Release #18
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| version: | |
| description: "Semantic version of the release (e.g. v0.1.0)" | |
| required: true | |
| type: string | |
| jobs: | |
| build: | |
| name: Build app bundle | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - runs-on: macos-latest | |
| args: "aarch64-apple-darwin" | |
| - runs-on: macos-latest | |
| args: "x86_64-apple-darwin" | |
| - runs-on: windows-latest | |
| args: "x86_64-pc-windows-msvc" | |
| runs-on: ${{ matrix.runs-on }} | |
| env: | |
| APPLE_ID: ${{ secrets.APPLE_ID }} | |
| APPLE_PASSWORD: ${{ secrets.APPLE_PASSWORD }} | |
| APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} | |
| APPLE_SIGNING_IDENTITY: ${{ secrets.APPLE_SIGNING_IDENTITY }} | |
| TAURI_SIGNING_PRIVATE_KEY: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY }} | |
| TAURI_SIGNING_PRIVATE_KEY_PASSWORD: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY_PASSWORD }} | |
| GH_TOKEN: ${{ github.token }} | |
| steps: | |
| - name: Checkout project | |
| uses: actions/checkout@v4 | |
| with: | |
| ssh-key: ${{ secrets.TEMP_SSH_KEY }} | |
| submodules: recursive | |
| - name: Import signing certificate into keychain | |
| if: runner.os == 'macOS' | |
| uses: apple-actions/import-codesign-certs@v3 | |
| with: | |
| p12-file-base64: ${{ secrets.SIGNING_CERTIFICATE_P12_DATA }} | |
| p12-password: ${{ secrets.SIGNING_CERTIFICATE_PASSWORD }} | |
| - name: Setup just cli | |
| uses: extractions/setup-just@v2 | |
| - name: Setup Bun | |
| uses: oven-sh/setup-bun@v1 | |
| - name: Setup Rust | |
| uses: dtolnay/rust-toolchain@stable | |
| with: | |
| targets: ${{ matrix.args }} | |
| components: rust-src, rustfmt, clippy | |
| - name: Install target | |
| run: | | |
| rustup target add ${{ matrix.args }} | |
| - name: Setup Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: "^3.13" | |
| - name: Setup Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| cache: true | |
| go-version-file: src-syftbox/go.mod | |
| cache-dependency-path: src-syftbox/go.sum | |
| - name: Cache Bun dependencies | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| ~/.bun | |
| node_modules | |
| ~/.bun/install/cache | |
| key: ${{ runner.os }}-bun-${{ hashFiles('bun.lockb', 'package.json') }} | |
| restore-keys: | | |
| ${{ runner.os }}-bun- | |
| - name: Cache Rust dependencies | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| ~/.cargo/registry | |
| ~/.cargo/git | |
| ~/.cargo/bin | |
| target | |
| src-tauri/target | |
| key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock', '**/Cargo.toml') }} | |
| restore-keys: | | |
| ${{ runner.os }}-cargo- | |
| - name: Install Project dependencies | |
| run: bun install --cwd src-frontend | |
| - name: Build app | |
| run: | | |
| GITHUB_CI=1 just package ${{ matrix.args }} | |
| # Create artifacts directory | |
| mkdir -p artifacts | |
| - name: Move macOS artifacts | |
| if: runner.os == 'macOS' | |
| run: | | |
| mv src-tauri/target/release/bundle/dmg/*.dmg artifacts/SyftBox-${{ matrix.args }}.dmg | |
| mv src-tauri/target/release/bundle/macos/*.app artifacts/SyftBox-${{ matrix.args }}.app | |
| mv src-tauri/target/release/bundle/macos/*.app.tar.gz artifacts/SyftBox-${{ matrix.args }}.app.tar.gz | |
| mv src-tauri/target/release/bundle/macos/*.app.tar.gz.sig artifacts/SyftBox-${{ matrix.args }}.app.tar.gz.sig | |
| - name: Move Windows artifacts | |
| if: runner.os == 'Windows' | |
| shell: pwsh | |
| run: | | |
| Move-Item -Path src-tauri\target\release\bundle\msi\*.msi -Destination artifacts\SyftBox-${{ matrix.args }}.msi | |
| Move-Item -Path src-tauri\target\release\bundle\msi\*.msi.sig -Destination artifacts\SyftBox-${{ matrix.args }}.msi.sig | |
| Move-Item -Path src-tauri\target\release\bundle\nsis\*.exe -Destination artifacts\SyftBox-${{ matrix.args }}.exe | |
| Move-Item -Path src-tauri\target\release\bundle\nsis\*.exe.sig -Destination artifacts\SyftBox-${{ matrix.args }}.exe.sig | |
| - name: Setup git config | |
| env: | |
| GH_TOKEN: ${{ github.token }} | |
| run: | | |
| git config user.email "${GITHUB_ACTOR_ID}+${GITHUB_ACTOR}@users.noreply.github.com" | |
| git config user.name "$(gh api /users/${GITHUB_ACTOR} | jq .name -r)" | |
| - name: Push changes to the repo | |
| run: | | |
| # Create a new tag for the release | |
| git tag ${{ inputs.version }} | |
| # Push the tag to the remote repo | |
| git push origin ${{ inputs.version }} | |
| # - name: Deploy frontend to syftbox-stage | |
| # run: just deploy-frontend-to-stage | |
| - name: Create release | |
| uses: ncipollo/release-action@v1 | |
| with: | |
| tag: ${{ inputs.version }} | |
| name: ${{ inputs.version }} | |
| draft: true | |
| allowUpdates: true | |
| generateReleaseNotes: true | |
| makeLatest: true | |
| artifacts: | | |
| ./artifacts/*.dmg | |
| ./artifacts/*.app | |
| ./artifacts/*.app.tar.gz | |
| ./artifacts/*.app.tar.gz.sig | |
| ./artifacts/*.msi | |
| ./artifacts/*.msi.sig | |
| ./artifacts/*.exe | |
| ./artifacts/*.exe.sig | |
| - name: Clean up all user keychains | |
| if: always() && runner.os == 'macOS' | |
| run: | | |
| # List all keychains | |
| keychains=$(security list-keychains | tr -d '" "') | |
| # Iterate over the keychains and delete each one that is not a system keychain | |
| echo "$keychains" | while IFS= read -r keychain; do | |
| if [[ "$keychain" != "/Library/Keychains/System.keychain" && "$keychain" != "/Library/Keychains/SystemRootCertificates.keychain" ]]; then | |
| echo "Deleting keychain: $keychain" | |
| security delete-keychain "$keychain" | |
| else | |
| echo "Skipping system keychain: $keychain" | |
| fi | |
| done |