diff --git a/.github/workflows/nym-connect-publish-macos.yml b/.github/workflows/nym-connect-publish-macos.yml new file mode 100644 index 0000000000..6016c1983c --- /dev/null +++ b/.github/workflows/nym-connect-publish-macos.yml @@ -0,0 +1,96 @@ +name: Publish Nym Connect (MacOS) +on: + workflow_dispatch: + release: + types: [created] + +defaults: + run: + working-directory: nym-connect + +jobs: + publish-tauri: + strategy: + fail-fast: false + matrix: + platform: [macos-latest] + + runs-on: ${{ matrix.platform }} + steps: + - uses: actions/checkout@v2 + + - name: Check the release tag starts with `nym-connect-` + if: startsWith(github.ref, 'refs/tags/nym-connect-') == false && github.event_name != 'workflow_dispatch' + uses: actions/github-script@v3 + with: + script: | + core.setFailed('Release tag did not start with nym-connect-...') + + - name: Node v16 + uses: actions/setup-node@v3 + with: + node-version: 16 + - name: Install Rust stable + uses: actions-rs/toolchain@v1 + with: + toolchain: stable + - name: Install the Apple developer certificate for code signing + env: + APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }} + APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }} + KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} + run: | + # create variables + CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12 + KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db + + # import certificate and provisioning profile from secrets + echo -n "$APPLE_CERTIFICATE" | base64 --decode --output $CERTIFICATE_PATH + + # create temporary keychain + security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH + security set-keychain-settings -lut 21600 $KEYCHAIN_PATH + security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH + + # import certificate to keychain + security import $CERTIFICATE_PATH -P "$APPLE_CERTIFICATE_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH + security list-keychain -d user -s $KEYCHAIN_PATH + + - name: Create env file + uses: timheuer/base64-to-file@v1.1 + with: + fileName: '.env' + encodedString: ${{ secrets.WALLET_ADMIN_ADDRESS }} + + - name: Install app dependencies and build it + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + ENABLE_CODE_SIGNING: ${{ secrets.APPLE_CERTIFICATE }} + APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }} + APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }} + APPLE_SIGNING_IDENTITY: ${{ secrets.APPLE_IDENTITY_ID }} + APPLE_ID: ${{ secrets.APPLE_ID }} + APPLE_PASSWORD: ${{ secrets.APPLE_PASSWORD }} + TAURI_PRIVATE_KEY: ${{ secrets.TAURI_PRIVATE_KEY }} + TAURI_KEY_PASSWORD: ${{ secrets.TAURI_KEY_PASSWORD }} + run: yarn && yarn build + + - name: Upload Artifact + uses: actions/upload-artifact@v3 + with: + name: nym-connect.app.tar.gz + path: nym-connect/target/release/bundle/macos/nym-connect.app.tar.gz + retention-days: 5 + + - name: Clean up keychain + if: ${{ always() }} + run: | + security delete-keychain $RUNNER_TEMP/app-signing.keychain-db + + - name: Upload to release based on tag name + uses: softprops/action-gh-release@v1 + if: github.event_name == 'release' + with: + files: | + nym-connect/target/release/bundle/dmg/*.dmg + nym-connect/target/release/bundle/macos/*.app.tar.gz* diff --git a/.github/workflows/nym-connect-publish-ubuntu.yml b/.github/workflows/nym-connect-publish-ubuntu.yml new file mode 100644 index 0000000000..9ad9e9910c --- /dev/null +++ b/.github/workflows/nym-connect-publish-ubuntu.yml @@ -0,0 +1,58 @@ +name: Publish Nym Connect (Ubuntu) +on: + release: + types: [created] + +defaults: + run: + working-directory: nym-connect + +jobs: + publish-tauri: + strategy: + fail-fast: false + matrix: + platform: [ubuntu-latest] + + runs-on: ${{ matrix.platform }} + steps: + - uses: actions/checkout@v2 + + - name: Tauri dependencies + run: > + sudo apt-get update && + sudo apt-get install -y webkit2gtk-4.0 + - name: Check the release tag starts with `nym-connect-` + if: startsWith(github.ref, 'refs/tags/nym-connect-') == false + uses: actions/github-script@v3 + with: + script: | + core.setFailed('Release tag did not start with nym-connect-...') + + - name: Node v16 + uses: actions/setup-node@v3 + with: + node-version: 16 + - name: Install Rust stable + uses: actions-rs/toolchain@v1 + with: + toolchain: stable + - name: Install app dependencies + run: yarn + - name: Create env file + uses: timheuer/base64-to-file@v1.1 + with: + fileName: '.env' + encodedString: ${{ secrets.WALLET_ADMIN_ADDRESS }} + + - name: Build app + run: yarn build + env: + TAURI_PRIVATE_KEY: ${{ secrets.TAURI_PRIVATE_KEY }} + TAURI_KEY_PASSWORD: ${{ secrets.TAURI_KEY_PASSWORD }} + - name: Upload to release based on tag name + uses: softprops/action-gh-release@v1 + with: + files: | + nym-connect/target/release/bundle/appimage/*.AppImage + nym-connect/target/release/bundle/appimage/*.AppImage.tar.gz* diff --git a/.github/workflows/nym-connect-publish-windows10.yml b/.github/workflows/nym-connect-publish-windows10.yml new file mode 100644 index 0000000000..c24d99820e --- /dev/null +++ b/.github/workflows/nym-connect-publish-windows10.yml @@ -0,0 +1,81 @@ +name: Publish Nym Connect (Windows 10) +on: + release: + types: [created] + +defaults: + run: + working-directory: nym-connect + +jobs: + publish-tauri: + strategy: + fail-fast: false + matrix: + platform: [windows10] + + runs-on: ${{ matrix.platform }} + steps: + - name: Clean up first + continue-on-error: true + working-directory: . + run: | + cd .. + del /s /q /A:H nym + rmdir /s /q nym + + - uses: actions/checkout@v3 + + - name: Check the release tag starts with `nym-connect-` + if: startsWith(github.ref, 'refs/tags/nym-connect-') == false + uses: actions/github-script@v3 + with: + script: | + core.setFailed('Release tag did not start with nym-connect-...') + + - name: Import signing certificate + env: + WINDOWS_CERTIFICATE: ${{ secrets.WINDOWS_CERTIFICATE }} + WINDOWS_CERTIFICATE_PASSWORD: ${{ secrets.WINDOWS_CERTIFICATE_PASSWORD }} + run: | + New-Item -ItemType directory -Path certificate + Set-Content -Path certificate/tempCert.txt -Value $env:WINDOWS_CERTIFICATE + certutil -decode certificate/tempCert.txt certificate/certificate.pfx + Remove-Item -path certificate -include tempCert.txt + Import-PfxCertificate -FilePath certificate/certificate.pfx -CertStoreLocation Cert:\CurrentUser\My -Password (ConvertTo-SecureString -String $env:WINDOWS_CERTIFICATE_PASSWORD -Force -AsPlainText) + + - name: Node v16 + uses: actions/setup-node@v3 + with: + node-version: 16 + + - name: Install Rust stable + uses: actions-rs/toolchain@v1 + with: + toolchain: stable + + - name: Create env file + uses: timheuer/base64-to-file@v1.1 + with: + fileName: '.env' + encodedString: ${{ secrets.WALLET_ADMIN_ADDRESS }} + + - name: Install app dependencies + run: yarn + + - name: Build and sign it + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + ENABLE_CODE_SIGNING: ${{ secrets.WINDOWS_CERTIFICATE }} + WINDOWS_CERTIFICATE: ${{ secrets.WINDOWS_CERTIFICATE }} + WINDOWS_CERTIFICATE_PASSWORD: ${{ secrets.WINDOWS_CERTIFICATE_PASSWORD }} + TAURI_PRIVATE_KEY: ${{ secrets.TAURI_PRIVATE_KEY }} + TAURI_KEY_PASSWORD: ${{ secrets.TAURI_KEY_PASSWORD }} + run: yarn build + + - name: Upload to release based on tag name + uses: softprops/action-gh-release@v1 + with: + files: | + nym-connect/target/release/bundle/msi/*.msi + nym-connect/target/release/bundle/msi/*.msi.zip* diff --git a/nym-connect/src-tauri/tauri.conf.json b/nym-connect/src-tauri/tauri.conf.json index 000de32930..9c236e490f 100644 --- a/nym-connect/src-tauri/tauri.conf.json +++ b/nym-connect/src-tauri/tauri.conf.json @@ -42,9 +42,9 @@ "entitlements": null }, "windows": { - "certificateThumbprint": null, + "certificateThumbprint": "6DB77B1F529A0804FE0E6843A3EB8A8CECFFD408", "digestAlgorithm": "sha256", - "timestampUrl": "" + "timestampUrl": "http://timestamp.comodoca.com" } }, "updater": {