bithyve · ben-kaufman · Sep 5, 2024 · Sep 5, 2024 · Sep 5, 2024 · Sep 5, 2024
diff --git a/.github/workflows/pgp-sign-release.yml b/.github/workflows/pgp-sign-release.yml
@@ -0,0 +1,64 @@
+name: PGP sign release
+
+on:
+  workflow_run:
+    workflows: ["publish"]
+    types:
+      - completed
+
+jobs:
+  sign-release:
+    runs-on: ubuntu-latest
+    if: ${{ github.event.workflow_run.conclusion == 'success' }}
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Install GPG
+        run: sudo apt-get install -y gnupg
+
+      - name: Import GPG key
+        env:
+          TAURI_PRIVATE_KEY: ${{ secrets.TAURI_PRIVATE_KEY }}
+          TAURI_KEY_PASSWORD: ${{ secrets.TAURI_KEY_PASSWORD }}
+        run: |
+          echo "$TAURI_PRIVATE_KEY" | gpg --batch --yes --import
+          echo "$TAURI_KEY_PASSWORD" | gpg --batch --yes --passphrase-fd 0 --pinentry-mode loopback --change-passphrase $(gpg --list-secret-keys --with-colons | awk -F: '/^sec:/ { print $5 }')
+
+      - name: Create and Sign SHA256SUMS
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          TAURI_KEY_PASSWORD: ${{ secrets.TAURI_KEY_PASSWORD }}
+        run: |
+          version=$(grep '^version =' src-tauri/Cargo.toml | cut -d '"' -f2)
+          echo "Version: $version"
+
+          releases=$(gh release list --limit 20 --json tagName,name,isDraft,isPrerelease)
+          releaseInfo=$(echo "$releases" | jq -r ".[] | select(.isDraft == true and .name | contains(\"$version\")) | .tagName" | head -n1)
+
+          if [ -z "$releaseInfo" ]; then
+            echo "Error: Could not find a draft release for version $version"
+            exit 1
+          fi
+
+          tagName="$releaseInfo"
+          echo "Found draft release: $tagName"
+
+          # Create a temporary directory for downloaded assets
+          mkdir -p tmp_assets
+          cd tmp_assets
+
+          # Download all assets
+          gh release download "$tagName" --pattern "*"
+
+          # Create SHA256SUMS.txt
+          sha256sum * > SHA256SUMS.txt
+
+          # Sign SHA256SUMS.txt
+          gpg --batch --yes --passphrase "$TAURI_KEY_PASSWORD" --pinentry-mode loopback --clearsign SHA256SUMS.txt
+
+          # Upload SHA256SUMS.txt and SHA256SUMS.txt.asc
+          gh release upload "$tagName" SHA256SUMS.txt SHA256SUMS.txt.asc --clobber
+
+          cd ..
+          rm -rf tmp_assets
diff --git a/.github/workflows/tauri-build.yml b/.github/workflows/tauri-build.yml
@@ -63,7 +63,7 @@ jobs:
       - name: install frontend dependencies
         run: yarn install # change this to npm, pnpm or bun depending on which one you use.
 
-      - uses: tauri-apps/tauri-action@dev
+      - uses: tauri-apps/tauri-action@v0
         id: tauri-build
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -73,9 +73,6 @@ jobs:
           APPLE_ID: ${{ secrets.APPLE_ID }}
           APPLE_PASSWORD: ${{ secrets.APPLE_PASSWORD }}
           APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
-          TAURI_PRIVATE_KEY: "${{ secrets.TAURI_PRIVATE_KEY }}"
-          TAURI_KEY_PASSWORD: "${{ secrets.TAURI_KEY_PASSWORD }}"
-          TAURI_PUBLIC_KEY: "${{ secrets.TAURI_PUBLIC_KEY }}"
         with:
           tagName: keeper-desktop-v__VERSION__ # the action automatically replaces \_\_VERSION\_\_ with the app version.
           releaseName: "Keeper Desktop v__VERSION__"

diff --git a/src-tauri/src/channel.rs b/src-tauri/src/channel.rs
@@ -12,7 +12,7 @@ use tauri::Manager;
 use thiserror::Error;
 use tokio::time::timeout;
 
-static URL: &str = "https://bithyve-dev-relay.el.r.appspot.com:4002/";
+static URL: &str = "https://keeper-channel-dev-8d01fa5233d0.herokuapp.com/";
 
 #[derive(Error, Debug)]
 pub enum ChannelError {