From 1e165e5a7e7995d18c9239c42c621e296a7938f6 Mon Sep 17 00:00:00 2001 From: mark Date: Thu, 2 Oct 2025 23:30:31 -0400 Subject: [PATCH] ci: add workflows --- .github/workflows/build-linux.yml | 77 ++++++++++++++ .github/workflows/build-macos.yml | 149 ++++++++++++++++++++++++++++ .github/workflows/build-windows.yml | 71 +++++++++++++ 3 files changed, 297 insertions(+) create mode 100644 .github/workflows/build-linux.yml create mode 100644 .github/workflows/build-macos.yml create mode 100644 .github/workflows/build-windows.yml diff --git a/.github/workflows/build-linux.yml b/.github/workflows/build-linux.yml new file mode 100644 index 0000000..b43269d --- /dev/null +++ b/.github/workflows/build-linux.yml @@ -0,0 +1,77 @@ +name: 'build-linux' + +on: workflow_dispatch + +jobs: + build-linux: + permissions: + contents: write + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 2 + + # Set up Bun + - name: Setup Bun + uses: oven-sh/setup-bun@v2 + with: + bun-version: latest + + ### Check if version changed + - name: Check version + id: check-version + run: | + # Get the current version + CURRENT_VERSION=$(grep -o '"version": *"[^"]*"' package.json | head -1 | cut -d'"' -f4) + echo "Current version: $CURRENT_VERSION" + echo "version=$CURRENT_VERSION" >> $GITHUB_OUTPUT + + echo "changed=true" >> $GITHUB_OUTPUT + + # Install Rust with proper targets for Linux + - name: Install Rust stable + if: steps.check-version.outputs.changed == 'true' + uses: dtolnay/rust-toolchain@stable + with: + targets: 'x86_64-unknown-linux-gnu' + + # Cache Rust dependencies for faster builds + - name: Rust cache + if: steps.check-version.outputs.changed == 'true' + uses: swatinem/rust-cache@v2 + with: + workspaces: './src-tauri -> target' + + # Install frontend dependencies + - name: Install frontend dependencies + if: steps.check-version.outputs.changed == 'true' + run: bun install + + # Sync version from package.json to tauri.conf.json + - name: Sync version to tauri.conf.json + if: steps.check-version.outputs.changed == 'true' + run: | + VERSION="${{ steps.check-version.outputs.version }}" + sed -i "s/\"version\": \".*\"/\"version\": \"$VERSION\"/" src-tauri/tauri.conf.json + echo "Updated tauri.conf.json to version $VERSION" + + # Install system dependencies for Linux builds + - name: Install system dependencies + if: steps.check-version.outputs.changed == 'true' + run: | + sudo apt-get update + sudo apt-get install -y libwebkit2gtk-4.1-dev libappindicator3-dev librsvg2-dev patchelf + + # Run Tauri build with verbose logging + - name: Build with Tauri + if: steps.check-version.outputs.changed == 'true' + uses: tauri-apps/tauri-action@v0 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + args: --target x86_64-unknown-linux-gnu --verbose + tagName: v${{ steps.check-version.outputs.version }} + releaseName: "Shark v${{ steps.check-version.outputs.version }}" + releaseDraft: false + prerelease: false \ No newline at end of file diff --git a/.github/workflows/build-macos.yml b/.github/workflows/build-macos.yml new file mode 100644 index 0000000..8a45908 --- /dev/null +++ b/.github/workflows/build-macos.yml @@ -0,0 +1,149 @@ +name: 'build-macos' + +on: workflow_dispatch + +jobs: + build-macos: + permissions: + contents: write + strategy: + fail-fast: false + matrix: + include: + - args: '--target aarch64-apple-darwin' + arch: 'silicon' + - args: '--target x86_64-apple-darwin' + arch: 'intel' + runs-on: macos-latest + env: + APPLE_ID: ${{ secrets.APPLE_ID }} + APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }} + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 2 + + # Set up Bun + - name: Setup Bun + uses: oven-sh/setup-bun@v2 + with: + bun-version: latest + + ### Check if version changed + - name: Check version + id: check-version + run: | + # Get the current version + CURRENT_VERSION=$(grep -o '"version": *"[^"]*"' package.json | head -1 | cut -d'"' -f4) + echo "Current version: $CURRENT_VERSION" + echo "version=$CURRENT_VERSION" >> $GITHUB_OUTPUT + + echo "changed=true" >> $GITHUB_OUTPUT + + # # Check if this is a version change commit by looking for changes in package.json version + # git diff HEAD^ HEAD -- package.json | grep -q '"version":' + # if [ $? -eq 0 ]; then + # echo "Version change detected" + # echo "changed=true" >> $GITHUB_OUTPUT + # else + # echo "No version change detected" + # echo "changed=false" >> $GITHUB_OUTPUT + # fi + + # Install Rust with proper targets for macOS + - name: Install Rust stable + if: steps.check-version.outputs.changed == 'true' + uses: dtolnay/rust-toolchain@stable + with: + targets: 'aarch64-apple-darwin,x86_64-apple-darwin' + + # Cache Rust dependencies for faster builds + - name: Rust cache + if: steps.check-version.outputs.changed == 'true' + uses: swatinem/rust-cache@v2 + with: + workspaces: './src-tauri -> target' + + # Install frontend dependencies + - name: Install frontend dependencies + if: steps.check-version.outputs.changed == 'true' + run: bun install + + # Sync version from package.json to tauri.conf.json + - name: Sync version to tauri.conf.json + if: steps.check-version.outputs.changed == 'true' + run: | + VERSION="${{ steps.check-version.outputs.version }}" + sed -i '' "s/\"version\": \".*\"/\"version\": \"$VERSION\"/" src-tauri/tauri.conf.json + echo "Updated tauri.conf.json to version $VERSION" + + # Import Apple Developer Certificate + - name: Import Apple Developer Certificate + if: steps.check-version.outputs.changed == 'true' + env: + APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }} + APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }} + KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} + run: | + # Decode certificate from base64 + echo "Decoding certificate..." + echo $APPLE_CERTIFICATE | base64 --decode > certificate.p12 + + # Clean up keychain if it already exists + security delete-keychain build.keychain || true + + # Create and configure keychain + echo "Creating keychain..." + security create-keychain -p "$KEYCHAIN_PASSWORD" build.keychain + security default-keychain -s build.keychain + security unlock-keychain -p "$KEYCHAIN_PASSWORD" build.keychain + + # Import certificate + echo "Importing certificate..." + security import certificate.p12 -k build.keychain -P "$APPLE_CERTIFICATE_PASSWORD" -T /usr/bin/codesign + + # Set keychain permissions + echo "Setting keychain permissions..." + security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$KEYCHAIN_PASSWORD" build.keychain + + # List imported certificates for debugging + echo "Listing all imported certificates:" + security find-identity -v -p codesigning build.keychain + + # Verify Certificate + - name: Verify Certificate + if: steps.check-version.outputs.changed == 'true' + run: | + # Look specifically for the Developer ID Application certificate + CERT_INFO=$(security find-identity -v -p codesigning build.keychain | grep "Developer ID Application") + # Extract certificate ID if it exists + if [[ -n "$CERT_INFO" ]]; then + # Extract the full certificate name instead of just the hex ID + CERT_ID=$(echo "$CERT_INFO" | awk -F'"' '{print $2}') + echo "CERT_ID=$CERT_ID" >> $GITHUB_ENV + echo "Certificate found: $CERT_INFO" + else + echo "No Developer ID Application certificate found in keychain" + exit 1 + fi + + # Run Tauri build with verbose logging + - name: Build with Tauri + if: steps.check-version.outputs.changed == 'true' + uses: tauri-apps/tauri-action@v0 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }} + APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }} + APPLE_SIGNING_IDENTITY: ${{ env.CERT_ID }} + APPLE_ID: ${{ secrets.APPLE_ID }} + APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }} + APPLE_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }} + APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} + with: + args: ${{ matrix.args }} --verbose + tagName: v${{ steps.check-version.outputs.version }} + releaseName: "Shark + v${{ steps.check-version.outputs.version }}" + releaseDraft: false + prerelease: false \ No newline at end of file diff --git a/.github/workflows/build-windows.yml b/.github/workflows/build-windows.yml new file mode 100644 index 0000000..334aa28 --- /dev/null +++ b/.github/workflows/build-windows.yml @@ -0,0 +1,71 @@ +name: 'build-windows' + +on: workflow_dispatch + +jobs: + build-windows: + permissions: + contents: write + runs-on: windows-latest + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 2 + + # Set up Bun + - name: Setup Bun + uses: oven-sh/setup-bun@v2 + with: + bun-version: latest + + ### Check if version changed + - name: Check version + id: check-version + run: | + # Get the current version + $CURRENT_VERSION = (Get-Content package.json | ConvertFrom-Json).version + Write-Output "Current version: $CURRENT_VERSION" + Write-Output "version=$CURRENT_VERSION" >> $env:GITHUB_OUTPUT + Write-Output "changed=true" >> $env:GITHUB_OUTPUT + + # Install Rust with proper targets for Windows + - name: Install Rust stable + if: steps.check-version.outputs.changed == 'true' + uses: dtolnay/rust-toolchain@stable + with: + targets: 'x86_64-pc-windows-msvc' + + # Cache Rust dependencies for faster builds + - name: Rust cache + if: steps.check-version.outputs.changed == 'true' + uses: swatinem/rust-cache@v2 + with: + workspaces: './src-tauri -> target' + + # Install frontend dependencies + - name: Install frontend dependencies + if: steps.check-version.outputs.changed == 'true' + run: bun install + + # Sync version from package.json to tauri.conf.json + - name: Sync version to tauri.conf.json + if: steps.check-version.outputs.changed == 'true' + run: | + $VERSION = "${{ steps.check-version.outputs.version }}" + $json = Get-Content src-tauri/tauri.conf.json | ConvertFrom-Json + $json.version = $VERSION + $json | ConvertTo-Json -Depth 100 | Set-Content src-tauri/tauri.conf.json + Write-Output "Updated tauri.conf.json to version $VERSION" + + # Run Tauri build with verbose logging + - name: Build with Tauri + if: steps.check-version.outputs.changed == 'true' + uses: tauri-apps/tauri-action@v0 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + args: --target x86_64-pc-windows-msvc --verbose + tagName: v${{ steps.check-version.outputs.version }} + releaseName: "Shark v${{ steps.check-version.outputs.version }}" + releaseDraft: false + prerelease: false \ No newline at end of file