Release #91
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| bump_type: | |
| description: "Version bump type" | |
| required: true | |
| default: patch | |
| type: choice | |
| options: | |
| - major | |
| - minor | |
| - patch | |
| jobs: | |
| bump-version: | |
| name: Bump versions | |
| outputs: | |
| version: ${{ steps.bump_version.outputs.version }} | |
| runs-on: ubuntu-latest | |
| env: | |
| GH_TOKEN: ${{ github.token }} | |
| steps: | |
| - name: Checkout project | |
| uses: actions/checkout@v4 | |
| - name: Setup just cli | |
| uses: extractions/setup-just@v2 | |
| - name: Install uv | |
| uses: astral-sh/setup-uv@v5 | |
| - name: Setup Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: "^3.13" | |
| - name: Setup git config | |
| env: | |
| GH_TOKEN: ${{ github.token }} | |
| run: | | |
| git config user.email "${GITHUB_ACTOR_ID}+${GITHUB_ACTOR}@users.noreply.github.com" | |
| git config user.name "$(gh api /users/${GITHUB_ACTOR} | jq .name -r)" | |
| - name: Bump the Version | |
| id: bump_version | |
| run: | | |
| just bump-version ${{ inputs.bump_type }} | |
| echo "version=$(git describe --tags --always --dirty)" >> $GITHUB_OUTPUT | |
| - name: Push changes to the repo | |
| run: | | |
| # Set a new remote URL using HTTPS with the github token | |
| git remote set-url origin https://x-access-token:${{ github.token }}@github.com/${{ github.repository }}.git | |
| # Push the current branch to the remote repo | |
| git push origin | |
| # Push the tag to the remote repo | |
| git push origin ${{ steps.bump_version.outputs.version }} | |
| build: | |
| name: Build app bundle | |
| needs: bump-version | |
| strategy: | |
| matrix: | |
| include: | |
| - runs-on: macos-latest | |
| args: "aarch64-apple-darwin" | |
| - runs-on: macos-latest | |
| args: "x86_64-apple-darwin" | |
| - runs-on: windows-latest | |
| args: "x86_64-pc-windows-msvc" | |
| - runs-on: ubuntu-22.04 | |
| args: "x86_64-unknown-linux-gnu" | |
| runs-on: ${{ matrix.runs-on }} | |
| env: | |
| APPLE_ID: ${{ secrets.APPLE_ID }} | |
| APPLE_PASSWORD: ${{ secrets.APPLE_PASSWORD }} | |
| APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} | |
| APPLE_SIGNING_IDENTITY: ${{ secrets.APPLE_SIGNING_IDENTITY }} | |
| TAURI_SIGNING_PRIVATE_KEY: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY }} | |
| TAURI_SIGNING_PRIVATE_KEY_PASSWORD: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY_PASSWORD }} | |
| GH_TOKEN: ${{ github.token }} | |
| steps: | |
| - name: Checkout project | |
| uses: actions/checkout@v4 | |
| with: | |
| submodules: recursive | |
| - name: Import signing certificate into keychain | |
| if: runner.os == 'macOS' | |
| uses: apple-actions/import-codesign-certs@v3 | |
| with: | |
| p12-file-base64: ${{ secrets.SIGNING_CERTIFICATE_P12_DATA }} | |
| p12-password: ${{ secrets.SIGNING_CERTIFICATE_PASSWORD }} | |
| - name: Install system dependencies (Linux) | |
| if: runner.os == 'Linux' | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y \ | |
| libwebkit2gtk-4.1-dev \ | |
| build-essential \ | |
| curl \ | |
| wget \ | |
| file \ | |
| libxdo-dev \ | |
| libssl-dev \ | |
| libayatana-appindicator3-dev \ | |
| librsvg2-dev | |
| - name: Setup just cli | |
| uses: extractions/setup-just@v2 | |
| - name: Setup Bun | |
| uses: oven-sh/setup-bun@v1 | |
| - name: Setup Rust | |
| uses: dtolnay/rust-toolchain@stable | |
| with: | |
| targets: ${{ matrix.args }} | |
| components: rust-src, rustfmt, clippy | |
| - name: Install uv | |
| uses: astral-sh/setup-uv@v5 | |
| - name: Setup Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: "^3.13" | |
| - name: Setup Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| cache: true | |
| go-version-file: src-daemon/go.mod | |
| cache-dependency-path: src-daemon/go.sum | |
| - name: Cache Rust dependencies | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| ~/.cargo/registry | |
| ~/.cargo/git | |
| ~/.cargo/bin | |
| target | |
| src-tauri/target | |
| key: ${{ matrix.args }}-cargo-${{ hashFiles('**/Cargo.lock', '**/Cargo.toml') }} | |
| restore-keys: | | |
| ${{ matrix.args }}-cargo- | |
| - name: Install Project dependencies | |
| run: | | |
| corepack enable | |
| bun install --cwd src-frontend | |
| bun install --global @tauri-apps/cli@latest | |
| - name: Build app (macOS) | |
| if: runner.os == 'macOS' | |
| run: | | |
| GITHUB_CI=1 just package ${{ matrix.args }} | |
| # Create artifacts directory | |
| mkdir -p artifacts | |
| mv src-tauri/target/${{ matrix.args }}/release/bundle/dmg/*.dmg artifacts/SyftBox-${{ matrix.args }}.dmg | |
| mv src-tauri/target/${{ matrix.args }}/release/bundle/macos/*.app.tar.gz artifacts/SyftBox-${{ matrix.args }}.app.tar.gz | |
| mv src-tauri/target/${{ matrix.args }}/release/bundle/macos/*.app.tar.gz.sig artifacts/SyftBox-${{ matrix.args }}.app.tar.gz.sig | |
| - name: Build app (Windows) | |
| if: runner.os == 'Windows' | |
| shell: pwsh | |
| run: | | |
| $env:GITHUB_CI = "1"; just package ${{ matrix.args }} | |
| # Create artifacts directory | |
| New-Item -Path artifacts -ItemType Directory -Force | |
| Move-Item -Path src-tauri\target\${{ matrix.args }}\release\bundle\msi\*.msi -Destination artifacts\SyftBox-${{ matrix.args }}.msi | |
| Move-Item -Path src-tauri\target\${{ matrix.args }}\release\bundle\msi\*.msi.sig -Destination artifacts\SyftBox-${{ matrix.args }}.msi.sig | |
| - name: Build app (Linux) | |
| if: runner.os == 'Linux' | |
| run: | | |
| rm -rf src-tauri/target/${{ matrix.args }}/release/bundle/ | |
| GITHUB_CI=1 just package ${{ matrix.args }} | |
| # Create artifacts directory | |
| mkdir -p artifacts | |
| mv src-tauri/target/${{ matrix.args }}/release/bundle/deb/*.deb artifacts/SyftBox-${{ matrix.args }}.deb | |
| mv src-tauri/target/${{ matrix.args }}/release/bundle/deb/*.deb.sig artifacts/SyftBox-${{ matrix.args }}.deb.sig | |
| mv src-tauri/target/${{ matrix.args }}/release/bundle/rpm/*.rpm artifacts/SyftBox-${{ matrix.args }}.rpm | |
| mv src-tauri/target/${{ matrix.args }}/release/bundle/rpm/*.rpm.sig artifacts/SyftBox-${{ matrix.args }}.rpm.sig | |
| mv src-tauri/target/${{ matrix.args }}/release/bundle/appimage/*.AppImage artifacts/SyftBox-${{ matrix.args }}.AppImage | |
| mv src-tauri/target/${{ matrix.args }}/release/bundle/appimage/*.AppImage.sig artifacts/SyftBox-${{ matrix.args }}.AppImage.sig | |
| # - name: Deploy frontend to syftbox-stage | |
| # run: just deploy-frontend-to-stage | |
| - name: Create release | |
| uses: ncipollo/release-action@v1 | |
| with: | |
| tag: ${{ needs.bump-version.outputs.version }} | |
| name: ${{ needs.bump-version.outputs.version }} | |
| draft: true | |
| allowUpdates: true | |
| omitBodyDuringUpdate: true | |
| makeLatest: true | |
| artifacts: | | |
| ./artifacts/*.app.tar.gz | |
| ./artifacts/*.app.tar.gz.sig | |
| ./artifacts/*.AppImage | |
| ./artifacts/*.AppImage.sig | |
| ./artifacts/*.deb | |
| ./artifacts/*.deb.sig | |
| ./artifacts/*.dmg | |
| ./artifacts/*.dmg.sig | |
| ./artifacts/*.msi | |
| ./artifacts/*.msi.sig | |
| ./artifacts/*.rpm | |
| ./artifacts/*.rpm.sig | |
| - name: Clean up all user keychains | |
| if: always() && runner.os == 'macOS' | |
| run: | | |
| # List all keychains | |
| keychains=$(security list-keychains | tr -d '" "') | |
| # Iterate over the keychains and delete each one that is not a system keychain | |
| echo "$keychains" | while IFS= read -r keychain; do | |
| if [[ "$keychain" != "/Library/Keychains/System.keychain" && "$keychain" != "/Library/Keychains/SystemRootCertificates.keychain" ]]; then | |
| echo "Deleting keychain: $keychain" | |
| security delete-keychain "$keychain" | |
| else | |
| echo "Skipping system keychain: $keychain" | |
| fi | |
| done | |
| generate-release-notes: | |
| name: Generate Release Notes | |
| needs: [bump-version, build] | |
| runs-on: ubuntu-latest | |
| env: | |
| GH_TOKEN: ${{ github.token }} | |
| OPENROUTER_API_KEY: ${{ secrets.OPENROUTER_API_KEY }} | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 # Fetch all history for all branches and tags | |
| submodules: recursive | |
| - name: Generate Release Notes | |
| run: | | |
| set -xv | |
| # Make the script executable | |
| chmod +x ./scripts/generate-release-notes.sh | |
| # Generate release notes and save to a file | |
| ./scripts/generate-release-notes.sh | tee release_notes.md | |
| # Update the release with the generated notes | |
| gh release edit ${{ needs.bump-version.outputs.version }} --notes-file release_notes.md |