Nicholai/jan
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
jan/.github/workflows/template-tauri-build-macos-preview.yml
vansangpfiev 8fefe6e167
chore: tauri codesign and CI/CD (#4961) 
* chore: build tauri

* chore: codesign tauri app

* chore: test update from electron to tauri

* chore: test update from electron to tauri

* chore: update csp config and cors

* chore: nightly to 1317

* fix: correct pre_install_path

* chore: jan-nightly to 1320

* chore: self sign tauri

* chore: CI/CD for Windows, Linux

commit 4897b2bcf7f044080fce81bd725515e62fc4eb29
Author: vansangpfiev <vansangpfiev@gmail.com>
Date:   Fri Apr 25 15:32:37 2025 +0700

    chore: cleanup tauri config

commit 66c5676ec146b25c89cccb570ede7c070dbc5853
Author: vansangpfiev <vansangpfiev@gmail.com>
Date:   Fri Apr 25 14:37:04 2025 +0700

    fix: store path

commit bc6560c576873e55f84c4b21764bedbdd9dbd5a8
Author: vansangpfiev <vansangpfiev@gmail.com>
Date:   Thu Apr 24 09:39:50 2025 +0700

    chore: Linux CI

commit b036275dc9f1df7614aaca3b358b9c6493082512
Author: vansangpfiev <vansangpfiev@gmail.com>
Date:   Wed Apr 23 16:41:22 2025 +0700

    chore: updater windows

commit e91b543dbdd82bd4a44db7550ffb993897b56081
Merge: dea80a83 4a54a378
Author: vansangpfiev <vansangpfiev@gmail.com>
Date:   Wed Apr 23 16:39:24 2025 +0700

    Merge branch 'chore/tauri-cicd' of https://github.com/menloresearch/jan into chore/tauri-cicd-windows

commit dea80a83966113b108137c385a3c28920d2adda4
Author: Minh141120 <minh.itptit@gmail.com>
Date:   Wed Apr 23 11:47:04 2025 +0700

    chore: update azuresigntool install method

commit 2ec2234082be57e53887192153fa982a134ea535
Author: Minh141120 <minh.itptit@gmail.com>
Date:   Wed Apr 23 11:01:31 2025 +0700

    chore: add verbose option build tauri and targets app and dmg for macos build

commit 42c7592cc89641130545551d4d864268cde3d5b0
Author: Minh141120 <minh.itptit@gmail.com>
Date:   Wed Apr 23 10:35:27 2025 +0700

    chore: update targets build

commit 4c8ba44ff60cdef8b639fa189f5729dc69c5aff6
Author: Minh141120 <minh.itptit@gmail.com>
Date:   Wed Apr 23 09:53:21 2025 +0700

    refactor: remove debug step and upload electron build artifact

commit 158c08b465e18823e0f2b9a30fd5ecd589d08934
Author: Minh141120 <minh.itptit@gmail.com>
Date:   Wed Apr 23 09:21:08 2025 +0700

    chore: add script codesign on windows

commit 4545b2bcd852029472298e530176494992dd0950
Author: vansangpfiev <vansangpfiev@gmail.com>
Date:   Tue Apr 22 13:39:49 2025 +0700

    chore: update csp setting

commit f64a1e1ca958e3c1c685485a06d45956ddcf14a0
Author: Minh141120 <minh.itptit@gmail.com>
Date:   Tue Apr 22 10:15:14 2025 +0700

    chore: update azuresigntool installation

commit 1f4b9d18b332d5205685a6fe68f5dfaf973d273c
Author: Minh141120 <minh.itptit@gmail.com>
Date:   Tue Apr 22 09:49:42 2025 +0700

    chore: update signcommand

commit 911a3ab3540f872f6fe906c8e2135440d39f108c
Author: Minh141120 <minh.itptit@gmail.com>
Date:   Mon Apr 21 19:19:23 2025 +0700

    chore: update codesign tauri windows

commit fba15c4c2de43b4cb87308ef998cdd8dc88b1ce6
Author: Minh141120 <minh.itptit@gmail.com>
Date:   Mon Apr 21 19:04:29 2025 +0700

    chore: update path azuresigntool

commit 8b8c950b56f5aa42baf76aba064fc99b50758150
Author: Minh141120 <minh.itptit@gmail.com>
Date:   Mon Apr 21 18:38:56 2025 +0700

    chore: update azuresigntool path

commit bd67a2b7908b5f3a126c634a840e0b941373a3c6
Author: Minh141120 <minh.itptit@gmail.com>
Date:   Mon Apr 21 17:47:33 2025 +0700

    chore: update azuresigntool url

commit f70effca7c09cd2fe9b5866b4f194b64a13294b9
Author: Minh141120 <minh.itptit@gmail.com>
Date:   Mon Apr 21 17:33:32 2025 +0700

    chore: update azuretoolsign download

commit 667910772f30369b9afa554ad06e4378f93d0b1a
Author: Minh141120 <minh.itptit@gmail.com>
Date:   Mon Apr 21 16:56:25 2025 +0700

    chore: update path azuresigntool

commit f1610bfd80dfa996db4a777bb58475f2e6d02cc6
Author: Minh141120 <minh.itptit@gmail.com>
Date:   Mon Apr 21 16:52:36 2025 +0700

    chore: update azuresigntool path

commit 0873d56fb88fb66c884eff31d3f63aa99858f038
Author: Minh141120 <minh.itptit@gmail.com>
Date:   Mon Apr 21 16:19:46 2025 +0700

    chore: add debug step

commit 88e0b1a697ed478375429686eb1c03ae71a3b447
Author: Minh141120 <minh.itptit@gmail.com>
Date:   Mon Apr 21 15:58:39 2025 +0700

    ci(windows): download AzureSignTool to src-tauri for Tauri code signing

commit 47f94e86589826c3941a3d602298f188d6480980
Author: Minh141120 <minh.itptit@gmail.com>
Date:   Mon Apr 21 15:21:20 2025 +0700

    fix: AzureSignTool signcommand Path

commit dc014a7905fd0b49b5972e24b4d5773c5dc29ea5
Author: Minh141120 <minh.itptit@gmail.com>
Date:   Mon Apr 21 15:00:02 2025 +0700

    chore: add debug step azuresigntool tauri windows

commit ee7b6163a8419604dfba7dc2f967026be4884da4
Author: Minh141120 <minh.itptit@gmail.com>
Date:   Mon Apr 21 14:33:33 2025 +0700

    chore: tauri windows codesign

commit 6607090857120531d8a096f45ff556c3f2553e53
Author: vansangpfiev <vansangpfiev@gmail.com>
Date:   Thu Apr 17 10:29:50 2025 +0700

    chore: add windows download script

commit 4b1a5cc29c77eecca75978a1ab3126d2c710e738
Author: Nguyen Ngoc Minh <kuuhakuu@Nguyens-MacBook-Air.local>
Date:   Mon Apr 21 13:44:34 2025 +0700

    chore: tauri codesign windows

* chore: workflows for tauri

* chore: test tauri manual build

* chore: hide windows install detail

* chore: upload artifacts

* feat: run mcp with bundled bun and uv

* chore: clean up

* chore: update cicd

* chore: remove deprecated workflows

* chore: update allowed origins

* chore: pull binaries windows, linux (#4963)

* fix: get bun and uv from execution path

* fix: macos

* fix: typo

* fix: remove old Jan binaries on windows

* chore: build bun and uv universal

* fix: appimage bundle bun issue

* chore: libfuse2 for linux CI

* feat: tauri cicd preview (#4975)

* feat: tauri cicd preview

* chore: add suffix preview for tauri build

* chore: update condition for s3 upload nightly channel

* chore: add debug step for tauri macos preview

* chore: update aws s3 macos tauri build

* refactor: remove debug code

* chore: update artifact name tauri macos build

* chore: add tauri build step for electron beta and stable

* chore: update preview

* chore: bump llama.cpp engine to b5351

* chore: bump engine version

* fix: cors windows

---------

Co-authored-by: vansangpfiev <sang@jan.ai>
Co-authored-by: Service Account <service@jan.ai>
Co-authored-by: Louis <louis@jan.ai>
Co-authored-by: hiento09 <tominhhien97@gmail.com>
Co-authored-by: Nguyen Ngoc Minh <91668012+Minh141120@users.noreply.github.com>
2025-05-15 17:11:19 +07:00

282 lines
12 KiB
YAML
Raw Blame History

name: tauri-build-macos
on:
workflow_call:
inputs:
ref:
required: true
type: string
default: 'refs/heads/main'
public_provider:
required: true
type: string
default: none
description: 'none: build only, github: build and publish to github, aws s3: build and publish to aws s3'
new_version:
required: true
type: string
default: ''
cortex_api_port:
required: false
type: string
default: ""
upload_url:
required: false
type: string
default: ''
channel:
required: true
type: string
default: 'nightly'
description: 'The channel to use for this job'
secrets:
DELTA_AWS_S3_BUCKET_NAME:
required: false
DELTA_AWS_ACCESS_KEY_ID:
required: false
DELTA_AWS_SECRET_ACCESS_KEY:
required: false
CODE_SIGN_P12_BASE64:
required: false
CODE_SIGN_P12_PASSWORD:
required: false
APPLE_ID:
required: false
APPLE_APP_SPECIFIC_PASSWORD:
required: false
DEVELOPER_ID:
required: false
TAURI_SIGNING_PRIVATE_KEY:
required: false
TAURI_SIGNING_PRIVATE_KEY_PASSWORD:
required: false
TAURI_SIGNING_PUBLIC_KEY:
required: false
outputs:
MAC_UNIVERSAL_SIG:
value: ${{ jobs.build-macos.outputs.MAC_UNIVERSAL_SIG }}
TAR_NAME:
value: ${{ jobs.build-macos.outputs.TAR_NAME }}
jobs:
build-macos:
runs-on: macos-latest
outputs:
MAC_UNIVERSAL_SIG: ${{ steps.metadata.outputs.MAC_UNIVERSAL_SIG }}
TAR_NAME: ${{ steps.metadata.outputs.TAR_NAME }}
environment: production
permissions:
contents: write
steps:
- name: Getting the repo
uses: actions/checkout@v3
with:
ref: ${{ inputs.ref }}
- name: Replace Icons for Beta Build
if: inputs.channel != 'stable'
shell: bash
run: |
cp .github/scripts/icon-${{ inputs.channel }}.png src-tauri/icons/icon.png
- name: Installing node
uses: actions/setup-node@v1
with:
node-version: 20
- name: Install jq
uses: dcarbone/install-jq-action@v2.0.1
- name: Install ctoml
run: |
cargo install ctoml
- name: Create bun and uv universal
run: |
mkdir -p ./src-tauri/resources/bin/
cd ./src-tauri/resources/bin/
curl -L -o bun-darwin-x64.zip https://github.com/oven-sh/bun/releases/download/bun-v1.2.10/bun-darwin-x64.zip
curl -L -o bun-darwin-aarch64.zip https://github.com/oven-sh/bun/releases/download/bun-v1.2.10/bun-darwin-aarch64.zip
unzip bun-darwin-x64.zip
unzip bun-darwin-aarch64.zip
lipo -create -output bun-universal-apple-darwin bun-darwin-x64/bun bun-darwin-aarch64/bun
cp -f bun-darwin-aarch64/bun bun-aarch64-apple-darwin
cp -f bun-darwin-x64/bun bun-x86_64-apple-darwin
cp -f bun-universal-apple-darwin bun
curl -L -o uv-x86_64.tar.gz https://github.com/astral-sh/uv/releases/download/0.6.17/uv-x86_64-apple-darwin.tar.gz
curl -L -o uv-arm64.tar.gz https://github.com/astral-sh/uv/releases/download/0.6.17/uv-aarch64-apple-darwin.tar.gz
tar -xzf uv-x86_64.tar.gz
tar -xzf uv-arm64.tar.gz
mv uv-x86_64-apple-darwin uv-x86_64
mv uv-aarch64-apple-darwin uv-aarch64
lipo -create -output uv-universal-apple-darwin uv-x86_64/uv uv-aarch64/uv
cp -f uv-x86_64/uv uv-x86_64-apple-darwin
cp -f uv-aarch64/uv uv-aarch64-apple-darwin
cp -f uv-universal-apple-darwin uv
ls -la
- name: Update app version based on latest release tag with build number
run: |
echo "Version: ${{ inputs.new_version }}"
# Update tauri.conf.json
jq --arg version "${{ inputs.new_version }}" '.version = $version | .bundle.createUpdaterArtifacts = true' ./src-tauri/tauri.conf.json > /tmp/tauri.conf.json
mv /tmp/tauri.conf.json ./src-tauri/tauri.conf.json
jq --arg version "${{ inputs.new_version }}" '.version = $version' web/package.json > /tmp/package.json
mv /tmp/package.json web/package.json
ctoml ./src-tauri/Cargo.toml package.version "${{ inputs.new_version }}"
cat ./src-tauri/Cargo.toml
# Change app name for beta and nightly builds
if [ "${{ inputs.channel }}" != "stable" ]; then
jq '.plugins.updater.endpoints = ["https://delta.jan.ai/${{ inputs.channel }}/latest.json"]' ./src-tauri/tauri.conf.json > /tmp/tauri.conf.json
mv /tmp/tauri.conf.json ./src-tauri/tauri.conf.json
chmod +x .github/scripts/rename-tauri-app.sh
.github/scripts/rename-tauri-app.sh ./src-tauri/tauri.conf.json ${{ inputs.channel }}
cat ./src-tauri/tauri.conf.json
# Update Cargo.toml
ctoml ./src-tauri/Cargo.toml package.name "Jan-${{ inputs.channel }}"
echo "------------------"
cat ./src-tauri/Cargo.toml
chmod +x .github/scripts/rename-workspace.sh
.github/scripts/rename-workspace.sh ./package.json ${{ inputs.channel }}
cat ./package.json
fi
- name: Get key for notarize
run: base64 -d <<< "$NOTARIZE_P8_BASE64" > /tmp/notary-key.p8
shell: bash
env:
NOTARIZE_P8_BASE64: ${{ secrets.NOTARIZE_P8_BASE64 }}
- uses: apple-actions/import-codesign-certs@v2
continue-on-error: true
with:
p12-file-base64: ${{ secrets.CODE_SIGN_P12_BASE64 }}
p12-password: ${{ secrets.CODE_SIGN_P12_PASSWORD }}
- name: Build app
run: |
rustup target add x86_64-apple-darwin
make build-tauri
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
APP_PATH: '.'
POSTHOG_KEY: ${{ secrets.POSTHOG_KEY }}
POSTHOG_HOST: ${{ secrets.POSTHOG_HOST }}
# CORTEX_API_PORT: ${{ inputs.cortex_api_port }}
APPLE_CERTIFICATE: ${{ secrets.CODE_SIGN_P12_BASE64 }}
APPLE_CERTIFICATE_PASSWORD: ${{ secrets.CODE_SIGN_P12_PASSWORD }}
APPLE_API_ISSUER: ${{ secrets.NOTARY_ISSUER }}
APPLE_API_KEY: ${{ secrets.NOTARY_KEY_ID }}
APPLE_API_KEY_PATH: /tmp/notary-key.p8
TAURI_SIGNING_PRIVATE_KEY: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY }}
TAURI_SIGNING_PRIVATE_KEY_PASSWORD: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY_PASSWORD }}
TAURI_SIGNING_PUBLIC_KEY: ${{ secrets.TAURI_SIGNING_PUBLIC_KEY }}
# Publish app
## Artifacts, for dev and test
- name: Upload Artifact
if: inputs.public_provider != 'github'
uses: actions/upload-artifact@v4
with:
name: jan-${{ inputs.channel }}-tauri-mac-universal-${{ inputs.new_version }}.dmg
path: |
./src-tauri/target/universal-apple-darwin/release/bundle/dmg/*.dmg
## create zip file and latest-mac.yml for mac electron auto updater
- name: create zip file and latest-mac.yml for mac electron auto updater
run: |
cd ./src-tauri/target/universal-apple-darwin/release/bundle/macos
if [ "${{ inputs.channel }}" != "stable" ]; then
zip -r jan-${{ inputs.channel }}-mac-universal-${{ inputs.new_version }}.zip Jan-${{ inputs.channel }}.app
FILE_NAME=jan-${{ inputs.channel }}-mac-universal-${{ inputs.new_version }}.zip
DMG_NAME=Jan-${{ inputs.channel }}_${{ inputs.new_version }}_universal.dmg
MAC_UNIVERSAL_SIG=$(cat Jan-${{ inputs.channel }}.app.tar.gz.sig)
TAR_NAME=Jan-${{ inputs.channel }}.app.tar.gz
else
zip -r jan-mac-universal-${{ inputs.new_version }}.zip Jan.app
FILE_NAME=jan-mac-universal-${{ inputs.new_version }}.zip
MAC_UNIVERSAL_SIG=$(cat Jan.app.tar.gz.sig)
DMG_NAME=Jan_${{ inputs.new_version }}_universal.dmg
TAR_NAME=Jan.app.tar.gz
fi
echo "::set-output name=MAC_UNIVERSAL_SIG::$MAC_UNIVERSAL_SIG"
echo "::set-output name=FILE_NAME::$FILE_NAME"
echo "::set-output name=DMG_NAME::$DMG_NAME"
echo "::set-output name=TAR_NAME::$TAR_NAME"
id: metadata
## Upload to s3 for nightly and beta
- name: upload to aws s3 if public provider is aws
if: inputs.public_provider == 'aws-s3' || inputs.channel == 'beta' || inputs.channel == 'nightly'
run: |
cd ./src-tauri/target/universal-apple-darwin/release/bundle
# Upload for tauri updater
aws s3 cp ./dmg/Jan-${{ inputs.channel }}_${{ inputs.new_version }}_universal.dmg s3://${{ secrets.DELTA_AWS_S3_BUCKET_NAME }}/temp-${{ inputs.channel }}/Jan-${{ inputs.channel }}_${{ inputs.new_version }}_universal-preview.dmg
aws s3 cp ./macos/Jan-${{ inputs.channel }}.app.tar.gz s3://${{ secrets.DELTA_AWS_S3_BUCKET_NAME }}/temp-${{ inputs.channel }}/Jan-${{ inputs.channel }}_${{ inputs.new_version }}-preview.app.tar.gz
env:
AWS_ACCESS_KEY_ID: ${{ secrets.DELTA_AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.DELTA_AWS_SECRET_ACCESS_KEY }}
AWS_DEFAULT_REGION: ${{ secrets.DELTA_AWS_REGION }}
AWS_EC2_METADATA_DISABLED: "true"
## Upload to github release for stable release
- name: Upload release assert if public provider is github
if: inputs.channel == 'stable'
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
uses: actions/upload-release-asset@v1.0.1
with:
upload_url: ${{ inputs.upload_url }}
asset_path: ./src-tauri/target/universal-apple-darwin/release/bundle/macos/latest-mac.yml
asset_name: latest-mac.yml
asset_content_type: text/yaml
- name: Upload release assert if public provider is github
if: inputs.channel == 'beta'
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
uses: actions/upload-release-asset@v1.0.1
with:
upload_url: ${{ inputs.upload_url }}
asset_path: ./src-tauri/target/universal-apple-darwin/release/bundle/macos/beta-mac.yml
asset_name: beta-mac.yml
asset_content_type: text/yaml
- name: Upload release assert if public provider is github
if: inputs.public_provider == 'github'
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
uses: actions/upload-release-asset@v1.0.1
with:
upload_url: ${{ inputs.upload_url }}
asset_path: ./src-tauri/target/universal-apple-darwin/release/bundle/macos/${{ steps.metadata.outputs.FILE_NAME }}
asset_name: ${{ steps.metadata.outputs.FILE_NAME }}
asset_content_type: application/gzip
- name: Upload release assert if public provider is github
if: inputs.public_provider == 'github'
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
uses: actions/upload-release-asset@v1.0.1
with:
upload_url: ${{ inputs.upload_url }}
asset_path: ./src-tauri/target/universal-apple-darwin/release/bundle/dmg/${{ steps.metadata.outputs.DMG_NAME }}
asset_name: ${{ steps.metadata.outputs.DMG_NAME }}
asset_content_type: application/octet-stream
- name: Upload release assert if public provider is github
if: inputs.public_provider == 'github'
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
uses: actions/upload-release-asset@v1.0.1
with:
upload_url: ${{ inputs.upload_url }}
asset_path: ./src-tauri/target/universal-apple-darwin/release/bundle/macos/${{ steps.metadata.outputs.TAR_NAME }}
asset_name: ${{ steps.metadata.outputs.TAR_NAME }}
asset_content_type: application/gzip
Reference in New Issue View Git Blame Copy Permalink