Only run Apple cert steps on macos #16
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: 'publish' | |
on: | |
workflow_dispatch: | |
push: | |
branches: | |
- release | |
jobs: | |
publish-tauri: | |
permissions: | |
contents: write | |
strategy: | |
fail-fast: false | |
matrix: | |
include: | |
- platform: 'macos-latest' # for Arm based macs (M1 and above). | |
args: '--target aarch64-apple-darwin' | |
- platform: 'macos-latest' # for Intel based macs. | |
args: '--target x86_64-apple-darwin' | |
- platform: 'ubuntu-22.04' | |
args: '' | |
- platform: 'windows-latest' | |
args: '' | |
runs-on: ${{ matrix.platform }} | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Install dependencies (ubuntu only) | |
if: matrix.platform == 'ubuntu-22.04' # This must match the platform value defined above. | |
run: | | |
sudo apt-get update | |
sudo apt-get install -y libwebkit2gtk-4.1-dev libappindicator3-dev librsvg2-dev patchelf | |
- name: Setup node | |
uses: actions/setup-node@v4 | |
with: | |
node-version: lts/* | |
cache: 'npm' | |
- name: Install Rust stable | |
uses: dtolnay/rust-toolchain@stable # Set this to dtolnay/rust-toolchain@nightly | |
with: | |
# Those targets are only used on macos runners so it's in an `if` to slightly speed up windows and linux builds. | |
targets: ${{ matrix.platform == 'macos-latest' && 'aarch64-apple-darwin,x86_64-apple-darwin' || '' }} | |
- name: Rust cache | |
uses: swatinem/rust-cache@v2 | |
with: | |
workspaces: './src-tauri -> target' | |
- name: Install FrontEnd dependencies | |
run: npm install | |
- name: Import Apple Developer Certificate | |
if: runner.os == 'macOS' | |
env: | |
APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }} | |
APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }} | |
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} | |
run: | | |
echo "$APPLE_CERTIFICATE" | base64 --decode > certificate.p12 | |
security create-keychain -p "$KEYCHAIN_PASSWORD" build.keychain | |
security default-keychain -s build.keychain | |
security unlock-keychain -p "$KEYCHAIN_PASSWORD" build.keychain | |
security import certificate.p12 -k build.keychain -P "$APPLE_CERTIFICATE_PASSWORD" -T /usr/bin/codesign | |
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$KEYCHAIN_PASSWORD" build.keychain | |
security find-identity -v -p codesigning build.keychain | |
- name: Verify Apple Certificate | |
if: runner.os == 'macOS' | |
run: | | |
CERT_INFO=$(security find-identity -v -p codesigning build.keychain | grep "Developer ID Application") | |
CERT_ID=$(echo "$CERT_INFO" | awk -F'"' '{print $2}') | |
echo "CERT_ID=$CERT_ID" >> $GITHUB_ENV | |
echo "Certificate imported." | |
- uses: tauri-apps/tauri-action@v0 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }} | |
APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }} | |
APPLE_SIGNING_IDENTITY: ${{ env.CERT_ID }} | |
with: | |
tagName: app-v__VERSION__ # the action automatically replaces \_\_VERSION\_\_ with the app version. | |
releaseName: 'App v__VERSION__' | |
releaseBody: 'See the assets to download this version and install.' | |
releaseDraft: true | |
prerelease: false | |
args: ${{ matrix.args }} |