Skip to content

Instantly share code, notes, and snippets.

@MGough
Created January 12, 2023 16:39
Show Gist options
  • Save MGough/afb1386176f84a0221d27f6c20f65961 to your computer and use it in GitHub Desktop.
Save MGough/afb1386176f84a0221d27f6c20f65961 to your computer and use it in GitHub Desktop.
name: Build Tauri App
on:
push:
branches:
- main
jobs:
publish-artifacts:
strategy:
fail-fast: false
matrix:
runs_on: [windows-latest]
runs-on: ${{ matrix.runs_on }}
steps:
- uses: actions/checkout@v3
- name: setup node
uses: actions/setup-node@v3
with:
node-version: 16
- name: install Rust stable
uses: actions-rs/toolchain@v1
with:
toolchain: stable
- name: Install Yarn dependencies
# Shell set to bash, to support MacOS & Windows simultaneously
shell: bash
run: yarn
- name: Build App
# Or whatever your build command is!
run: yarn build
# Shell set to bash, to support MacOS & Windows simultaneously
shell: bash
env:
TAURI_PRIVATE_KEY: ${{ secrets.TAURI_PRIVATE_KEY }}
TAURI_KEY_PASSWORD: ${{ secrets.TAURI_KEY_PASSWORD }}
- name: Sign Windows App (EV)
if: ${{ matrix.platform == 'windows' }}
run: |
dotnet tool install --global AzureSignTool
# You'll probably want to template in your app version number here somehow
AzureSignTool sign -kvu "${{ secrets.AZURE_KEY_VAULT_URI }}" -kvi "${{ secrets.AZURE_CLIENT_ID }}" -kvt "${{ secrets.AZURE_TENANT_ID }}"-kvs "${{ secrets.AZURE_CLIENT_SECRET }}" -kvc ${{ secrets.AZURE_CERT_NAME }} -tr http://timestamp.digicert.com -v src-tauri\target\release\bundle\msi\Your_App_Name_And_Version_0.0.1_x64_en-US.msi -d "Your Company Name"
- name: Sign Windows Update Bundle
if: ${{ matrix.platform == 'windows' }}
run: |
# These files were generated by the build, but contain a non code signed (EV) version of our app
# So we need to scrap them, and sign our own
rm src-tauri\target\release\bundle\msi\Your_App_Name_And_Version_0.0.1_x64_en-US.msi.zip
rm src-tauri\target\release\bundle\msi\Your_App_Name_And_Version_0.0.1_x64_en-US.msi.zip.sig
# Zip the MSI we signed using AzureSignTool
# Tauri currently zips, but doesn't compress. So we use `-mx=0` which enables copy/store mode
7z a -mx=0 src-tauri\target\release\bundle\msi\Your_App_Name_And_Version_0.0.1_x64_en-US.msi.zip .\src-tauri\target\release\bundle\msi\Your_App_Name_And_Version_0.0.1_x64_en-US.msi
# Generate the `msi.sig` file for the updater!
yarn tauri signer sign src-tauri\target\release\bundle\msi\Your_App_Name_And_Version_0.0.1_x64_en-US.msi.zip --private-key ${{ secrets.TAURI_PRIVATE_KEY }} --password ${{ secrets.TAURI_KEY_PASSWORD }}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment