-
Notifications
You must be signed in to change notification settings - Fork 3
120 lines (103 loc) · 4.26 KB
/
macos.yml
File metadata and controls
120 lines (103 loc) · 4.26 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
name: macos
on:
workflow_dispatch:
inputs:
profile:
description: 'Build profile (release or fast)'
required: false
default: 'fast'
type: choice
options:
- fast
- release
push:
branches:
- main
tags:
- "v*"
permissions:
contents: write
jobs:
tauri_macos:
name: tauri build (macos)
if: startsWith(github.ref, 'refs/tags/') || github.event_name == 'workflow_dispatch' || github.event_name == 'push'
runs-on: macos-latest
timeout-minutes: 60
env:
# Keep the macOS build alive for smoke coverage, but disable packaged release assets
# until signed/notarized desktop downloads are re-enabled.
MACOS_BUNDLES: app
MACOS_RELEASE_UPLOAD_ENABLED: 'false'
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup Node
uses: actions/setup-node@v4
with:
node-version: "20"
cache: "npm"
- name: Resolve bundled Node version
id: bundled_node_version
run: |
echo "value=$(node -p 'process.version')" >> "$GITHUB_OUTPUT"
- name: Setup Rust
uses: dtolnay/rust-toolchain@stable
- name: Rust cache
uses: Swatinem/rust-cache@v2
with:
workspaces: "src-tauri -> target"
- name: Cache packaged backend production deps
uses: actions/cache@v4
with:
path: |
src-tauri/resources/backend/node_modules
src-tauri/resources/backend/.prod-install-stamp.json
key: ${{ runner.os }}-tauri-backend-prod-${{ steps.bundled_node_version.outputs.value }}-${{ hashFiles('.nvmrc', 'package.json', 'package-lock.json', 'scripts/tauri/prepare-backend-resources.js') }}
- name: Install
run: npm ci
- name: Sync release versions
run: npm run release:sync-version
- name: Release version consistency
run: npm run release:check-version
- name: Determine build profile
id: build_profile
run: |
PROFILE="${{ github.event.inputs.profile }}"
if [ -z "$PROFILE" ]; then PROFILE="release"; fi
echo "value=$PROFILE" >> "$GITHUB_OUTPUT"
if [ "$PROFILE" = "fast" ]; then echo "target_dir=fast" >> "$GITHUB_OUTPUT"; else echo "target_dir=release" >> "$GITHUB_OUTPUT"; fi
- name: Configure macOS signing + notarization
env:
REQUIRE_MACOS_SIGNING: ${{ startsWith(github.ref, 'refs/tags/') && env.MACOS_RELEASE_UPLOAD_ENABLED == 'true' }}
APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }}
APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
APPLE_SIGNING_IDENTITY: ${{ secrets.APPLE_SIGNING_IDENTITY }}
APPLE_API_KEY: ${{ secrets.APPLE_API_KEY }}
APPLE_API_ISSUER: ${{ secrets.APPLE_API_ISSUER }}
APPLE_API_KEY_BASE64: ${{ secrets.APPLE_API_KEY_BASE64 }}
APPLE_ID: ${{ secrets.APPLE_ID }}
APPLE_PASSWORD: ${{ secrets.APPLE_PASSWORD }}
APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
run: |
bash scripts/release/setup-macos-signing.sh
- name: Build macOS app (Tauri)
run: |
node scripts/tauri/run-tauri-build.js --profile ${{ steps.build_profile.outputs.value }} --bundles $MACOS_BUNDLES
- name: Verify signed + notarized macOS bundle
if: startsWith(github.ref, 'refs/tags/')
run: |
app_path="$(find "src-tauri/target/${{ steps.build_profile.outputs.target_dir }}/bundle/macos" -maxdepth 1 -type d -name '*.app' | head -n 1)"
bash scripts/release/verify-macos-bundle.sh "$app_path"
- name: Upload build artifacts
uses: actions/upload-artifact@v4
with:
name: tauri-macos-bundle
if-no-files-found: error
path: |
src-tauri/target/${{ steps.build_profile.outputs.target_dir }}/bundle/macos/*.app
- name: Upload macOS assets to GitHub Release (tags only)
if: startsWith(github.ref, 'refs/tags/') && env.MACOS_RELEASE_UPLOAD_ENABLED == 'true'
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
gh release upload "${{ github.ref_name }}" "src-tauri/target/${{ steps.build_profile.outputs.target_dir }}/bundle/dmg/"*.dmg --clobber