jan/.github/workflows/template-tauri-build-macos.yml

name: tauri-build-macos
on:
  workflow_call:
    inputs:
      ref:
        required: true
        type: string
        default: 'refs/heads/main'
      public_provider:
        required: true
        type: string
        default: none
        description: 'none: build only, github: build and publish to github, aws s3: build and publish to aws s3'
      new_version:
        required: true
        type: string
        default: ''
      cortex_api_port:
        required: false
        type: string
        default: ''
      upload_url:
        required: false
        type: string
        default: ''
      channel:
        required: true
        type: string
        default: 'nightly'
        description: 'The channel to use for this job'
    secrets:
      DELTA_AWS_S3_BUCKET_NAME:
        required: false
      DELTA_AWS_ACCESS_KEY_ID:
        required: false
      DELTA_AWS_SECRET_ACCESS_KEY:
        required: false
      CODE_SIGN_P12_BASE64:
        required: false
      CODE_SIGN_P12_PASSWORD:
        required: false
      APPLE_ID:
        required: false
      APPLE_APP_SPECIFIC_PASSWORD:
        required: false
      DEVELOPER_ID:
        required: false
      TAURI_SIGNING_PRIVATE_KEY:
        required: false
      TAURI_SIGNING_PRIVATE_KEY_PASSWORD:
        required: false
    outputs:
      MAC_UNIVERSAL_SIG:
        value: ${{ jobs.build-macos.outputs.MAC_UNIVERSAL_SIG }}
      FILE_NAME:
        value: ${{ jobs.build-macos.outputs.FILE_NAME }}
      DMG_NAME:
        value: ${{ jobs.build-macos.outputs.DMG_NAME }}
      TAR_NAME:
        value: ${{ jobs.build-macos.outputs.TAR_NAME }}

jobs:
  build-macos:
    runs-on: macos-latest
    outputs:
      MAC_UNIVERSAL_SIG: ${{ steps.metadata.outputs.MAC_UNIVERSAL_SIG }}
      FILE_NAME: ${{ steps.metadata.outputs.FILE_NAME }}
      DMG_NAME: ${{ steps.metadata.outputs.DMG_NAME }}
      TAR_NAME: ${{ steps.metadata.outputs.TAR_NAME }}
    permissions:
      contents: write
    steps:
      - name: Getting the repo
        uses: actions/checkout@v3
        with:
          ref: ${{ inputs.ref }}
      - name: Replace Icons for Beta Build
        if: inputs.channel != 'stable'
        shell: bash
        run: |
          cp .github/scripts/icon-${{ inputs.channel }}.png src-tauri/icons/icon.png

      - name: Installing node
        uses: actions/setup-node@v1
        with:
          node-version: 20

      - name: Install jq
        uses: dcarbone/install-jq-action@v2.0.1

      - name: Install ctoml
        run: |
          cargo install ctoml

      - name: Update app version based on latest release tag with build number
        run: |
          echo "Version: ${{ inputs.new_version }}"
          # Update tauri.conf.json
          jq --arg version "${{ inputs.new_version }}" '.version = $version | .bundle.createUpdaterArtifacts = true' ./src-tauri/tauri.conf.json > /tmp/tauri.conf.json
          mv /tmp/tauri.conf.json ./src-tauri/tauri.conf.json
          jq --arg version "${{ inputs.new_version }}" '.version = $version' web-app/package.json > /tmp/package.json
          mv /tmp/package.json web-app/package.json

          ctoml ./src-tauri/Cargo.toml package.version "${{ inputs.new_version }}"
          cat ./src-tauri/Cargo.toml

          # Temporarily enable devtool on prod build
          ctoml ./src-tauri/Cargo.toml dependencies.tauri.features[] "devtools"
          cat ./src-tauri/Cargo.toml

          # Change app name for beta and nightly builds
          if [ "${{ inputs.channel }}" != "stable" ]; then
            jq '.plugins.updater.endpoints = ["https://delta.jan.ai/${{ inputs.channel }}/latest.json"]' ./src-tauri/tauri.conf.json > /tmp/tauri.conf.json
            mv /tmp/tauri.conf.json ./src-tauri/tauri.conf.json

            chmod +x .github/scripts/rename-tauri-app.sh
            .github/scripts/rename-tauri-app.sh ./src-tauri/tauri.conf.json ${{ inputs.channel }}

            cat ./src-tauri/tauri.conf.json

            # Update Cargo.toml
            ctoml ./src-tauri/Cargo.toml package.name "Jan-${{ inputs.channel }}"
            ctoml ./src-tauri/Cargo.toml dependencies.tauri.features[] "devtools"
            echo "------------------"
            cat ./src-tauri/Cargo.toml

            chmod +x .github/scripts/rename-workspace.sh
            .github/scripts/rename-workspace.sh ./package.json ${{ inputs.channel }}
            cat ./package.json
          fi
      - name: Get key for notarize
        run: base64 -d <<< "$NOTARIZE_P8_BASE64" > /tmp/notary-key.p8
        shell: bash
        env:
          NOTARIZE_P8_BASE64: ${{ secrets.NOTARIZE_P8_BASE64 }}

      - uses: apple-actions/import-codesign-certs@v2
        continue-on-error: true
        with:
          p12-file-base64: ${{ secrets.CODE_SIGN_P12_BASE64 }}
          p12-password: ${{ secrets.CODE_SIGN_P12_PASSWORD }}

      - name: Build app
        run: |
          make build
        env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          APP_PATH: '.'
          POSTHOG_KEY: ${{ secrets.POSTHOG_KEY }}
          POSTHOG_HOST: ${{ secrets.POSTHOG_HOST }}
          APPLE_CERTIFICATE: ${{ secrets.CODE_SIGN_P12_BASE64 }}
          APPLE_CERTIFICATE_PASSWORD: ${{ secrets.CODE_SIGN_P12_PASSWORD }}
          APPLE_API_ISSUER: ${{ secrets.NOTARY_ISSUER }}
          APPLE_API_KEY: ${{ secrets.NOTARY_KEY_ID }}
          APPLE_API_KEY_PATH: /tmp/notary-key.p8
          TAURI_SIGNING_PRIVATE_KEY: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY }}
          TAURI_SIGNING_PRIVATE_KEY_PASSWORD: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY_PASSWORD }}

      # Publish app

      ## Artifacts, for dev and test
      - name: Upload Artifact
        if: inputs.public_provider != 'github'
        uses: actions/upload-artifact@v4
        with:
          name: jan-${{ inputs.channel }}-mac-universal-${{ inputs.new_version }}.dmg
          path: |
            ./src-tauri/target/universal-apple-darwin/release/bundle/dmg/*.dmg

      ## Set output filename for mac
      - name: Set output filename for mac
        run: |
          cd ./src-tauri/target/universal-apple-darwin/release/bundle/macos
          if [ "${{ inputs.channel }}" != "stable" ]; then
            zip -r jan-${{ inputs.channel }}-mac-universal-${{ inputs.new_version }}.zip Jan-${{ inputs.channel }}.app
            FILE_NAME=jan-${{ inputs.channel }}-mac-universal-${{ inputs.new_version }}.zip
            DMG_NAME=Jan-${{ inputs.channel }}_${{ inputs.new_version }}_universal.dmg
            MAC_UNIVERSAL_SIG=$(cat Jan-${{ inputs.channel }}.app.tar.gz.sig)
            TAR_NAME=Jan-${{ inputs.channel }}.app.tar.gz
          else
            zip -r jan-mac-universal-${{ inputs.new_version }}.zip Jan.app
            FILE_NAME=jan-mac-universal-${{ inputs.new_version }}.zip
            MAC_UNIVERSAL_SIG=$(cat Jan.app.tar.gz.sig)
            DMG_NAME=Jan_${{ inputs.new_version }}_universal.dmg
            TAR_NAME=Jan.app.tar.gz
          fi

          echo "::set-output name=MAC_UNIVERSAL_SIG::$MAC_UNIVERSAL_SIG"
          echo "::set-output name=FILE_NAME::$FILE_NAME"
          echo "::set-output name=DMG_NAME::$DMG_NAME"
          echo "::set-output name=TAR_NAME::$TAR_NAME"
        id: metadata

      ## Upload to s3 for nightly and beta
      - name: upload to aws s3 if public provider is aws
        if: inputs.public_provider == 'aws-s3' || inputs.channel == 'beta'
        run: |
          cd ./src-tauri/target/universal-apple-darwin/release/bundle

          # Upload for tauri updater
          aws s3 cp ./dmg/Jan-${{ inputs.channel }}_${{ inputs.new_version }}_universal.dmg s3://${{ secrets.DELTA_AWS_S3_BUCKET_NAME }}/temp-${{ inputs.channel }}/Jan-${{ inputs.channel }}_${{ inputs.new_version }}_universal.dmg
          aws s3 cp ./macos/Jan-${{ inputs.channel }}.app.tar.gz s3://${{ secrets.DELTA_AWS_S3_BUCKET_NAME }}/temp-${{ inputs.channel }}/Jan-${{ inputs.channel }}_${{ inputs.new_version }}.app.tar.gz
          aws s3 cp ./macos/Jan-${{ inputs.channel }}.app.tar.gz.sig s3://${{ secrets.DELTA_AWS_S3_BUCKET_NAME }}/temp-${{ inputs.channel }}/Jan-${{ inputs.channel }}_${{ inputs.new_version }}.app.tar.gz.sig
        env:
          AWS_ACCESS_KEY_ID: ${{ secrets.DELTA_AWS_ACCESS_KEY_ID }}
          AWS_SECRET_ACCESS_KEY: ${{ secrets.DELTA_AWS_SECRET_ACCESS_KEY }}
          AWS_DEFAULT_REGION: ${{ secrets.DELTA_AWS_REGION }}
          AWS_EC2_METADATA_DISABLED: 'true'

      - name: Upload release assert if public provider is github
        if: inputs.public_provider == 'github'
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        uses: actions/upload-release-asset@v1.0.1
        with:
          upload_url: ${{ inputs.upload_url }}
          asset_path: ./src-tauri/target/universal-apple-darwin/release/bundle/macos/${{ steps.metadata.outputs.FILE_NAME }}
          asset_name: ${{ steps.metadata.outputs.FILE_NAME }}
          asset_content_type: application/gzip

      - name: Upload release assert if public provider is github
        if: inputs.public_provider == 'github'
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        uses: actions/upload-release-asset@v1.0.1
        with:
          upload_url: ${{ inputs.upload_url }}
          asset_path: ./src-tauri/target/universal-apple-darwin/release/bundle/dmg/${{ steps.metadata.outputs.DMG_NAME }}
          asset_name: ${{ steps.metadata.outputs.DMG_NAME }}
          asset_content_type: application/octet-stream

      - name: Upload release assert if public provider is github
        if: inputs.public_provider == 'github'
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        uses: actions/upload-release-asset@v1.0.1
        with:
          upload_url: ${{ inputs.upload_url }}
          asset_path: ./src-tauri/target/universal-apple-darwin/release/bundle/macos/${{ steps.metadata.outputs.TAR_NAME }}
          asset_name: ${{ steps.metadata.outputs.TAR_NAME }}
          asset_content_type: application/gzip