v0.5.1: bump #37
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build & Release | |
| on: | |
| push: | |
| tags: | |
| - 'v*' | |
| permissions: | |
| contents: write | |
| jobs: | |
| build-macos: | |
| runs-on: macos-14 # Apple Silicon runner | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Install Apple Certificate | |
| env: | |
| CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }} | |
| CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }} | |
| run: | | |
| CERT_PATH=$RUNNER_TEMP/certificate.p12 | |
| KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db | |
| echo -n "$CERTIFICATE" | base64 --decode -o $CERT_PATH | |
| security create-keychain -p "" $KEYCHAIN_PATH | |
| security set-keychain-settings -lut 21600 $KEYCHAIN_PATH | |
| security unlock-keychain -p "" $KEYCHAIN_PATH | |
| security import $CERT_PATH -P "$CERTIFICATE_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH | |
| security set-key-partition-list -S apple-tool:,apple: -k "" $KEYCHAIN_PATH | |
| security list-keychains -d user -s $KEYCHAIN_PATH login.keychain | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: 20 | |
| - name: Setup Rust | |
| uses: dtolnay/rust-toolchain@stable | |
| - name: Rust cache | |
| uses: Swatinem/rust-cache@v2 | |
| with: | |
| workspaces: src-tauri | |
| - name: Install dependencies | |
| run: npm install | |
| - name: Build Tauri app (signed + notarized) | |
| env: | |
| APPLE_SIGNING_IDENTITY: ${{ secrets.APPLE_SIGNING_IDENTITY }} | |
| APPLE_ID: ${{ secrets.APPLE_ID }} | |
| APPLE_PASSWORD: ${{ secrets.APPLE_PASSWORD }} | |
| APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} | |
| TAURI_SIGNING_PRIVATE_KEY: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY }} | |
| TAURI_SIGNING_PRIVATE_KEY_PASSWORD: "" | |
| run: npm run tauri build | |
| - name: Upload macOS artifacts | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: macos-build | |
| path: | | |
| src-tauri/target/release/bundle/macos/*.app | |
| src-tauri/target/release/bundle/macos/*.app.tar.gz | |
| src-tauri/target/release/bundle/macos/*.app.tar.gz.sig | |
| src-tauri/target/release/bundle/dmg/*.dmg | |
| build-macos-intel: | |
| runs-on: macos-14 # Cross-compile to Intel | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Install Apple Certificate | |
| env: | |
| CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }} | |
| CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }} | |
| run: | | |
| CERT_PATH=$RUNNER_TEMP/certificate.p12 | |
| KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db | |
| echo -n "$CERTIFICATE" | base64 --decode -o $CERT_PATH | |
| security create-keychain -p "" $KEYCHAIN_PATH | |
| security set-keychain-settings -lut 21600 $KEYCHAIN_PATH | |
| security unlock-keychain -p "" $KEYCHAIN_PATH | |
| security import $CERT_PATH -P "$CERTIFICATE_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH | |
| security set-key-partition-list -S apple-tool:,apple: -k "" $KEYCHAIN_PATH | |
| security list-keychains -d user -s $KEYCHAIN_PATH login.keychain | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: 20 | |
| - name: Setup Rust | |
| uses: dtolnay/rust-toolchain@stable | |
| with: | |
| targets: x86_64-apple-darwin | |
| - name: Rust cache | |
| uses: Swatinem/rust-cache@v2 | |
| with: | |
| workspaces: src-tauri | |
| - name: Install dependencies | |
| run: npm install | |
| - name: Build Tauri app (Intel, signed + notarized) | |
| env: | |
| APPLE_SIGNING_IDENTITY: ${{ secrets.APPLE_SIGNING_IDENTITY }} | |
| APPLE_ID: ${{ secrets.APPLE_ID }} | |
| APPLE_PASSWORD: ${{ secrets.APPLE_PASSWORD }} | |
| APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} | |
| TAURI_SIGNING_PRIVATE_KEY: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY }} | |
| TAURI_SIGNING_PRIVATE_KEY_PASSWORD: "" | |
| run: npm run tauri build -- --target x86_64-apple-darwin | |
| - name: Upload macOS Intel artifacts | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: macos-intel-build | |
| path: | | |
| src-tauri/target/x86_64-apple-darwin/release/bundle/macos/*.app.tar.gz | |
| src-tauri/target/x86_64-apple-darwin/release/bundle/macos/*.app.tar.gz.sig | |
| src-tauri/target/x86_64-apple-darwin/release/bundle/dmg/*.dmg | |
| build-windows: | |
| runs-on: windows-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: 20 | |
| - name: Setup Rust | |
| uses: dtolnay/rust-toolchain@stable | |
| - name: Rust cache | |
| uses: Swatinem/rust-cache@v2 | |
| with: | |
| workspaces: src-tauri | |
| - name: Install dependencies | |
| run: npm install | |
| - name: Build Tauri app | |
| env: | |
| TAURI_SIGNING_PRIVATE_KEY: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY }} | |
| TAURI_SIGNING_PRIVATE_KEY_PASSWORD: "" | |
| run: npm run tauri build | |
| - name: Upload Windows artifacts | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: windows-build | |
| path: | | |
| src-tauri/target/release/bundle/nsis/*.exe | |
| src-tauri/target/release/bundle/nsis/*.exe.sig | |
| src-tauri/target/release/bundle/msi/*.msi | |
| src-tauri/target/release/bundle/msi/*.msi.sig | |
| release: | |
| needs: [build-macos, build-macos-intel, build-windows] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Get version from tag | |
| id: version | |
| run: echo "VERSION=${GITHUB_REF_NAME#v}" >> $GITHUB_OUTPUT | |
| - name: Download macOS artifacts | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: macos-build | |
| path: artifacts/macos | |
| - name: Download macOS Intel artifacts | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: macos-intel-build | |
| path: artifacts/macos-intel | |
| - name: Download Windows artifacts | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: windows-build | |
| path: artifacts/windows | |
| - name: List artifacts | |
| run: find artifacts -type f | head -30 | |
| - name: Generate latest.json for updater | |
| run: | | |
| VERSION="${{ steps.version.outputs.VERSION }}" | |
| DATE=$(date -u +"%Y-%m-%dT%H:%M:%SZ") | |
| # Read signatures | |
| DARWIN_AARCH64_SIG=$(cat artifacts/macos/macos/*.app.tar.gz.sig 2>/dev/null || echo "") | |
| DARWIN_X86_64_SIG=$(cat artifacts/macos-intel/macos/*.app.tar.gz.sig 2>/dev/null || echo "") | |
| WINDOWS_X86_64_SIG=$(cat artifacts/windows/nsis/*.exe.sig 2>/dev/null || echo "") | |
| REPO="https://github.com/phuc-nt/my-translator/releases/download/v${VERSION}" | |
| # Find actual filenames | |
| DARWIN_AARCH64_FILE=$(ls artifacts/macos/macos/*.app.tar.gz 2>/dev/null | head -1 | xargs basename || echo "") | |
| DARWIN_X86_64_FILE=$(ls artifacts/macos-intel/macos/*.app.tar.gz 2>/dev/null | head -1 | xargs basename || echo "") | |
| WINDOWS_X86_64_FILE=$(ls artifacts/windows/nsis/*.exe 2>/dev/null | head -1 | xargs basename || echo "") | |
| cat > artifacts/latest.json << EOF | |
| { | |
| "version": "${VERSION}", | |
| "notes": "See release notes at https://github.com/phuc-nt/my-translator/releases/tag/v${VERSION}", | |
| "pub_date": "${DATE}", | |
| "platforms": { | |
| "darwin-aarch64": { | |
| "signature": "${DARWIN_AARCH64_SIG}", | |
| "url": "${REPO}/${DARWIN_AARCH64_FILE}" | |
| }, | |
| "darwin-x86_64": { | |
| "signature": "${DARWIN_X86_64_SIG}", | |
| "url": "${REPO}/${DARWIN_X86_64_FILE}" | |
| }, | |
| "windows-x86_64": { | |
| "signature": "${WINDOWS_X86_64_SIG}", | |
| "url": "${REPO}/${WINDOWS_X86_64_FILE}" | |
| } | |
| } | |
| } | |
| EOF | |
| echo "Generated latest.json:" | |
| cat artifacts/latest.json | |
| - name: Create Release | |
| uses: softprops/action-gh-release@v2 | |
| with: | |
| draft: true | |
| generate_release_notes: true | |
| files: | | |
| artifacts/**/*.dmg | |
| artifacts/**/*.exe | |
| artifacts/**/*.msi | |
| artifacts/**/*.app.tar.gz | |
| artifacts/**/*.sig | |
| artifacts/latest.json |