typo fix #325
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "Build app and create release" | |
| on: | |
| push: | |
| branches: | |
| - apt_repository | |
| # tags: | |
| # - v*.*.* | |
| jobs: | |
| # build-wireguard-go: | |
| # strategy: | |
| # fail-fast: false | |
| # matrix: | |
| # architecture: [arm64, amd64] | |
| # runs-on: [self-hosted, macOS] | |
| # steps: | |
| # - uses: actions/checkout@v5 | |
| # with: | |
| # repository: WireGuard/wireguard-go | |
| # ref: master | |
| # fetch-depth: 0 | |
| # - name: Set up Go | |
| # uses: actions/setup-go@v5 | |
| # with: | |
| # go-version: "1.24" | |
| # - name: Build wireguard-go binary | |
| # run: make | |
| # env: | |
| # GOOS: darwin | |
| # GOARCH: ${{ matrix.architecture }} | |
| # - name: Upload binary artifact arm64 | |
| # if: matrix.architecture == 'arm64' | |
| # uses: actions/upload-artifact@v4 | |
| # with: | |
| # name: wireguard-go-aarch64-apple-darwin | |
| # path: wireguard-go | |
| # - name: Upload binary artifact amd64 | |
| # if: matrix.architecture == 'amd64' | |
| # uses: actions/upload-artifact@v4 | |
| # with: | |
| # name: wireguard-go-x86_64-apple-darwin | |
| # path: wireguard-go | |
| create-release: | |
| name: create-release | |
| runs-on: self-hosted | |
| outputs: | |
| upload_url: ${{ steps.release.outputs.upload_url }} | |
| steps: | |
| - name: Create GitHub release | |
| id: release | |
| uses: softprops/action-gh-release@v2 | |
| with: | |
| draft: true | |
| generate_release_notes: true | |
| # create-sbom: | |
| # needs: [create-release] | |
| # uses: ./.github/workflows/sbom.yml | |
| # with: | |
| # upload_url: ${{ needs.create-release.outputs.upload_url }} | |
| # ubuntu-22-04-build: | |
| # needs: | |
| # - create-release | |
| # runs-on: | |
| # - self-hosted | |
| # - Linux | |
| # - ${{ matrix.architecture }} | |
| # strategy: | |
| # fail-fast: false | |
| # matrix: | |
| # architecture: [ARM64, X64] | |
| # include: | |
| # - architecture: ARM64 | |
| # deb_arch: arm64 | |
| # binary_arch: aarch64 | |
| # - architecture: X64 | |
| # deb_arch: amd64 | |
| # binary_arch: x86_64 | |
| # container: | |
| # image: ubuntu:22.04 | |
| # env: | |
| # DEBIAN_FRONTEND: noninteractive | |
| # HOME: /root | |
| # RUSTUP_HOME: /root/.rustup | |
| # CARGO_HOME: /root/.cargo | |
| # steps: | |
| # - name: git install | |
| # run: | | |
| # apt-get update | |
| # apt-get install -y git curl ca-certificates | |
| # git config --global --add safe.directory '*' | |
| # - uses: actions/checkout@v5 | |
| # with: | |
| # submodules: "recursive" | |
| # - uses: pnpm/action-setup@v4 | |
| # with: | |
| # version: 10.17 | |
| # run_install: false | |
| # - uses: actions/setup-node@v5 | |
| # with: | |
| # node-version: "24" | |
| # - name: Get pnpm store directory | |
| # run: | | |
| # echo "STORE_PATH=$(pnpm store path --silent)" >> ${GITHUB_ENV} | |
| # # - name: Write release version | |
| # # run: | | |
| # # VERSION=$(echo ${GITHUB_REF_NAME#v} | cut -d '-' -f1) | |
| # # echo Version: $VERSION | |
| # # echo "VERSION=$VERSION" >> ${GITHUB_ENV} | |
| # - name: Write release version | |
| # run: | | |
| # VERSION=$(echo ${GITHUB_REF_NAME#v} | cut -d '-' -f1) | |
| # echo Version: $VERSION | |
| # echo "VERSION=1.5.2" >> ${GITHUB_ENV} | |
| # - uses: actions/cache@v4 | |
| # name: Setup pnpm cache | |
| # with: | |
| # path: ${{ env.STORE_PATH }} | |
| # key: ${{ runner.os }}-pnpm-build-store-${{ hashFiles('**/pnpm-lock.yaml') }} | |
| # restore-keys: | | |
| # ${{ runner.os }}-pnpm-build-store- | |
| # - name: Install Node dependencies | |
| # run: pnpm install --frozen-lockfile | |
| # - uses: dtolnay/rust-toolchain@stable | |
| # - name: Install dependencies | |
| # run: | | |
| # apt-get install -y build-essential libgtk-3-dev libwebkit2gtk-4.1-dev libayatana-appindicator3-dev librsvg2-dev patchelf libssl-dev libxdo-dev unzip protobuf-compiler libprotobuf-dev rpm ruby | |
| # gem install deb-s3 | |
| # - name: Build packages | |
| # uses: tauri-apps/tauri-action@v0 | |
| # env: | |
| # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| # with: | |
| # args: "--bundles deb" | |
| # - name: Upload DEB | |
| # uses: actions/upload-release-asset@v1 | |
| # env: | |
| # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| # with: | |
| # upload_url: ${{ needs.create-release.outputs.upload_url }} | |
| # asset_path: src-tauri/target/release/bundle/deb/defguard-client_${{ env.VERSION }}_${{ matrix.deb_arch }}.deb | |
| # asset_name: defguard-client_${{ env.VERSION }}_${{ matrix.deb_arch }}_ubuntu-22-04-lts.deb | |
| # asset_content_type: application/octet-stream | |
| apt-sign: | |
| needs: | |
| - build-linux | |
| runs-on: | |
| - self-hosted | |
| - Linux | |
| - X64 | |
| strategy: | |
| fail-fast: false | |
| steps: | |
| - name: Sign APT repository | |
| run: | | |
| export AWS_ACCESS_KEY_ID=${{ secrets.AWS_ACCESS_KEY }} | |
| export AWS_SECRET_ACCESS_KEY=${{ secrets.AWS_SECRET_KEY }} | |
| export AWS_REGION=eu-north-1 | |
| apt update -y | |
| apt install -y awscli curl jq base64 | |
| aws s3 cp s3://apt.defguard.net/dists/trixie/Release . | |
| curl -X POST "${{ secrets.DEFGUARD_SIGNING_API_KEY }}?signature_type=both" \ | |
| -H "Authorization: Bearer ${{ secrets.DEFGUARD_SIGNING_API_KEY }}" \ | |
| -F "file=@Release" \ | |
| -o response.json | |
| cat response.json | jq -r '.files["Release.gpg"].content' | base64 --decode > Release.gpg | |
| cat response.json | jq -r '.files.Release.content' | base64 --decode > InRelease | |
| aws s3 cp Release.gpg s3://apt.defguard.net/dists/trixie/ | |
| aws s3 cp InRelease s3://apt.defguard.net/dists/trixie/ | |
| build-linux: | |
| needs: | |
| - create-release | |
| runs-on: | |
| - self-hosted | |
| - Linux | |
| - ${{ matrix.architecture }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| architecture: [ARM64, X64] | |
| include: | |
| - architecture: ARM64 | |
| deb_arch: arm64 | |
| binary_arch: aarch64 | |
| - architecture: X64 | |
| deb_arch: amd64 | |
| binary_arch: x86_64 | |
| steps: | |
| - uses: actions/checkout@v5 | |
| with: | |
| submodules: "recursive" | |
| # - name: Write release version | |
| # run: | | |
| # VERSION=$(echo ${GITHUB_REF_NAME#v} | cut -d '-' -f1) | |
| # echo Version: $VERSION | |
| # echo "VERSION=$VERSION" >> ${GITHUB_ENV} | |
| - name: Write release version | |
| run: | | |
| VERSION=$(echo ${GITHUB_REF_NAME#v} | cut -d '-' -f1) | |
| echo Version: $VERSION | |
| echo "VERSION=1.5.2" >> ${GITHUB_ENV} | |
| - uses: actions/setup-node@v5 | |
| with: | |
| node-version: "24" | |
| - uses: pnpm/action-setup@v4 | |
| with: | |
| version: 10.17 | |
| run_install: false | |
| - name: Get pnpm store directory | |
| shell: bash | |
| run: | | |
| echo "STORE_PATH=$(pnpm store path --silent)" >> ${GITHUB_ENV} | |
| - uses: actions/cache@v4 | |
| name: Setup pnpm cache | |
| with: | |
| path: ${{ env.STORE_PATH }} | |
| key: ${{ runner.os }}-pnpm-build-store-${{ hashFiles('**/pnpm-lock.yaml') }} | |
| restore-keys: | | |
| ${{ runner.os }}-pnpm-build-store- | |
| - name: Install Node dependencies | |
| run: pnpm install --frozen-lockfile | |
| - uses: dtolnay/rust-toolchain@stable | |
| - name: Install Linux dependencies | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y libgtk-3-dev libwebkit2gtk-4.1-dev libayatana-appindicator3-dev librsvg2-dev patchelf libssl-dev libxdo-dev unzip protobuf-compiler libprotobuf-dev rpm ruby | |
| export PATH="/srv/github/defguard/.local/share/gem/ruby/3.3.0/bin:$PATH" | |
| gem install deb-s3 | |
| - name: Build packages | |
| uses: tauri-apps/tauri-action@v0 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| with: | |
| args: "--bundles deb" #,rpm" | |
| # - name: Upload RPM | |
| # uses: actions/upload-release-asset@v1 | |
| # env: | |
| # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| # with: | |
| # upload_url: ${{ needs.create-release.outputs.upload_url }} | |
| # asset_path: src-tauri/target/release/bundle/rpm/defguard-client-${{ env.VERSION }}-1.${{ matrix.binary_arch }}.rpm | |
| # asset_name: defguard-client-${{ env.VERSION }}-1.${{ matrix.binary_arch }}.rpm | |
| # asset_content_type: application/octet-stream | |
| - name: Upload DEB | |
| uses: actions/upload-release-asset@v1 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| with: | |
| upload_url: ${{ needs.create-release.outputs.upload_url }} | |
| asset_path: src-tauri/target/release/bundle/deb/defguard-client_${{ env.VERSION }}_${{ matrix.deb_arch }}.deb | |
| asset_name: defguard-client_${{ env.VERSION }}_${{ matrix.deb_arch }}.deb | |
| asset_content_type: application/octet-stream | |
| - name: Upload DEB to apt repository on s3 | |
| run: | | |
| export PATH="/srv/github/defguard/.local/share/gem/ruby/3.3.0/bin:$PATH" | |
| COMPONENT=$([[ "${{ github.ref_name }}" == *"-"* ]] && echo "pre-release" || echo "release") # if tag contain "-" assume it's pre-release. | |
| deb-s3 upload -l --bucket=apt.defguard.net --access-key-id=${{ secrets.AWS_ACCESS_KEY }} --secret-access-key=${{ secrets.AWS_SECRET_KEY }} --s3-region=eu-north-1 --fail-if-exists --codename=trixie --component="$COMPONENT" src-tauri/target/release/bundle/deb/defguard-client_${{ env.VERSION }}_${{ matrix.deb_arch }}.deb | |
| # - name: Rename client binary | |
| # run: mv src-tauri/target/release/defguard-client defguard-client-linux-${{ matrix.binary_arch }}-${{ github.ref_name }} | |
| # - name: Tar client binary | |
| # uses: a7ul/tar-action@v1.2.0 | |
| # with: | |
| # command: c | |
| # files: | | |
| # defguard-client-linux-${{ matrix.binary_arch }}-${{ github.ref_name }} | |
| # outPath: defguard-client-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.tar.gz | |
| # - name: Upload client archive | |
| # uses: actions/upload-release-asset@v1 | |
| # env: | |
| # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| # with: | |
| # upload_url: ${{ needs.create-release.outputs.upload_url }} | |
| # asset_path: defguard-client-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.tar.gz | |
| # asset_name: defguard-client-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.tar.gz | |
| # asset_content_type: application/octet-stream | |
| # - name: Rename daemon binary | |
| # run: mv src-tauri/target/release/defguard-service defguard-service-linux-${{ matrix.binary_arch }}-${{ github.ref_name }} | |
| # - name: Tar daemon binary | |
| # uses: a7ul/tar-action@v1.2.0 | |
| # with: | |
| # command: c | |
| # files: | | |
| # defguard-service-linux-${{ matrix.binary_arch }}-${{ github.ref_name }} | |
| # outPath: defguard-service-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.tar.gz | |
| # - name: Upload daemon archive | |
| # uses: actions/upload-release-asset@v1 | |
| # env: | |
| # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| # with: | |
| # upload_url: ${{ needs.create-release.outputs.upload_url }} | |
| # asset_path: defguard-service-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.tar.gz | |
| # asset_name: defguard-service-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.tar.gz | |
| # asset_content_type: application/octet-stream | |
| # - name: Rename dg binary | |
| # run: mv src-tauri/target/release/dg dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }} | |
| # - name: Tar dg binary | |
| # uses: a7ul/tar-action@v1.2.0 | |
| # with: | |
| # command: c | |
| # files: | | |
| # dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }} | |
| # outPath: dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.tar.gz | |
| # - name: Upload dg archive | |
| # uses: actions/upload-release-asset@v1 | |
| # env: | |
| # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| # with: | |
| # upload_url: ${{ needs.create-release.outputs.upload_url }} | |
| # asset_path: dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.tar.gz | |
| # asset_name: dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.tar.gz | |
| # asset_content_type: application/octet-stream | |
| # - name: Build dg deb | |
| # uses: defGuard/fpm-action@main | |
| # with: | |
| # fpm_args: "dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}=/usr/sbin/dg dg.service=/usr/lib/systemd/system/dg.service src-tauri/cli/.env=/etc/defguard/dg.conf" | |
| # fpm_opts: "--architecture ${{ matrix.binary_arch }} --debug --output-type deb --version ${{ env.VERSION }} --package dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.deb" | |
| # - name: Upload DEB | |
| # uses: actions/upload-release-asset@v1.0.2 | |
| # env: | |
| # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| # with: | |
| # upload_url: ${{ needs.create-release.outputs.upload_url }} | |
| # asset_path: dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.deb | |
| # asset_name: dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.deb | |
| # asset_content_type: application/octet-stream | |
| # - name: Build dg rpm | |
| # uses: defGuard/fpm-action@main | |
| # with: | |
| # fpm_args: "dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}=/usr/sbin/dg dg.service=/usr/lib/systemd/system/dg.service src-tauri/cli/.env=/etc/defguard/dg.conf" | |
| # fpm_opts: "--architecture ${{ matrix.binary_arch }} --debug --output-type rpm --version ${{ env.VERSION }} --package dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.rpm" | |
| # - name: Upload RPM | |
| # uses: actions/upload-release-asset@v1.0.2 | |
| # env: | |
| # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| # with: | |
| # upload_url: ${{ needs.create-release.outputs.upload_url }} | |
| # asset_path: dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.rpm | |
| # asset_name: dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.rpm | |
| # asset_content_type: application/octet-stream | |
| # build-macos: | |
| # needs: | |
| # - create-release | |
| # - build-wireguard-go | |
| # strategy: | |
| # fail-fast: false | |
| # matrix: | |
| # target: [aarch64-apple-darwin, x86_64-apple-darwin] | |
| # runs-on: | |
| # - self-hosted | |
| # - macOS | |
| # env: | |
| # APPLE_SIGNING_IDENTITY_APPLICATION: "Developer ID Application: defguard sp. z o.o. (82GZ7KN29J)" | |
| # APPLE_SIGNING_IDENTITY_INSTALLER: "Developer ID Installer: defguard sp. z o.o. (82GZ7KN29J)" | |
| # APPLE_ID: "kamil@defguard.net" | |
| # APPLE_TEAM_ID: "82GZ7KN29J" | |
| # steps: | |
| # - uses: actions/checkout@v5 | |
| # with: | |
| # submodules: "recursive" | |
| # - name: Write release version | |
| # run: | | |
| # VERSION=$(echo ${GITHUB_REF_NAME#v} | cut -d '-' -f1) | |
| # echo Version: $VERSION | |
| # echo "VERSION=$VERSION" >> ${GITHUB_ENV} | |
| # - uses: actions/setup-node@v4 | |
| # with: | |
| # node-version: "22" | |
| # - uses: pnpm/action-setup@v4 | |
| # with: | |
| # version: 10 | |
| # run_install: false | |
| # - name: Get pnpm store directory | |
| # shell: bash | |
| # run: echo "STORE_PATH=$(pnpm store path --silent)" >> ${GITHUB_ENV} | |
| # - uses: actions/cache@v4 | |
| # name: Setup pnpm cache | |
| # with: | |
| # path: ${{ env.STORE_PATH }} | |
| # key: ${{ runner.os }}-pnpm-build-store-${{ hashFiles('**/pnpm-lock.yaml') }} | |
| # restore-keys: | | |
| # ${{ runner.os }}-pnpm-build-store- | |
| # - name: Install deps | |
| # run: pnpm install --frozen-lockfile | |
| # - uses: dtolnay/rust-toolchain@stable | |
| # - name: Install protobuf compiler | |
| # run: brew install protobuf | |
| # - name: Install ARM target | |
| # run: rustup target add aarch64-apple-darwin | |
| # - name: Download wireguard-go binary | |
| # uses: actions/download-artifact@v4 | |
| # with: | |
| # name: wireguard-go-${{ matrix.target }} | |
| # path: src-tauri/resources-macos/binaries | |
| # - name: Rename wireguard-go binary | |
| # run: | | |
| # ls -l src-tauri/resources-macos/binaries | |
| # mv src-tauri/resources-macos/binaries/wireguard-go src-tauri/resources-macos/binaries/wireguard-go-${{ matrix.target }} | |
| # - name: Unlock keychain | |
| # run: security -v unlock-keychain -p "${{ secrets.KEYCHAIN_PASSWORD }}" /Users/admin/Library/Keychains/login.keychain | |
| # - name: Build app | |
| # uses: tauri-apps/tauri-action@v0 | |
| # env: | |
| # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| # APPLE_SIGNING_IDENTITY: ${{ env.APPLE_SIGNING_IDENTITY_APPLICATION }} | |
| # APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }} | |
| # APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }} | |
| # APPLE_ID: ${{ env.APPLE_ID }} | |
| # APPLE_PASSWORD: ${{ secrets.NOTARYTOOL_APP_SPECIFIC_PASSWORD }} | |
| # APPLE_TEAM_ID: ${{ env.APPLE_TEAM_ID }} | |
| # with: | |
| # args: --target ${{ matrix.target }} -v | |
| # - name: Build installation package | |
| # run: | | |
| # bash build-macos-package.sh src-tauri/target/${{ matrix.target }} src-tauri/resources-macos/scripts '${{ env.APPLE_SIGNING_IDENTITY_INSTALLER }}' /Users/admin/Library/Keychains/login.keychain | |
| # xcrun notarytool submit --wait --apple-id ${{ env.APPLE_ID }} --password ${{ secrets.NOTARYTOOL_APP_SPECIFIC_PASSWORD }} --team-id ${{ env.APPLE_TEAM_ID }} src-tauri/target/${{ matrix.target }}/product-signed/defguard.pkg | |
| # xcrun stapler staple src-tauri/target/${{ matrix.target }}/product-signed/defguard.pkg | |
| # - name: Upload installation package | |
| # uses: actions/upload-release-asset@v1 | |
| # env: | |
| # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| # with: | |
| # upload_url: ${{ needs.create-release.outputs.upload_url }} | |
| # asset_path: src-tauri/target/${{ matrix.target }}/product-signed/defguard.pkg | |
| # asset_name: defguard-${{ matrix.target }}-${{ env.VERSION }}.pkg | |
| # asset_content_type: application/octet-stream | |
| # Building signed Windows bundle involves a few steps as described here: | |
| # https://wixtoolset.org/docs/tools/signing/#signing-bundles-at-the-command-line | |
| # 1. Build Defguard and bundle the binaries (Defguard and WireGuard) using Wix (Windows) | |
| # 2. Detach the burn engine from the bundle so that it can be signed (also Windows) | |
| # 3. Sign the burn engine (Linux) | |
| # 4. Reattach the burn engine back to the bundle (Windows again) | |
| # 5. Sign the whole bundle (Linux) | |
| # build-windows: | |
| # needs: | |
| # - create-release | |
| # runs-on: windows-latest | |
| # steps: | |
| # - uses: actions/checkout@v5 | |
| # with: | |
| # submodules: "recursive" | |
| # - name: Write release version | |
| # run: | | |
| # $env:VERSION=echo ($env:GITHUB_REF_NAME.Substring(1) -Split "-")[0] | |
| # echo Version: $env:VERSION | |
| # echo "VERSION=$env:VERSION" >> $env:GITHUB_ENV | |
| # - uses: actions/setup-node@v4 | |
| # with: | |
| # node-version: "22" | |
| # - uses: pnpm/action-setup@v4 | |
| # with: | |
| # version: 10 | |
| # run_install: false | |
| # - name: Get pnpm store directory | |
| # shell: bash | |
| # run: echo "STORE_PATH=$(pnpm store path --silent)" >> ${GITHUB_ENV} | |
| # - uses: actions/cache@v4 | |
| # name: Setup pnpm cache | |
| # with: | |
| # path: ${{ env.STORE_PATH }} | |
| # key: ${{ runner.os }}-pnpm-build-store-${{ hashFiles('**/pnpm-lock.yaml') }} | |
| # restore-keys: | | |
| # ${{ runner.os }}-pnpm-build-store- | |
| # - name: Install deps | |
| # run: pnpm install --frozen-lockfile | |
| # - uses: dtolnay/rust-toolchain@stable | |
| # - name: Install Protoc | |
| # uses: arduino/setup-protoc@v2 | |
| # with: | |
| # repo-token: ${{ secrets.GITHUB_TOKEN }} | |
| # - name: Remove "default-run" line from Cargo.toml | |
| # run: | | |
| # Set-Content -Path ".\src-tauri\Cargo.toml" -Value (get-content -Path ".\src-tauri\Cargo.toml" | Select-String -Pattern 'default-run =' -NotMatch) | |
| # - name: Build packages | |
| # uses: tauri-apps/tauri-action@v0 | |
| # env: | |
| # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| # - name: Bundle application | |
| # run: | | |
| # dotnet tool install --global wix --version 4.0.5 | |
| # wix extension add WixToolset.Bal.wixext/4 | |
| # wix build .\src-tauri\resources-windows\defguard-client.wxs -ext .\.wix\extensions\WixToolset.Bal.wixext\4\wixext4\WixToolset.Bal.wixext.dll | |
| # wix burn detach .\src-tauri\resources-windows\defguard-client.exe -engine .\src-tauri\resources-windows\burnengine.exe | |
| # - name: Upload unsigned bundle and burn-engine | |
| # uses: actions/upload-artifact@v4 | |
| # with: | |
| # name: unsigned-bundle-and-burnengine | |
| # path: | | |
| # src-tauri/resources-windows/defguard-client.exe | |
| # src-tauri/resources-windows/burnengine.exe | |
| # sign-burn-engine: | |
| # needs: | |
| # - build-windows | |
| # runs-on: | |
| # - self-hosted | |
| # - Linux | |
| # - X64 | |
| # steps: | |
| # - name: Write release version | |
| # run: | | |
| # VERSION=$(echo ${GITHUB_REF_NAME#v} | cut -d '-' -f1) | |
| # echo Version: $VERSION | |
| # echo "VERSION=$VERSION" >> ${GITHUB_ENV} | |
| # - name: Download unsigned bundle & burn-engine | |
| # uses: actions/download-artifact@v4 | |
| # with: | |
| # name: unsigned-bundle-and-burnengine | |
| # - name: Sign burn-engine | |
| # run: osslsigncode sign -pkcs11module /srv/codesign/certum/sc30pkcs11-3.0.6.71-MS.so -pkcs11cert ${{ secrets.CODESIGN_KEYID }} -key ${{ secrets.CODESIGN_KEYID }} -pass ${{ secrets.CODESIGN_PIN }} -h sha256 -t http://time.certum.pl/ -in burnengine.exe -out burnengine-signed.exe | |
| # - name: Upload bundle and burn-engine artifact | |
| # uses: actions/upload-artifact@v4 | |
| # with: | |
| # name: unsigned-bundle-and-signed-burnengine | |
| # path: | | |
| # defguard-client.exe | |
| # burnengine-signed.exe | |
| # reattach-burn-engine: | |
| # needs: | |
| # - sign-burn-engine | |
| # runs-on: windows-latest | |
| # steps: | |
| # - name: Download unsigned bundle and signed burn-engine | |
| # uses: actions/download-artifact@v4 | |
| # with: | |
| # name: unsigned-bundle-and-signed-burnengine | |
| # - name: Reattach burn-engine | |
| # run: | | |
| # dotnet tool install --global wix --version 4.0.5 | |
| # wix extension add WixToolset.Bal.wixext/4 | |
| # wix burn reattach defguard-client.exe -engine burnengine-signed.exe -o defguard-client-reattached.exe | |
| # - name: Upload bundle with reattached burn-engine | |
| # uses: actions/upload-artifact@v4 | |
| # with: | |
| # name: unsigned-bundle-with-reattached-signed-burn-engine | |
| # path: defguard-client-reattached.exe | |
| # sign-bundle: | |
| # needs: | |
| # - create-release | |
| # - reattach-burn-engine | |
| # runs-on: | |
| # - self-hosted | |
| # - Linux | |
| # - X64 | |
| # steps: | |
| # - name: Write release version | |
| # run: | | |
| # VERSION=$(echo ${GITHUB_REF_NAME#v} | cut -d '-' -f1) | |
| # echo Version: $VERSION | |
| # echo "VERSION=$VERSION" >> ${GITHUB_ENV} | |
| # - name: Download unsigned bundle & signed burn-engine | |
| # uses: actions/download-artifact@v4 | |
| # with: | |
| # name: unsigned-bundle-with-reattached-signed-burn-engine | |
| # - name: Sign bundle | |
| # run: osslsigncode sign -pkcs11module /srv/codesign/certum/sc30pkcs11-3.0.6.71-MS.so -pkcs11cert ${{ secrets.CODESIGN_KEYID }} -key ${{ secrets.CODESIGN_KEYID }} -pass ${{ secrets.CODESIGN_PIN }} -h sha256 -t http://time.certum.pl/ -in defguard-client-reattached.exe -out defguard-client-signed.exe | |
| # - name: Upload installer asset | |
| # uses: actions/upload-release-asset@v1 | |
| # env: | |
| # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| # with: | |
| # upload_url: ${{ needs.create-release.outputs.upload_url }} | |
| # asset_path: defguard-client-signed.exe | |
| # asset_name: defguard-client_${{ env.VERSION }}_x64_en-US.exe | |
| # asset_content_type: application/octet-stream |