Build #30
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "Build" | |
| on: | |
| workflow_call: {} # Allow this workflow to be called by other workflows | |
| pull_request: | |
| push: | |
| jobs: | |
| build-tauri: | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| # macOS desktop builds | |
| - platform: "macos-latest" | |
| args: "--target aarch64-apple-darwin" | |
| arch: "aarch64" | |
| - platform: "macos-latest" | |
| args: "--target x86_64-apple-darwin" | |
| arch: "x86_64" | |
| # Linux desktop builds | |
| - platform: "ubuntu-24.04" | |
| args: "" | |
| # Android builds with correct target names | |
| - platform: "ubuntu-24.04" | |
| android: true | |
| android_target: "aarch64" | |
| abi: "arm64-v8a" | |
| - platform: "ubuntu-24.04" | |
| android: true | |
| android_target: "armv7" | |
| abi: "armeabi-v7a" | |
| - platform: "ubuntu-24.04" | |
| android: true | |
| android_target: "x86_64" | |
| abi: "x86_64" | |
| runs-on: ${{ matrix.platform }} | |
| env: | |
| APPLE_ID: ${{ secrets.APPLE_ID }} | |
| APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }} | |
| APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| # Add Rust cache | |
| - uses: Swatinem/rust-cache@v2 | |
| with: | |
| shared-key: "${{ runner.os }}-rust-${{ matrix.android && 'android' || 'desktop' }}" | |
| # Add Bun cache | |
| - name: Cache bun dependencies | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| ~/.bun/install/cache | |
| node_modules | |
| key: ${{ runner.os }}-bun-${{ hashFiles('**/bun.lockb') }} | |
| restore-keys: | | |
| ${{ runner.os }}-bun- | |
| # Add Android NDK cache (only for Android builds) | |
| - name: Cache Android NDK | |
| if: matrix.android | |
| uses: actions/cache@v4 | |
| with: | |
| path: /usr/local/lib/android/sdk/ndk/25.2.9519653 | |
| key: ${{ runner.os }}-ndk-25.2.9519653 | |
| - name: Set up JDK 17 | |
| if: matrix.android | |
| uses: actions/setup-java@v4 | |
| with: | |
| distribution: 'temurin' | |
| java-version: '17' | |
| - name: Install dependencies (ubuntu only) | |
| if: matrix.platform == 'ubuntu-24.04' && !matrix.android | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y libwebkit2gtk-4.1-dev libappindicator3-dev librsvg2-dev patchelf \ | |
| libfuse2 fuse libglib2.0-dev libcairo2-dev libpango1.0-dev \ | |
| libasound2-dev libgtk-3-dev desktop-file-utils | |
| - name: Setup Android SDK | |
| if: matrix.android | |
| uses: android-actions/setup-android@v3 | |
| - name: Install Android NDK | |
| if: matrix.android | |
| run: | | |
| sdkmanager --install "ndk;25.2.9519653" | |
| echo "ANDROID_NDK_HOME=$ANDROID_SDK_ROOT/ndk/25.2.9519653" >> $GITHUB_ENV | |
| echo "NDK_HOME=$ANDROID_SDK_ROOT/ndk/25.2.9519653" >> $GITHUB_ENV | |
| - name: Setup bun | |
| uses: oven-sh/setup-bun@v1 | |
| with: | |
| bun-version: 1.1.39 | |
| - name: Install Rust stable | |
| uses: dtolnay/rust-toolchain@stable | |
| with: | |
| targets: ${{ matrix.platform == 'macos-latest' && 'aarch64-apple-darwin,x86_64-apple-darwin' || '' }} | |
| - name: Add Rust Android targets | |
| if: matrix.android | |
| run: | | |
| rustup target add aarch64-linux-android | |
| rustup target add armv7-linux-androideabi | |
| rustup target add x86_64-linux-android | |
| rustup target add i686-linux-android | |
| - name: Install frontend dependencies | |
| run: bun install | |
| - name: Import Apple Developer Certificate | |
| if: matrix.platform == 'macos-latest' | |
| id: import_apple_certificate | |
| env: | |
| APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }} | |
| APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }} | |
| KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} | |
| run: | | |
| echo $APPLE_CERTIFICATE | base64 --decode > certificate.p12 | |
| security create-keychain -p "$KEYCHAIN_PASSWORD" build.keychain | |
| security default-keychain -s build.keychain | |
| security unlock-keychain -p "$KEYCHAIN_PASSWORD" build.keychain | |
| security import certificate.p12 -k build.keychain -P "$APPLE_CERTIFICATE_PASSWORD" -T /usr/bin/codesign | |
| security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$KEYCHAIN_PASSWORD" build.keychain | |
| security find-identity -v -p codesigning build.keychain | |
| - name: Verify Certificate | |
| if: matrix.platform == 'macos-latest' | |
| id: verify_apple_certificate | |
| run: | | |
| CERT_INFO=$(security find-identity -v -p codesigning build.keychain | grep "Apple Development") | |
| CERT_ID=$(echo "$CERT_INFO" | awk -F'"' '{print $2}') | |
| echo "cert_id=$CERT_ID" >> "$GITHUB_OUTPUT" | |
| echo "Apple Developer Certificate imported." | |
| - name: Import GPG key | |
| if: matrix.platform == 'ubuntu-24.04' && !matrix.android | |
| id: import_gpg | |
| uses: crazy-max/ghaction-import-gpg@v6 | |
| with: | |
| gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} | |
| passphrase: ${{ secrets.GPG_PASSPHRASE }} | |
| trust_level: 5 | |
| - name: Setup Android signing | |
| if: matrix.android | |
| run: | | |
| cd src-tauri/gen/android | |
| echo "keyAlias=${{ secrets.ANDROID_KEY_ALIAS }}" > keystore.properties | |
| echo "password=${{ secrets.ANDROID_KEY_PASSWORD }}" >> keystore.properties | |
| base64 -d <<< "${{ secrets.ANDROID_KEY_BASE64 }}" > $RUNNER_TEMP/keystore.jks | |
| echo "storeFile=$RUNNER_TEMP/keystore.jks" >> keystore.properties | |
| # Split the build step into two different actions based on the target | |
| - name: Build Desktop App | |
| if: ${{ !matrix.android }} | |
| uses: tauri-apps/tauri-action@v0 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| # Apple signing | |
| APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }} | |
| APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }} | |
| APPLE_SIGNING_IDENTITY: ${{ matrix.platform == 'macos-latest' && steps.verify_apple_certificate.outputs.cert_id || '' }} | |
| # AppImage signing | |
| LDAI_SIGN: ${{ matrix.platform == 'ubuntu-24.04' && !matrix.android }} | |
| LDAI_SIGN_KEY: ${{ matrix.platform == 'ubuntu-24.04' && !matrix.android && steps.import_gpg.outputs.keyid || '' }} | |
| LDAI_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} | |
| # DEB signing | |
| TAURI_SIGNING_KEY: ${{ matrix.platform == 'ubuntu-24.04' && !matrix.android && steps.import_gpg.outputs.keyid || '' }} | |
| TAURI_SIGNING_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} | |
| # RPM signing | |
| RPM_SIGNING_KEY: ${{ matrix.platform == 'ubuntu-24.04' && !matrix.android && steps.import_gpg.outputs.keyid || '' }} | |
| RPM_SIGNING_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} | |
| with: | |
| args: ${{ matrix.args }} | |
| - name: Build Android universal binary | |
| if: matrix.android | |
| run: | | |
| bun tauri android build | |
| - name: Build Android arch specific binaries | |
| if: matrix.android | |
| run: | | |
| bun tauri android build --target ${{ matrix.android_target }} | |
| - name: List Android build outputs | |
| if: matrix.android | |
| run: | | |
| find src-tauri/gen/android/app/build/outputs/apk/*/release/*.apk -type f | |
| find src-tauri/gen/android/app/build/outputs/bundle/universalRelease/*.aab -type f | |
| # Add this before the artifact upload steps | |
| - name: Generate artifact hashes | |
| if: matrix.android | |
| run: | | |
| cd src-tauri/gen/android/app/build/outputs | |
| # Generate hash for each APK | |
| find . -type f -name "*.apk" -exec sh -c ' | |
| sha256sum "$1" > "${1}.sha256" | |
| ' sh {} \; | |
| # Generate hash for AAB | |
| find . -type f -name "*.aab" -exec sh -c ' | |
| sha256sum "$1" > "${1}.sha256" | |
| ' sh {} \; | |
| - name: Generate desktop artifact hashes | |
| if: ${{ !matrix.android }} | |
| run: | | |
| if [ "${{ matrix.platform }}" = "ubuntu-24.04" ]; then | |
| cd src-tauri/target/release/bundle | |
| # Generate hash for each Linux package | |
| find . -type f \( -name "*.deb" -o -name "*.rpm" -o -name "*.AppImage" \) -exec sh -c ' | |
| sha256sum "$1" > "${1}.sha256" | |
| ' sh {} \; | |
| elif [ "${{ matrix.platform }}" = "macos-latest" ]; then | |
| cd src-tauri/target/${{ matrix.arch }}-apple-darwin/release/bundle | |
| # Generate hash for macOS app bundle | |
| cd macos | |
| find . -type f -name "*.app" -exec sh -c ' | |
| shasum -a 256 "$1" > "${1}.sha256" | |
| ' sh {} \; | |
| find . -type f -name "*.app.tar.gz" -exec sh -c ' | |
| shasum -a 256 "$1" > "${1}.sha256" | |
| ' sh {} \; | |
| # Generate hash for DMG | |
| cd ../dmg | |
| find . -type f -name "*.dmg" -exec sh -c ' | |
| shasum -a 256 "$1" > "${1}.sha256" | |
| ' sh {} \; | |
| fi | |
| - name: Upload Android binaries | |
| if: matrix.android | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: android-${{ matrix.abi }} | |
| path: | | |
| src-tauri/gen/android/app/build/outputs/apk/${{ matrix.abi }}/release/*.apk | |
| src-tauri/gen/android/app/build/outputs/bundle/universalRelease/*.aab | |
| - name: Upload Android sha256 hashes | |
| if: matrix.android | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: android-${{ matrix.abi }}.sha256 | |
| path: | | |
| src-tauri/gen/android/app/build/outputs/apk/${{ matrix.abi }}/release/*.apk.sha256 | |
| src-tauri/gen/android/app/build/outputs/bundle/universalRelease/*.aab.sha256 | |
| - name: Upload Desktop binaries | |
| if: ${{ !matrix.android }} | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: desktop-${{ matrix.platform }}${{ matrix.arch && '-' }}${{ matrix.arch }} | |
| path: | | |
| src-tauri/target/**/release/bundle/deb/*.deb | |
| src-tauri/target/**/release/bundle/rpm/*.rpm | |
| src-tauri/target/**/release/bundle/appimage/*.AppImage | |
| src-tauri/target/**/release/bundle/dmg/*.dmg | |
| src-tauri/target/**/release/bundle/macos/*.app | |
| src-tauri/target/**/release/bundle/macos/*.app.tar.gz | |
| - name: Upload Desktop sha256 hashes | |
| if: ${{ !matrix.android }} | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: desktop-${{ matrix.platform }}${{ matrix.arch && '-' }}${{ matrix.arch }}.sha256 | |
| path: | | |
| src-tauri/target/**/release/bundle/**/*.sha256 |