name: "Release" on: push: tags: - "v*" workflow_dispatch: jobs: prepare: permissions: write-all runs-on: ubuntu-latest outputs: version: ${{ steps.get_version.outputs.VERSION }} steps: - uses: actions/checkout@v4 - name: Get version id: get_version run: | VERSION=$(node -p 'require("./src-tauri/tauri.conf.json").version') echo "VERSION=$VERSION" >> $GITHUB_OUTPUT build-macos: permissions: write-all needs: prepare strategy: matrix: include: - args: "--target aarch64-apple-darwin" arch: "silicon" - args: "--target x86_64-apple-darwin" arch: "intel" runs-on: macos-latest env: APPLE_ID: ${{ secrets.APPLE_ID }} APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }} TAURI_SIGNING_PRIVATE_KEY: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY }} steps: - uses: actions/checkout@v4 - name: Redact Sensitive Information run: | function redact_output { sed -e "s/${{ secrets.REDACT_PATTERN }}/REDACTED/g" } exec > >(redact_output) 2>&1 - uses: actions/setup-node@v4 with: node-version: 20 - uses: dtolnay/rust-toolchain@stable with: targets: aarch64-apple-darwin,x86_64-apple-darwin - uses: swatinem/rust-cache@v2 with: workspaces: "src-tauri -> target" cache-directories: "~/.cargo/registry/index/,~/.cargo/registry/cache/,~/.cargo/git/db/" shared-key: "macos-rust-cache" save-if: "true" - uses: actions/cache@v4 with: path: ~/.bun key: ${{ runner.os }}-bun-${{ hashFiles('**/bun.lockb') }} restore-keys: | ${{ runner.os }}-bun- - run: curl -fsSL https://bun.sh/install | bash && bun install - name: Import Apple Developer Certificate env: APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }} APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }} KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} run: | echo $APPLE_CERTIFICATE | base64 --decode > certificate.p12 security create-keychain -p "$KEYCHAIN_PASSWORD" build.keychain security default-keychain -s build.keychain security unlock-keychain -p "$KEYCHAIN_PASSWORD" build.keychain security import certificate.p12 -k build.keychain -P "$APPLE_CERTIFICATE_PASSWORD" -T /usr/bin/codesign security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$KEYCHAIN_PASSWORD" build.keychain - uses: tauri-apps/tauri-action@v0 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }} APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }} TAURI_PRIVATE_KEY: ${{ secrets.TAURI_PRIVATE_KEY }} TAURI_KEY_PASSWORD: ${{ secrets.TAURI_KEY_PASSWORD }} with: args: ${{ matrix.args }} - name: Rename macOS Artifacts run: | mv src-tauri/target/${{ matrix.args == '--target aarch64-apple-darwin' && 'aarch64-apple-darwin' || 'x86_64-apple-darwin' }}/release/bundle/dmg/*.dmg src-tauri/target/${{ matrix.args == '--target aarch64-apple-darwin' && 'aarch64-apple-darwin' || 'x86_64-apple-darwin' }}/release/bundle/dmg/Qopy-${{ needs.prepare.outputs.version }}_${{ matrix.arch }}.dmg - name: Upload artifacts uses: actions/upload-artifact@v4 with: name: macos-${{ matrix.arch }}-binaries path: | src-tauri/target/**/release/bundle/dmg/*.dmg build-windows: permissions: write-all needs: prepare strategy: matrix: include: - args: "--target x86_64-pc-windows-msvc" arch: "x64" target: "x86_64-pc-windows-msvc" - args: "--target aarch64-pc-windows-msvc" arch: "arm64" target: "aarch64-pc-windows-msvc" runs-on: windows-latest env: TAURI_SIGNING_PRIVATE_KEY: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY }} steps: - uses: actions/checkout@v4 - uses: actions/setup-node@v4 with: node-version: 20 - uses: dtolnay/rust-toolchain@stable with: targets: x86_64-pc-windows-msvc,aarch64-pc-windows-msvc - uses: swatinem/rust-cache@v2 with: workspaces: "src-tauri -> target" cache-directories: "~/.cargo/registry/index/,~/.cargo/registry/cache/,~/.cargo/git/db/" shared-key: "windows-rust-cache" save-if: "true" - uses: actions/cache@v4 with: path: ~/.bun key: ${{ runner.os }}-bun-${{ hashFiles('**/bun.lockb') }} restore-keys: | ${{ runner.os }}-bun- - run: curl -fsSL https://bun.sh/install | bash && bun install - uses: tauri-apps/tauri-action@v0 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: args: ${{ matrix.args }} - name: List Bundle Directory shell: pwsh run: | $bundlePath = "src-tauri/target/${{ matrix.target }}/release/bundle/msi" if (Test-Path $bundlePath) { Write-Output "Contents of ${bundlePath}:" Get-ChildItem -Path $bundlePath } else { Write-Output "Path ${bundlePath} does not exist." } - name: Rename Windows Artifacts shell: pwsh run: | $bundlePath = "src-tauri/target/${{ matrix.target }}/release/bundle/msi" $version = "${{ needs.prepare.outputs.version }}" $arch = "${{ matrix.arch }}" if (Test-Path $bundlePath) { $msiFiles = Get-ChildItem -Path "$bundlePath/*.msi" foreach ($file in $msiFiles) { $newName = "Qopy-$version`_$arch.msi" Rename-Item -Path $file.FullName -NewName $newName } } else { Write-Error "Path ${bundlePath} does not exist." exit 1 } - name: Upload artifacts uses: actions/upload-artifact@v4 with: name: windows-${{ matrix.arch }}-binaries path: src-tauri/target/${{ matrix.target }}/release/bundle/msi/*.msi build-linux: permissions: write-all needs: prepare runs-on: ubuntu-latest env: TAURI_SIGNING_PRIVATE_KEY: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY }} steps: - uses: actions/checkout@v4 with: fetch-depth: 0 - uses: actions/setup-node@v4 with: node-version: 20 - uses: dtolnay/rust-toolchain@stable - uses: swatinem/rust-cache@v2 with: workspaces: "src-tauri -> target" cache-directories: "~/.cargo/registry/index/,~/.cargo/registry/cache/,~/.cargo/git/db/" shared-key: "linux-rust-cache" save-if: "true" - uses: actions/cache@v4 with: path: ~/.bun key: ${{ runner.os }}-bun-${{ hashFiles('**/bun.lockb') }} restore-keys: | ${{ runner.os }}-bun- - name: Install dependencies run: | sudo apt update sudo apt install -y libwebkit2gtk-4.1-dev build-essential curl wget file libssl-dev libayatana-appindicator3-dev librsvg2-dev libasound2-dev rpm echo "PKG_CONFIG_PATH=/usr/lib/x86_64-linux-gnu/pkgconfig" >> $GITHUB_ENV - run: curl -fsSL https://bun.sh/install | bash && bun install - name: Generate Changelog id: changelog run: | CHANGELOG=$(git log $(git describe --tags --abbrev=0)..HEAD --pretty=format:"- %s") echo "CHANGELOG<> $GITHUB_ENV echo "$CHANGELOG" >> $GITHUB_ENV echo "EOF" >> $GITHUB_ENV - uses: tauri-apps/tauri-action@v0 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: args: --target x86_64-unknown-linux-gnu - name: Rename Linux Artifacts run: | mv src-tauri/target/x86_64-unknown-linux-gnu/release/bundle/deb/*.deb src-tauri/target/x86_64-unknown-linux-gnu/release/bundle/deb/Qopy-${{ needs.prepare.outputs.version }}.deb mv src-tauri/target/x86_64-unknown-linux-gnu/release/bundle/appimage/*.AppImage src-tauri/target/x86_64-unknown-linux-gnu/release/bundle/appimage/Qopy-${{ needs.prepare.outputs.version }}.AppImage mv src-tauri/target/x86_64-unknown-linux-gnu/release/bundle/rpm/*.rpm src-tauri/target/x86_64-unknown-linux-gnu/release/bundle/rpm/Qopy-${{ needs.prepare.outputs.version }}.rpm - name: Upload artifacts uses: actions/upload-artifact@v4 with: name: linux-binaries path: | src-tauri/target/x86_64-unknown-linux-gnu/release/bundle/deb/*.deb src-tauri/target/x86_64-unknown-linux-gnu/release/bundle/appimage/*.AppImage src-tauri/target/x86_64-unknown-linux-gnu/release/bundle/rpm/*.rpm create-release: permissions: write-all needs: [prepare, build-macos, build-windows, build-linux] runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 with: fetch-depth: 0 - name: Download all artifacts uses: actions/download-artifact@v4 with: path: artifacts - name: Generate Release Body id: release_body run: | VERSION="${{ needs.prepare.outputs.version }}" # Get the most recent release tag (v* tags only) LAST_TAG=$(git describe --match "v*" --abbrev=0 --tags `git rev-list --tags --skip=1 --max-count=1` 2>/dev/null || echo "") if [ -n "$LAST_TAG" ]; then echo "Debug: Found last release tag: $LAST_TAG" CHANGES=$(git log ${LAST_TAG}..HEAD --pretty=format:"- %s") else echo "Debug: No previous release tag found, using first commit" CHANGES=$(git log --pretty=format:"- %s") fi echo "Debug: Changelog content:" echo "$CHANGES" # Calculate hashes with corrected paths WINDOWS_ARM_HASH=$(sha256sum "artifacts/windows-arm64-binaries/Qopy-${VERSION}_arm64.msi" | awk '{ print $1 }') WINDOWS_64_HASH=$(sha256sum "artifacts/windows-x64-binaries/Qopy-${VERSION}_x64.msi" | awk '{ print $1 }') MAC_SILICON_HASH=$(sha256sum "artifacts/macos-silicon-binaries/aarch64-apple-darwin/release/bundle/dmg/Qopy-${VERSION}_silicon.dmg" | awk '{ print $1 }') MAC_INTEL_HASH=$(sha256sum "artifacts/macos-intel-binaries/x86_64-apple-darwin/release/bundle/dmg/Qopy-${VERSION}_intel.dmg" | awk '{ print $1 }') DEBIAN_HASH=$(sha256sum "artifacts/linux-binaries/deb/Qopy-${VERSION}.deb" | awk '{ print $1 }') APPIMAGE_HASH=$(sha256sum "artifacts/linux-binaries/appimage/Qopy-${VERSION}.AppImage" | awk '{ print $1 }') REDHAT_HASH=$(sha256sum "artifacts/linux-binaries/rpm/Qopy-${VERSION}.rpm" | awk '{ print $1 }') # Debug output echo "Calculated hashes:" echo "Windows ARM: $WINDOWS_ARM_HASH" echo "Windows x64: $WINDOWS_64_HASH" echo "Mac Silicon: $MAC_SILICON_HASH" echo "Mac Intel: $MAC_INTEL_HASH" echo "Debian: $DEBIAN_HASH" echo "AppImage: $APPIMAGE_HASH" echo "Red Hat: $REDHAT_HASH" RELEASE_BODY=$(cat <<-EOF ## ♻️ Changelog $CHANGES ## ⬇️ Downloads - [Windows (x64)](https://github.com/${{ github.repository }}/releases/download/v${VERSION}/Qopy-${VERSION}_x64.msi) - ${WINDOWS_64_HASH} - [Windows (ARM64)](https://github.com/${{ github.repository }}/releases/download/v${VERSION}/Qopy-${VERSION}_arm64.msi) - ${WINDOWS_ARM_HASH} - [macOS (Silicon)](https://github.com/${{ github.repository }}/releases/download/v${VERSION}/Qopy-${VERSION}_silicon.dmg) - ${MAC_SILICON_HASH} - [macOS (Intel)](https://github.com/${{ github.repository }}/releases/download/v${VERSION}/Qopy-${VERSION}_intel.dmg) - ${MAC_INTEL_HASH} - [Debian](https://github.com/${{ github.repository }}/releases/download/v${VERSION}/Qopy-${VERSION}.deb) - ${DEBIAN_HASH} - [AppImage](https://github.com/${{ github.repository }}/releases/download/v${VERSION}/Qopy-${VERSION}.AppImage) - ${APPIMAGE_HASH} - [Red Hat](https://github.com/${{ github.repository }}/releases/download/v${VERSION}/Qopy-${VERSION}.rpm) - ${REDHAT_HASH} EOF ) echo "RELEASE_BODY<> $GITHUB_ENV echo "$RELEASE_BODY" >> $GITHUB_ENV echo "EOF" >> $GITHUB_ENV - name: Create Release uses: softprops/action-gh-release@v2 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: draft: true tag_name: v${{ needs.prepare.outputs.version }} name: v${{ needs.prepare.outputs.version }} files: | artifacts/**/*.dmg artifacts/**/*.msi artifacts/**/*.deb artifacts/**/*.AppImage artifacts/**/*.rpm body: ${{ env.RELEASE_BODY }}