| name: Release |
|
|
| on: |
| push: |
| tags: |
| - '*' |
|
|
| permissions: |
| contents: write |
| id-token: write |
| packages: write |
|
|
| env: |
| CARGO_TERM_COLOR: always |
| REGISTRY: ghcr.io |
| IMAGE_NAME: ${{ github.repository }} |
|
|
| jobs: |
| release: |
| strategy: |
| matrix: |
| include: |
| - platform: 'macos-latest' |
| args: '--target aarch64-apple-darwin' |
| - platform: 'ubuntu-latest' |
| args: '' |
| - platform: 'windows-latest' |
| args: '' |
|
|
| runs-on: ${{ matrix.platform }} |
| steps: |
| - uses: actions/checkout@v6 |
| with: |
| fetch-depth: 0 |
| fetch-tags: true |
|
|
| - uses: oven-sh/setup-bun@v2 |
|
|
| - name: install dependencies (ubuntu only) |
| if: matrix.platform == 'ubuntu-latest' |
| run: | |
| sudo apt-get update |
| sudo apt-get install -y libwebkit2gtk-4.1-dev libappindicator3-dev librsvg2-dev patchelf |
| |
| - name: Install CUDA Toolkit (ubuntu only) |
| uses: Jimver/cuda-toolkit@master |
| if: matrix.platform == 'ubuntu-latest' |
| with: |
| cuda: '13.0.0' |
| log-file-suffix: '${{ matrix.platform }}.txt' |
|
|
| - name: Install CUDA Toolkit (windows only) |
| uses: Jimver/cuda-toolkit@master |
| if: matrix.platform == 'windows-latest' |
| with: |
| cuda: '13.0.0' |
| method: 'network' |
| sub-packages: '["nvcc", "cudart", "crt", "thrust", "nvvm", "cublas", "cublas_dev", "cufft", "cufft_dev", "curand", "curand_dev", "nvrtc", "nvrtc_dev"]' |
| log-file-suffix: '${{ matrix.platform }}.txt' |
|
|
| - name: Install MSVC Build Tools |
| uses: ilammy/msvc-dev-cmd@v1 |
| if: matrix.platform == 'windows-latest' |
|
|
| - name: Install dependencies |
| run: bun install |
|
|
| - name: Generate release changelog |
| id: release_notes |
| shell: bash |
| env: |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |
| run: | |
| { |
| echo 'release_body<<EOF' |
| bun git-cliff --current --strip all |
| echo 'EOF' |
| } >> "$GITHUB_OUTPUT" |
| |
| - name: Install trusted-signing-cli (windows only) |
| if: matrix.platform == 'windows-latest' |
| shell: bash |
| run: | |
| curl -fsSL "https://github.com/Levminer/trusted-signing-cli/releases/download/0.8.0/trusted-signing-cli.exe" -o "$RUNNER_TEMP/trusted-signing-cli.exe" |
| printf '%s\n' "$RUNNER_TEMP" >> "$GITHUB_PATH" |
| "$RUNNER_TEMP/trusted-signing-cli.exe" --version |
| |
| - name: Import Apple Developer Certificate |
| if: matrix.platform == 'macos-latest' |
| env: |
| APPLE_CERTIFICATE: ${{ secrets.BUILD_CERTIFICATE_BASE64 }} |
| APPLE_CERTIFICATE_PASSWORD: "" |
| KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} |
| run: | |
| echo $APPLE_CERTIFICATE | base64 --decode > certificate.p12 |
| security create-keychain -p "$KEYCHAIN_PASSWORD" build.keychain |
| security default-keychain -s build.keychain |
| security unlock-keychain -p "$KEYCHAIN_PASSWORD" build.keychain |
| security set-keychain-settings -t 3600 -u build.keychain |
| security import certificate.p12 -k build.keychain -P "$APPLE_CERTIFICATE_PASSWORD" -T /usr/bin/codesign |
| security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$KEYCHAIN_PASSWORD" build.keychain |
| security find-identity -v -p codesigning build.keychain |
| |
| - name: Verify Certificate |
| if: matrix.platform == 'macos-latest' |
| run: | |
| CERT_INFO=$(security find-identity -v -p codesigning build.keychain | grep "Developer ID Application") |
| CERT_ID=$(echo "$CERT_INFO" | awk -F'"' '{print $2}') |
| echo "CERT_ID=$CERT_ID" >> $GITHUB_ENV |
| echo "Certificate imported." |
| |
| - uses: tauri-apps/tauri-action@v0 |
| env: |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |
| APPLE_ID: ${{ secrets.APPLE_ID }} |
| APPLE_PASSWORD: ${{ secrets.APPLE_PASSWORD }} |
| APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM }} |
| APPLE_CERTIFICATE: ${{ secrets.BUILD_CERTIFICATE_BASE64 }} |
| APPLE_CERTIFICATE_PASSWORD: "" |
| APPLE_SIGNING_IDENTITY: ${{ env.CERT_ID }} |
| AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} |
| AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }} |
| AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} |
| TAURI_SIGNING_PRIVATE_KEY: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY }} |
| TAURI_SIGNING_PRIVATE_KEY_PASSWORD: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY_PASSWORD }} |
| SENTRY_DSN: ${{ secrets.SENTRY_DSN }} |
| NEXT_PUBLIC_SENTRY_DSN: ${{ secrets.NEXT_PUBLIC_SENTRY_DSN }} |
| SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} |
| with: |
| tauriScript: npx @tauri-apps/cli |
| tagName: ${{ github.ref_name }} |
| releaseName: ${{ github.ref_name }} |
| releaseBody: ${{ steps.release_notes.outputs.release_body }} |
| releaseDraft: false |
| prerelease: false |
| args: ${{ matrix.args }} |
| uploadUpdaterJson: true |
| uploadUpdaterSignatures: true |
| uploadPlainBinary: true |
|
|
| winget: |
| needs: release |
| runs-on: ubuntu-latest |
| steps: |
| - uses: vedantmgoyal9/winget-releaser@main |
| with: |
| identifier: mayocream.koharu |
| version: ${{ github.ref_name }} |
| installers-regex: '(-setup\.exe|\.msi)$' |
| token: ${{ secrets.WINGET_TOKEN }} |
|
|
| container: |
| needs: release |
| runs-on: ubuntu-latest |
| steps: |
| - uses: actions/checkout@v6 |
|
|
| - uses: docker/setup-buildx-action@v3 |
|
|
| - uses: docker/login-action@v3 |
| with: |
| registry: ${{ env.REGISTRY }} |
| username: ${{ github.actor }} |
| password: ${{ secrets.GITHUB_TOKEN }} |
|
|
| - id: meta |
| uses: docker/metadata-action@v5 |
| with: |
| images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} |
| tags: | |
| type=raw,value=${{ github.ref_name }} |
| type=raw,value=latest |
| |
| - uses: docker/build-push-action@v6 |
| with: |
| context: . |
| file: ./Dockerfile |
| platforms: linux/amd64 |
| push: true |
| labels: ${{ steps.meta.outputs.labels }} |
| tags: ${{ steps.meta.outputs.tags }} |
|
|
