name: "publish" on: workflow_dispatch: {} release: types: [published] # This can be used to automatically publish nightlies at UTC nighttime # schedule: # - cron: "0 2 * * *" # run at 2 AM UTC # This workflow will trigger on each push to the `release` branch to create or update a GitHub release, build your app, and upload the artifacts to the release. jobs: publish-tauri: permissions: contents: write strategy: fail-fast: false matrix: include: - platform: "macos-14" # for Arm based macs (M1 and above). args: "--target aarch64-apple-darwin" - platform: "macos-14" # for Intel based macs. args: "--target x86_64-apple-darwin" - platform: "ubuntu-22.04" # for Tauri v1 you could replace this with ubuntu-20.04. args: "" - platform: "ubuntu-22.04-arm" args: "--target aarch64-unknown-linux-gnu" - platform: "windows-latest" args: "" runs-on: ${{ matrix.platform }} steps: - uses: actions/checkout@v4 with: submodules: true token: ${{ secrets.GITHUB_TOKEN }} - name: setup node uses: actions/setup-node@v4 with: node-version: lts/* - name: install Rust nightly uses: dtolnay/rust-toolchain@nightly with: # Those targets are only used on macos runners so it's in an `if` to slightly speed up windows and linux builds. targets: ${{ matrix.platform == 'macos-latest' && 'aarch64-apple-darwin,x86_64-apple-darwin' || '' }} - name: install dependencies (ubuntu only) if: matrix.platform == 'ubuntu-22.04' || matrix.platform == 'ubuntu-22.04-arm' # This must match the platform value defined above. run: | sudo apt-get update sudo apt-get install -y libwebkit2gtk-4.1-dev libappindicator3-dev librsvg2-dev patchelf xdg-utils # webkitgtk 4.0 is for Tauri v1 - webkitgtk 4.1 is for Tauri v2. - name: Import Apple Developer Certificate if: matrix.platform == 'macos-14' env: APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }} APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }} KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} run: | echo $APPLE_CERTIFICATE | base64 --decode > certificate.p12 security create-keychain -p "$KEYCHAIN_PASSWORD" build.keychain security default-keychain -s build.keychain security unlock-keychain -p "$KEYCHAIN_PASSWORD" build.keychain security set-keychain-settings -t 3600 -u build.keychain echo "Created keychain" curl https://droposs.org/drop.der --output drop.der # swiftc libs/appletrust/add-certificate.swift # ./add-certificate drop.der # rm add-certificate # echo "Added certificate to keychain using swift util" ## Script is equivalent to: sudo security authorizationdb write com.apple.trust-settings.admin allow sudo security add-trusted-cert -d -r trustRoot -k build.keychain -p codeSign -u -1 drop.der sudo security authorizationdb remove com.apple.trust-settings.admin security import certificate.p12 -k build.keychain -P "$APPLE_CERTIFICATE_PASSWORD" -T /usr/bin/codesign echo "Imported certificate" security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$KEYCHAIN_PASSWORD" build.keychain security find-identity -v -p codesigning build.keychain - name: Verify Certificate if: matrix.platform == 'macos-14' run: | CERT_INFO=$(security find-identity -v -p codesigning build.keychain | grep "Drop OSS") CERT_ID=$(echo "$CERT_INFO" | awk -F'"' '{print $2}') echo "CERT_ID=$CERT_ID" >> $GITHUB_ENV echo "Certificate imported. Using identity: $CERT_ID" - name: install frontend dependencies run: yarn install # change this to npm, pnpm or bun depending on which one you use. - uses: tauri-apps/tauri-action@v0 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }} APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }} APPLE_SIGNING_IDENTITY: ${{ env.CERT_ID }} NO_STRIP: true with: tagName: v__VERSION__ # the action automatically replaces \_\_VERSION\_\_ with the app version. releaseName: "Auto-release v__VERSION__" releaseBody: "See the assets to download this version and install. This release was created automatically." releaseDraft: false prerelease: true args: ${{ matrix.args }}