Proma/.github/workflows/release.yml at main · ErlichLiu/Proma · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
# GitHub Actions: 自动打包分发
#
# 触发条件：推送 v* tag（如 v0.4.0）
# 构建 macOS 和 Windows 产物并发布到 GitHub Releases
#
# 所需 GitHub Secrets（macOS 签名/公证，可选）:
# - MAC_CERTS: Base64 编码的 macOS Developer ID Application 证书 (.p12)
# - MAC_CERTS_PASSWORD: 证书密码
# - APPLE_ID: Apple ID（公证用）
# - APPLE_APP_SPECIFIC_PASSWORD: App-Specific 密码（公证用）
# - APPLE_TEAM_ID: Apple Developer Team ID
# GITHUB_TOKEN 由 GitHub Actions 自动提供，无需手动配置

name: Release

on:
  push:
    tags:
      - 'v*'

permissions:
  contents: write

jobs:
  build:
    strategy:
      fail-fast: false
      matrix:
        include:
          - os: macos-latest
            platform: mac
          - os: windows-latest
            platform: win

    runs-on: ${{ matrix.os }}

    steps:
      - name: 检出代码
        uses: actions/checkout@v4

      - name: 安装 Bun
        uses: oven-sh/setup-bun@v2
        with:
          bun-version: latest

      - name: 安装 Node.js
        uses: actions/setup-node@v4
        with:
          node-version: 20

      - name: 安装依赖
        run: bun install

      # macOS 代码签名准备
      - name: 导入 macOS 签名证书
        if: matrix.platform == 'mac'
        env:
          MAC_CERTS: ${{ secrets.MAC_CERTS }}
          MAC_CERTS_PASSWORD: ${{ secrets.MAC_CERTS_PASSWORD }}
        run: |
          # 创建临时 keychain
          KEYCHAIN_PATH=$RUNNER_TEMP/build.keychain
          KEYCHAIN_PASSWORD=$(openssl rand -base64 32)

          security create-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
          security set-keychain-settings -lut 21600 "$KEYCHAIN_PATH"
          security unlock-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"

          # 导入证书
          echo "$MAC_CERTS" | base64 --decode > $RUNNER_TEMP/cert.p12
          security import $RUNNER_TEMP/cert.p12 -P "$MAC_CERTS_PASSWORD" -A -t cert -f pkcs12 -k "$KEYCHAIN_PATH"
          security set-key-partition-list -S apple-tool:,apple: -k "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
          security list-keychain -d user -s "$KEYCHAIN_PATH"

          rm $RUNNER_TEMP/cert.p12

      # 构建应用
      - name: 构建 Electron 应用
        run: bun run electron:build
        working-directory: .

      # 打包并发布到 GitHub Releases
      - name: 打包并发布 (macOS)
        if: matrix.platform == 'mac'
        env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          APPLE_ID: ${{ secrets.APPLE_ID }}
          APPLE_APP_SPECIFIC_PASSWORD: ${{ secrets.APPLE_APP_SPECIFIC_PASSWORD }}
          APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
        run: npx electron-builder --mac --publish always
        working-directory: apps/electron

      - name: 打包并发布 (Windows)
        if: matrix.platform == 'win'
        env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: npx electron-builder --win --publish always
        working-directory: apps/electron