatically replaces \_\_VERSION\_\_ with the app version releaseName: "talking-stickies v__VERSION__" releaseBody: "See assets below to download and install this version."