Fix windows and linux release #104

Workflow file for this run

.github/workflows/release.yml at 0b3f97a

	name: "Release"

	on:
	push:
	tags:
	- 'v*'
	workflow_dispatch:
	inputs:
	tag:
	description: 'Tag name (e.g. v1.0.0)'
	required: true
	type: string

	# Add permissions block
	# id-token is for flakehub cache
	permissions:
	contents: write
	id-token: write

	jobs:
	build-mac:
	name: Build MacOS
	runs-on: macos-latest
	environment: signing
	steps:
	- uses: actions/checkout@v4
	- uses: DeterminateSystems/nix-installer-action@main
	- uses: DeterminateSystems/flakehub-cache-action@main
	- uses: DeterminateSystems/flake-checker-action@main
	- uses: Swatinem/rust-cache@v2
	with:
	env-vars: CARGO USE_VENDOR_FEATURE

	- name: Build
	run: nix develop --command bash -c "bash scripts/build-macos.sh"

	- name: Sign macOS
	env:
	MACOS_CERTIFICATE: ${{ secrets.MACOS_CERTIFICATE }}
	MACOS_CERTIFICATE_PWD: ${{ secrets.MACOS_CERTIFICATE_PWD }}
	MACOS_CERTIFICATE_NAME: ${{ secrets.MACOS_CERTIFICATE_NAME }}
	MACOS_CI_KEYCHAIN_PWD: ${{ secrets.MACOS_CI_KEYCHAIN_PWD }}
	MACOS_NOTARIZATION_APPLE_ID: ${{ secrets.MACOS_NOTARIZATION_APPLE_ID }}
	MACOS_NOTARIZATION_TEAM_ID: ${{ secrets.MACOS_NOTARIZATION_TEAM_ID }}
	MACOS_NOTARIZATION_PWD: ${{ secrets.MACOS_NOTARIZATION_PWD }}
	run: nix develop --command bash -c "scripts/sign-macos.sh"

	- name: Package DMG
	run: nix develop --command bash -c "bash scripts/package-macos.sh"

	- name: Create Release and Upload macOS Asset
	id: create_release
	uses: softprops/action-gh-release@v2
	with:
	name: Release ${{ github.event.inputs.tag \|\| github.ref_name }}
	tag_name: ${{ github.event.inputs.tag \|\| github.ref_name }}
	draft: true
	prerelease: false
	generate_release_notes: true
	files: target/release/macos/harbor.dmg

	build-linux:
	name: Build Linux
	runs-on: ubuntu-22.04
	environment: signing
	steps:
	- uses: actions/checkout@v4
	- uses: Swatinem/rust-cache@v2
	with:
	env-vars: CARGO USE_VENDOR_FEATURE

	- name: Install Protoc
	uses: arduino/setup-protoc@v3

	- name: Install linux deps
	run: \|
	sudo apt update
	sudo apt install \
	build-essential \
	git \
	dpkg \
	pkg-config \
	libdbus-1-dev \
	libsqlcipher-dev \
	libudev-dev \
	libxkbcommon-dev \
	libfontconfig1-dev \
	libasound2-dev

	- name: Build
	run: bash scripts/package-linux.sh package

	- name: Set artifact path
	run: \|
	echo "ARTIFACT_PATH=$(bash scripts/package-linux.sh archive_path)" >> "$GITHUB_ENV"
	echo "DEB_PATH=$(bash scripts/package-linux.sh deb_path)" >> "$GITHUB_ENV"

	- name: Upload Linux Assets
	uses: softprops/action-gh-release@v2
	with:
	tag_name: ${{ github.event.inputs.tag \|\| github.ref_name }}
	draft: true
	prerelease: false
	files: \|
	${{ env.ARTIFACT_PATH }}
	${{ env.DEB_PATH }}

	build-windows:
	name: Build Windows
	runs-on: windows-latest
	environment: signing
	steps:
	- uses: actions/checkout@v4

	# Cache Rust dependencies
	- uses: Swatinem/rust-cache@v2
	with:
	# Key needs to be specific to Windows/MSVC if different from Linux/macOS
	key: windows-msvc-${{ hashFiles('**/Cargo.lock') }}

	# Install WiX Toolset using Chocolatey (package manager for Windows)
	- name: Install WiX Toolset
	run: choco install wixtoolset -y --no-progress

	# Install protocol buffers compiler
	- name: Install protoc
	run: choco install protoc -y --no-progress

	# Install Rust toolchain with the MSVC target
	- name: Install Rust (msvc)
	uses: dtolnay/rust-toolchain@stable
	with:
	toolchain: stable-x86_64-pc-windows-msvc
	targets: x86_64-pc-windows-msvc

	- name: Get Version
	id: get_version
	# Converts tag name to version number (e.g. v1.0.0 -> 1.0.0 or v1.0.0-beta.rc3 -> 1.0.0.3)
	run: echo "VERSION=$(echo ${{ github.event.inputs.tag \|\| github.ref_name }} \| sed -E 's/^v//; s/-beta\.rc/./')" >> $GITHUB_ENV
	shell: bash

	- name: Build
	id: build
	run: \|
	$exePath = .\\scripts\\build-windows.ps1 -TargetTriple "x86_64-pc-windows-msvc"
	echo "EXE_PATH=$exePath" \| Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append
	shell: pwsh

	- name: Sign Exe
	if: env.WINDOWS_CERTIFICATE_PFX_BASE64 != '' && env.WINDOWS_CERTIFICATE_PWD != '' # Only run if secrets are set
	env:
	WINDOWS_CERTIFICATE_PFX_BASE64: ${{ secrets.WINDOWS_CERTIFICATE_PFX_BASE64 }}
	WINDOWS_CERTIFICATE_PWD: ${{ secrets.WINDOWS_CERTIFICATE_PWD }}
	run: .\\scripts\\sign-windows.ps1 -FilePath "${{ env.EXE_PATH }}" -CertificatePfxBase64 "$env:WINDOWS_CERTIFICATE_PFX_BASE64" -CertificatePassword "$env:WINDOWS_CERTIFICATE_PWD"
	shell: pwsh

	- name: Package (ZIP and MSI)
	id: package
	run: \|
	.\scripts\package-windows.ps1 -Version "${{ env.VERSION }}" -TargetTriple "x86_64-pc-windows-msvc"
	shell: pwsh

	- name: Sign MSI
	if: env.WINDOWS_CERTIFICATE_PFX_BASE64 != '' && env.WINDOWS_CERTIFICATE_PWD != '' && steps.package.outputs.msi_path != ''
	env:
	WINDOWS_CERTIFICATE_PFX_BASE64: ${{ secrets.WINDOWS_CERTIFICATE_PFX_BASE64 }}
	WINDOWS_CERTIFICATE_PWD: ${{ secrets.WINDOWS_CERTIFICATE_PWD }}
	run: .\scripts\sign-windows.ps1 -FilePath "${{ steps.package.outputs.msi_path }}" -CertificatePfxBase64 "$env:WINDOWS_CERTIFICATE_PFX_BASE64" -CertificatePassword "$env:WINDOWS_CERTIFICATE_PWD"
	shell: pwsh

	- name: Upload Windows Assets
	uses: softprops/action-gh-release@v2
	with:
	tag_name: ${{ github.event.inputs.tag \|\| github.ref_name }}
	draft: true # Match draft status
	prerelease: false
	files: \|
	${{ steps.package.outputs.zip_path }}
	${{ steps.package.outputs.msi_path }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Fix windows and linux release #104

Workflow file

Fix windows and linux release #104

Uh oh!

Jobs

Run details

Workflow file for this run