Build app and create release #129
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "Build app & create release" | |
| on: | |
| push: | |
| tags: | |
| - v*.*.* | |
| jobs: | |
| build-wireguard-go: | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| architecture: [arm64, amd64] | |
| runs-on: [self-hosted, macOS] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| repository: WireGuard/wireguard-go | |
| ref: master | |
| fetch-depth: 0 | |
| - name: Set up Go | |
| uses: actions/setup-go@v4 | |
| with: | |
| go-version: '1.20' | |
| - name: Build wireguard-go binary | |
| run: make | |
| env: | |
| GOOS: darwin | |
| GOARCH: ${{ matrix.architecture }} | |
| - name: Upload binary artifact arm64 | |
| if: matrix.architecture == 'arm64' | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: wireguard-go-aarch64-apple-darwin | |
| path: wireguard-go | |
| - name: Upload binary artifact amd64 | |
| if: matrix.architecture == 'amd64' | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: wireguard-go-x86_64-apple-darwin | |
| path: wireguard-go | |
| create-release: | |
| name: create-release | |
| runs-on: self-hosted | |
| outputs: | |
| upload_url: ${{ steps.release.outputs.upload_url }} | |
| steps: | |
| - name: Create GitHub release | |
| id: release | |
| uses: softprops/action-gh-release@v1 | |
| with: | |
| draft: true | |
| generate_release_notes: true | |
| build-linux: | |
| needs: | |
| - create-release | |
| runs-on: | |
| - self-hosted | |
| - Linux | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| submodules: "recursive" | |
| - name: Write release version | |
| run: | | |
| VERSION=$(echo ${GITHUB_REF_NAME#v} | cut -d '-' -f1) | |
| echo Version: $VERSION | |
| echo "VERSION=$VERSION" >> $GITHUB_ENV | |
| - uses: actions/setup-node@v3 | |
| with: | |
| node-version: "20" | |
| - uses: pnpm/action-setup@v2 | |
| with: | |
| version: 8 | |
| run_install: false | |
| - name: Get pnpm store directory | |
| shell: bash | |
| run: | | |
| echo "STORE_PATH=$(pnpm store path --silent)" >> $GITHUB_ENV | |
| - uses: actions/cache@v3 | |
| name: Setup pnpm cache | |
| with: | |
| path: ${{ env.STORE_PATH }} | |
| key: ${{ runner.os }}-pnpm-build-store-${{ hashFiles('**/pnpm-lock.yaml') }} | |
| restore-keys: | | |
| ${{ runner.os }}-pnpm-build-store- | |
| - name: Install deps | |
| run: pnpm install --frozen-lockfile | |
| - uses: dtolnay/rust-toolchain@stable | |
| - name: install linux deps | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y libgtk-3-dev libwebkit2gtk-4.0-dev libappindicator3-dev librsvg2-dev patchelf libssl-dev unzip | |
| - name: Build packages | |
| uses: tauri-apps/tauri-action@v0 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Upload DEB | |
| uses: actions/[email protected] | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| with: | |
| upload_url: ${{ needs.create-release.outputs.upload_url }} | |
| asset_path: src-tauri/target/release/bundle/deb/defguard-client_${{ env.VERSION }}_amd64.deb | |
| asset_name: defguard-client_${{ env.VERSION }}_amd64.deb | |
| asset_content_type: application/octet-stream | |
| - name: Upload AppImage | |
| uses: actions/[email protected] | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| with: | |
| upload_url: ${{ needs.create-release.outputs.upload_url }} | |
| asset_path: src-tauri/target/release/bundle/appimage/defguard-client_${{ env.VERSION }}_amd64.AppImage | |
| asset_name: defguard-client_${{ env.VERSION }}_amd64.AppImage | |
| asset_content_type: application/octet-stream | |
| - name: Rename client binary | |
| run: mv src-tauri/target/release/defguard-client defguard-client-linux-x86_64-${{ github.ref_name }} | |
| - name: Tar client binary | |
| uses: a7ul/[email protected] | |
| with: | |
| command: c | |
| files: | | |
| defguard-client-linux-x86_64-${{ github.ref_name }} | |
| outPath: defguard-client-linux-x86_64-${{ github.ref_name }}.tar.gz | |
| - name: Upload client archive | |
| uses: actions/[email protected] | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| with: | |
| upload_url: ${{ needs.create-release.outputs.upload_url }} | |
| asset_path: defguard-client-linux-x86_64-${{ github.ref_name }}.tar.gz | |
| asset_name: defguard-client-linux-x86_64-${{ github.ref_name }}.tar.gz | |
| asset_content_type: application/octet-stream | |
| - name: Rename daemon binary | |
| run: mv src-tauri/target/release/defguard-service defguard-service-linux-x86_64-${{ github.ref_name }} | |
| - name: Tar daemon binary | |
| uses: a7ul/[email protected] | |
| with: | |
| command: c | |
| files: | | |
| defguard-service-linux-x86_64-${{ github.ref_name }} | |
| outPath: defguard-service-linux-x86_64-${{ github.ref_name }}.tar.gz | |
| - name: Upload daemon archive | |
| uses: actions/[email protected] | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| with: | |
| upload_url: ${{ needs.create-release.outputs.upload_url }} | |
| asset_path: defguard-service-linux-x86_64-${{ github.ref_name }}.tar.gz | |
| asset_name: defguard-service-linux-x86_64-${{ github.ref_name }}.tar.gz | |
| asset_content_type: application/octet-stream | |
| build-macos: | |
| needs: | |
| - create-release | |
| - build-wireguard-go | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| target: [aarch64-apple-darwin, x86_64-apple-darwin] | |
| runs-on: | |
| - self-hosted | |
| - macOS | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| submodules: "recursive" | |
| - name: Write release version | |
| run: | | |
| VERSION=$(echo ${GITHUB_REF_NAME#v} | cut -d '-' -f1) | |
| echo Version: $VERSION | |
| echo "VERSION=$VERSION" >> $GITHUB_ENV | |
| - uses: actions/setup-node@v3 | |
| with: | |
| node-version: "20" | |
| - uses: pnpm/action-setup@v2 | |
| with: | |
| version: 8 | |
| run_install: false | |
| - name: Get pnpm store directory | |
| shell: bash | |
| run: echo "STORE_PATH=$(pnpm store path --silent)" >> $GITHUB_ENV | |
| - uses: actions/cache@v3 | |
| name: Setup pnpm cache | |
| with: | |
| path: ${{ env.STORE_PATH }} | |
| key: ${{ runner.os }}-pnpm-build-store-${{ hashFiles('**/pnpm-lock.yaml') }} | |
| restore-keys: | | |
| ${{ runner.os }}-pnpm-build-store- | |
| - name: Install deps | |
| run: pnpm install --frozen-lockfile | |
| - uses: dtolnay/rust-toolchain@stable | |
| - name: Install protobuf compiler | |
| run: brew install protobuf | |
| - name: Install ARM target | |
| run: rustup target add aarch64-apple-darwin | |
| - name: Download wireguard-go binary | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: wireguard-go-${{ matrix.target }} | |
| path: src-tauri/resources-macos/binaries/wireguard-go-${{ matrix.target }} | |
| - name: Unlock keychain | |
| run: security -v unlock-keychain -p "${{ secrets.KEYCHAIN_PASSWORD }}" /Users/admin/Library/Keychains/login.keychain | |
| - name: Build app | |
| uses: tauri-apps/tauri-action@v0 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| APPLE_SIGNING_IDENTITY: "Developer ID Application: TEONITE (6WD6W6WQNV)" | |
| APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }} | |
| APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }} | |
| APPLE_ID: "[email protected]" | |
| APPLE_PASSWORD: ${{ secrets.NOTARYTOOL_APP_SPECIFIC_PASSWORD }} | |
| APPLE_TEAM_ID: "6WD6W6WQNV" | |
| with: | |
| args: --target ${{ matrix.target }} -v | |
| - name: Build installation package | |
| run: | | |
| bash build-macos-package.sh src-tauri/target/${{ matrix.target }} src-tauri/resources-macos/scripts "Developer ID Installer: TEONITE (6WD6W6WQNV)" /Users/admin/Library/Keychains/login.keychain | |
| xcrun notarytool submit --wait --apple-id [email protected] --password ${{ secrets.NOTARYTOOL_APP_SPECIFIC_PASSWORD }} --team-id 6WD6W6WQNV src-tauri/target/${{ matrix.target }}/product-signed/defguard.pkg | |
| xcrun stapler staple src-tauri/target/${{ matrix.target }}/product-signed/defguard.pkg | |
| - name: Upload installation package | |
| uses: actions/[email protected] | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| with: | |
| upload_url: ${{ needs.create-release.outputs.upload_url }} | |
| asset_path: src-tauri/target/${{ matrix.target }}/product-signed/defguard.pkg | |
| asset_name: defguard-${{ matrix.target }}-${{ env.VERSION }}.pkg | |
| asset_content_type: application/octet-stream | |
| build-windows: | |
| needs: | |
| - create-release | |
| runs-on: windows-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| submodules: "recursive" | |
| - name: Write release version | |
| run: | | |
| $env:VERSION=echo ($env:GITHUB_REF_NAME.Substring(1) -Split "-")[0] | |
| echo Version: $env:VERSION | |
| echo "VERSION=$env:VERSION" >> $env:GITHUB_ENV | |
| - uses: actions/setup-node@v3 | |
| with: | |
| node-version: "20" | |
| - uses: pnpm/action-setup@v2 | |
| with: | |
| version: 8 | |
| run_install: false | |
| - name: Get pnpm store directory | |
| shell: bash | |
| run: echo "STORE_PATH=$(pnpm store path --silent)" >> $env:GITHUB_ENV | |
| - uses: actions/cache@v3 | |
| name: Setup pnpm cache | |
| with: | |
| path: ${{ env.STORE_PATH }} | |
| key: ${{ runner.os }}-pnpm-build-store-${{ hashFiles('**/pnpm-lock.yaml') }} | |
| restore-keys: | | |
| ${{ runner.os }}-pnpm-build-store- | |
| - name: Install deps | |
| run: pnpm install --frozen-lockfile | |
| - uses: dtolnay/rust-toolchain@stable | |
| - name: Install Protoc | |
| uses: arduino/setup-protoc@v2 | |
| with: | |
| repo-token: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Remove "default-run" line from Cargo.toml | |
| run: | | |
| Set-Content -Path ".\src-tauri\Cargo.toml" -Value (get-content -Path ".\src-tauri\Cargo.toml" | Select-String -Pattern 'default-run =' -NotMatch) | |
| - name: Build packages | |
| uses: tauri-apps/tauri-action@v0 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Upload MSI for later bundle | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: defguard.msi | |
| path: src-tauri/target/release/bundle/msi/defguard-client_${{ env.VERSION }}_x64_en-US.msi | |
| sign-msi: | |
| needs: | |
| - build-windows | |
| runs-on: | |
| - self-hosted | |
| - Linux | |
| steps: | |
| - name: Write release version | |
| run: | | |
| VERSION=$(echo ${GITHUB_REF_NAME#v} | cut -d '-' -f1) | |
| echo Version: $VERSION | |
| echo "VERSION=$VERSION" >> $GITHUB_ENV | |
| - name: Download a single artifact | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: defguard.msi | |
| - name: Sign MSI | |
| run: osslsigncode sign -pkcs11module /srv/codesign/certum/sc30pkcs11-3.0.6.68-MS.so -certs /srv/codesign/29ee7778ca5217107841bbbf6b3062e1.pem -key ${{ secrets.CODESIGN_KEYID }} -pass ${{ secrets.CODESIGN_PIN }} -h sha256 -t http://time.certum.pl/ -in defguard-client_${{ env.VERSION }}_x64_en-US.msi -out defguard-client_${{ env.VERSION }}_x64_en-US-signed.msi | |
| - name: Upload Signed MSI for later bundle | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: defguard-signed.msi | |
| path: defguard-client_${{ env.VERSION }}_x64_en-US-signed.msi | |
| bundle-msi-exe: | |
| needs: | |
| - sign-msi | |
| runs-on: windows-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| submodules: "recursive" | |
| - name: Write release version | |
| run: | | |
| $env:VERSION=echo ($env:GITHUB_REF_NAME.Substring(1) -Split "-")[0] | |
| echo Version: $env:VERSION | |
| echo "VERSION=$env:VERSION" >> $env:GITHUB_ENV | |
| - name: Download MSI signed | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: defguard-signed.msi | |
| path: src-tauri/target/release/bundle/msi/ | |
| - name: Bundle application | |
| run: | | |
| dotnet tool install --global wix --version 4.0.5 | |
| wix extension add WixToolset.Bal.wixext/4 | |
| wix build .\src-tauri\resources-windows\defguard-client.wxs -ext .\.wix\extensions\WixToolset.Bal.wixext\4\wixext4\WixToolset.Bal.wixext.dll | |
| - name: Upload installer | |
| uses: actions/[email protected] | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| with: | |
| upload_url: ${{ needs.create-release.outputs.upload_url }} | |
| asset_path: src-tauri/resources-windows/defguard-client.exe | |
| asset_name: defguard-client_${{ env.VERSION }}_x64_en-US.exe | |
| asset_content_type: application/octet-stream |