fix: improve release asset handling and permissions #8
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release | |
| on: | |
| push: | |
| tags: | |
| - 'v*' | |
| jobs: | |
| build: | |
| permissions: | |
| contents: write | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - platform: 'macos-latest' | |
| args: '--target aarch64-apple-darwin' | |
| artifact_name: 'LitePost_aarch64.app.tar.gz' | |
| - platform: 'macos-latest' | |
| args: '--target x86_64-apple-darwin' | |
| artifact_name: 'LitePost_x64.app.tar.gz' | |
| - platform: 'ubuntu-22.04' | |
| args: '' | |
| artifact_name: 'litepost_0.1.0_amd64.AppImage' | |
| - platform: 'windows-latest' | |
| args: '' | |
| artifact_name: 'LitePost_0.1.0_x64-setup.exe' | |
| runs-on: ${{ matrix.platform }} | |
| outputs: | |
| upload_url: ${{ steps.create_release.outputs.upload_url }} | |
| release_id: ${{ steps.create_release.outputs.id }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Install Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: 20 | |
| - name: Install pnpm | |
| uses: pnpm/action-setup@v2 | |
| with: | |
| version: 8 | |
| run_install: false | |
| - name: Install Rust (Stable) | |
| uses: dtolnay/rust-toolchain@stable | |
| with: | |
| targets: ${{ matrix.platform == 'macos-latest' && 'aarch64-apple-darwin,x86_64-apple-darwin' || '' }} | |
| - name: Install Dependencies (ubuntu only) | |
| if: matrix.platform == 'ubuntu-22.04' | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y libwebkit2gtk-4.0-dev libwebkit2gtk-4.1-dev libappindicator3-dev librsvg2-dev patchelf | |
| - name: Install frontend dependencies | |
| run: pnpm install | |
| - name: Create Release | |
| id: create_release | |
| if: matrix.platform == 'ubuntu-22.04' | |
| uses: actions/create-release@v1 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| with: | |
| tag_name: ${{ github.ref_name }} | |
| release_name: 'LitePost ${{ github.ref_name }}' | |
| body: 'See the assets to download this version and install.' | |
| draft: true | |
| prerelease: false | |
| - name: Build the app | |
| uses: tauri-apps/tauri-action@v0 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| with: | |
| tagName: ${{ github.ref_name }} | |
| releaseName: 'LitePost ${{ github.ref_name }}' | |
| releaseBody: 'See the assets to download this version and install.' | |
| releaseDraft: true | |
| prerelease: false | |
| args: ${{ matrix.args }} | |
| create-update: | |
| needs: build | |
| permissions: | |
| contents: write | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Install Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: 20 | |
| - name: Install pnpm | |
| uses: pnpm/action-setup@v2 | |
| with: | |
| version: 8 | |
| run_install: false | |
| - name: Install Tauri CLI | |
| run: pnpm add -D @tauri-apps/cli | |
| - name: Wait for release assets | |
| uses: actions/github-script@v7 | |
| with: | |
| script: | | |
| const artifacts = [ | |
| 'LitePost_aarch64.app.tar.gz', | |
| 'LitePost_x64.app.tar.gz', | |
| 'litepost_0.1.0_amd64.AppImage', | |
| 'LitePost_0.1.0_x64-setup.exe' | |
| ]; | |
| const tag = context.ref.replace('refs/tags/', ''); | |
| const owner = context.repo.owner; | |
| const repo = context.repo.repo; | |
| let attempts = 0; | |
| const maxAttempts = 30; | |
| while (attempts < maxAttempts) { | |
| try { | |
| const releases = await github.rest.repos.listReleases({ | |
| owner, | |
| repo | |
| }); | |
| const release = releases.data.find(r => r.tag_name === tag); | |
| if (!release) { | |
| throw new Error('Release not found'); | |
| } | |
| const assets = release.assets.map(asset => asset.name); | |
| const missingAssets = artifacts.filter(artifact => !assets.includes(artifact)); | |
| if (missingAssets.length === 0) { | |
| console.log('All assets found!'); | |
| break; | |
| } | |
| console.log(`Waiting for assets: ${missingAssets.join(', ')}`); | |
| } catch (error) { | |
| console.log('Error checking release:', error.message); | |
| } | |
| attempts++; | |
| if (attempts === maxAttempts) { | |
| throw new Error('Timed out waiting for assets'); | |
| } | |
| await new Promise(resolve => setTimeout(resolve, 10000)); | |
| } | |
| - name: Download release assets | |
| uses: actions/github-script@v7 | |
| with: | |
| script: | | |
| const artifacts = [ | |
| 'LitePost_aarch64.app.tar.gz', | |
| 'LitePost_x64.app.tar.gz', | |
| 'litepost_0.1.0_amd64.AppImage', | |
| 'LitePost_0.1.0_x64-setup.exe' | |
| ]; | |
| const tag = context.ref.replace('refs/tags/', ''); | |
| const owner = context.repo.owner; | |
| const repo = context.repo.repo; | |
| const releases = await github.rest.repos.listReleases({ | |
| owner, | |
| repo | |
| }); | |
| const release = releases.data.find(r => r.tag_name === tag); | |
| if (!release) { | |
| throw new Error('Release not found'); | |
| } | |
| const fs = require('fs'); | |
| const path = require('path'); | |
| if (!fs.existsSync('artifacts')) { | |
| fs.mkdirSync('artifacts'); | |
| } | |
| for (const asset of release.assets) { | |
| if (artifacts.includes(asset.name)) { | |
| const response = await github.request(asset.browser_download_url); | |
| fs.writeFileSync(path.join('artifacts', asset.name), Buffer.from(response.data)); | |
| } | |
| } | |
| - name: Generate signatures and updater JSON | |
| env: | |
| TAURI_PRIVATE_KEY: ${{ secrets.TAURI_PRIVATE_KEY }} | |
| TAURI_KEY_PASSWORD: ${{ secrets.TAURI_KEY_PASSWORD }} | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| # Sign artifacts and collect signatures | |
| declare -A signatures | |
| # Sign each artifact directly | |
| if [ -f "artifacts/LitePost_x64.app.tar.gz" ]; then | |
| signatures["darwin-x86_64"]=$(pnpm tauri signer sign "artifacts/LitePost_x64.app.tar.gz") | |
| fi | |
| if [ -f "artifacts/LitePost_aarch64.app.tar.gz" ]; then | |
| signatures["darwin-aarch64"]=$(pnpm tauri signer sign "artifacts/LitePost_aarch64.app.tar.gz") | |
| fi | |
| if [ -f "artifacts/litepost_0.1.0_amd64.AppImage" ]; then | |
| signatures["linux-x86_64"]=$(pnpm tauri signer sign "artifacts/litepost_0.1.0_amd64.AppImage") | |
| fi | |
| if [ -f "artifacts/LitePost_0.1.0_x64-setup.exe" ]; then | |
| signatures["windows-x86_64"]=$(pnpm tauri signer sign "artifacts/LitePost_0.1.0_x64-setup.exe") | |
| fi | |
| # Create latest.json with collected signatures | |
| echo '{ | |
| "version": "${{ github.ref_name }}", | |
| "notes": "See the assets to download this version and install.", | |
| "pub_date": "'$(date -u +"%Y-%m-%dT%H:%M:%SZ")'", | |
| "platforms": { | |
| "darwin-x86_64": { | |
| "signature": "'${signatures["darwin-x86_64"]}'", | |
| "url": "https://github.com/LykosAI/LitePost/releases/download/${{ github.ref_name }}/LitePost_x64.app.tar.gz" | |
| }, | |
| "darwin-aarch64": { | |
| "signature": "'${signatures["darwin-aarch64"]}'", | |
| "url": "https://github.com/LykosAI/LitePost/releases/download/${{ github.ref_name }}/LitePost_aarch64.app.tar.gz" | |
| }, | |
| "linux-x86_64": { | |
| "signature": "'${signatures["linux-x86_64"]}'", | |
| "url": "https://github.com/LykosAI/LitePost/releases/download/${{ github.ref_name }}/litepost_0.1.0_amd64.AppImage" | |
| }, | |
| "windows-x86_64": { | |
| "signature": "'${signatures["windows-x86_64"]}'", | |
| "url": "https://github.com/LykosAI/LitePost/releases/download/${{ github.ref_name }}/LitePost_0.1.0_x64-setup.exe" | |
| } | |
| } | |
| }' > latest.json | |
| - name: Upload latest.json | |
| uses: actions/upload-release-asset@v1 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| with: | |
| upload_url: ${{ needs.build.outputs.upload_url }} | |
| asset_path: ./latest.json | |
| asset_name: latest.json | |
| asset_content_type: application/json |