Merge branch 'pj/ch/github-actions-ffmpeg-fixes'

CapSoftware · Sep 11, 2024 · 22e9e65 · 22e9e65 · vercel · Sep 11, 2024
2 parents 73a7a30 + d94d2f8
commit 22e9e65
Show file tree

Hide file tree

Showing 2 changed files with 43 additions and 12 deletions.
diff --git a/.github/prebuild.js b/.github/prebuild.js
@@ -8,6 +8,7 @@ import extract from "extract-zip";
 
 const exec = promisify(execCb);
 const signId = env.APPLE_SIGNING_IDENTITY || "-";
+const keychain = env.APPLE_KEYCHAIN ? `--keychain ${env.APPLE_KEYCHAIN}` : "";
 
 const __filename = fileURLToPath(import.meta.url);
 const __dirname = path.dirname(__filename);
@@ -28,7 +29,7 @@ async function symlinkSharedLibsMacOS(nativeDeps) {
           .filter((entry) => entry.isFile() && entry.name.endsWith(".dylib"))
           .map((entry) =>
             exec(
-              `codesign -s "${signId}" -f "${path.join(
+              `codesign ${keychain} -s "${signId}" -f "${path.join(
                 entry.path,
                 entry.name
               )}"`
@@ -88,7 +89,7 @@ rustflags = [
     JSON.stringify(
       {
         bundle: {
-          macOS: { frameworks: path.join(nativeDeps, "Spacedrive.framework") },
+          macOS: { frameworks: [path.join(nativeDeps, "Spacedrive.framework")] },
         },
       },
       null,

diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
@@ -33,29 +33,60 @@ jobs:
       - name: Create API Key File
         run: echo "${{ secrets.APPLE_API_KEY_FILE }}" > api.p8
 
+      - name: Ensure signing identity
+        env:
+          APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }}
+          APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
+        run: |
+          CERTIFICATE_PATH=${{ runner.temp }}/certificate.p12
+          KEYCHAIN_PATH=${{ runner.temp }}/build.keychain
+
+          echo -n "$APPLE_CERTIFICATE" | base64 --decode -o $CERTIFICATE_PATH
+
+          # Maybe set password in secrets?? This gets cleaned up at the beginning and end of each job though.
+          security create-keychain -p "" $KEYCHAIN_PATH
+          security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
+          security default-keychain -s $KEYCHAIN_PATH
+          security unlock-keychain -p "" $KEYCHAIN_PATH
+          security import $CERTIFICATE_PATH -P "$APPLE_CERTIFICATE_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
+          security set-key-partition-list -S apple-tool:,apple: -k "" $KEYCHAIN_PATH
+          security list-keychain -d user -s $KEYCHAIN_PATH
+
+      - name: Verify certificate
+        run: security find-identity -v -p codesigning ${{ runner.temp }}/build.keychain
+
       - name: Rust setup
-        uses: actions-rust-lang/setup-rust-toolchain@v1
+        uses: dtolnay/rust-toolchain@stable
         with:
-          toolchain: stable
-          cache: true
+          targets: x86_64-apple-darwin, aarch64-apple-darwin
 
-      - name: Setup pnpm
-        uses: pnpm/action-setup@v4
+      - name: Rust cache
+        uses: swatinem/rust-cache@v2
         with:
-          version: 8.10.5
+          workspaces: |
+            ". -> target"
+            "./apps/desktop/src-tauri -> target"
 
       - name: Setup Node.js
         uses: actions/setup-node@v4
         with:
           node-version: "20"
 
+      - name: Setup pnpm
+        uses: pnpm/action-setup@v4
+        with:
+          version: 8.10.5
+
       - name: Install dependencies
         run: cd apps/desktop-solid && pnpm install
 
       - name: Create .env file in root
         run: |
           echo "appVersion=${{ steps.read_version.outputs.value }}" >> .env
           echo "CAP_DESKTOP_SENTRY_URL=https://efd3156d9c0a8a49bee3ee675bec80d8@o4506859771527168.ingest.us.sentry.io/4506859844403200" >> .env
+          echo "NEXT_PUBLIC_URL=${{ secrets.NEXT_PUBLIC_URL }}" >> .env
+          echo 'NEXTAUTH_URL=${NEXT_PUBLIC_URL}' >> .env
+          echo 'VITE_SERVER_URL=${NEXT_PUBLIC_URL}' >> .env
 
       - name: Copy .env to apps/desktop-solid
         run: cp .env apps/desktop-solid/.env
@@ -68,7 +99,6 @@ jobs:
         # Build both intel and apple silicon
         working-directory: apps/desktop-solid
         run: |
-          rustup target add x86_64-apple-darwin
           pnpm install
           node ${{ github.workspace }}/.github/prebuild.js x86_64
           pnpm tauri build --target x86_64-apple-darwin
@@ -85,9 +115,9 @@ jobs:
           APPLE_API_ISSUER: ${{ secrets.APPLE_API_ISSUER }}
           APPLE_API_KEY: ${{ secrets.APPLE_API_KEY }}
           APPLE_API_KEY_PATH: api.p8
-
-          TAURI_PRIVATE_SIGNING_KEY: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY }}
-          TAURI_KEY_SIGNING_PASSWORD: ${{ secrets.TAURI_KEY_SIGNING_PASSWORD }}
+          APPLE_KEYCHAIN: ${{ runner.temp }}/build.keychain
+          TAURI_SIGNING_PRIVATE_KEY: ${{ secrets.TAURI_PRIVATE_SIGNING_KEY }}
+          TAURI_SIGNING_PRIVATE_KEY_PASSWORD: ${{ secrets.TAURI_KEY_PASSWORD }}
 
       - name: upload assets
         uses: crabnebula-dev/cloud-release@v0