Files
wehub-resource-sync f99010fae1
CI / lint (push) Failing after 1s
CI / frontend (push) Failing after 1s
CI / scripts (push) Failing after 1s
CI / Go Test (ubuntu-latest) (push) Failing after 0s
CI / frontend-node-25 (push) Failing after 1s
CI / docs (push) Failing after 0s
CI / coverage (push) Failing after 0s
CI / e2e (push) Failing after 0s
Docker / build-and-push (push) Failing after 1s
CI / integration (push) Failing after 4m43s
CI / Go Test (windows-latest) (push) Has been cancelled
CI / Desktop Unit Tests (Windows) (push) Has been cancelled
Desktop Artifacts / Desktop Build (Linux (arm64)) (push) Has been cancelled
Desktop Artifacts / Desktop Build (Linux) (push) Has been cancelled
Desktop Artifacts / Desktop Build (Windows) (push) Has been cancelled
Desktop Artifacts (macOS) / Desktop Build (macOS (aarch64)) (push) Has been cancelled
Desktop Artifacts (macOS) / Desktop Build (macOS (x86_64)) (push) Has been cancelled
chore: import upstream snapshot with attribution
2026-07-13 12:30:36 +08:00

476 lines
17 KiB
YAML

name: Desktop Release
on:
push:
tags:
- 'v*'
permissions:
contents: read
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
build-macos:
name: Desktop Build (macOS ${{ matrix.arch }})
runs-on: macos-15
env:
AGENTSVIEW_TARGET_TRIPLE: ${{ matrix.target_triple }}
CARGO_BUILD_TARGET: ${{ matrix.target_triple }}
strategy:
fail-fast: false
matrix:
include:
- arch: aarch64
target_triple: aarch64-apple-darwin
- arch: x86_64
target_triple: x86_64-apple-darwin
steps:
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
with:
persist-credentials: false
fetch-depth: 0
- uses: actions/setup-go@924ae3a1cded613372ab5595356fb5720e22ba16 # v6.5.0
with:
go-version-file: go.mod
- uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
with:
node-version: "24"
- name: Install Rust target
run: rustup target add "$AGENTSVIEW_TARGET_TRIPLE"
- name: Install desktop dependencies
run: npm ci
working-directory: desktop
- name: Prepare sidecar
env:
AGENTSVIEW_VERSION: ${{ github.ref_name }}
run: |
export TAURI_ENV_TARGET_TRIPLE="$AGENTSVIEW_TARGET_TRIPLE"
npm run prepare-sidecar
working-directory: desktop
- name: Patch updater config for current repository
env:
AGENTSVIEW_UPDATER_PUBKEY: ${{ secrets.AGENTSVIEW_UPDATER_PUBKEY }}
run: |
sed -i.bak \
-e "s|wesm/agentsview|${GITHUB_REPOSITORY}|g" \
-e "s|NOT_SET|${AGENTSVIEW_UPDATER_PUBKEY}|g" \
desktop/src-tauri/tauri.conf.json
rm -f desktop/src-tauri/tauri.conf.json.bak
- name: Import signing certificate
env:
APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }}
APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
run: |
KEYCHAIN_PATH="$RUNNER_TEMP/build.keychain"
KEYCHAIN_PASS="$(openssl rand -base64 32)"
security create-keychain -p "$KEYCHAIN_PASS" "$KEYCHAIN_PATH"
security set-keychain-settings -lut 3600 "$KEYCHAIN_PATH"
security unlock-keychain -p "$KEYCHAIN_PASS" "$KEYCHAIN_PATH"
CERT_PATH="$RUNNER_TEMP/certificate.p12"
echo "$APPLE_CERTIFICATE" | base64 -d > "$CERT_PATH"
security import "$CERT_PATH" \
-k "$KEYCHAIN_PATH" \
-P "$APPLE_CERTIFICATE_PASSWORD" \
-T /usr/bin/codesign \
-T /usr/bin/security
rm -f "$CERT_PATH"
security set-key-partition-list \
-S apple-tool:,apple: \
-k "$KEYCHAIN_PASS" "$KEYCHAIN_PATH"
security list-keychains -d user -s "$KEYCHAIN_PATH" login.keychain
- name: Write API key
env:
APPLE_API_KEY_CONTENT: ${{ secrets.APPLE_API_KEY_CONTENT }}
APPLE_API_KEY: ${{ secrets.APPLE_API_KEY }}
run: |
KEY_DIR="$RUNNER_TEMP/apple-keys"
mkdir -p "$KEY_DIR"
echo "$APPLE_API_KEY_CONTENT" | base64 -d \
> "$KEY_DIR/AuthKey_${APPLE_API_KEY}.p8"
echo "APPLE_API_KEY_PATH=$KEY_DIR/AuthKey_${APPLE_API_KEY}.p8" \
>> "$GITHUB_ENV"
- name: Build DMG and updater bundle
env:
APPLE_SIGNING_IDENTITY: ${{ secrets.APPLE_SIGNING_IDENTITY }}
APPLE_API_ISSUER: ${{ secrets.APPLE_API_ISSUER }}
APPLE_API_KEY: ${{ secrets.APPLE_API_KEY }}
TAURI_SIGNING_PRIVATE_KEY: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY }}
TAURI_SIGNING_PRIVATE_KEY_PASSWORD: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY_PASSWORD }}
AGENTSVIEW_UPDATER_PUBKEY: ${{ secrets.AGENTSVIEW_UPDATER_PUBKEY }}
run: npx tauri build --target "$AGENTSVIEW_TARGET_TRIPLE"
working-directory: desktop
- name: Collect build artifacts
run: |
bundle_dir="desktop/src-tauri/target/${AGENTSVIEW_TARGET_TRIPLE}/release/bundle"
mkdir -p staging
cp "$bundle_dir"/dmg/*.dmg staging/
app_bundle="$(find "$bundle_dir"/macos -maxdepth 1 -name '*.app.tar.gz' -print -quit)"
app_sig="$(find "$bundle_dir"/macos -maxdepth 1 -name '*.app.tar.gz.sig' -print -quit)"
app_name="$(basename "$app_bundle")"
app_sig_name="$(basename "$app_sig")"
cp "$app_bundle" "staging/${app_name%.app.tar.gz}_${{ matrix.arch }}.app.tar.gz"
cp "$app_sig" "staging/${app_sig_name%.app.tar.gz.sig}_${{ matrix.arch }}.app.tar.gz.sig"
ls -la staging/
- uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
with:
name: agentsview-desktop-macos-${{ matrix.arch }}
path: staging/*
if-no-files-found: error
- name: Cleanup signing secrets
if: always()
run: |
KEYCHAIN_PATH="$RUNNER_TEMP/build.keychain"
security delete-keychain "$KEYCHAIN_PATH" 2>/dev/null || true
rm -rf "$RUNNER_TEMP/apple-keys" 2>/dev/null || true
build-windows:
name: Desktop Build (Windows)
runs-on: windows-latest
steps:
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
with:
persist-credentials: false
fetch-depth: 0
- uses: actions/setup-go@924ae3a1cded613372ab5595356fb5720e22ba16 # v6.5.0
with:
go-version-file: go.mod
- uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
with:
node-version: "24"
- name: Setup MinGW
id: setup_mingw
continue-on-error: true
uses: msys2/setup-msys2@66cd2cce69caa17b53920067426061ca1de3a884 # v2
with:
msystem: MINGW64
update: false
install: mingw-w64-x86_64-gcc
path-type: inherit
- name: Setup MinGW (retry on transient failure)
if: steps.setup_mingw.outcome == 'failure'
uses: msys2/setup-msys2@66cd2cce69caa17b53920067426061ca1de3a884 # v2
with:
msystem: MINGW64
update: false
install: mingw-w64-x86_64-gcc
path-type: inherit
- name: Install desktop dependencies
run: npm ci
working-directory: desktop
- name: Prepare sidecar
shell: bash
env:
AGENTSVIEW_VERSION: ${{ github.ref_name }}
run: npm run prepare-sidecar
working-directory: desktop
- name: Patch updater config for current repository
shell: bash
env:
AGENTSVIEW_UPDATER_PUBKEY: ${{ secrets.AGENTSVIEW_UPDATER_PUBKEY }}
run: |
sed -i.bak \
-e "s|wesm/agentsview|${GITHUB_REPOSITORY}|g" \
-e "s|NOT_SET|${AGENTSVIEW_UPDATER_PUBKEY}|g" \
desktop/src-tauri/tauri.conf.json
rm -f desktop/src-tauri/tauri.conf.json.bak
- name: Build NSIS installer and updater bundle
shell: bash
env:
TAURI_SIGNING_PRIVATE_KEY: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY }}
TAURI_SIGNING_PRIVATE_KEY_PASSWORD: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY_PASSWORD }}
AGENTSVIEW_UPDATER_PUBKEY: ${{ secrets.AGENTSVIEW_UPDATER_PUBKEY }}
run: npx tauri build --bundles nsis
working-directory: desktop
- name: Collect build artifacts
shell: bash
run: |
mkdir -p staging
cp desktop/src-tauri/target/release/bundle/nsis/*.exe staging/
cp desktop/src-tauri/target/release/bundle/nsis/*.nsis.zip staging/
cp desktop/src-tauri/target/release/bundle/nsis/*.nsis.zip.sig staging/
ls -la staging/
- uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
with:
name: agentsview-desktop-windows
path: staging/*
if-no-files-found: error
build-linux:
name: Desktop Build (Linux ${{ matrix.arch }})
runs-on: ${{ matrix.os }}
env:
AGENTSVIEW_TARGET_TRIPLE: ${{ matrix.target_triple }}
strategy:
fail-fast: false
matrix:
include:
- arch: x86_64
os: ubuntu-22.04
target_triple: ""
artifact_name: agentsview-desktop-linux
artifact_dir: desktop/src-tauri/target/release/bundle/appimage/
create_updater_artifacts: "true"
- arch: arm64
os: ubuntu-22.04-arm
target_triple: aarch64-unknown-linux-gnu
artifact_name: agentsview-desktop-linux-arm64
artifact_dir: desktop/src-tauri/target/aarch64-unknown-linux-gnu/release/bundle/appimage/
create_updater_artifacts: "false"
steps:
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
with:
persist-credentials: false
fetch-depth: 0
- uses: actions/setup-go@924ae3a1cded613372ab5595356fb5720e22ba16 # v6.5.0
with:
go-version-file: go.mod
- uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
with:
node-version: "24"
- name: Install Rust target
if: env.AGENTSVIEW_TARGET_TRIPLE != ''
run: rustup target add "$AGENTSVIEW_TARGET_TRIPLE"
- name: Install Linux system dependencies
run: |
sudo apt-get update -q
sudo apt-get install -y \
libwebkit2gtk-4.1-dev libgtk-3-dev \
libappindicator3-dev librsvg2-dev \
patchelf squashfs-tools xdg-utils
- name: Install desktop dependencies
run: npm ci
working-directory: desktop
- name: Prepare sidecar
env:
AGENTSVIEW_VERSION: ${{ github.ref_name }}
run: |
export TAURI_ENV_TARGET_TRIPLE="$AGENTSVIEW_TARGET_TRIPLE"
npm run prepare-sidecar
working-directory: desktop
- name: Patch updater config for current repository
env:
AGENTSVIEW_UPDATER_PUBKEY: ${{ secrets.AGENTSVIEW_UPDATER_PUBKEY }}
run: |
sed -i.bak \
-e "s|wesm/agentsview|${GITHUB_REPOSITORY}|g" \
-e "s|NOT_SET|${AGENTSVIEW_UPDATER_PUBKEY}|g" \
desktop/src-tauri/tauri.conf.json
rm -f desktop/src-tauri/tauri.conf.json.bak
- name: Build AppImage and updater bundle
env:
TAURI_SIGNING_PRIVATE_KEY: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY }}
TAURI_SIGNING_PRIVATE_KEY_PASSWORD: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY_PASSWORD }}
AGENTSVIEW_UPDATER_PUBKEY: ${{ secrets.AGENTSVIEW_UPDATER_PUBKEY }}
run: |
build_cmd=(npx tauri build --bundles appimage)
if [ -n "$AGENTSVIEW_TARGET_TRIPLE" ]; then
build_cmd+=(--target "$AGENTSVIEW_TARGET_TRIPLE")
fi
if [ "${{ matrix.create_updater_artifacts }}" = "false" ]; then
build_cmd+=(--config '{"bundle":{"createUpdaterArtifacts":false}}')
fi
"${build_cmd[@]}"
bash scripts/repair-appimage-diricon.sh \
"../${{ matrix.artifact_dir }}"/*.AppImage
working-directory: desktop
- name: Collect build artifacts
run: |
mkdir -p staging
cp "${{ matrix.artifact_dir }}"/*.AppImage staging/
if [ "${{ matrix.create_updater_artifacts }}" = "true" ]; then
cp "${{ matrix.artifact_dir }}"/*.AppImage.tar.gz staging/
cp "${{ matrix.artifact_dir }}"/*.AppImage.tar.gz.sig staging/
fi
ls -la staging/
- uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
with:
name: ${{ matrix.artifact_name }}
path: staging/*
if-no-files-found: error
release:
name: Upload Desktop Installers
needs: [build-macos, build-windows, build-linux]
runs-on: ubuntu-latest
permissions:
contents: write
steps:
- uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
with:
path: artifacts
pattern: agentsview-desktop-*
merge-multiple: true
- name: Generate checksums
run: |
cd artifacts
sha256sum *.dmg *.exe *.AppImage *.tar.gz *.nsis.zip > SHA256SUMS-desktop 2>/dev/null || true
cat SHA256SUMS-desktop
- name: Generate updater manifest
run: |
set -euo pipefail
VERSION="${GITHUB_REF_NAME#v}"
DATE="$(date -u +%Y-%m-%dT%H:%M:%SZ)"
TAG="updater"
MACOS_AARCH64_SIG=""
MACOS_AARCH64_URL=""
MACOS_X86_64_SIG=""
MACOS_X86_64_URL=""
WINDOWS_SIG=""
WINDOWS_URL=""
LINUX_SIG=""
LINUX_URL=""
for f in artifacts/*_aarch64.app.tar.gz.sig; do
if [ -f "$f" ]; then
MACOS_AARCH64_SIG="$(cat "$f")"
MACOS_AARCH64_TARBALL="$(basename "${f%.sig}")"
MACOS_AARCH64_URL="https://github.com/${GITHUB_REPOSITORY}/releases/download/${TAG}/${MACOS_AARCH64_TARBALL}"
fi
done
for f in artifacts/*_x86_64.app.tar.gz.sig; do
if [ -f "$f" ]; then
MACOS_X86_64_SIG="$(cat "$f")"
MACOS_X86_64_TARBALL="$(basename "${f%.sig}")"
MACOS_X86_64_URL="https://github.com/${GITHUB_REPOSITORY}/releases/download/${TAG}/${MACOS_X86_64_TARBALL}"
fi
done
for f in artifacts/*.nsis.zip.sig; do
if [ -f "$f" ]; then
WINDOWS_SIG="$(cat "$f")"
NSIS_ZIP="$(basename "${f%.sig}")"
WINDOWS_URL="https://github.com/${GITHUB_REPOSITORY}/releases/download/${TAG}/${NSIS_ZIP}"
fi
done
for f in artifacts/*.AppImage.tar.gz.sig; do
if [ -f "$f" ]; then
LINUX_SIG="$(cat "$f")"
LINUX_TARBALL="$(basename "${f%.sig}")"
LINUX_URL="https://github.com/${GITHUB_REPOSITORY}/releases/download/${TAG}/${LINUX_TARBALL}"
fi
done
if [ -z "$MACOS_AARCH64_SIG" ] || [ -z "$MACOS_AARCH64_URL" ]; then
echo "error: missing macOS aarch64 updater signature or URL" >&2
exit 1
fi
if [ -z "$MACOS_X86_64_SIG" ] || [ -z "$MACOS_X86_64_URL" ]; then
echo "error: missing macOS x86_64 updater signature or URL" >&2
exit 1
fi
if [ -z "$WINDOWS_SIG" ] || [ -z "$WINDOWS_URL" ]; then
echo "error: missing Windows updater signature or URL" >&2
exit 1
fi
if [ -z "$LINUX_SIG" ] || [ -z "$LINUX_URL" ]; then
echo "error: missing Linux updater signature or URL" >&2
exit 1
fi
cat > artifacts/latest.json << MANIFEST
{
"version": "${VERSION}",
"pub_date": "${DATE}",
"platforms": {
"darwin-aarch64": {
"url": "${MACOS_AARCH64_URL}",
"signature": "${MACOS_AARCH64_SIG}"
},
"darwin-x86_64": {
"url": "${MACOS_X86_64_URL}",
"signature": "${MACOS_X86_64_SIG}"
},
"windows-x86_64": {
"url": "${WINDOWS_URL}",
"signature": "${WINDOWS_SIG}"
},
"linux-x86_64": {
"url": "${LINUX_URL}",
"signature": "${LINUX_SIG}"
}
}
}
MANIFEST
echo "Generated latest.json:"
cat artifacts/latest.json
- name: Upload installers to versioned release
uses: softprops/action-gh-release@718ea10b132b3b2eba29c1007bb80653f286566b # v3.0.1
with:
files: |
artifacts/*.dmg
artifacts/*.exe
artifacts/*.AppImage
artifacts/SHA256SUMS-desktop
- name: Upload updater artifacts
env:
GH_TOKEN: ${{ github.token }}
run: |
set -euo pipefail
# Create or update the permanent 'updater' release
if ! gh release view updater --repo "$GITHUB_REPOSITORY" >/dev/null 2>&1; then
gh release create updater \
--repo "$GITHUB_REPOSITORY" \
--title "Auto-Updater Artifacts" \
--notes "Internal release used by the desktop auto-updater. Do not delete." \
--prerelease
fi
# Overwrite existing assets
gh release upload updater \
--repo "$GITHUB_REPOSITORY" \
--clobber \
artifacts/*.app.tar.gz \
artifacts/*.app.tar.gz.sig \
artifacts/*.nsis.zip \
artifacts/*.nsis.zip.sig \
artifacts/*.AppImage.tar.gz \
artifacts/*.AppImage.tar.gz.sig \
artifacts/latest.json