name: Release on: push: tags: - '*' permissions: contents: write id-token: write packages: write env: CARGO_TERM_COLOR: always REGISTRY: ghcr.io IMAGE_NAME: ${{ github.repository }} jobs: release: strategy: matrix: include: - platform: 'macos-latest' # for Arm based macs (M1 and above). args: '--target aarch64-apple-darwin' - platform: 'ubuntu-latest' args: '' - platform: 'windows-latest' args: '' runs-on: ${{ matrix.platform }} steps: - uses: actions/checkout@v6 with: fetch-depth: 0 fetch-tags: true - uses: oven-sh/setup-bun@v2 - name: install dependencies (ubuntu only) if: matrix.platform == 'ubuntu-latest' run: | sudo apt-get update sudo apt-get install -y libwebkit2gtk-4.1-dev libappindicator3-dev librsvg2-dev patchelf - name: Install CUDA Toolkit (ubuntu only) uses: Jimver/cuda-toolkit@master if: matrix.platform == 'ubuntu-latest' with: cuda: '13.0.0' log-file-suffix: '${{ matrix.platform }}.txt' - name: Install CUDA Toolkit (windows only) uses: Jimver/cuda-toolkit@master if: matrix.platform == 'windows-latest' with: cuda: '13.0.0' method: 'network' sub-packages: '["nvcc", "cudart", "crt", "thrust", "nvvm", "cublas", "cublas_dev", "cufft", "cufft_dev", "curand", "curand_dev", "nvrtc", "nvrtc_dev"]' log-file-suffix: '${{ matrix.platform }}.txt' - name: Install MSVC Build Tools uses: ilammy/msvc-dev-cmd@v1 if: matrix.platform == 'windows-latest' - name: Install dependencies run: bun install - name: Generate release changelog id: release_notes shell: bash env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | { echo 'release_body<> "$GITHUB_OUTPUT" - name: Install trusted-signing-cli (windows only) if: matrix.platform == 'windows-latest' shell: bash run: | curl -fsSL "https://github.com/Levminer/trusted-signing-cli/releases/download/0.8.0/trusted-signing-cli.exe" -o "$RUNNER_TEMP/trusted-signing-cli.exe" printf '%s\n' "$RUNNER_TEMP" >> "$GITHUB_PATH" "$RUNNER_TEMP/trusted-signing-cli.exe" --version - name: Import Apple Developer Certificate if: matrix.platform == 'macos-latest' env: APPLE_CERTIFICATE: ${{ secrets.BUILD_CERTIFICATE_BASE64 }} APPLE_CERTIFICATE_PASSWORD: "" KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} run: | echo $APPLE_CERTIFICATE | base64 --decode > certificate.p12 security create-keychain -p "$KEYCHAIN_PASSWORD" build.keychain security default-keychain -s build.keychain security unlock-keychain -p "$KEYCHAIN_PASSWORD" build.keychain security set-keychain-settings -t 3600 -u build.keychain security import certificate.p12 -k build.keychain -P "$APPLE_CERTIFICATE_PASSWORD" -T /usr/bin/codesign security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$KEYCHAIN_PASSWORD" build.keychain security find-identity -v -p codesigning build.keychain - name: Verify Certificate if: matrix.platform == 'macos-latest' run: | CERT_INFO=$(security find-identity -v -p codesigning build.keychain | grep "Developer ID Application") CERT_ID=$(echo "$CERT_INFO" | awk -F'"' '{print $2}') echo "CERT_ID=$CERT_ID" >> $GITHUB_ENV echo "Certificate imported." - uses: tauri-apps/tauri-action@v0 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} APPLE_ID: ${{ secrets.APPLE_ID }} APPLE_PASSWORD: ${{ secrets.APPLE_PASSWORD }} APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM }} APPLE_CERTIFICATE: ${{ secrets.BUILD_CERTIFICATE_BASE64 }} APPLE_CERTIFICATE_PASSWORD: "" APPLE_SIGNING_IDENTITY: ${{ env.CERT_ID }} AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }} AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} TAURI_SIGNING_PRIVATE_KEY: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY }} TAURI_SIGNING_PRIVATE_KEY_PASSWORD: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY_PASSWORD }} SENTRY_DSN: ${{ secrets.SENTRY_DSN }} NEXT_PUBLIC_SENTRY_DSN: ${{ secrets.NEXT_PUBLIC_SENTRY_DSN }} SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} with: tauriScript: npx @tauri-apps/cli tagName: ${{ github.ref_name }} releaseName: ${{ github.ref_name }} releaseBody: ${{ steps.release_notes.outputs.release_body }} releaseDraft: false prerelease: false args: ${{ matrix.args }} uploadUpdaterJson: true uploadUpdaterSignatures: true uploadPlainBinary: true winget: needs: release runs-on: ubuntu-latest steps: - uses: vedantmgoyal9/winget-releaser@main with: identifier: mayocream.koharu version: ${{ github.ref_name }} installers-regex: '(-setup\.exe|\.msi)$' token: ${{ secrets.WINGET_TOKEN }} container: needs: release runs-on: ubuntu-latest steps: - uses: actions/checkout@v6 - uses: docker/setup-buildx-action@v3 - uses: docker/login-action@v3 with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - id: meta uses: docker/metadata-action@v5 with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} tags: | type=raw,value=${{ github.ref_name }} type=raw,value=latest - uses: docker/build-push-action@v6 with: context: . file: ./Dockerfile platforms: linux/amd64 push: true labels: ${{ steps.meta.outputs.labels }} tags: ${{ steps.meta.outputs.tags }}