tauri-release.yml

name: Tauri Release

on:
  workflow_dispatch:
  pull_request:
    paths:
      - ".github/workflows/tauri-release.yml"
  release:
    types: [published]

concurrency:
  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
  cancel-in-progress: true

jobs:
  build-and-sign-tauri:
    strategy:
      fail-fast: false
      matrix:
        target:
          [x86_64-unknown-linux-gnu, x86_64-apple-darwin, aarch64-apple-darwin]

        include:
          - target: x86_64-unknown-linux-gnu
            name: ubuntu-latest

          - target: x86_64-apple-darwin
            name: macos-11

          - target: aarch64-apple-darwin
            name: macos-11

          - target: x86_64-pc-windows-msvc
            name: [self-hosted, Windows, X64]

    runs-on: ${{ matrix.name }}
    env:
      ORT_LIB_LOCATION: ${{ github.workspace }}/lib/${{ matrix.target }}/onnxruntime

    steps:
      - name: Checkout code
        uses: nschloe/action-cached-lfs-checkout@v1

      - name: Install Protoc
        uses: arduino/setup-protoc@v2
        with:
          repo-token: ${{ secrets.GITHUB_TOKEN }}

      - if: matrix.name == 'ubuntu-latest'
        run: sudo apt-get update && sudo apt-get install -y libgtk-3-dev webkit2gtk-4.0 libappindicator3-dev librsvg2-dev patchelf

      - if: matrix.target == 'x86_64-pc-windows-msvc'
        name: Connect to Windows Signing Key USB via VPN
        shell: bash
        env:
          MSYSTEM: UCRT64
          OVPN_AUTH_USER_PASS_BASE64: ${{ secrets.OVPN_AUTH_USER_PASS_BASE64 }}
          OVPN_PROFILE_BASE64: ${{ secrets.OVPN_PROFILE_BASE64 }}
          VHUI_INI_BASE64: ${{ secrets.VHUI_INI_BASE64 }}
          BLOOP_CER_BASE64: ${{ secrets.BLOOP_CER_BASE64 }}
        run: |
          choco install openvpn base64 safenet-authentication-client
          choco install --ignore-checksums virtualhere-client
          echo $SHELL
          echo $PATH
          echo "$OVPN_AUTH_USER_PASS_BASE64" | base64 -d > aup.txt
          echo "$OVPN_PROFILE_BASE64" | base64 -d > profile.ovpn
          /c/Program\ Files/OpenVPN/bin/openvpn.exe --config profile.ovpn --auth-user-pass aup.txt &
          sleep 10
          echo "$VHUI_INI_BASE64" | base64 -d > vhui.ini
          vhui64 --config vhui.ini
          echo "$BLOOP_CER_BASE64" | base64 -d > bloop.cer
          /c/Program\ Files/SafeNet/Authentication/SAC/x64/SACMonitor.exe &
      - name: Use Node.js
        uses: actions/setup-node@v3
        with:
          node-version: 16
          cache: "npm"

      - name: Install app dependencies
        run: npm ci

      - name: Install Rust stable
        uses: actions-rs/toolchain@v1
        with:
          toolchain: stable
          profile: minimal
          target: ${{ matrix.target }}

      - name: Check if keys exist
        env:
          analytics_key: ${{ secrets.ANALYTICS_BE_WRITE_KEY_PROD }}
          analytics_fe_key: ${{ secrets.ANALYTICS_FE_WRITE_KEY_PROD }}
          sentry_dsn: ${{ secrets.SENTRY_DSN_BE }}
          sentry_dsn_fe: ${{ secrets.SENTRY_DSN_FE }}
        if: ${{ env.analytics_fe_key == '' || env.sentry_dsn_fe == '' || env.analytics_key == '' || env.sentry_dsn == ''}}
        run: exit 1

      - name: Set environment
        run: echo "{\"analytics_key\":\"${{ secrets.ANALYTICS_BE_WRITE_KEY_PROD }}\",\"analytics_data_plane\":\"${{ secrets.ANALYTICS_DATA_PLANE_URL }}\",\"sentry_dsn_fe\":\"${{ secrets.SENTRY_DSN_FE }}\",\"sentry_dsn\":\"${{ secrets.SENTRY_DSN_BE }}\",\"analytics_key_fe\":\"${{ secrets.ANALYTICS_FE_WRITE_KEY_PROD }}\",\"github_client_id\":\"${{ secrets.APP_GITHUB_CLIENT_ID }}\",\"answer_api_url\":\"${{ secrets.ANSWER_API_URL }}\"}" > apps/desktop/src-tauri/config/config.json

      - name: Check environment is set
        run: du -h apps/desktop/src-tauri/config/config.json

      - name: Set providerShortName in tauri.conf.json
        uses: jossef/action-set-json-field@v2
        with:
          file: apps/desktop/src-tauri/tauri.conf.json
          field: tauri.bundle.macOS.providerShortName
          value: ${{ secrets.MAC_PROVIDER_SHORT_NAME }}

      - name: Set signingIdentity in tauri.conf.json
        uses: jossef/action-set-json-field@v2
        with:
          file: apps/desktop/src-tauri/tauri.conf.json
          field: tauri.bundle.macOS.signingIdentity
          value: ${{ secrets.APPLE_SIGNING_IDENTITY }}

      - name: Set identifier to bloop on Windows, in tauri.conf.json
        if: matrix.target == 'x86_64-pc-windows-msvc'
        uses: jossef/action-set-json-field@v2
        with:
          file: apps/desktop/src-tauri/tauri.conf.json
          field: tauri.bundle.identifier
          value: bloop

      - name: Set certificatePath in tauri.conf.json
        if: matrix.target == 'x86_64-pc-windows-msvc'
        uses: jossef/action-set-json-field@v2
        with:
          file: apps/desktop/src-tauri/tauri.conf.json
          field: tauri.bundle.windows.certificatePath
          value: ../../../bloop.cer

      - name: Set CSP in tauri.conf.json
        if: matrix.target == 'x86_64-pc-windows-msvc'
        uses: jossef/action-set-json-field@v2
        with:
          file: apps/desktop/src-tauri/tauri.conf.json
          field: tauri.bundle.windows.csp
          value: eToken Base Cryptographic Provider

      - name: Set Key ID in tauri.conf.json
        if: matrix.target == 'x86_64-pc-windows-msvc'
        uses: jossef/action-set-json-field@v2
        with:
          file: apps/desktop/src-tauri/tauri.conf.json
          field: tauri.bundle.windows.keyId
          value: ${{ secrets.WINDOWS_KEY_ID }}

      - name: get release version
        id: release-version
        run: echo "RELEASE_VERSION=$(cat apps/desktop/src-tauri/tauri.conf.json | jq '.package.version' | tr -d '"')" >> "$GITHUB_OUTPUT"

      - uses: tauri-apps/tauri-action@cb58ba3f65bd456ee564376585a8400bf0b71f47
        env:
          ORT_LIB_LOCATION: ${{ github.workspace }}/lib/${{ matrix.target }}/onnxruntime
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          ENABLE_CODE_SIGNING: ${{ secrets.APPLE_CERTIFICATE }}
          APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }}
          APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
          APPLE_SIGNING_IDENTITY: ${{ secrets.APPLE_SIGNING_IDENTITY }}
          APPLE_ID: ${{ secrets.APPLE_ID }}
          APPLE_PASSWORD: ${{ secrets.APPLE_PASSWORD }}
          TAURI_BIN_PATH: apps/desktop/src-tauri/bin
          TAURI_PRIVATE_KEY: ${{ secrets.TAURI_PRIVATE_KEY }}
          TAURI_KEY_PASSWORD: ${{ secrets.TAURI_KEY_PASSWORD }}
          SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
          SENTRY_RELEASE_VERSION: ${{ steps.release-version.outputs.RELEASE_VERSION }}
        with:
          args: -- --target "${{ matrix.target }}" -v

      - name: Upload artifacts
        uses: actions/upload-artifact@v3
        with:
          name: ${{ matrix.target }}-app
          path: target/${{ matrix.target }}/release/bundle
          retention-days: 5

      - name: Rename tar.gz in macos
        if: matrix.name == 'macos-11'
        run: |
          new_filename="bloop_${{ steps.release-version.outputs.RELEASE_VERSION }}_$(echo ${{ matrix.target }} | cut -d '-' -f 1).app.tar.gz"
          mv "target/${{ matrix.target }}/release/bundle/macos/bloop.app.tar.gz" "target/${{ matrix.target }}/release/bundle/macos/${new_filename}"

      - name: List files
        run: ls -R target/${{ matrix.target }}/release/bundle

      - name: Generate Changelog
        run: |
          release_version="${{ steps.release-version.outputs.RELEASE_VERSION }}"
          sed "s/VERSION/${release_version}/g" release_description_template.txt > new_description.txt
          cat new_description.txt

      - name: Upload release assets
        uses: softprops/action-gh-release@v1
        if: startsWith(github.ref, 'refs/tags/v')
        with:
          files: |
            target/${{ matrix.target }}/release/bundle/**/*.deb
            target/${{ matrix.target }}/release/bundle/**/*.AppImage
            target/${{ matrix.target }}/release/bundle/**/*.dmg
            target/${{ matrix.target }}/release/bundle/**/*.tar.gz