Refactor/split commands #59

Workflow file for this run

.github/workflows/build_macos.yml at 25add68

	name: "macOS Build"

	on:
	workflow_call:
	secrets:
	APPLE_ID:
	required: true
	APPLE_PASSWORD:
	required: true
	APPLE_TEAM_ID:
	required: true
	APPLE_CERTIFICATE:
	required: true
	APPLE_CERTIFICATE_PASSWORD:
	required: true
	KEYCHAIN_PASSWORD:
	required: true
	push:
	branches:
	- master
	paths:
	- 'src-tauri/**'
	- 'src/**'
	- 'static/**'
	- 'package.json'
	- 'bun.lockb'
	- 'svelte.config.js'
	- 'tailwind.config.js'
	- 'vite.config.js'
	- '.github/workflows/build_macos.yml'
	pull_request:
	paths:
	- 'src-tauri/**'
	- 'src/**'
	- 'static/**'
	- 'package.json'
	- 'bun.lockb'
	- 'svelte.config.js'
	- 'tailwind.config.js'
	- 'vite.config.js'
	- '.github/workflows/build_macos.yml'

	jobs:
	setup:
	runs-on: ubuntu-latest
	outputs:
	version: ${{ steps.get-version.outputs.version }}
	steps:
	- uses: actions/checkout@v4

	- name: Get version from Cargo.toml
	id: get-version
	run: \|
	VERSION=$(grep '^version[[:space:]]=[[:space:]]"' src-tauri/Cargo.toml \| sed 's/^version[[:space:]]=[[:space:]]"$.*$"/\1/')
	echo "version=$VERSION" >> "$GITHUB_OUTPUT"

	build-macos:
	needs: setup
	runs-on: macos-latest
	strategy:
	fail-fast: false
	matrix:
	include:
	- arch: "aarch64"
	target: "aarch64-apple-darwin"
	- arch: "x86_64"
	target: "x86_64-apple-darwin"
	env:
	VERSION: ${{ needs.setup.outputs.version }}
	APPLE_ID: ${{ secrets.APPLE_ID }}
	APPLE_PASSWORD: ${{ secrets.APPLE_PASSWORD }}
	APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
	CARGO_INCREMENTAL: 0 # Disable incremental compilation for CI
	RUST_BACKTRACE: 1 # Better error reporting
	MACOSX_DEPLOYMENT_TARGET: "10.15" # Set minimum macOS version
	steps:
	- uses: actions/checkout@v4

	- name: Setup bun
	uses: oven-sh/setup-bun@v1
	with:
	bun-version: 1.1.39

	- name: Cache frontend dependencies
	uses: actions/cache@v4
	id: cache-frontend-deps
	with:
	path: \|
	~/.bun/install/cache
	node_modules
	key: frontend-deps-macos-${{ matrix.arch }}-${{ hashFiles('**/bun.lockb') }}
	restore-keys: \|
	frontend-deps-macos-${{ matrix.arch }}-

	- name: Install frontend dependencies
	if: steps.cache-frontend-deps.outputs.cache-hit != 'true'
	run: bun install

	- name: Cache Rust dependencies
	uses: actions/cache@v4
	with:
	path: \|
	~/.cargo/registry
	~/.cargo/git
	key: rust-deps-macos-${{ matrix.arch }}-${{ hashFiles('**/Cargo.lock') }}
	restore-keys: \|
	rust-deps-macos-${{ matrix.arch }}-

	- name: Add Rust build cache
	uses: Swatinem/rust-cache@v2
	with:
	workspaces: "src-tauri -> target"
	key: macos-${{ matrix.arch }}-rust-${{ hashFiles('**/Cargo.lock') }}

	- name: Install Rust stable
	uses: dtolnay/rust-toolchain@stable
	with:
	targets: aarch64-apple-darwin,x86_64-apple-darwin

	- name: Import Apple Developer Certificate
	id: import_apple_certificate
	env:
	APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }}
	APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
	KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
	run: \|
	echo $APPLE_CERTIFICATE \| base64 --decode > certificate.p12
	security create-keychain -p "$KEYCHAIN_PASSWORD" build.keychain
	security default-keychain -s build.keychain
	security unlock-keychain -p "$KEYCHAIN_PASSWORD" build.keychain
	security import certificate.p12 -k build.keychain -P "$APPLE_CERTIFICATE_PASSWORD" -T /usr/bin/codesign
	security set-keychain-settings -t 3600 -l build.keychain
	security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$KEYCHAIN_PASSWORD" build.keychain
	security list-keychains -s build.keychain

	- name: Verify Certificate
	id: verify_apple_certificate
	run: \|
	security find-identity -v -p codesigning build.keychain
	CERT_INFO=$(security find-identity -v -p codesigning build.keychain \| grep "Developer ID Application")
	CERT_ID=$(echo "$CERT_INFO" \| awk -F'"' '{print $2}')
	echo "cert_id=$CERT_ID" >> "$GITHUB_OUTPUT"
	echo "Apple Developer Certificate imported."

	- name: Build macOS Desktop App
	uses: tauri-apps/tauri-action@v0
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }}
	APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
	APPLE_SIGNING_IDENTITY: 'Developer ID Application'
	with:
	args: --target ${{ matrix.target }}

	- name: Generate macOS artifact hashes
	run: \|
	cd src-tauri/target/${{ matrix.arch }}-apple-darwin/release/bundle
	cd macos
	find . -type f -name "*.app" -exec sh -c '
	FILE="$1"
	shasum -a 256 "$FILE" \| sed "s\| .*\| whitenoise-${VERSION}-macos-${{ matrix.arch }}.app\|" > "${FILE}.sha256"
	' sh {} \;
	find . -type f -name "*.app.tar.gz" -exec sh -c '
	FILE="$1"
	shasum -a 256 "$FILE" \| sed "s\| .*\| whitenoise-${VERSION}-macos-${{ matrix.arch }}.app.tar.gz\|" > "${FILE}.sha256"
	' sh {} \;
	cd ../dmg
	find . -type f -name "*.dmg" -exec sh -c '
	FILE="$1"
	shasum -a 256 "$FILE" \| sed "s\| .*\| whitenoise-${VERSION}-macos-${{ matrix.arch }}.dmg\|" > "${FILE}.sha256"
	' sh {} \;

	- name: Prepare macOS artifacts
	run: \|
	mkdir -p desktop-artifacts
	find src-tauri/target/${{ matrix.arch }}-apple-darwin/release/bundle/dmg -name "*.dmg" -exec sh -c '
	cp "$1" desktop-artifacts/whitenoise-${VERSION}-macos-${{ matrix.arch }}.dmg
	cp "${1}.sha256" desktop-artifacts/whitenoise-${VERSION}-macos-${{ matrix.arch }}.dmg.sha256
	' sh {} \;

	find src-tauri/target/${{ matrix.arch }}-apple-darwin/release/bundle/macos -name "*.app.tar.gz" -exec sh -c '
	cp "$1" desktop-artifacts/whitenoise-${VERSION}-macos-${{ matrix.arch }}.app.tar.gz
	cp "${1}.sha256" desktop-artifacts/whitenoise-${VERSION}-macos-${{ matrix.arch }}.app.tar.gz.sha256
	' sh {} \;

	- name: Upload macOS artifacts
	uses: actions/upload-artifact@v4
	with:
	name: macos-${{ matrix.arch }}
	path: desktop-artifacts/*

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Refactor/split commands #59

Workflow file

Refactor/split commands #59

Jobs

Run details

Workflow file for this run