Skip to content

publish

publish #12

Workflow file for this run

name: "publish"
on:
workflow_dispatch:
jobs:
create-release:
permissions:
contents: write
runs-on: ubuntu-latest
outputs:
release_id: ${{ steps.create-release.outputs.result }}
steps:
- uses: actions/checkout@v4
- name: setup node
uses: actions/setup-node@v4
with:
node-version: lts/*
- name: get version
run: echo "PACKAGE_VERSION=$(node -p "require('./package.json').version")" >> $GITHUB_ENV
- name: create release
id: create-release
uses: actions/github-script@v7
with:
script: |
const { data } = await github.rest.repos.createRelease({
owner: context.repo.owner,
repo: context.repo.repo,
tag_name: `v${process.env.PACKAGE_VERSION}`,
name: `Exam Environment v${process.env.PACKAGE_VERSION}`,
body: 'Take a look at the assets to download and install this app.',
draft: true,
prerelease: false
})
return data.id
build-tauri:
needs: create-release
permissions:
contents: write
strategy:
fail-fast: false
matrix:
include:
- platform: "macos-latest"
args: "--target aarch64-apple-darwin"
- platform: "macos-latest"
args: "--target x86_64-apple-darwin"
- platform: "ubuntu-22.04"
args: ""
- platform: "windows-latest"
args: "--config src-tauri/tauri.microsoftstore.conf.json"
runs-on: ${{ matrix.platform }}
env:
VITE_MOCK_DATA: ${{ vars.VITE_MOCK_DATA }}
VITE_FREECODECAMP_API: ${{ vars.VITE_FREECODECAMP_API }}
SENTRY_DSN: ${{ secrets.SENTRY_DSN }}
steps:
- uses: actions/checkout@v4
- name: Setup pnpm
uses: pnpm/action-setup@a3252b78c470c02df07e9d59298aecedc3ccdd6d #v3.0.0
with:
version: 9
- name: setup node
uses: actions/setup-node@v4
with:
node-version: 22.x
- name: install Rust stable
uses: dtolnay/rust-toolchain@stable
with:
# Those targets are only used on macos runners so it's in an `if` to slightly speed up windows and linux builds.
targets: ${{ matrix.platform == 'macos-latest' && 'aarch64-apple-darwin,x86_64-apple-darwin' || '' }}
- name: install dependencies (ubuntu only)
if: matrix.platform == 'ubuntu-22.04' # This must match the platform value defined above.
run: |
sudo apt-get update
sudo apt-get install -y libwebkit2gtk-4.1-dev libappindicator3-dev librsvg2-dev patchelf
- name: install frontend dependencies
run: pnpm install && pnpm run prisma-generate
# The rust build requires the `.env` file to exist, even if none of the variables are used
- name: prep env (non-windows)
if: matrix.platform != 'windows-latest'
run: cp sample.env .env
- name: prep env (windows)
if: matrix.platform == 'windows-latest'
run: copy sample.env .env
- name: install Go stable (windows)
if: matrix.platform == 'windows-latest'
uses: actions/setup-go@v4
with:
go-version: "stable"
- name: install relic (windows)
if: matrix.platform == 'windows-latest'
run: |
go install github.com/sassoftware/relic/v8@latest
- name: install codemagic cli tools (macos)
if: matrix.platform == 'macos-latest'
run: pip3 install codemagic-cli-tools --break-system-packages
- name: install apple certificates and provisioning profiles
if: matrix.platform == 'macos-latest'
env:
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
APPLE_DISTRIBUTION_CERT: ${{ secrets.APPLE_DISTRIBUTION_CERT }}
PROVISIONING_PROFILE: ${{ secrets.PROVISIONING_PROFILE }}
run: |
# create variables
CERT_BASE_PATH=/Users/runner/Library/MobileDevice/Certificates
mkdir -p $CERT_BASE_PATH
DISTRIBUTION_CERT_PATH=$CERT_BASE_PATH/distribution_certificate.p12
PP_PATH=./src-tauri/embedded.provisionprofile
KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
# import certificate and provisioning profile from secrets
echo -n "$APPLE_DISTRIBUTION_CERT" | base64 --decode -o $DISTRIBUTION_CERT_PATH
echo -n "$PROVISIONING_PROFILE" | base64 --decode -o $PP_PATH
# create temporary keychain
keychain initialize --password $KEYCHAIN_PASSWORD --path $KEYCHAIN_PATH --timeout 21600
# import certificate to keychain
keychain add-certificates
security set-key-partition-list -S apple-tool:,apple: -k "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
security find-identity -v
- uses: tauri-apps/tauri-action@v0
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
TAURI_SIGNING_PRIVATE_KEY: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY }}
TAURI_SIGNING_PRIVATE_KEY_PASSWORD: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY_PASSWORD }}
AZURE_VAULT_ID: ${{ secrets.AZURE_VAULT_ID }}
AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }}
AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
SENTRY_DSN: ${{ secrets.SENTRY_DSN }}
VITE_FREECODECAMP_API: ${{ env.VITE_FREECODECAMP_API }}
VITE_MOCK_DATA: ${{ env.VITE_MOCK_DATA }}
with:
releaseId: ${{ needs.create-release.outputs.release_id }}
args: ${{ matrix.args }} --verbose
includeDebug: false
includeRelease: true
includeUpdaterJson: true
publish-release:
permissions:
contents: write
runs-on: ubuntu-latest
needs: [create-release, build-tauri]
steps:
- name: publish release
id: publish-release
uses: actions/github-script@v7
env:
release_id: ${{ needs.create-release.outputs.release_id }}
with:
script: |
github.rest.repos.updateRelease({
owner: context.repo.owner,
repo: context.repo.repo,
release_id: process.env.release_id,
draft: false,
prerelease: false
})