1- # From: https://tauri.app/v1/guides/building/cross-platform
2-
31name : Release
2+
43on :
54 push :
65 tags :
76 - ' v*'
87 workflow_dispatch :
8+ inputs :
9+ sign :
10+ description : ' Enable code signing'
11+ required : false
12+ default : false
13+ type : boolean
914
1015jobs :
1116 release :
@@ -16,48 +21,53 @@ jobs:
1621 matrix :
1722 include :
1823 - platform : ' macos-latest'
24+ args : ' --target aarch64-apple-darwin'
25+ arch : ' aarch64'
26+ # - platform: 'macos-latest'
27+ # args: '--target x86_64-apple-darwin'
28+ # arch: 'x86_64'
1929 - platform : ' ubuntu-24.04'
30+ args : ' '
31+ arch : ' x86_64'
32+
2033 runs-on : ${{ matrix.platform }}
2134
2235 steps :
2336 - name : Checkout repository
2437 uses : actions/checkout@v4
38+ with :
39+ submodules : recursive
2540
2641 - name : Install dependencies (ubuntu only)
2742 if : matrix.platform == 'ubuntu-24.04'
28- # You can remove libayatana-appindicator3-dev if you don't use the system tray feature.
2943 run : |
3044 sudo apt-get update
31- sudo apt-get install -y libappindicator3-dev librsvg2-dev patchelf
32- sudo apt install -y \
33- libwebkit2gtk-4.1-0=2.44.0-2 \
34- libwebkit2gtk-4.1-dev=2.44.0-2 \
35- libjavascriptcoregtk-4.1-0=2.44.0-2 \
36- libjavascriptcoregtk-4.1-dev=2.44.0-2 \
37- gir1.2-javascriptcoregtk-4.1=2.44.0-2 \
38- gir1.2-webkit2-4.1=2.44.0-2;
39-
40- name : Rust setup
45+ sudo apt-get install -y libwebkit2gtk-4.1-dev libappindicator3-dev librsvg2-dev patchelf
46+
47+ name : Setup Rust
4148 uses : dtolnay/rust-toolchain@stable
49+ with :
50+ # Only add targets on macOS since we're cross-compiling
51+ targets : ${{ matrix.platform == 'macos-latest' && 'aarch64-apple-darwin,x86_64-apple-darwin' || '' }}
4252
4353 - name : Rust cache
4454 uses : swatinem/rust-cache@v2
4555 with :
4656 workspaces : ' ./src-tauri -> target'
4757
48- - name : Sync node version and setup cache
58+ - name : Setup Node.js
4959 uses : actions/setup-node@v4
5060 with :
5161 node-version : ' lts/*'
5262 cache : ' npm'
5363
54- - name : Python setup
55- uses : actions/setup-python@v4
64+ - name : Setup Python
65+ uses : actions/setup-python@v5
5666 with :
5767 python-version : ' 3.11'
5868
59- - name : Python cache
60- uses : actions/cache@v3
69+ - name : Setup Python cache
70+ uses : actions/cache@v4
6171 with :
6272 path : ~/.cache/pip
6373 key : ${{ runner.os }}-pip-${{ hashFiles('**/requirements.txt') }}
@@ -66,24 +76,64 @@ jobs:
6676
6777name : Install Poetry
6878 run : |
69- curl -sSL https://install.python-poetry.org | python3 -
70- export PATH= "$HOME/.local/bin:$PATH"
79+ curl -sSL https://install.python-poetry.org | python3 -
80+ echo "$HOME/.local/bin" >> $GITHUB_PATH
7181
72- name : Install node dependencies
82+ name : Install frontend dependencies
7383 run : npm install
7484
7585 - name : Prebuild
7686 run : make prebuild
7787
88+ # macOS code signing setup
89+ - name : Import Apple Developer Certificate (macOS)
90+ if : matrix.platform == 'macos-latest' && (startsWith(github.ref, 'refs/tags/') || github.event.inputs.sign == 'true')
91+ env :
92+ APPLE_CERTIFICATE : ${{ secrets.APPLE_CERTIFICATE }}
93+ APPLE_CERTIFICATE_PASSWORD : ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
94+ KEYCHAIN_PASSWORD : ${{ secrets.KEYCHAIN_PASSWORD }}
95+ run : |
96+ # Check if we have the required secrets
97+ if [ -z "$APPLE_CERTIFICATE" ] || [ -z "$APPLE_CERTIFICATE_PASSWORD" ] || [ -z "$KEYCHAIN_PASSWORD" ]; then
98+ echo "Warning: Apple signing certificates not available. Building without code signing."
99+ exit 0
100+ fi
101+
102+ # Create the certificate from the secret
103+ echo "$APPLE_CERTIFICATE" | base64 --decode > certificate.p12
104+
105+ # Create a new keychain
106+ security create-keychain -p "$KEYCHAIN_PASSWORD" build.keychain
107+ security default-keychain -s build.keychain
108+ security unlock-keychain -p "$KEYCHAIN_PASSWORD" build.keychain
109+ security set-keychain-settings -t 3600 -u build.keychain
110+
111+ # Import certificate to keychain
112+ security import certificate.p12 -k build.keychain -P "$APPLE_CERTIFICATE_PASSWORD" -T /usr/bin/codesign
113+ security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$KEYCHAIN_PASSWORD" build.keychain
114+
115+ # Find and set the signing identity
116+ CERT_INFO=$(security find-identity -v -p codesigning build.keychain | head -n 1)
117+ SIGNING_IDENTITY=$(echo "$CERT_INFO" | awk -F'"' '{print $2}')
118+ echo "APPLE_SIGNING_IDENTITY=$SIGNING_IDENTITY" >> $GITHUB_ENV
119+ echo "Certificate imported successfully. Signing identity: $SIGNING_IDENTITY"
120+
78121name : Build the app
79122 uses : tauri-apps/tauri-action@v0
80-
81123 env :
82124 GITHUB_TOKEN : ${{ secrets.GITHUB_TOKEN }}
125+ # macOS signing
126+ APPLE_CERTIFICATE : ${{ secrets.APPLE_CERTIFICATE }}
127+ APPLE_CERTIFICATE_PASSWORD : ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
128+ APPLE_SIGNING_IDENTITY : ${{ env.APPLE_SIGNING_IDENTITY }}
129+ # macOS notarization (optional)
130+ APPLE_ID : ${{ secrets.APPLE_ID }}
131+ APPLE_ID_PASSWORD : ${{ secrets.APPLE_ID_PASSWORD }}
132+ APPLE_TEAM_ID : ${{ secrets.APPLE_TEAM_ID }}
83133 with :
84- tagName : ${{ github.ref_name }} # This only works if your workflow triggers on new tags.
85- releaseName : ' aw -tauri v__VERSION__' # tauri-action replaces \_\_VERSION\_\_ with the app version.
86- releaseBody : ' See the assets to download and install this version.'
87- releaseDraft : true
134+ tagName : ${{ startsWith( github.ref, 'refs/tags/') && github.ref_name || '' }}
135+ releaseName : ${{ startsWith(github.ref, 'refs/tags/') && 'gptme -tauri v__VERSION__' || '' }}
136+ releaseBody : ${{ startsWith(github.ref, 'refs/tags/') && ' See the assets to download and install this version.' || '' }}
137+ releaseDraft : ${{ startsWith(github.ref, 'refs/tags/') }}
88138 prerelease : false
89139 args : ${{ matrix.args }}
0 commit comments