forked from ValueCell-ai/valuecell
-
Notifications
You must be signed in to change notification settings - Fork 0
144 lines (129 loc) · 5.96 KB
/
mac_build.yml
File metadata and controls
144 lines (129 loc) · 5.96 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
name: Tauri build on macOS
on:
push:
tags:
- "v*"
workflow_dispatch:
permissions:
contents: write
jobs:
build-macos:
strategy:
matrix:
include:
- args: --target aarch64-apple-darwin
target: 'aarch64-apple-darwin'
- args: --target x86_64-apple-darwin
target: 'x86_64-apple-darwin'
runs-on: macos-latest
env:
APPLE_ID: ${{ secrets.APPLE_ID }}
APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
steps:
- name: Checkout code
uses: actions/checkout@v5
- name: Add UV Package Manager To Tauri Project
run: |
cd frontend/src-tauri
mkdir -p binaries
ARCH=$(uname -m)
echo "Current runner architecture: $ARCH"
echo "Matrix target: ${{ matrix.args }}"
# Download both architectures since we're building for both
for UV_ARCH in aarch64-apple-darwin x86_64-apple-darwin; do
echo "Downloading uv for $UV_ARCH..."
curl -L -f -o uv-${UV_ARCH}.tar.gz "https://github.com/astral-sh/uv/releases/download/0.9.9/uv-${UV_ARCH}.tar.gz"
# Extract tar.gz file to temporary directory
mkdir -p temp_${UV_ARCH}
tar -xzf uv-${UV_ARCH}.tar.gz -C temp_${UV_ARCH}
# Find uv executable file after extraction
UV_PATH=$(find temp_${UV_ARCH} -name "uv" -type f | head -1)
if [ -z "$UV_PATH" ]; then
echo "Error: uv executable not found for $UV_ARCH after extraction"
echo "Contents of temp_${UV_ARCH}:"
ls -la temp_${UV_ARCH}/
exit 1
fi
echo "Found uv at: $UV_PATH"
# Move uv to binaries directory with architecture suffix
mv "$UV_PATH" "binaries/uv-${UV_ARCH}"
chmod +x "binaries/uv-${UV_ARCH}"
# Clean up
rm -rf temp_${UV_ARCH} uv-${UV_ARCH}.tar.gz
done
# Debug: List all files in binaries directory
echo "Contents of binaries directory:"
ls -lah binaries/
echo "Verifying uv executables:"
file binaries/uv-* || echo "No uv files found"
- name: Import Apple Developer Certificate
env:
APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }}
APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
run: |
echo "::add-mask::$APPLE_CERTIFICATE_PASSWORD"
echo "::add-mask::$KEYCHAIN_PASSWORD"
echo "::add-mask::${{ secrets.SECRET_INFO }}"
echo $APPLE_CERTIFICATE | base64 --decode > certificate.p12
security create-keychain -p "$KEYCHAIN_PASSWORD" build.keychain 2>&1 | grep -v "password" || true
security default-keychain -s build.keychain
security unlock-keychain -p "$KEYCHAIN_PASSWORD" build.keychain 2>&1 | grep -v "password" || true
security set-keychain-settings -t 3600 -u build.keychain
security import certificate.p12 -k build.keychain -P "$APPLE_CERTIFICATE_PASSWORD" -T /usr/bin/codesign 2>&1 | grep -v "password" || true
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$KEYCHAIN_PASSWORD" build.keychain 2>&1 | grep -v "password" || true
# Suppress certificate details output
security find-identity -v -p codesigning build.keychain > /dev/null 2>&1 || true
- name: Verify Certificate
run: |
CERT_INFO=$(security find-identity -v -p codesigning build.keychain 2>/dev/null | grep "Developer ID Application" || true)
CERT_ID=$(echo "$CERT_INFO" | awk -F'"' '{print $2}')
if [ -n "$CERT_ID" ]; then
echo "::add-mask::$CERT_ID"
echo "CERT_ID=$CERT_ID" >> $GITHUB_ENV
echo "Certificate imported successfully."
else
echo "Error: Certificate not found"
exit 1
fi
- name: Setup Bun
uses: oven-sh/setup-bun@v2
with:
bun-version-file: "./frontend/package.json"
- name: Install Dependencies
run: |
cd frontend
bun install
- name: Setup Rust
uses: dtolnay/rust-toolchain@stable
with:
# Those targets are only used on macos runners so it's in an `if` to slightly speed up windows and linux builds.
targets: aarch64-apple-darwin,x86_64-apple-darwin
- name: Rust cache
uses: swatinem/rust-cache@v2
with:
workspaces: './src-tauri -> target'
- uses: tauri-apps/tauri-action@v0
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }}
APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
APPLE_PASSWORD: ${{ secrets.APPLE_PASSWORD }}
APPLE_SIGNING_IDENTITY: ${{ env.CERT_ID }}
TAURI_SIGNING_PRIVATE_KEY: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY }}
TAURI_SIGNING_PRIVATE_KEY_PASSWORD: ${{secrets.TAURI_SIGNING_PRIVATE_KEY_PASSWORD}}
with:
tagName: ${{ github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v') && 'v__VERSION__' || '' }}
releaseName: ${{ github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v') && 'ValueCell-__VERSION__-beta' || '' }}
releaseDraft: ${{ github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v') }}
prerelease: false
assetNamePattern: ValueCell-[version]-beta-[platform]-[arch][ext]
args: ${{ matrix.args }}
- name: Upload Artifacts
uses: actions/upload-artifact@v5
if: ${{ !startsWith(github.ref, 'refs/tags/v') }}
with:
path: frontend/src-tauri/target/${{ matrix.target }}/release/bundle/dmg/*.dmg
name: ValueCell-${{ matrix.target }}-${{ github.sha }}
retention-days: 3