[Snyk] Upgrade vue from 3.5.13 to 3.5.14 (#212) #288
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: distributions release | |
| on: | |
| push: | |
| branches: [ master ] | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| pre-release: | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| os: [ macos-latest, windows-latest, ubuntu-latest ] | |
| include: | |
| - os: 'macos-latest' | |
| args: '--target universal-apple-darwin' | |
| target: 'aarch64-apple-darwin,x86_64-apple-darwin' | |
| - os: 'windows-latest' | |
| args: '--target aarch64-pc-windows-msvc' | |
| target: 'aarch64-pc-windows-msvc' | |
| aarch64: true | |
| - os: 'windows-latest' | |
| args: '--target x86_64-pc-windows-msvc' | |
| target: 'x86_64-pc-windows-msvc' | |
| x86_64: true | |
| - os: 'ubuntu-latest' | |
| args: '--target aarch64-unknown-linux-gnu' | |
| target: 'aarch64-unknown-linux-gnu' | |
| aarch64: true | |
| - os: 'ubuntu-latest' | |
| args: '--target x86_64-unknown-linux-gnu' | |
| target: 'x86_64-unknown-linux-gnu' | |
| x86_64: true | |
| node-version: [ 20.x ] | |
| runs-on: ${{ matrix.os }} | |
| steps: | |
| - name: Github checkout | |
| uses: actions/checkout@v4 | |
| - name: install Rust stable | |
| uses: dtolnay/rust-toolchain@stable | |
| with: | |
| targets: ${{ matrix.target }} | |
| - name: Use Node.js 20.x | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: ${{ matrix.node-version }} | |
| cache: 'npm' | |
| - name: install dependencies (ubuntu only) | |
| if: matrix.os == 'ubuntu-latest' | |
| run: | | |
| echo "deb http://gb.archive.ubuntu.com/ubuntu jammy main" | sudo tee -a /etc/apt/sources.list | |
| sudo apt-get update | |
| sudo apt-get install -y libgtk-3-dev libwebkit2gtk-4.1-dev libappindicator3-dev librsvg2-dev patchelf pkg-config libssl-dev gcc-aarch64-linux-gnu | |
| - name: install frontend dependencies | |
| run: npm ci | |
| - run: npm run lint:check | |
| - run: npm audit --audit-level=critical | |
| - run: npm run test:ci | |
| - name: Upload coverage reports to Codecov | |
| uses: codecov/codecov-action@v3 | |
| env: | |
| CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} | |
| - run: npm run build | |
| - name: Import Apple Developer Certificate | |
| if: matrix.os == 'macos-latest' | |
| env: | |
| APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }} | |
| APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }} | |
| KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} | |
| run: | | |
| echo $APPLE_CERTIFICATE | base64 --decode > certificate.p12 | |
| security create-keychain -p "$KEYCHAIN_PASSWORD" build.keychain | |
| security default-keychain -s build.keychain | |
| security unlock-keychain -p "$KEYCHAIN_PASSWORD" build.keychain | |
| # Prevents keychain from locking automatically for 3600 seconds. | |
| security set-keychain-settings -t 3600 -u build.keychain | |
| security import certificate.p12 -k build.keychain -P "$APPLE_CERTIFICATE_PASSWORD" -T /usr/bin/codesign | |
| security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$KEYCHAIN_PASSWORD" build.keychain | |
| security find-identity -v -p codesigning build.keychain | |
| - name: Verify Certificate | |
| if: matrix.os == 'macos-latest' | |
| run: | | |
| CERT_INFO=$(security find-identity -v -p codesigning build.keychain | grep "Developer ID Application") | |
| CERT_ID=$(echo "$CERT_INFO" | awk -F'"' '{print $2}') | |
| echo "CERT_ID=$CERT_ID" >> $GITHUB_ENV | |
| echo "Certificate imported." | |
| - name: Build Distribution Binaries | |
| uses: tauri-apps/tauri-action@v0 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| PKG_CONFIG_ALLOW_CROSS: 1 | |
| CC_aarch64_unknown_linux_gnu: aarch64-linux-gnu-gcc | |
| APPLE_ID: ${{ secrets.APPLE_ID }} | |
| APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} | |
| APPLE_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }} | |
| APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }} | |
| APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }} | |
| APPLE_SIGNING_IDENTITY: ${{ env.CERT_ID }} | |
| with: | |
| args: ${{ matrix.args }} | |
| - name: Sign Binaries with Trusted Signing | |
| if: matrix.os == 'windows-latest' | |
| uses: azure/trusted-signing-action@v0.3.19 | |
| with: | |
| azure-tenant-id: ${{ secrets.AZURE_TENANT_ID }} | |
| azure-client-id: ${{ secrets.AZURE_CLIENT_ID }} | |
| azure-client-secret: ${{ secrets.AZURE_CLIENT_SECRET }} | |
| endpoint: https://eus.codesigning.azure.net/ | |
| trusted-signing-account-name: geek-fun | |
| certificate-profile-name: geek-fun | |
| files-folder: ${{ github.workspace }}\src-tauri\target\${{ matrix.target }}\release\bundle\nsis\ | |
| files-folder-depth: 7 | |
| files-folder-filter: exe | |
| file-digest: SHA256 | |
| timestamp-rfc3161: http://timestamp.acs.microsoft.com | |
| timestamp-digest: SHA256 | |
| - name: Collect Distribution Binaries | |
| env: | |
| PLATFORM: ${{ matrix.os }} | |
| run: ./scripts/collect-binaries.sh | |
| shell: bash | |
| - name: Upload Distribution Binaries | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: artifacts-${{ matrix.os }} | |
| path: ${{ github.workspace }}/artifacts/* | |
| release: | |
| needs: pre-release | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Github checkout | |
| uses: actions/checkout@v4 | |
| - name: Tag Release | |
| uses: jaywcjlove/create-tag-action@main | |
| id: tag_release | |
| with: | |
| prerelease: true | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| body: | | |
| ${{ steps.changelog.outputs.compareurl }} | |
| ${{ steps.changelog.outputs.changelog }} | |
| - name: Download Distribution Binaries | |
| uses: actions/download-artifact@v4 | |
| if: steps.tag_release.outputs.successful == 'true' | |
| with: | |
| path: artifacts | |
| merge-multiple: true | |
| - name: Generate changelog | |
| uses: jaywcjlove/changelog-generator@main | |
| if: steps.tag_release.outputs.successful == 'true' | |
| id: changelog | |
| with: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Release App | |
| uses: softprops/action-gh-release@v2 | |
| if: steps.tag_release.outputs.successful == 'true' | |
| with: | |
| tag_name: ${{ steps.tag_release.outputs.version }} | |
| name: ${{ steps.tag_release.outputs.version }} | |
| body: | | |
| ${{ steps.changelog.outputs.compareurl }} | |
| ${{ steps.changelog.outputs.changelog }} | |
| files: | |
| ${{ github.workspace }}/artifacts/**/* | |
| - name: Distribute Binaries to R2 | |
| if: steps.tag_release.outputs.successful == 'true' | |
| uses: ryand56/r2-upload-action@master | |
| with: | |
| r2-account-id: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }} | |
| r2-access-key-id: ${{ secrets.CLOUDFLARE_R2_ACCESS_KEY_ID }} | |
| r2-secret-access-key: ${{ secrets.CLOUDFLARE_R2_SECRET_ACCESS_KEY }} | |
| r2-bucket: ${{ secrets.CLOUDFLARE_ARTIFACTS_R2 }} | |
| source-dir: ${{ github.workspace }}/artifacts/ | |
| destination-dir: dockit |