dashboard/.github/workflows/release.yml at main · GreptimeTeam/dashboard · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
on:
  push:
    tags:
      - 'v*.*.*'
  workflow_dispatch:

name: Release

jobs:
  build:
    name: Build
    runs-on: ubuntu-latest
    outputs:
      tag_name: ${{ steps.get_tag.outputs.tag_name }} # Store tag for other jobs
    steps:
      - name: Checkout sources
        uses: actions/checkout@v4

      - name: Clean up
        shell: bash
        run: rm -rf release && mkdir -p release

      - name: Install pnpm
        uses: pnpm/action-setup@v4
        with:
          version: 9.12.1

      - name: Install dependencies
        run: pnpm install --frozen-lockfile

      - name: Run build
        run: pnpm run build:docker

      - name: Calculate checksum and rename binary
        shell: bash
        run: |
          tar -czvf release/build.tar.gz ./dist
          cd release && shasum -a 256 build.tar.gz > sha256.txt && cd ../
      - name: Publish release
        uses: softprops/action-gh-release@v2
        with:
          generate_release_notes: true
          prerelease: false
          make_latest: true
          files: |
            release/build.tar.gz
            release/sha256.txt

      - name: Get tag name
        id: get_tag
        run: echo "tag_name=${GITHUB_REF#refs/tags/}" >> $GITHUB_OUTPUT

  publish-tauri:
    needs: build
    permissions:
      contents: write
    strategy:
      fail-fast: false
      matrix:
        include:
          - platform: 'macos-latest' # for Arm based macs (M1 and above).
            args: '--target aarch64-apple-darwin'
          - platform: 'macos-latest' # for Intel based macs.
            args: '--target x86_64-apple-darwin'
          - platform: 'ubuntu-22.04'
            args: ''
          - platform: 'windows-latest'
            args: ''

    runs-on: ${{ matrix.platform }}
    env:
      TAURI_SIGNING_PRIVATE_KEY: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY }}
      TAURI_SIGNING_PRIVATE_KEY_PASSWORD: ${{secrets.TAURI_SIGNING_PRIVATE_KEY_PASSWORD}}
      RELEASE_TAG: ${{ needs.build.outputs.tag_name }} # Get the release tag from the build job
    steps:
      - uses: actions/checkout@v4

      - name: install dependencies (ubuntu only)
        if: matrix.platform == 'ubuntu-22.04' # This must match the platform value defined above.
        run: |
          sudo apt-get update
          sudo apt-get install -y libwebkit2gtk-4.1-dev libappindicator3-dev librsvg2-dev patchelf

      - name: setup node
        uses: actions/setup-node@v4
        with:
          node-version: lts/*

      - uses: pnpm/action-setup@v4
        with:
          version: 9.12.1

      - name: install Rust stable
        uses: dtolnay/rust-toolchain@stable # Set this to dtolnay/rust-toolchain@nightly
        with:
          # Those targets are only used on macos runners so it's in an `if` to slightly speed up windows and linux builds.
          targets: ${{ matrix.platform == 'macos-latest' && 'aarch64-apple-darwin,x86_64-apple-darwin' || '' }}

      - name: Rust cache
        uses: swatinem/rust-cache@v2
        with:
          workspaces: './src-tauri -> target'

      - name: install frontend dependencies
        # If you don't have `beforeBuildCommand` configured you may want to build your frontend here too.
        run: pnpm install --frozen-lockfile

      - name: Import macOS certificate
        if: matrix.platform == 'macos-latest'
        run: |
          echo "${{ secrets.MACOS_CERTIFICATE }}" | base64 --decode > certificate.p12
          security create-keychain -p "" build.keychain
          security import certificate.p12 -k build.keychain -P "${{ secrets.MACOS_CERTIFICATE_PASSWORD }}" -T /usr/bin/codesign
          security list-keychains -s build.keychain
          security default-keychain -s build.keychain
          security unlock-keychain -p "" build.keychain
          security set-key-partition-list -S apple-tool:,apple: -s -k "" build.keychain
        env:
          MACOS_CERTIFICATE: ${{ secrets.MACOS_CERTIFICATE }}
          MACOS_CERTIFICATE_PASSWORD: ${{ secrets.MACOS_CERTIFICATE_PASSWORD }}

      - name: import windows certificate
        if: matrix.platform == 'windows-latest'
        env:
          WINDOWS_CERTIFICATE: ${{ secrets.WINDOWS_CERTIFICATE }}
          WINDOWS_CERTIFICATE_PASSWORD: ${{ secrets.WINDOWS_CERTIFICATE_PASSWORD }}
        run: |
          New-Item -ItemType directory -Path certificate
          Set-Content -Path certificate/tempCert.txt -Value $env:WINDOWS_CERTIFICATE
          certutil -decode certificate/tempCert.txt certificate/certificate.pfx
          Remove-Item -path certificate -include tempCert.txt
          Import-PfxCertificate -FilePath certificate/certificate.pfx -CertStoreLocation Cert:\CurrentUser\My -Password (ConvertTo-SecureString -String $env:WINDOWS_CERTIFICATE_PASSWORD -Force -AsPlainText)

      - name: Update tauri version to match tag
        shell: bash
        run: |
          # Extract version from tag (remove 'v' prefix if present)
          VERSION=${RELEASE_TAG#v}
          # Update tauri.conf.json with the tag version
          if [[ "$RUNNER_OS" == "Windows" ]]; then
            powershell -Command "(Get-Content src-tauri/tauri.conf.json) -replace '\"version\": \"[^\"]*\"', '\"version\": \"$VERSION\"' | Set-Content src-tauri/tauri.conf.json"
          elif [[ "$RUNNER_OS" == "macOS" ]]; then
            # Correct syntax for macOS (BSD sed)
            sed -i '' "s/\"version\": \"[^\"]*\"/\"version\": \"$VERSION\"/" src-tauri/tauri.conf.json
          else
            # Correct syntax for Linux (GNU sed)
            sed -i "s/\"version\": \"[^\"]*\"/\"version\": \"$VERSION\"/" src-tauri/tauri.conf.json
          fi

      - uses: tauri-apps/tauri-action@v0
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        with:
          tagName: ${{ needs.build.outputs.tag_name }}
          prerelease: false
          args: ${{ matrix.args }}

  sync:
    name: Create PR to update VERSION
    needs: [build]
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
        with:
          repository: 'GreptimeTeam/greptimedb'
      - id: update-version
        run: |
          cd src/servers/dashboard/
          echo ${{ github.ref_name }} > VERSION
      - uses: peter-evans/create-pull-request@v4
        with:
          token: ${{ secrets.PR_ACTION }}
          commit-message: 'feat: update dashboard to ${{ github.ref_name }}'
          committer: GitHub Action <noreply@github.com>
          author: ${{ github.actor }} <${{ github.actor }}@users.noreply.github.com>
          signoff: false
          branch: dashboard/${{ github.ref_name }}
          delete-branch: true
          title: 'feat: update dashboard to ${{ github.ref_name }}'
          body: |
            I hereby agree to the terms of the [GreptimeDB CLA](https://github.com/GreptimeTeam/.github/blob/main/CLA.md).

            ## Refer to a related PR or issue link (optional)

            ## What's changed and what's your intention?

            AS TITLE

            https://github.com/GreptimeTeam/dashboard/releases/tag/${{ github.ref_name }}

            ## Checklist

            - [ ]  I have written the necessary rustdoc comments.
            - [ ]  I have added the necessary unit tests and integration tests.
            - [x]  This PR does not require documentation updates.