feat: improve sandboxed plugins handling #182
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "Build" | |
| on: | |
| push: | |
| paths-ignore: | |
| - ".gitignore" | |
| - "**.md" | |
| - flake.lock | |
| branches: | |
| - nightly | |
| - beta | |
| - rc | |
| - release | |
| - extensions | |
| tags: | |
| - "*" | |
| workflow_dispatch: | |
| env: | |
| # A default value, will be overwritten later if tag exists | |
| APP_VERSION: "0.0.1" | |
| jobs: | |
| tauri: | |
| permissions: | |
| contents: write | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - name: "macOS ARM" | |
| identifier: "macos-arm" | |
| platform: "macos-latest" # For Arm based macs (M1 and above). | |
| args: "--target aarch64-apple-darwin" | |
| type: "non-portable" | |
| - name: "macOS x86_64" | |
| identifier: "macos-x86" | |
| platform: "macos-latest" # For Intel based macs. | |
| args: "--target x86_64-apple-darwin" | |
| type: "non-portable" | |
| - name: "Linux" | |
| identifier: "linux" | |
| platform: "ubuntu-22.04" | |
| args: "" | |
| type: "non-portable" | |
| - name: "Windows" | |
| identifier: "windows" | |
| platform: "windows-latest" | |
| args: "" | |
| type: "non-portable" | |
| - name: "macOS ARM (Portable)" | |
| identifier: "macos-arm" | |
| platform: "macos-latest" # For Arm based macs (M1 and above). | |
| args: "--target aarch64-apple-darwin" | |
| type: "portable" | |
| - name: "macOS x86_64 (Portable)" | |
| identifier: "macos-x86" | |
| platform: "macos-latest" # For Intel based macs. | |
| args: "--target x86_64-apple-darwin" | |
| type: "portable" | |
| - name: "Linux (Portable)" | |
| identifier: "linux" | |
| platform: "ubuntu-22.04" | |
| args: "" | |
| type: "portable" | |
| - name: "Windows (Portable)" | |
| identifier: "windows" | |
| platform: "windows-latest" | |
| args: "" | |
| type: "portable" | |
| runs-on: ${{ matrix.platform }} | |
| steps: | |
| - name: Check out a repository | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
| - name: Setup Node | |
| uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 | |
| with: | |
| node-version: lts/* | |
| - name: Setup Bun | |
| uses: oven-sh/setup-bun@735343b667d3e6f658f44d0eca948eb6282f2b76 | |
| with: | |
| bun-version: latest | |
| - name: Install Rust stable | |
| uses: dtolnay/rust-toolchain@4305c38b25d97ef35a8ad1f985ccf2d2242004f2 | |
| with: | |
| targets: ${{ matrix.platform == 'macos-latest' && 'aarch64-apple-darwin,x86_64-apple-darwin' || '' }} | |
| - name: Install dependencies (Ubuntu only) | |
| if: matrix.platform == 'ubuntu-22.04' # This must match the platform value defined above. | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y libwebkit2gtk-4.1-dev libappindicator3-dev librsvg2-dev patchelf | |
| - name: Use version from Github Tag (Non-Windows) | |
| if: startsWith(github.ref, 'refs/tags/') && matrix.identifier != 'windows' | |
| run: | | |
| TAG_NAME="${GITHUB_REF#refs/tags/}" | |
| echo "APP_VERSION=${TAG_NAME}" >> $GITHUB_ENV | |
| - name: Use version from Github Tag (Windows) | |
| if: startsWith(github.ref, 'refs/tags/') && matrix.identifier == 'windows' | |
| run: | | |
| $TAG_NAME = $env:GITHUB_REF -replace 'refs/tags/', '' | |
| echo "APP_VERSION=$TAG_NAME" >> $env:GITHUB_ENV | |
| - name: Remove File System restrictions (Portable-only) | |
| if: matrix.type == 'portable' | |
| uses: restackio/update-json-file-action@6f50afee9a03a456a30cd574123db793319f7544 | |
| with: | |
| file: "./src-tauri/capabilities/plugin-fs.json" | |
| fields: "{ | |
| \"permissions[0].allow\": [{\"path\":\"**/*\"}] | |
| }" | |
| - name: Mark window title as Portable (Portable-only) | |
| if: matrix.type == 'portable' | |
| uses: restackio/update-json-file-action@6f50afee9a03a456a30cd574123db793319f7544 | |
| with: | |
| file: "./src-tauri/tauri.conf.json" | |
| fields: "{\"app.windows[0].title\": \"Kaede Portable\"}" | |
| - name: Bump tauri.conf.json version | |
| uses: restackio/update-json-file-action@6f50afee9a03a456a30cd574123db793319f7544 | |
| with: | |
| file: "./src-tauri/tauri.conf.json" | |
| fields: "{\"version\": \"${{ env.APP_VERSION }}\"}" | |
| - name: Bump Cargo.toml version | |
| uses: colt-1/toml-editor@da6b46ee7779ed730d2160393ed95fb20e82696d | |
| with: | |
| file: "./src-tauri/Cargo.toml" | |
| key: "package.version" | |
| value: "${{ env.APP_VERSION }}" | |
| - name: Get current build info | |
| id: json_properties | |
| uses: ActionsTools/read-json-action@9750aa7419d36b6bdc275883f2ecb4d2fdf0db2c | |
| with: | |
| file_path: "./src-tauri/tauri.conf.json" | |
| - name: Install frontend dependencies | |
| run: bun install | |
| - name: Run TypeScript checks | |
| run: bun run typecheck | |
| - name: Run ESLint | |
| run: bun run lint | |
| - name: Run Vitest | |
| run: bun run test | |
| - name: Build a Tauri app (Non-Release) | |
| if: (startsWith(github.ref, 'refs/tags/')) != true | |
| uses: tauri-apps/tauri-action@564aea5a8075c7a54c167bb0cf5b3255314a7f9d | |
| with: | |
| appName: "${{ steps.json_properties.outputs.productName }} v__VERSION__" | |
| args: ${{ matrix.args }} | |
| - name: Build a Tauri app (Release) | |
| if: startsWith(github.ref, 'refs/tags/') | |
| uses: tauri-apps/tauri-action@564aea5a8075c7a54c167bb0cf5b3255314a7f9d | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| with: | |
| tagName: __VERSION__ | |
| releaseName: "${{ steps.json_properties.outputs.productName }} v__VERSION__" | |
| releaseBody: "See the assets to download this version and install." | |
| releaseDraft: true | |
| prerelease: true | |
| args: ${{ matrix.args }} | |
| - name: Upload binary (Windows, NSIS) | |
| if: (startsWith(github.ref, 'refs/tags/') != true) && matrix.identifier == 'windows' && matrix.type != 'portable' | |
| uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 | |
| with: | |
| if-no-files-found: "warn" | |
| name: "${{ steps.json_properties.outputs.productName }}-dev-windows-nsis-${{steps.json_properties.outputs.version}}-${{ matrix.type }}-${{ github.ref_name }}" | |
| path: "./src-tauri/target/release/bundle/nsis/${{ steps.json_properties.outputs.productName }}_${{steps.json_properties.outputs.version}}_x64-setup.exe" | |
| - name: Upload binary (Windows, MSI) | |
| if: (startsWith(github.ref, 'refs/tags/') != true) && matrix.identifier == 'windows' && matrix.type != 'portable' | |
| uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 | |
| with: | |
| if-no-files-found: "warn" | |
| name: "${{ steps.json_properties.outputs.productName }}-dev-windows-msi-${{steps.json_properties.outputs.version}}-${{ matrix.type }}-${{ github.ref_name }}" | |
| path: "./src-tauri/target/release/bundle/msi/${{ steps.json_properties.outputs.productName }}_${{steps.json_properties.outputs.version}}_x64_en-US.msi" | |
| - name: Upload binary (Windows, non-setup) | |
| if: (startsWith(github.ref, 'refs/tags/') != true) && matrix.identifier == 'windows' | |
| uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 | |
| with: | |
| if-no-files-found: "warn" | |
| name: "${{ steps.json_properties.outputs.productName }}-dev-windows-non-setup-${{steps.json_properties.outputs.version}}-${{ matrix.type }}-${{ github.ref_name }}" | |
| path: "./src-tauri/target/release/${{ steps.json_properties.outputs.productName }}.exe" | |
| - name: Upload binary (Linux, DEB) | |
| if: (startsWith(github.ref, 'refs/tags/') != true) && matrix.identifier == 'linux' | |
| uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 | |
| with: | |
| if-no-files-found: "warn" | |
| name: "${{ steps.json_properties.outputs.productName }}-dev-linux-deb-${{steps.json_properties.outputs.version}}-${{ matrix.type }}-${{ github.ref_name }}" | |
| path: "./src-tauri/target/release/bundle/deb/${{ steps.json_properties.outputs.productName }}_${{steps.json_properties.outputs.version}}_amd64.deb" | |
| - name: Upload binary (Linux, RPM) | |
| if: (startsWith(github.ref, 'refs/tags/') != true) && matrix.identifier == 'linux' | |
| uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 | |
| with: | |
| if-no-files-found: "warn" | |
| name: "${{ steps.json_properties.outputs.productName }}-dev-linux-rpm-${{steps.json_properties.outputs.version}}-${{ matrix.type }}-${{ github.ref_name }}" | |
| path: "./src-tauri/target/release/bundle/rpm/${{ steps.json_properties.outputs.productName }}-${{steps.json_properties.outputs.version}}-1.x86_64.rpm" | |
| - name: Upload binary (Linux, AppImage) | |
| if: (startsWith(github.ref, 'refs/tags/') != true) && matrix.identifier == 'linux' | |
| uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 | |
| with: | |
| if-no-files-found: "warn" | |
| name: "${{ steps.json_properties.outputs.productName }}-dev-linux-app-image-${{steps.json_properties.outputs.version}}-${{ matrix.type }}-${{ github.ref_name }}" | |
| path: "./src-tauri/target/release/bundle/appimage/${{ steps.json_properties.outputs.productName }}_${{steps.json_properties.outputs.version}}_amd64.AppImage" | |
| - name: Upload binary (macOS, x86_64, DMG) | |
| if: (startsWith(github.ref, 'refs/tags/') != true) && matrix.identifier == 'macos-x86' | |
| uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 | |
| with: | |
| if-no-files-found: "warn" | |
| name: "${{ steps.json_properties.outputs.productName }}-dev-macos-x86_64-dmg-${{steps.json_properties.outputs.version}}-${{ matrix.type }}-${{ github.ref_name }}" | |
| path: "./src-tauri/target/x86_64-apple-darwin/release/bundle/dmg/${{ steps.json_properties.outputs.productName }}_${{steps.json_properties.outputs.version}}_x64.dmg" | |
| - name: Upload binary (macOS, x86_64, tarball) | |
| if: (startsWith(github.ref, 'refs/tags/') != true) && matrix.identifier == 'macos-x86' | |
| uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 | |
| with: | |
| if-no-files-found: "warn" | |
| name: "${{ steps.json_properties.outputs.productName }}-dev-macos-x86_64-tarball-${{steps.json_properties.outputs.version}}-${{ matrix.type }}-${{ github.ref_name }}" | |
| path: "./src-tauri/target/x86_64-apple-darwin/release/bundle/macos/${{ steps.json_properties.outputs.productName }}.app.tar.gz" | |
| - name: Upload binary (macOS, ARM, DMG) | |
| if: (startsWith(github.ref, 'refs/tags/') != true) && matrix.identifier == 'macos-arm' | |
| uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 | |
| with: | |
| if-no-files-found: "warn" | |
| name: "${{ steps.json_properties.outputs.productName }}-dev-macos-arm-dmg-${{steps.json_properties.outputs.version}}-${{ matrix.type }}-${{ github.ref_name }}" | |
| path: "./src-tauri/target/aarch64-apple-darwin/release/bundle/dmg/${{ steps.json_properties.outputs.productName }}_${{steps.json_properties.outputs.version}}_aarch64.dmg" | |
| - name: Upload binary (macOS, ARM, tarball) | |
| if: (startsWith(github.ref, 'refs/tags/') != true) && matrix.identifier == 'macos-arm' | |
| uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 | |
| with: | |
| if-no-files-found: "warn" | |
| name: "${{ steps.json_properties.outputs.productName }}-dev-macos-arm-tarball-${{steps.json_properties.outputs.version}}-${{ matrix.type }}-${{ github.ref_name }}" | |
| path: "./src-tauri/target/aarch64-apple-darwin/release/bundle/macos/${{ steps.json_properties.outputs.productName }}.app.tar.gz" |