Skip to content
Release

Release #14

Sign in to view logs

Release

Release #14

Workflow file for this run

.github/workflows/release.yml at c16c6e2
name: Release
on:
workflow_dispatch:
inputs:
version:
description: "Semantic version of the release (e.g. v0.1.0)"
required: true
type: string
jobs:
build_macos:
name: Build MacOS app bundle
runs-on: macos-latest
strategy:
fail-fast: false
matrix:
include:
- args: "aarch64-apple-darwin"
arch: "silicon"
# - args: "x86_64-apple-darwin"
# arch: "intel"
env:
APPLE_ID: ${{ secrets.APPLE_ID }}
APPLE_PASSWORD: ${{ secrets.APPLE_PASSWORD }}
APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
APPLE_SIGNING_IDENTITY: ${{ secrets.APPLE_SIGNING_IDENTITY }}
TAURI_SIGNING_PRIVATE_KEY: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY }}
TAURI_SIGNING_PRIVATE_KEY_PASSWORD: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY_PASSWORD }}
GH_TOKEN: ${{ github.token }}
steps:
- name: Checkout project
uses: actions/checkout@v4
- name: Import signing certificate into keychain
uses: apple-actions/import-codesign-certs@v3
with:
p12-file-base64: ${{ secrets.SIGNING_CERTIFICATE_P12_DATA }}
p12-password: ${{ secrets.SIGNING_CERTIFICATE_PASSWORD }}
- name: Setup just cli
uses: extractions/setup-just@v2
- name: Setup Bun
uses: oven-sh/setup-bun@v1
- name: Setup Rust
uses: dtolnay/rust-toolchain@stable
with:
targets: ${{ matrix.args }}
components: rust-src, rustfmt, clippy
- name: Cache Bun dependencies
uses: actions/cache@v4
with:
path: |
~/.bun
node_modules
~/.bun/install/cache
key: ${{ runner.os }}-bun-${{ hashFiles('bun.lockb', 'package.json') }}
restore-keys: |
${{ runner.os }}-bun-
- name: Cache Rust dependencies
uses: actions/cache@v4
with:
path: |
~/.cargo/registry
~/.cargo/git
~/.cargo/bin
target
src-tauri/target
key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock', '**/Cargo.toml') }}
restore-keys: |
${{ runner.os }}-cargo-
- name: Install Project dependencies
run: bun install --cwd src-frontend
- name: Build app
run: |
GITHUB_CI=1 just package
- name: Setup git config
env:
GH_TOKEN: ${{ github.token }}
run: |
git config user.email "${GITHUB_ACTOR_ID}+${GITHUB_ACTOR}@users.noreply.github.com"
git config user.name "$(gh api /users/${GITHUB_ACTOR} | jq .name -r)"
- name: Push changes to the repo
run: |
# Create a new tag for the release
git tag ${{ inputs.version }}
# Push the tag to the remote repo
git push origin ${{ inputs.version }}
- name: Create release
uses: softprops/action-gh-release@v2
with:
tag_name: ${{ inputs.version }}
name: ${{ inputs.version }}
generate_release_notes: true
make_latest: true
files: |
./src-tauri/target/release/bundle/dmg/*.dmg
./src-tauri/target/release/bundle/macos/*.app
./src-tauri/target/release/bundle/macos/*.app.tar.gz
- name: Generate and upload release.json
shell: bash
run: |
set -euo pipefail
VERSION="${{ inputs.version }}"
NOTES=$(gh release view ${{ inputs.version }} --json body --jq .body | jq -Rs .)
PUB_DATE=$(gh release view ${{ inputs.version }} --json publishedAt --jq .publishedAt)
DARWIN_AARCH64_SIGNATURE=$(cat ./src-tauri/target/release/bundle/macos/SyftBox.app.tar.gz.sig)
DARWIN_AARCH64_URL="https://github.com/OpenMined/SyftUI/releases/download/${{ inputs.version }}/SyftBox.app.tar.gz"
export VERSION="\"$VERSION\""
export NOTES
export PUB_DATE="\"$PUB_DATE\""
export DARWIN_AARCH64_SIGNATURE="\"$DARWIN_AARCH64_SIGNATURE\""
export DARWIN_AARCH64_URL="\"$DARWIN_AARCH64_URL\""
envsubst < release.json.template > release.json
echo "Generated release.json:"
cat release.json
gh release upload ${{ inputs.version }} release.json --clobber
- name: Clean up all user keychains
if: always()
run: |
# List all keychains
keychains=$(security list-keychains | tr -d '" "')
# Iterate over the keychains and delete each one that is not a system keychain
echo "$keychains" | while IFS= read -r keychain; do
if [[ "$keychain" != "/Library/Keychains/System.keychain" && "$keychain" != "/Library/Keychains/SystemRootCertificates.keychain" ]]; then
echo "Deleting keychain: $keychain"
security delete-keychain "$keychain"
else
echo "Skipping system keychain: $keychain"
fi
done