diff --git a/.github/workflows/pgp-sign-release.yml b/.github/workflows/pgp-sign-release.yml new file mode 100644 index 0000000..15d6e15 --- /dev/null +++ b/.github/workflows/pgp-sign-release.yml @@ -0,0 +1,64 @@ +name: PGP sign release + +on: + workflow_run: + workflows: ["publish"] + types: + - completed + +jobs: + sign-release: + runs-on: ubuntu-latest + if: ${{ github.event.workflow_run.conclusion == 'success' }} + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Install GPG + run: sudo apt-get install -y gnupg + + - name: Import GPG key + env: + TAURI_PRIVATE_KEY: ${{ secrets.TAURI_PRIVATE_KEY }} + TAURI_KEY_PASSWORD: ${{ secrets.TAURI_KEY_PASSWORD }} + run: | + echo "$TAURI_PRIVATE_KEY" | gpg --batch --yes --import + echo "$TAURI_KEY_PASSWORD" | gpg --batch --yes --passphrase-fd 0 --pinentry-mode loopback --change-passphrase $(gpg --list-secret-keys --with-colons | awk -F: '/^sec:/ { print $5 }') + + - name: Create and Sign SHA256SUMS + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + TAURI_KEY_PASSWORD: ${{ secrets.TAURI_KEY_PASSWORD }} + run: | + version=$(grep '^version =' src-tauri/Cargo.toml | cut -d '"' -f2) + echo "Version: $version" + + releases=$(gh release list --limit 20 --json tagName,name,isDraft,isPrerelease) + releaseInfo=$(echo "$releases" | jq -r ".[] | select(.isDraft == true and .name | contains(\"$version\")) | .tagName" | head -n1) + + if [ -z "$releaseInfo" ]; then + echo "Error: Could not find a draft release for version $version" + exit 1 + fi + + tagName="$releaseInfo" + echo "Found draft release: $tagName" + + # Create a temporary directory for downloaded assets + mkdir -p tmp_assets + cd tmp_assets + + # Download all assets + gh release download "$tagName" --pattern "*" + + # Create SHA256SUMS.txt + sha256sum * > SHA256SUMS.txt + + # Sign SHA256SUMS.txt + gpg --batch --yes --passphrase "$TAURI_KEY_PASSWORD" --pinentry-mode loopback --clearsign SHA256SUMS.txt + + # Upload SHA256SUMS.txt and SHA256SUMS.txt.asc + gh release upload "$tagName" SHA256SUMS.txt SHA256SUMS.txt.asc --clobber + + cd .. + rm -rf tmp_assets diff --git a/.github/workflows/tauri-build.yml b/.github/workflows/tauri-build.yml index 4a1f2a6..ad750da 100644 --- a/.github/workflows/tauri-build.yml +++ b/.github/workflows/tauri-build.yml @@ -63,7 +63,7 @@ jobs: - name: install frontend dependencies run: yarn install # change this to npm, pnpm or bun depending on which one you use. - - uses: tauri-apps/tauri-action@dev + - uses: tauri-apps/tauri-action@v0 id: tauri-build env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} @@ -73,9 +73,6 @@ jobs: APPLE_ID: ${{ secrets.APPLE_ID }} APPLE_PASSWORD: ${{ secrets.APPLE_PASSWORD }} APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} - TAURI_PRIVATE_KEY: "${{ secrets.TAURI_PRIVATE_KEY }}" - TAURI_KEY_PASSWORD: "${{ secrets.TAURI_KEY_PASSWORD }}" - TAURI_PUBLIC_KEY: "${{ secrets.TAURI_PUBLIC_KEY }}" with: tagName: keeper-desktop-v__VERSION__ # the action automatically replaces \_\_VERSION\_\_ with the app version. releaseName: "Keeper Desktop v__VERSION__" diff --git a/src-tauri/src/channel.rs b/src-tauri/src/channel.rs index 6a9821a..1efdfee 100644 --- a/src-tauri/src/channel.rs +++ b/src-tauri/src/channel.rs @@ -12,7 +12,7 @@ use tauri::Manager; use thiserror::Error; use tokio::time::timeout; -static URL: &str = "https://bithyve-dev-relay.el.r.appspot.com:4002/"; +static URL: &str = "https://keeper-channel-dev-8d01fa5233d0.herokuapp.com/"; #[derive(Error, Debug)] pub enum ChannelError {