publish #13
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: "publish" | |
on: | |
workflow_dispatch: | |
jobs: | |
create-release: | |
permissions: | |
contents: write | |
runs-on: ubuntu-latest | |
outputs: | |
release_id: ${{ steps.create-release.outputs.result }} | |
steps: | |
- uses: actions/checkout@v4 | |
- name: setup node | |
uses: actions/setup-node@v4 | |
with: | |
node-version: lts/* | |
- name: get version | |
run: echo "PACKAGE_VERSION=$(node -p "require('./package.json').version")" >> $GITHUB_ENV | |
- name: create release | |
id: create-release | |
uses: actions/github-script@v7 | |
with: | |
script: | | |
const { data } = await github.rest.repos.createRelease({ | |
owner: context.repo.owner, | |
repo: context.repo.repo, | |
tag_name: `v${process.env.PACKAGE_VERSION}`, | |
name: `Exam Environment v${process.env.PACKAGE_VERSION}`, | |
body: 'Take a look at the assets to download and install this app.', | |
draft: true, | |
prerelease: false | |
}) | |
return data.id | |
build-tauri: | |
needs: create-release | |
permissions: | |
contents: write | |
strategy: | |
fail-fast: false | |
matrix: | |
include: | |
- platform: "macos-latest" | |
args: "--target aarch64-apple-darwin" | |
- platform: "macos-latest" | |
args: "--target x86_64-apple-darwin" | |
- platform: "ubuntu-22.04" | |
args: "" | |
- platform: "windows-latest" | |
args: "--config src-tauri/tauri.microsoftstore.conf.json --bundles msi,updater" | |
- platform: "windows-latest" | |
args: "--bundles exe,updater" | |
runs-on: ${{ matrix.platform }} | |
env: | |
VITE_MOCK_DATA: ${{ vars.VITE_MOCK_DATA }} | |
VITE_FREECODECAMP_API: ${{ vars.VITE_FREECODECAMP_API }} | |
SENTRY_DSN: ${{ secrets.SENTRY_DSN }} | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Setup pnpm | |
uses: pnpm/action-setup@a3252b78c470c02df07e9d59298aecedc3ccdd6d #v3.0.0 | |
with: | |
version: 9 | |
- name: setup node | |
uses: actions/setup-node@v4 | |
with: | |
node-version: 22.x | |
- name: install Rust stable | |
uses: dtolnay/rust-toolchain@stable | |
with: | |
# Those targets are only used on macos runners so it's in an `if` to slightly speed up windows and linux builds. | |
targets: ${{ matrix.platform == 'macos-latest' && 'aarch64-apple-darwin,x86_64-apple-darwin' || '' }} | |
- name: install dependencies (ubuntu only) | |
if: matrix.platform == 'ubuntu-22.04' # This must match the platform value defined above. | |
run: | | |
sudo apt-get update | |
sudo apt-get install -y libwebkit2gtk-4.1-dev libappindicator3-dev librsvg2-dev patchelf | |
- name: install frontend dependencies | |
run: pnpm install && pnpm run prisma-generate | |
# The rust build requires the `.env` file to exist, even if none of the variables are used | |
- name: prep env (non-windows) | |
if: matrix.platform != 'windows-latest' | |
run: cp sample.env .env | |
- name: prep env (windows) | |
if: matrix.platform == 'windows-latest' | |
run: copy sample.env .env | |
- name: install Go stable (windows) | |
if: matrix.platform == 'windows-latest' | |
uses: actions/setup-go@v4 | |
with: | |
go-version: "stable" | |
- name: install relic (windows) | |
if: matrix.platform == 'windows-latest' | |
run: | | |
go install github.com/sassoftware/relic/v8@latest | |
- name: install codemagic cli tools (macos) | |
if: matrix.platform == 'macos-latest' | |
run: pip3 install codemagic-cli-tools --break-system-packages | |
- name: install apple certificates and provisioning profiles | |
if: matrix.platform == 'macos-latest' | |
env: | |
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} | |
APPLE_DISTRIBUTION_CERT: ${{ secrets.APPLE_DISTRIBUTION_CERT }} | |
PROVISIONING_PROFILE: ${{ secrets.PROVISIONING_PROFILE }} | |
run: | | |
# create variables | |
CERT_BASE_PATH=/Users/runner/Library/MobileDevice/Certificates | |
mkdir -p $CERT_BASE_PATH | |
DISTRIBUTION_CERT_PATH=$CERT_BASE_PATH/distribution_certificate.p12 | |
PP_PATH=./src-tauri/embedded.provisionprofile | |
KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db | |
# import certificate and provisioning profile from secrets | |
echo -n "$APPLE_DISTRIBUTION_CERT" | base64 --decode -o $DISTRIBUTION_CERT_PATH | |
echo -n "$PROVISIONING_PROFILE" | base64 --decode -o $PP_PATH | |
# create temporary keychain | |
keychain initialize --password $KEYCHAIN_PASSWORD --path $KEYCHAIN_PATH --timeout 21600 | |
# import certificate to keychain | |
keychain add-certificates | |
security set-key-partition-list -S apple-tool:,apple: -k "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH | |
security find-identity -v | |
- uses: tauri-apps/tauri-action@v0 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
TAURI_SIGNING_PRIVATE_KEY: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY }} | |
TAURI_SIGNING_PRIVATE_KEY_PASSWORD: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY_PASSWORD }} | |
AZURE_VAULT_ID: ${{ secrets.AZURE_VAULT_ID }} | |
AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} | |
AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }} | |
AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} | |
SENTRY_DSN: ${{ secrets.SENTRY_DSN }} | |
VITE_FREECODECAMP_API: ${{ env.VITE_FREECODECAMP_API }} | |
VITE_MOCK_DATA: ${{ env.VITE_MOCK_DATA }} | |
with: | |
releaseId: ${{ needs.create-release.outputs.release_id }} | |
args: ${{ matrix.args }} --verbose | |
includeDebug: false | |
includeRelease: true | |
includeUpdaterJson: true | |
publish-release: | |
permissions: | |
contents: write | |
runs-on: ubuntu-latest | |
needs: [create-release, build-tauri] | |
steps: | |
- name: publish release | |
id: publish-release | |
uses: actions/github-script@v7 | |
env: | |
release_id: ${{ needs.create-release.outputs.release_id }} | |
with: | |
script: | | |
github.rest.repos.updateRelease({ | |
owner: context.repo.owner, | |
repo: context.repo.repo, | |
release_id: process.env.release_id, | |
draft: false, | |
prerelease: false | |
}) |