name: 'publish' on: workflow_dispatch: {} release: types: [published] # This can be used to automatically publish nightlies at UTC nighttime # schedule: # - cron: "0 2 * * *" # run at 2 AM UTC # This workflow will trigger on each push to the `release` branch to create or update a GitHub release, build your app, and upload the artifacts to the release. jobs: publish-tauri: permissions: contents: write strategy: fail-fast: false matrix: include: - platform: 'macos-latest' # for Arm based macs (M1 and above). args: '--target aarch64-apple-darwin' - platform: 'macos-latest' # for Intel based macs. args: '--target x86_64-apple-darwin' - platform: 'ubuntu-22.04' # for Tauri v1 you could replace this with ubuntu-20.04. args: '' - platform: 'ubuntu-22.04-arm' args: '--target aarch64-unknown-linux-gnu' - platform: 'windows-latest' args: '' runs-on: ${{ matrix.platform }} steps: - uses: actions/checkout@v4 with: submodules: true token: ${{ secrets.GITHUB_TOKEN }} - name: setup node uses: actions/setup-node@v4 with: node-version: lts/* - name: install Rust nightly uses: dtolnay/rust-toolchain@nightly with: # Those targets are only used on macos runners so it's in an `if` to slightly speed up windows and linux builds. targets: ${{ matrix.platform == 'macos-latest' && 'aarch64-apple-darwin,x86_64-apple-darwin' || '' }} - name: install dependencies (ubuntu only) if: matrix.platform == 'ubuntu-22.04' || matrix.platform == 'ubuntu-22.04-arm' # This must match the platform value defined above. run: | sudo apt-get update sudo apt-get install -y libwebkit2gtk-4.1-dev libappindicator3-dev librsvg2-dev patchelf # webkitgtk 4.0 is for Tauri v1 - webkitgtk 4.1 is for Tauri v2. - name: Import Apple Developer Certificate if: matrix.platform == 'macos-latest' env: APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }} APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }} KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} run: | echo $APPLE_CERTIFICATE | base64 --decode > certificate.p12 security create-keychain -p "$KEYCHAIN_PASSWORD" build.keychain security default-keychain -s build.keychain security unlock-keychain -p "$KEYCHAIN_PASSWORD" build.keychain security set-keychain-settings -t 3600 -u build.keychain curl https://droposs.org/drop.crt --output drop.pem sudo security authorizationdb write com.apple.trust-settings.admin allow sudo security add-trusted-cert -d -r trustRoot -k build.keychain -p codeSign -u -1 drop.pem sudo security authorizationdb remove com.apple.trust-settings.admin security import certificate.p12 -k build.keychain -P "$APPLE_CERTIFICATE_PASSWORD" -T /usr/bin/codesign security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$KEYCHAIN_PASSWORD" build.keychain security find-identity -v -p codesigning build.keychain - name: Verify Certificate if: matrix.platform == 'macos-latest' run: | CERT_INFO=$(security find-identity -v -p codesigning build.keychain | grep "Drop OSS") CERT_ID=$(echo "$CERT_INFO" | awk -F'"' '{print $2}') echo "CERT_ID=$CERT_ID" >> $GITHUB_ENV echo "Certificate imported. Using identity: $CERT_ID" - name: install frontend dependencies run: yarn install # change this to npm, pnpm or bun depending on which one you use. - uses: tauri-apps/tauri-action@v0 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }} APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }} APPLE_SIGNING_IDENTITY: ${{ env.CERT_ID }} NO_STRIP: true with: tagName: v__VERSION__ # the action automatically replaces \_\_VERSION\_\_ with the app version. releaseName: 'Auto-release v__VERSION__' releaseBody: 'See the assets to download this version and install. This release was created automatically.' releaseDraft: false prerelease: true args: ${{ matrix.args }}