chore: bump version to 0.3.1 #10
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # .github/workflows/release-desktop.yml | |
| # | |
| # Builds and releases the SCP2P desktop app (Tauri 2) for all platforms. | |
| # | |
| # Trigger: push a tag matching desktop-v<semver> (e.g. desktop-v0.1.0) | |
| # | |
| # Artifacts produced per OS: | |
| # Windows — NSIS installer (.exe) + MSI (.msi) | |
| # macOS — Universal DMG (.dmg) covering both Intel and Apple Silicon | |
| # Linux — Debian package (.deb) + AppImage (.AppImage) | |
| # | |
| # Optional code-signing (silently skipped when secrets are absent): | |
| # macOS → APPLE_CERTIFICATE, APPLE_CERTIFICATE_PASSWORD, | |
| # APPLE_ID, APPLE_PASSWORD, APPLE_TEAM_ID | |
| # Windows → TAURI_SIGNING_PRIVATE_KEY, TAURI_SIGNING_PRIVATE_KEY_PASSWORD | |
| name: Release Desktop | |
| on: | |
| push: | |
| tags: | |
| - "desktop-v[0-9]+.[0-9]+.[0-9]+" | |
| workflow_dispatch: | |
| inputs: | |
| tag: | |
| description: 'Tag to release (e.g. desktop-v0.2.1)' | |
| required: true | |
| type: string | |
| permissions: | |
| contents: write | |
| env: | |
| RELEASE_TAG: ${{ github.event_name == 'workflow_dispatch' && inputs.tag || github.ref_name }} | |
| jobs: | |
| # ── Build matrix ────────────────────────────────────────────────────────── | |
| build: | |
| name: Build ${{ matrix.platform }} | |
| runs-on: ${{ matrix.runner }} | |
| # Expose signing secret at job level so it can be referenced in `if:` conditions. | |
| # Empty string when the secret is absent, which GitHub treats as falsy. | |
| env: | |
| APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| # Windows x86-64: NSIS + MSI | |
| - platform: windows | |
| runner: windows-2022 | |
| # macOS Universal (Intel + Apple Silicon built on the same M1 runner) | |
| - platform: macos | |
| runner: macos-14 | |
| args: --target universal-apple-darwin | |
| # Linux: .deb + AppImage | |
| - platform: linux | |
| runner: ubuntu-22.04 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| # ── Node / npm ────────────────────────────────────────────────────────── | |
| - name: Setup Node | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: 20 | |
| cache: npm | |
| cache-dependency-path: app/package-lock.json | |
| - name: Install npm dependencies | |
| working-directory: app | |
| run: npm ci | |
| # ── Rust ──────────────────────────────────────────────────────────────── | |
| - name: Install Rust (stable) | |
| uses: dtolnay/rust-toolchain@stable | |
| with: | |
| # macOS universal requires both targets installed | |
| targets: ${{ matrix.platform == 'macos' && 'aarch64-apple-darwin,x86_64-apple-darwin' || '' }} | |
| - name: Cache Cargo | |
| uses: Swatinem/rust-cache@v2 | |
| with: | |
| workspaces: ". -> target" | |
| key: desktop-${{ matrix.platform }} | |
| # ── Linux system dependencies ──────────────────────────────────────────── | |
| - name: Install Linux build dependencies | |
| if: matrix.platform == 'linux' | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y \ | |
| libwebkit2gtk-4.1-dev \ | |
| libappindicator3-dev \ | |
| librsvg2-dev \ | |
| patchelf \ | |
| libgtk-3-dev \ | |
| libssl-dev \ | |
| libsoup-3.0-dev \ | |
| libjavascriptcoregtk-4.1-dev | |
| # ── macOS code-signing (skipped when secrets are absent) ───────────────── | |
| - name: Import Apple certificate | |
| if: matrix.platform == 'macos' && env.APPLE_CERTIFICATE != '' | |
| env: | |
| APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }} | |
| APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }} | |
| KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD || 'temp-keychain-pw' }} | |
| run: | | |
| echo "$APPLE_CERTIFICATE" | base64 --decode > certificate.p12 | |
| security create-keychain -p "$KEYCHAIN_PASSWORD" build.keychain | |
| security default-keychain -s build.keychain | |
| security unlock-keychain -p "$KEYCHAIN_PASSWORD" build.keychain | |
| security import certificate.p12 -k build.keychain \ | |
| -P "$APPLE_CERTIFICATE_PASSWORD" -T /usr/bin/codesign | |
| security set-key-partition-list -S apple-tool:,apple: \ | |
| -s -k "$KEYCHAIN_PASSWORD" build.keychain | |
| # Only expose the signing identity when a certificate was actually imported. | |
| # If this step is skipped, APPLE_SIGNING_IDENTITY is never set, so Tauri | |
| # will not attempt to call codesign at all. | |
| - name: Set Apple signing identity | |
| if: matrix.platform == 'macos' && env.APPLE_CERTIFICATE != '' | |
| run: echo "APPLE_SIGNING_IDENTITY=${{ secrets.APPLE_SIGNING_IDENTITY }}" >> $GITHUB_ENV | |
| # ── Tauri build ────────────────────────────────────────────────────────── | |
| - name: Build Tauri app | |
| uses: tauri-apps/tauri-action@v0 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| # macOS signing (optional) | |
| APPLE_ID: ${{ secrets.APPLE_ID }} | |
| APPLE_PASSWORD: ${{ secrets.APPLE_PASSWORD }} | |
| APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} | |
| # APPLE_SIGNING_IDENTITY is injected into $GITHUB_ENV only when a | |
| # certificate was imported (see "Set Apple signing identity" step). | |
| # Omitting it here prevents codesign from running with an empty identity. | |
| # Tauri updater signing (optional — set to enable auto-updates) | |
| TAURI_SIGNING_PRIVATE_KEY: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY }} | |
| TAURI_SIGNING_PRIVATE_KEY_PASSWORD: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY_PASSWORD }} | |
| # Windows code signing via Azure Trusted Signing (optional) | |
| AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} | |
| AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} | |
| AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }} | |
| with: | |
| projectPath: app | |
| tagName: ${{ env.RELEASE_TAG }} | |
| releaseName: "SCP2P Desktop v__VERSION__" | |
| releaseBody: | | |
| ## SCP2P Desktop v__VERSION__ | |
| ### Download | |
| | Platform | File | Notes | | |
| |----------|------|-------| | |
| | Windows | `SCP2P_*_x64-setup.exe` | NSIS installer (recommended) | | |
| | Windows | `SCP2P_*_x64_en-US.msi` | MSI for enterprise / MDM deployment | | |
| | macOS | `SCP2P_*_universal.dmg` | Universal — runs natively on Intel and Apple Silicon | | |
| | Linux | `scp2p_*_amd64.deb` | Debian / Ubuntu package | | |
| | Linux | `scp2p_*_amd64.AppImage` | Portable — runs on any Linux distro | | |
| See the [README](https://github.com/${{ github.repository }}#readme) for configuration help. | |
| releaseDraft: false | |
| prerelease: ${{ contains(env.RELEASE_TAG, '-') }} | |
| args: ${{ matrix.args }} |