Build

Conditional listing of artifacts #42

Workflow file for this run

	name: "Build"

	on:
	workflow_call: {} # Allow this workflow to be called by other workflows
	pull_request:
	push:

	jobs:
	build-tauri:
	strategy:
	fail-fast: false
	matrix:
	include:
	# macOS desktop builds
	- name: "macOS (Apple Silicon)"
	platform: "macos-latest"
	args: "--target aarch64-apple-darwin"
	arch: "aarch64"
	- name: "macOS (Intel)"
	platform: "macos-latest"
	args: "--target x86_64-apple-darwin"
	arch: "x86_64"
	# Linux desktop builds
	- name: "Linux Desktop"
	platform: "ubuntu-22.04"
	args: ""
	# Single Android build that will output all ABIs
	- name: "Android"
	platform: "ubuntu-22.04"
	android: true

	runs-on: ${{ matrix.platform }}
	env:
	APPLE_ID: ${{ secrets.APPLE_ID }}
	APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
	APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
	steps:
	- uses: actions/checkout@v4

	- name: Cache bun dependencies
	uses: actions/cache@v4
	with:
	path: \|
	~/.bun/install/cache
	node_modules
	key: ${{ runner.os }}-bun-${{ hashFiles('**/bun.lockb') }}
	restore-keys: \|
	${{ runner.os }}-bun-

	- name: Setup bun
	uses: oven-sh/setup-bun@v1
	with:
	bun-version: 1.1.39

	- name: Add Rust cache
	uses: Swatinem/rust-cache@v2
	with:
	# Specify the working directory for Rust cache
	workspaces: "src-tauri -> target"
	# Cache cargo registry
	cache-directories: \|
	~/.cargo/registry
	~/.cargo/git
	# Add a suffix to distinguish between different platforms and architectures
	key: ${{ matrix.platform }}${{ matrix.arch && '-' }}${{ matrix.arch }}${{ matrix.android && '-android' }}

	- name: Install Rust stable
	uses: dtolnay/rust-toolchain@stable
	with:
	targets: >-
	${{ matrix.platform == 'macos-latest' && 'aarch64-apple-darwin,x86_64-apple-darwin' \|\| '' }}
	${{ matrix.android && 'aarch64-linux-android,armv7-linux-androideabi,x86_64-linux-android,i686-linux-android' \|\| '' }}

	- name: Install frontend dependencies
	run: bun install

	- name: Cache Android NDK
	if: matrix.android
	uses: actions/cache@v4
	with:
	path: /usr/local/lib/android/sdk/ndk/25.2.9519653
	key: ${{ runner.os }}-ndk-25.2.9519653

	- name: Set up JDK 17
	if: matrix.android
	uses: actions/setup-java@v4
	with:
	distribution: 'temurin'
	java-version: '17'

	- name: Install dependencies (ubuntu only)
	if: matrix.platform == 'ubuntu-22.04' && !matrix.android
	run: \|
	sudo apt-get update
	sudo apt-get install -y libwebkit2gtk-4.1-dev libappindicator3-dev librsvg2-dev patchelf \
	libfuse2 fuse libglib2.0-dev libcairo2-dev libpango1.0-dev \
	libasound2-dev libgtk-3-dev desktop-file-utils

	- name: Setup Android SDK
	if: matrix.android
	uses: android-actions/setup-android@v3

	- name: Install Android NDK
	if: matrix.android
	run: \|
	sdkmanager --install "ndk;25.2.9519653"
	echo "ANDROID_NDK_HOME=$ANDROID_SDK_ROOT/ndk/25.2.9519653" >> $GITHUB_ENV
	echo "NDK_HOME=$ANDROID_SDK_ROOT/ndk/25.2.9519653" >> $GITHUB_ENV


	- name: Import Apple Developer Certificate
	if: matrix.platform == 'macos-latest'
	id: import_apple_certificate
	env:
	APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }}
	APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
	KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
	run: \|
	echo $APPLE_CERTIFICATE \| base64 --decode > certificate.p12
	security create-keychain -p "$KEYCHAIN_PASSWORD" build.keychain
	security default-keychain -s build.keychain
	security unlock-keychain -p "$KEYCHAIN_PASSWORD" build.keychain
	security import certificate.p12 -k build.keychain -P "$APPLE_CERTIFICATE_PASSWORD" -T /usr/bin/codesign
	security set-keychain-settings -t 3600 -l build.keychain
	security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$KEYCHAIN_PASSWORD" build.keychain
	security list-keychains -s build.keychain
	security list-keychains
	security find-identity -v -p codesigning build.keychain

	- name: Verify Certificate
	if: matrix.platform == 'macos-latest'
	id: verify_apple_certificate
	run: \|
	security find-identity -v -p codesigning build.keychain
	CERT_INFO=$(security find-identity -v -p codesigning build.keychain \| grep -E "Apple (Development\|Distribution)")
	CERT_ID=$(echo "$CERT_INFO" \| awk -F'"' '{print $2}')
	echo "cert_id=$CERT_ID" >> "$GITHUB_OUTPUT"
	echo "Apple Developer Certificate imported."

	- name: Import GPG key
	if: matrix.platform == 'ubuntu-22.04' && !matrix.android
	id: import_gpg
	uses: crazy-max/ghaction-import-gpg@v6
	with:
	gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
	passphrase: ${{ secrets.GPG_PASSPHRASE }}
	trust_level: 5

	- name: Setup Android signing
	if: matrix.android
	run: \|
	cd src-tauri/gen/android
	echo "keyAlias=${{ secrets.ANDROID_KEY_ALIAS }}" > keystore.properties
	echo "password=${{ secrets.ANDROID_KEY_PASSWORD }}" >> keystore.properties
	base64 -d <<< "${{ secrets.ANDROID_KEY_BASE64 }}" > $RUNNER_TEMP/keystore.jks
	echo "storeFile=$RUNNER_TEMP/keystore.jks" >> keystore.properties

	# Split the build step into two different actions based on the target
	- name: Build Desktop App
	if: ${{ !matrix.android }}
	uses: tauri-apps/tauri-action@v0
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	# Apple signing
	APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }}
	APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
	APPLE_SIGNING_IDENTITY: ${{ matrix.platform == 'macos-latest' && steps.verify_apple_certificate.outputs.cert_id \|\| '' }}
	# AppImage signing
	LDAI_SIGN: ${{ matrix.platform == 'ubuntu-22.04' && !matrix.android }}
	LDAI_SIGN_KEY: ${{ matrix.platform == 'ubuntu-22.04' && !matrix.android && steps.import_gpg.outputs.keyid \|\| '' }}
	LDAI_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
	# DEB signing
	TAURI_SIGNING_KEY: ${{ matrix.platform == 'ubuntu-22.04' && !matrix.android && steps.import_gpg.outputs.keyid \|\| '' }}
	TAURI_SIGNING_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
	# RPM signing
	RPM_SIGNING_KEY: ${{ matrix.platform == 'ubuntu-22.04' && !matrix.android && steps.import_gpg.outputs.keyid \|\| '' }}
	RPM_SIGNING_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
	with:
	args: ${{ matrix.args }}

	- name: Build Android universal binary
	if: matrix.android
	run: \|
	bun tauri android build

	- name: Build Android arch specific binaries
	if: matrix.android
	run: \|
	bun tauri android build --apk --split-per-abi

	- name: List Android build outputs
	if: matrix.android
	run: \|
	find src-tauri/gen/android/app/build/outputs/apk//release/.apk -type f
	find src-tauri/gen/android/app/build/outputs/bundle/universalRelease/*.aab -type f

	# Add this before the artifact upload steps
	- name: Generate artifact hashes
	if: matrix.android
	run: \|
	cd src-tauri/gen/android/app/build/outputs
	# Generate hash for each APK
	find . -type f -name "*.apk" -exec sh -c '
	sha256sum "$1" > "${1}.sha256"
	' sh {} \;
	# Generate hash for AAB
	find . -type f -name "*.aab" -exec sh -c '
	sha256sum "$1" > "${1}.sha256"
	' sh {} \;

	- name: Generate desktop artifact hashes
	if: ${{ !matrix.android }}
	run: \|
	if [ "${{ matrix.platform }}" = "ubuntu-22.04" ]; then
	cd src-tauri/target/release/bundle
	# Generate hash for each Linux package
	find . -type f $ -name ".deb" -o -name ".rpm" -o -name "*.AppImage" $ -exec sh -c '
	sha256sum "$1" > "${1}.sha256"
	' sh {} \;
	elif [ "${{ matrix.platform }}" = "macos-latest" ]; then
	cd src-tauri/target/${{ matrix.arch }}-apple-darwin/release/bundle
	# Generate hash for macOS app bundle
	cd macos
	find . -type f -name "*.app" -exec sh -c '
	shasum -a 256 "$1" > "${1}.sha256"
	' sh {} \;
	find . -type f -name "*.app.tar.gz" -exec sh -c '
	shasum -a 256 "$1" > "${1}.sha256"
	' sh {} \;
	# Generate hash for DMG
	cd ../dmg
	find . -type f -name "*.dmg" -exec sh -c '
	shasum -a 256 "$1" > "${1}.sha256"
	' sh {} \;
	fi

	- name: Prepare Android artifacts
	if: matrix.android
	run: \|
	# Get version from Cargo.toml
	VERSION=$(grep '^version[[:space:]]=[[:space:]]"' src-tauri/Cargo.toml \| sed 's/^version[[:space:]]=[[:space:]]"$.*$"/\1/')
	echo "Version: $VERSION"
	mkdir -p android-artifacts

	# Copy and rename AAB with version
	find src-tauri/gen/android/app/build/outputs/bundle/universalRelease -name "*.aab" -exec sh -c '
	cp "$1" android-artifacts/whitenoise-'"$VERSION"'-universal-release.aab
	cp "${1}.sha256" android-artifacts/whitenoise-'"$VERSION"'-universal-release.aab.sha256
	' sh {} \;

	# Copy and rename APKs with version and their ABI
	find src-tauri/gen/android/app/build/outputs/apk//release -name ".apk" -exec sh -c '
	filename=$(basename "$1")
	if [[ $filename =~ arm64-v8a ]]; then
	cp "$1" android-artifacts/whitenoise-'"$VERSION"'-arm64-v8a-release.apk
	cp "${1}.sha256" android-artifacts/whitenoise-'"$VERSION"'-arm64-v8a-release.apk.sha256
	elif [[ $filename =~ armeabi-v7a ]]; then
	cp "$1" android-artifacts/whitenoise-'"$VERSION"'-armeabi-v7a-release.apk
	cp "${1}.sha256" android-artifacts/whitenoise-'"$VERSION"'-armeabi-v7a-release.apk.sha256
	elif [[ $filename =~ x86_64 ]]; then
	cp "$1" android-artifacts/whitenoise-'"$VERSION"'-x86_64-release.apk
	cp "${1}.sha256" android-artifacts/whitenoise-'"$VERSION"'-x86_64-release.apk.sha256
	elif [[ $filename =~ x86 ]]; then
	cp "$1" android-artifacts/whitenoise-'"$VERSION"'-x86-release.apk
	cp "${1}.sha256" android-artifacts/whitenoise-'"$VERSION"'-x86-release.apk.sha256
	fi
	' sh {} \;

	- name: List Android artifacts
	if: matrix.android
	run: \|
	find android-artifacts/* -type f

	- name: Upload Android artifacts
	if: matrix.android
	uses: actions/upload-artifact@v4
	with:
	name: android-releases
	path: android-artifacts/*

	- name: Upload Android sha256 hashes
	if: matrix.android
	uses: actions/upload-artifact@v4
	with:
	path: \|
	src-tauri/gen/android/app/build/outputs/apk//release/.apk.sha256
	src-tauri/gen/android/app/build/outputs/bundle/universalRelease/*.aab.sha256

	- name: Prepare Desktop artifacts
	if: ${{ !matrix.android }}
	run: \|
	# Get version from Cargo.toml
	VERSION=$(grep '^version[[:space:]]=[[:space:]]"' src-tauri/Cargo.toml \| sed 's/^version[[:space:]]=[[:space:]]"$.*$"/\1/')
	echo "Version: $VERSION"
	mkdir -p desktop-artifacts

	if [ "${{ matrix.platform }}" = "ubuntu-22.04" ]; then
	# Linux packages
	find src-tauri/target/release/bundle/deb -name "*.deb" -exec sh -c '
	cp "$1" desktop-artifacts/whitenoise-'"$VERSION"'-linux-amd64.deb
	cp "${1}.sha256" desktop-artifacts/whitenoise-'"$VERSION"'-linux-amd64.deb.sha256
	' sh {} \;

	find src-tauri/target/release/bundle/rpm -name "*.rpm" -exec sh -c '
	cp "$1" desktop-artifacts/whitenoise-'"$VERSION"'-linux-x86_64.rpm
	cp "${1}.sha256" desktop-artifacts/whitenoise-'"$VERSION"'-linux-x86_64.rpm.sha256
	' sh {} \;

	find src-tauri/target/release/bundle/appimage -name "*.AppImage" -exec sh -c '
	cp "$1" desktop-artifacts/whitenoise-'"$VERSION"'-linux-x86_64.AppImage
	cp "${1}.sha256" desktop-artifacts/whitenoise-'"$VERSION"'-linux-x86_64.AppImage.sha256
	' sh {} \;

	elif [ "${{ matrix.platform }}" = "macos-latest" ]; then
	# macOS packages
	find src-tauri/target/${{ matrix.arch }}-apple-darwin/release/bundle/dmg -name "*.dmg" -exec sh -c '
	cp "$1" desktop-artifacts/whitenoise-'"$VERSION"'-macos-${{ matrix.arch }}.dmg
	cp "${1}.sha256" desktop-artifacts/whitenoise-'"$VERSION"'-macos-${{ matrix.arch }}.dmg.sha256
	' sh {} \;

	find src-tauri/target/${{ matrix.arch }}-apple-darwin/release/bundle/macos -name "*.app.tar.gz" -exec sh -c '
	cp "$1" desktop-artifacts/whitenoise-'"$VERSION"'-macos-${{ matrix.arch }}.app.tar.gz
	cp "${1}.sha256" desktop-artifacts/whitenoise-'"$VERSION"'-macos-${{ matrix.arch }}.app.tar.gz.sha256
	' sh {} \;
	fi

	- name: List desktop artifacts
	if: ${{ !matrix.android }}
	run: \|
	find desktop-artifacts/* -type f

	- name: Upload Desktop binaries
	if: ${{ !matrix.android }}
	uses: actions/upload-artifact@v4
	with:
	name: desktop-releases
	path: desktop-artifacts/*

	- name: Upload Desktop sha256 hashes
	if: ${{ !matrix.android }}
	uses: actions/upload-artifact@v4
	with:
	name: desktop-hashes
	path: desktop-artifacts/*.sha256

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Conditional listing of artifacts #42

Workflow file

Conditional listing of artifacts #42

Jobs

Run details

Workflow file for this run