626d013547
* switch from yarn to pnpm * Remove full-nym-wasm (#6796) * Remove nym-browser-extension (#6798) * Remove nym-browser-extension * remove unused from makefile * Remove Node tester (#6800) * Remove dom-utils (#6801) * gh-actions: remove pnpm version * nuke dist and pkg * add missing dependency * set node version to 24 and pnpm version to 11 * upgrade lock file from pnpm version 9 to 11 * pnpm add approved builds * yarn -> pnpm * upgrade jest version * yarn -> pnpm * Remove unused cfg; clippy! * pnpm: when dev mode is on, unfreeze the lock file * pnpm approve more scripts * pnpm syntax error * add `pnpm i` * disable eslint temporarily while switching to biome in later PR --------- Co-authored-by: Mark Sinclair <mmsinclair@users.noreply.github.com> Co-authored-by: mfahampshire <maxhampshire@pm.me>
205 lines
7.5 KiB
YAML
205 lines
7.5 KiB
YAML
name: publish-nym-wallet-win11
|
|
on:
|
|
workflow_dispatch:
|
|
inputs:
|
|
sign:
|
|
description: "Sign this build using SSL.com. Signing is billed per signature so be careful"
|
|
required: false
|
|
type: boolean
|
|
default: true
|
|
release:
|
|
types: [created]
|
|
|
|
defaults:
|
|
run:
|
|
working-directory: nym-wallet
|
|
|
|
jobs:
|
|
publish-tauri:
|
|
if: ${{ (startsWith(github.ref, 'refs/tags/nym-wallet-') && github.event_name == 'release') || github.event_name == 'workflow_dispatch' }}
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
platform: [custom-windows-11]
|
|
runs-on: ${{ matrix.platform }}
|
|
|
|
outputs:
|
|
release_tag: ${{ github.ref_name }}
|
|
|
|
env:
|
|
SIGN_WINDOWS: ${{ github.event_name == 'release' || inputs.sign }}
|
|
|
|
steps:
|
|
- uses: actions/checkout@v6
|
|
|
|
- name: Install Rust toolchain
|
|
uses: dtolnay/rust-toolchain@stable
|
|
with:
|
|
toolchain: ${{ vars.REQUIRED_RUSTC_VERSION }}
|
|
|
|
- name: Setup MSBuild.exe
|
|
uses: microsoft/setup-msbuild@v3
|
|
|
|
- name: Setup pnpm
|
|
uses: pnpm/action-setup@v5.0.0
|
|
with:
|
|
version: 11.1.2
|
|
- uses: actions/setup-node@v4
|
|
with:
|
|
node-version: 24
|
|
|
|
- name: Strip Authenticode thumbprint (avoid signtool on runner)
|
|
working-directory: nym-wallet/src-tauri
|
|
if: ${{ env.SIGN_WINDOWS == 'true' || (github.event_name == 'workflow_dispatch' && !inputs.sign) }}
|
|
shell: bash
|
|
run: |
|
|
set -euo pipefail
|
|
if ! command -v yq >/dev/null 2>&1; then
|
|
echo "yq is required on this runner to edit tauri.conf.json"
|
|
exit 1
|
|
fi
|
|
yq eval --inplace '
|
|
del(.bundle.windows.certificateThumbprint) |
|
|
del(.bundle.windows.digestAlgorithm) |
|
|
del(.bundle.windows.timestampUrl)
|
|
' tauri.conf.json
|
|
|
|
- name: Download EV CodeSignTool from ssl.com
|
|
working-directory: nym-wallet/src-tauri
|
|
if: env.SIGN_WINDOWS == 'true'
|
|
shell: bash
|
|
run: |
|
|
curl -L0 https://www.ssl.com/download/codesigntool-for-linux-and-macos/ -o codesigntool.zip
|
|
unzip codesigntool.zip
|
|
- name: Get EV certificate credential id
|
|
working-directory: nym-wallet/src-tauri
|
|
if: env.SIGN_WINDOWS == 'true'
|
|
id: get_credential_ids
|
|
shell: bash
|
|
run: |
|
|
echo "SSL_COM_CREDENTIAL_ID=$(./CodeSignTool.sh get_credential_ids -username=${{ secrets.SSL_COM_USERNAME }} -password=${{ secrets.SSL_COM_PASSWORD }} | sed -n '1!p' | sed 's/- //')" >> "$GITHUB_OUTPUT"
|
|
- name: Add custom sign command to tauri.conf.json
|
|
working-directory: nym-wallet/src-tauri
|
|
if: env.SIGN_WINDOWS == 'true'
|
|
shell: bash
|
|
env:
|
|
SSL_SIGN_USER: ${{ secrets.SSL_COM_USERNAME }}
|
|
SSL_SIGN_PASS: ${{ secrets.SSL_COM_PASSWORD }}
|
|
SSL_SIGN_CRED: ${{ steps.get_credential_ids.outputs.SSL_COM_CREDENTIAL_ID }}
|
|
SSL_SIGN_TOTP: ${{ secrets.SSL_COM_TOTP_SECRET }}
|
|
run: |
|
|
set -euo pipefail
|
|
if ! command -v cygpath >/dev/null 2>&1; then
|
|
echo "cygpath not found; install Git for Windows or use bash from Git SDK"
|
|
exit 1
|
|
fi
|
|
export SCRIPT_UNIX="$(cygpath -u "$GITHUB_WORKSPACE/nym-wallet/src-tauri/CodeSignTool.sh")"
|
|
yq eval --inplace '
|
|
.bundle.windows += {
|
|
"signCommand": {
|
|
"cmd": "C:/Program Files/Git/bin/bash.exe",
|
|
"args": [
|
|
strenv(SCRIPT_UNIX),
|
|
"sign",
|
|
("-username " + strenv(SSL_SIGN_USER)),
|
|
("-password " + strenv(SSL_SIGN_PASS)),
|
|
("-credential_id " + strenv(SSL_SIGN_CRED)),
|
|
("-totp_secret " + strenv(SSL_SIGN_TOTP)),
|
|
"-program_name NymWallet",
|
|
"-input_file_path",
|
|
"%1",
|
|
"-override"
|
|
]
|
|
}
|
|
}
|
|
' tauri.conf.json
|
|
- name: Install project dependencies
|
|
shell: bash
|
|
run: cd .. && pnpm i
|
|
|
|
- name: Install app dependencies
|
|
shell: bash
|
|
run: pnpm i
|
|
|
|
- name: Build and sign it
|
|
shell: bash
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
TAURI_SIGNING_PRIVATE_KEY: ${{ secrets.TAURI_PRIVATE_KEY }}
|
|
TAURI_SIGNING_PRIVATE_KEY_PASSWORD: ${{ secrets.TAURI_KEY_PASSWORD }}
|
|
SSL_COM_USERNAME: ${{ env.SIGN_WINDOWS == 'true' && secrets.SSL_COM_USERNAME }}
|
|
SSL_COM_PASSWORD: ${{ env.SIGN_WINDOWS == 'true' && secrets.SSL_COM_PASSWORD }}
|
|
SSL_COM_CREDENTIAL_ID: ${{ env.SIGN_WINDOWS == 'true' && steps.get_credential_ids.outputs.SSL_COM_CREDENTIAL_ID }}
|
|
SSL_COM_TOTP_SECRET: ${{ env.SIGN_WINDOWS == 'true' && secrets.SSL_COM_TOTP_SECRET }}
|
|
run: |
|
|
echo "Starting build process..."
|
|
pnpm build
|
|
|
|
- name: Check bundle directory
|
|
shell: bash
|
|
run: |
|
|
echo "Checking bundle directory structure"
|
|
|
|
# Check standard location
|
|
if [ -d "target/release/bundle" ]; then
|
|
echo "Found bundle directory at standard location"
|
|
ls -la target/release/bundle || echo "Failed to list bundle directory"
|
|
fi
|
|
|
|
# Check src-tauri location
|
|
if [ -d "src-tauri/target/release/bundle" ]; then
|
|
echo "Found bundle directory in src-tauri"
|
|
ls -la src-tauri/target/release/bundle || echo "Failed to list src-tauri bundle directory"
|
|
|
|
# Use this path for future steps
|
|
echo "BUNDLE_PATH=src-tauri/target/release/bundle" >> $GITHUB_ENV
|
|
else
|
|
echo "Using standard bundle path"
|
|
echo "BUNDLE_PATH=target/release/bundle" >> $GITHUB_ENV
|
|
fi
|
|
|
|
# Check for MSI files in any location
|
|
find . -name "*.msi" -type f
|
|
|
|
- name: Upload Artifact
|
|
uses: actions/upload-artifact@v7
|
|
with:
|
|
name: nym-wallet.msi
|
|
path: |
|
|
nym-wallet/${{ env.BUNDLE_PATH }}/msi/*.msi
|
|
nym-wallet/${{ env.BUNDLE_PATH }}/*/nym-wallet*.msi
|
|
nym-wallet/src-tauri/target/release/bundle/msi/*.msi
|
|
retention-days: 30
|
|
|
|
- id: create-release
|
|
name: Upload to release based on tag name
|
|
uses: softprops/action-gh-release@v2
|
|
if: github.event_name == 'release'
|
|
with:
|
|
files: |
|
|
nym-wallet/${{ env.BUNDLE_PATH }}/msi/*.msi
|
|
nym-wallet/${{ env.BUNDLE_PATH }}/msi/*.msi.zip*
|
|
nym-wallet/${{ env.BUNDLE_PATH }}/*/nym-wallet*.msi
|
|
nym-wallet/src-tauri/target/release/bundle/msi/*.msi
|
|
|
|
- name: Find MSI path for deployment
|
|
id: find-msi
|
|
shell: bash
|
|
run: |
|
|
MSI_FILE=$(find . -name "*.msi" -type f | head -n 1)
|
|
if [ -n "$MSI_FILE" ]; then
|
|
echo "Found MSI file: $MSI_FILE"
|
|
echo "msi_path=$MSI_FILE" >> $GITHUB_OUTPUT
|
|
else
|
|
echo "WARNING: No MSI file found for deployment!"
|
|
echo "msi_path=${{ env.BUNDLE_PATH }}/msi/nym-wallet*.msi" >> $GITHUB_OUTPUT
|
|
fi
|
|
|
|
push-release-data:
|
|
if: ${{ (startsWith(github.ref, 'refs/tags/nym-wallet-') && github.event_name == 'release') || github.event_name == 'workflow_dispatch' }}
|
|
uses: ./.github/workflows/release-calculate-hash.yml
|
|
needs: publish-tauri
|
|
with:
|
|
release_tag: ${{ needs.publish-tauri.outputs.release_tag || github.ref_name }}
|
|
secrets: inherit
|