Created
January 12, 2023 16:39
-
-
Save MGough/afb1386176f84a0221d27f6c20f65961 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build Tauri App | |
on: | |
push: | |
branches: | |
- main | |
jobs: | |
publish-artifacts: | |
strategy: | |
fail-fast: false | |
matrix: | |
runs_on: [windows-latest] | |
runs-on: ${{ matrix.runs_on }} | |
steps: | |
- uses: actions/checkout@v3 | |
- name: setup node | |
uses: actions/setup-node@v3 | |
with: | |
node-version: 16 | |
- name: install Rust stable | |
uses: actions-rs/toolchain@v1 | |
with: | |
toolchain: stable | |
- name: Install Yarn dependencies | |
# Shell set to bash, to support MacOS & Windows simultaneously | |
shell: bash | |
run: yarn | |
- name: Build App | |
# Or whatever your build command is! | |
run: yarn build | |
# Shell set to bash, to support MacOS & Windows simultaneously | |
shell: bash | |
env: | |
TAURI_PRIVATE_KEY: ${{ secrets.TAURI_PRIVATE_KEY }} | |
TAURI_KEY_PASSWORD: ${{ secrets.TAURI_KEY_PASSWORD }} | |
- name: Sign Windows App (EV) | |
if: ${{ matrix.platform == 'windows' }} | |
run: | | |
dotnet tool install --global AzureSignTool | |
# You'll probably want to template in your app version number here somehow | |
AzureSignTool sign -kvu "${{ secrets.AZURE_KEY_VAULT_URI }}" -kvi "${{ secrets.AZURE_CLIENT_ID }}" -kvt "${{ secrets.AZURE_TENANT_ID }}"-kvs "${{ secrets.AZURE_CLIENT_SECRET }}" -kvc ${{ secrets.AZURE_CERT_NAME }} -tr http://timestamp.digicert.com -v src-tauri\target\release\bundle\msi\Your_App_Name_And_Version_0.0.1_x64_en-US.msi -d "Your Company Name" | |
- name: Sign Windows Update Bundle | |
if: ${{ matrix.platform == 'windows' }} | |
run: | | |
# These files were generated by the build, but contain a non code signed (EV) version of our app | |
# So we need to scrap them, and sign our own | |
rm src-tauri\target\release\bundle\msi\Your_App_Name_And_Version_0.0.1_x64_en-US.msi.zip | |
rm src-tauri\target\release\bundle\msi\Your_App_Name_And_Version_0.0.1_x64_en-US.msi.zip.sig | |
# Zip the MSI we signed using AzureSignTool | |
# Tauri currently zips, but doesn't compress. So we use `-mx=0` which enables copy/store mode | |
7z a -mx=0 src-tauri\target\release\bundle\msi\Your_App_Name_And_Version_0.0.1_x64_en-US.msi.zip .\src-tauri\target\release\bundle\msi\Your_App_Name_And_Version_0.0.1_x64_en-US.msi | |
# Generate the `msi.sig` file for the updater! | |
yarn tauri signer sign src-tauri\target\release\bundle\msi\Your_App_Name_And_Version_0.0.1_x64_en-US.msi.zip --private-key ${{ secrets.TAURI_PRIVATE_KEY }} --password ${{ secrets.TAURI_KEY_PASSWORD }} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment