fix: cut v1.0.6 for macOS release signing #29
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release | |
| on: | |
| push: | |
| tags: | |
| - 'v*' | |
| permissions: | |
| contents: write | |
| env: | |
| CARGO_TERM_COLOR: always | |
| FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true | |
| jobs: | |
| create-release: | |
| name: Create Release | |
| runs-on: ubuntu-22.04 | |
| outputs: | |
| upload_url: ${{ steps.create_release.outputs.upload_url }} | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Extract changelog notes | |
| env: | |
| RELEASE_TAG: ${{ github.ref_name }} | |
| run: | | |
| python3 <<'PY' | |
| import os | |
| import pathlib | |
| import re | |
| import sys | |
| tag = os.environ["RELEASE_TAG"] | |
| changelog_path = pathlib.Path("CHANGELOG.md") | |
| release_notes_path = pathlib.Path("release-notes.md") | |
| heading_pattern = re.compile(r"^## (?P<tag>v[^\s]+) - \d{4}-\d{2}-\d{2}$") | |
| if not changelog_path.exists(): | |
| print( | |
| "::error title=Missing changelog::CHANGELOG.md was not found in the repository checkout.", | |
| file=sys.stderr, | |
| ) | |
| sys.exit(1) | |
| section_lines = [] | |
| in_target_section = False | |
| for raw_line in changelog_path.read_text(encoding="utf-8").splitlines(): | |
| heading_match = heading_pattern.match(raw_line) | |
| if heading_match: | |
| if in_target_section: | |
| break | |
| in_target_section = heading_match.group("tag") == tag | |
| continue | |
| if in_target_section: | |
| section_lines.append(raw_line) | |
| if not in_target_section: | |
| print( | |
| f"::error title=Missing changelog entry::No CHANGELOG.md section found for tag {tag}. Expected a heading like `## {tag} - YYYY-MM-DD`.", | |
| file=sys.stderr, | |
| ) | |
| sys.exit(1) | |
| notes = "\n".join(section_lines).strip() | |
| if not notes: | |
| print( | |
| f"::error title=Empty changelog entry::CHANGELOG.md section for tag {tag} is empty. Add at least one release note bullet under the heading.", | |
| file=sys.stderr, | |
| ) | |
| sys.exit(1) | |
| release_notes_path.write_text(f"{notes}\n", encoding="utf-8") | |
| PY | |
| - name: Check if release already exists | |
| id: release_exists | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| if gh release view "${{ github.ref_name }}" >/dev/null 2>&1; then | |
| echo "exists=true" >> "$GITHUB_OUTPUT" | |
| else | |
| echo "exists=false" >> "$GITHUB_OUTPUT" | |
| fi | |
| - name: Create GitHub Release | |
| id: create_release | |
| if: steps.release_exists.outputs.exists != 'true' | |
| uses: softprops/action-gh-release@v2 | |
| with: | |
| name: CSV Align ${{ github.ref_name }} | |
| draft: false | |
| prerelease: false | |
| body_path: release-notes.md | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| build-release: | |
| name: Build Release | |
| needs: create-release | |
| runs-on: ${{ matrix.os }} | |
| env: | |
| APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }} | |
| APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }} | |
| APPLE_ID: ${{ secrets.APPLE_ID }} | |
| APPLE_PASSWORD: ${{ secrets.APPLE_PASSWORD }} | |
| APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} | |
| KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} | |
| strategy: | |
| matrix: | |
| include: | |
| - os: ubuntu-22.04 | |
| target: x86_64-unknown-linux-gnu | |
| artifact_name: csv-align-linux-x86_64 | |
| asset_name: csv-align-linux-x86_64 | |
| - os: macos-latest | |
| target: aarch64-apple-darwin | |
| artifact_name: csv-align-macos-arm64 | |
| asset_name: csv-align-macos-arm64 | |
| - os: macos-latest | |
| target: x86_64-apple-darwin | |
| artifact_name: csv-align-macos-x86_64 | |
| asset_name: csv-align-macos-x86_64 | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Install Rust | |
| uses: dtolnay/rust-toolchain@stable | |
| with: | |
| targets: ${{ matrix.target }} | |
| - name: Install dependencies (Ubuntu) | |
| if: matrix.os == 'ubuntu-22.04' | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y libwebkit2gtk-4.1-dev libayatana-appindicator3-dev librsvg2-dev patchelf | |
| - name: Import Apple signing certificate | |
| if: matrix.os == 'macos-latest' && env.APPLE_CERTIFICATE != '' && env.APPLE_CERTIFICATE_PASSWORD != '' && env.KEYCHAIN_PASSWORD != '' | |
| run: | | |
| python3 <<'PY' | |
| import base64 | |
| import os | |
| import pathlib | |
| pathlib.Path("certificate.p12").write_bytes( | |
| base64.b64decode(os.environ["APPLE_CERTIFICATE"]) | |
| ) | |
| PY | |
| security create-keychain -p "$KEYCHAIN_PASSWORD" build.keychain | |
| security default-keychain -s build.keychain | |
| security unlock-keychain -p "$KEYCHAIN_PASSWORD" build.keychain | |
| security set-keychain-settings -t 3600 -u build.keychain | |
| security import certificate.p12 -k build.keychain -P "$APPLE_CERTIFICATE_PASSWORD" -T /usr/bin/codesign -T /usr/bin/security | |
| security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$KEYCHAIN_PASSWORD" build.keychain | |
| CERT_ID=$(security find-identity -v -p codesigning build.keychain | awk -F '"' '/Developer ID Application|Apple Distribution|Apple Development/ {print $2; exit}') | |
| if [ -z "$CERT_ID" ]; then | |
| echo "No usable Apple code signing identity was imported." >&2 | |
| exit 1 | |
| fi | |
| echo "APPLE_SIGNING_IDENTITY=$CERT_ID" >> "$GITHUB_ENV" | |
| rm -f certificate.p12 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: '22' | |
| cache: 'npm' | |
| cache-dependency-path: frontend/package-lock.json | |
| - name: Install frontend dependencies | |
| working-directory: frontend | |
| run: npm ci | |
| - name: Build frontend | |
| working-directory: frontend | |
| run: npm run build | |
| - name: Setup Rust cache | |
| uses: Swatinem/rust-cache@v2 | |
| with: | |
| workspaces: | | |
| . -> target | |
| src-tauri -> src-tauri/target | |
| key: tauri-${{ matrix.os }}-${{ matrix.target }} | |
| - name: Install Tauri CLI | |
| run: cargo install tauri-cli --locked --version "^2" --force | |
| - name: Build Tauri app | |
| working-directory: src-tauri | |
| run: | | |
| rm -rf target/${{ matrix.target }}/release/bundle | |
| cargo tauri build --target ${{ matrix.target }} | |
| - name: Upload Linux packages | |
| if: matrix.os == 'ubuntu-22.04' | |
| uses: softprops/action-gh-release@v2 | |
| with: | |
| tag_name: ${{ github.ref_name }} | |
| files: | | |
| src-tauri/target/x86_64-unknown-linux-gnu/release/bundle/deb/*.deb | |
| src-tauri/target/x86_64-unknown-linux-gnu/release/bundle/appimage/*.AppImage | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Upload macOS ARM package | |
| if: matrix.os == 'macos-latest' && matrix.target == 'aarch64-apple-darwin' | |
| uses: softprops/action-gh-release@v2 | |
| with: | |
| tag_name: ${{ github.ref_name }} | |
| files: src-tauri/target/aarch64-apple-darwin/release/bundle/dmg/*.dmg | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Upload macOS Intel package | |
| if: matrix.os == 'macos-latest' && matrix.target == 'x86_64-apple-darwin' | |
| uses: softprops/action-gh-release@v2 | |
| with: | |
| tag_name: ${{ github.ref_name }} | |
| files: src-tauri/target/x86_64-apple-darwin/release/bundle/dmg/*.dmg | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |