@@ -3,11 +3,11 @@ name: Release
33on :
44 push :
55 tags :
6- - ' v* '
6+ - " v* "
77 workflow_dispatch :
88 inputs :
99 sign :
10- description : ' Enable code signing'
10+ description : " Enable code signing"
1111 required : false
1212 default : false
1313 type : boolean
@@ -20,15 +20,15 @@ jobs:
2020 fail-fast : false
2121 matrix :
2222 include :
23- - platform : ' macos-latest'
24- args : ' --target aarch64-apple-darwin'
25- arch : ' aarch64'
23+ - platform : " macos-latest"
24+ args : " --target aarch64-apple-darwin"
25+ arch : " aarch64"
2626 # - platform: 'macos-latest'
2727 # args: '--target x86_64-apple-darwin'
2828 # arch: 'x86_64'
29- - platform : ' ubuntu-24.04'
30- args : ' '
31- arch : ' x86_64'
29+ - platform : " ubuntu-24.04"
30+ args : " "
31+ arch : " x86_64"
3232
3333 runs-on : ${{ matrix.platform }}
3434
@@ -53,18 +53,18 @@ jobs:
5353 - name : Rust cache
5454 uses : swatinem/rust-cache@v2
5555 with :
56- workspaces : ' ./src-tauri -> target'
56+ workspaces : " ./src-tauri -> target"
5757
5858 - name : Setup Node.js
5959 uses : actions/setup-node@v4
6060 with :
61- node-version : ' lts/*'
62- cache : ' npm'
61+ node-version : " lts/*"
62+ cache : " npm"
6363
6464 - name : Setup Python
6565 uses : actions/setup-python@v5
6666 with :
67- python-version : ' 3.11'
67+ python-version : " 3.11"
6868
6969 - name : Setup Python cache
7070 uses : actions/cache@v4
@@ -138,18 +138,101 @@ jobs:
138138 codesign --force -s "$APPLE_SIGNING_IDENTITY" --keychain build.keychain --deep "$SIDECAR_PATH"
139139 echo "Sidecar binary signed successfully"
140140
141- name : Build the app
142- uses : tauri-apps/tauri-action@v0
141+ name : Build the app (macOS)
142+ if : matrix.platform == 'macos-latest'
143+ env :
144+ APPLE_SIGNING_IDENTITY : ${{ env.APPLE_SIGNING_IDENTITY }}
145+ run : |
146+ echo "Building macOS app with make build..."
147+ make build
148+
149+ name : Sign macOS app and create DMG
150+ if : matrix.platform == 'macos-latest' && (startsWith(github.ref, 'refs/tags/') || github.event.inputs.sign == 'true')
143151 env :
144- GITHUB_TOKEN : ${{ secrets.GITHUB_TOKEN }}
145- # macOS signing
146- APPLE_CERTIFICATE : ${{ secrets.APPLE_CERTIFICATE }}
147- APPLE_CERTIFICATE_PASSWORD : ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
148152 APPLE_SIGNING_IDENTITY : ${{ env.APPLE_SIGNING_IDENTITY }}
149- # macOS notarization (optional)
153+ APPLE_TEAM_ID : ${{ secrets.APPLE_TEAM_ID }}
154+ run : |
155+ if [ -z "$APPLE_SIGNING_IDENTITY" ]; then
156+ echo "Warning: Apple signing identity not available. Skipping app signing."
157+ exit 0
158+ fi
159+
160+ APP_PATH="src-tauri/target/release/bundle/macos/gptme-tauri.app"
161+ DMG_PATH="src-tauri/target/release/bundle/dmg/gptme-tauri_${{ matrix.arch }}.dmg"
162+
163+ echo "Signing app bundle at $APP_PATH"
164+ # Sign app bundle with deep signing
165+ codesign --force -s "$APPLE_SIGNING_IDENTITY" --keychain build.keychain --deep --options runtime "$APP_PATH"
166+
167+ # Verify signature
168+ codesign --verify --verbose "$APP_PATH"
169+
170+ echo "Creating DMG file"
171+ # Create DMG using create-dmg tool
172+ npm install -g create-dmg
173+ create-dmg \
174+ --volname "gptme-tauri" \
175+ --volicon "src-tauri/icons/icon.icns" \
176+ --window-pos 200 120 \
177+ --window-size 600 300 \
178+ --icon "gptme-tauri.app" 125 150 \
179+ --app-drop-link 425 150 \
180+ --codesign "$APPLE_SIGNING_IDENTITY" \
181+ "$DMG_PATH" \
182+ "$APP_PATH"
183+
184+ echo "Signing DMG file"
185+ codesign --force -s "$APPLE_SIGNING_IDENTITY" --keychain build.keychain "$DMG_PATH"
186+
187+ echo "App and DMG signed successfully"
188+
189+ name : Notarize macOS app (optional)
190+ if : matrix.platform == 'macos-latest' && (startsWith(github.ref, 'refs/tags/') || github.event.inputs.sign == 'true')
191+ env :
150192 APPLE_ID : ${{ secrets.APPLE_ID }}
151193 APPLE_ID_PASSWORD : ${{ secrets.APPLE_ID_PASSWORD }}
152194 APPLE_TEAM_ID : ${{ secrets.APPLE_TEAM_ID }}
195+ run : |
196+ if [ -z "$APPLE_ID" ] || [ -z "$APPLE_ID_PASSWORD" ] || [ -z "$APPLE_TEAM_ID" ]; then
197+ echo "Warning: Apple notarization credentials not available. Skipping notarization."
198+ exit 0
199+ fi
200+
201+ DMG_PATH="src-tauri/target/release/bundle/dmg/gptme-tauri_${{ matrix.arch }}.dmg"
202+
203+ echo "Uploading DMG for notarization"
204+ xcrun notarytool submit "$DMG_PATH" \
205+ --apple-id "$APPLE_ID" \
206+ --password "$APPLE_ID_PASSWORD" \
207+ --team-id "$APPLE_TEAM_ID" \
208+ --wait
209+
210+ echo "Stapling notarization ticket to DMG"
211+ xcrun stapler staple "$DMG_PATH"
212+
213+ echo "Notarization complete"
214+
215+ name : Upload macOS binaries to release
216+ if : matrix.platform == 'macos-latest' && startsWith(github.ref, 'refs/tags/')
217+ uses : softprops/action-gh-release@v1
218+ with :
219+ files : |
220+ src-tauri/target/release/bundle/macos/gptme-tauri.app
221+ src-tauri/target/release/bundle/dmg/gptme-tauri_${{ matrix.arch }}.dmg
222+ tag_name : ${{ github.ref_name }}
223+ name : gptme-tauri ${{ github.ref_name }}
224+ body : See the assets to download and install this version.
225+ draft : true
226+ prerelease : false
227+ env :
228+ GITHUB_TOKEN : ${{ secrets.GITHUB_TOKEN }}
229+
230+ # Use the normal Tauri action for non-macOS platforms
231+ - name : Build and release for non-macOS platforms
232+ if : matrix.platform != 'macos-latest'
233+ uses : tauri-apps/tauri-action@v0
234+ env :
235+ GITHUB_TOKEN : ${{ secrets.GITHUB_TOKEN }}
153236 with :
154237 tagName : ${{ startsWith(github.ref, 'refs/tags/') && github.ref_name || '' }}
155238 releaseName : ${{ startsWith(github.ref, 'refs/tags/') && 'gptme-tauri v__VERSION__' || '' }}
0 commit comments