github-personal/firezone
1
0
Fork 0
mirror of https://github.com/outbackdingo/firezone.git synced 2026-01-27 10:18:54 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
3226d434c2b73be3774bbc3dd00acdb3fb9603c4
firezone/.github/workflows/_tauri.yml
dependabot[bot] 001cedd844 build(deps): bump actions/upload-artifact from 4.6.2 to 5.0.0 (#10950) 
Bumps
[actions/upload-artifact](https://github.com/actions/upload-artifact)
from 4.6.2 to 5.0.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/upload-artifact/releases">actions/upload-artifact's
releases</a>.</em></p>
<blockquote>
<h2>v5.0.0</h2>
<h2>What's Changed</h2>
<p><strong>BREAKING CHANGE:</strong> this update supports Node
<code>v24.x</code>. This is not a breaking change per-se but we're
treating it as such.</p>
<ul>
<li>Update README.md by <a
href="https://github.com/GhadimiR"><code>@​GhadimiR</code></a> in <a
href="https://redirect.github.com/actions/upload-artifact/pull/681">actions/upload-artifact#681</a></li>
<li>Update README.md by <a
href="https://github.com/nebuk89"><code>@​nebuk89</code></a> in <a
href="https://redirect.github.com/actions/upload-artifact/pull/712">actions/upload-artifact#712</a></li>
<li>Readme: spell out the first use of GHES by <a
href="https://github.com/danwkennedy"><code>@​danwkennedy</code></a> in
<a
href="https://redirect.github.com/actions/upload-artifact/pull/727">actions/upload-artifact#727</a></li>
<li>Update GHES guidance to include reference to Node 20 version by <a
href="https://github.com/patrikpolyak"><code>@​patrikpolyak</code></a>
in <a
href="https://redirect.github.com/actions/upload-artifact/pull/725">actions/upload-artifact#725</a></li>
<li>Bump <code>@actions/artifact</code> to <code>v4.0.0</code></li>
<li>Prepare <code>v5.0.0</code> by <a
href="https://github.com/danwkennedy"><code>@​danwkennedy</code></a> in
<a
href="https://redirect.github.com/actions/upload-artifact/pull/734">actions/upload-artifact#734</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/GhadimiR"><code>@​GhadimiR</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/upload-artifact/pull/681">actions/upload-artifact#681</a></li>
<li><a href="https://github.com/nebuk89"><code>@​nebuk89</code></a> made
their first contribution in <a
href="https://redirect.github.com/actions/upload-artifact/pull/712">actions/upload-artifact#712</a></li>
<li><a
href="https://github.com/danwkennedy"><code>@​danwkennedy</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/upload-artifact/pull/727">actions/upload-artifact#727</a></li>
<li><a
href="https://github.com/patrikpolyak"><code>@​patrikpolyak</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/upload-artifact/pull/725">actions/upload-artifact#725</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/upload-artifact/compare/v4...v5.0.0">https://github.com/actions/upload-artifact/compare/v4...v5.0.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="330a01c490"><code>330a01c</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/upload-artifact/issues/734">#734</a>
from actions/danwkennedy/prepare-5.0.0</li>
<li><a
href="03f2824452"><code>03f2824</code></a>
Update <code>github.dep.yml</code></li>
<li><a
href="905a1ecb59"><code>905a1ec</code></a>
Prepare <code>v5.0.0</code></li>
<li><a
href="2d9f9cdfa9"><code>2d9f9cd</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/upload-artifact/issues/725">#725</a>
from patrikpolyak/patch-1</li>
<li><a
href="9687587dec"><code>9687587</code></a>
Merge branch 'main' into patch-1</li>
<li><a
href="2848b2cda0"><code>2848b2c</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/upload-artifact/issues/727">#727</a>
from danwkennedy/patch-1</li>
<li><a
href="9b511775fd"><code>9b51177</code></a>
Spell out the first use of GHES</li>
<li><a
href="cd231ca1ed"><code>cd231ca</code></a>
Update GHES guidance to include reference to Node 20 version</li>
<li><a
href="de65e23aa2"><code>de65e23</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/upload-artifact/issues/712">#712</a>
from actions/nebuk89-patch-1</li>
<li><a
href="8747d8cd76"><code>8747d8c</code></a>
Update README.md</li>
<li>Additional commits viewable in <a
href="ea165f8d65...330a01c490">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/upload-artifact&package-manager=github_actions&previous-version=4.6.2&new-version=5.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-11-24 15:51:22 +00:00

224 lines
8.6 KiB
YAML
Raw Blame History

name: Build Tauri app
on:
workflow_call:
workflow_dispatch:
defaults:
run:
working-directory: ./rust/gui-client
env:
TSLINK_BUILD: true
permissions:
contents: "read"
id-token: "write"
jobs:
update-release-draft:
permissions:
contents: write # for updating the release draft
id-token: write
name: update-release-draft
runs-on: ubuntu-24.04
env:
# mark:next-gui-version
RELEASE_NAME: gui-client-1.5.9
steps:
- uses: release-drafter/release-drafter@b1476f6e6eb133afa41ed8589daba6dc69b4d3f5 # v6.1.0
if: "${{ github.event_name == 'workflow_dispatch' && github.ref_name == 'main' }}"
id: update-release-draft
with:
config-name: release-drafter-gui-client.yml
tag: ${{ env.RELEASE_NAME }}
version: ${{ env.RELEASE_NAME }}
name: ${{ env.RELEASE_NAME }}
commitish: ${{ github.sha }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
static-analysis:
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- uses: ./.github/actions/setup-node
with:
npmjs-token: ${{ secrets.NPMJS_TOKEN }}
lockfile-dir: ./rust/gui-client
- run: pnpm install
- run: pnpm eslint .
# Runs the Tauri client smoke test, built in debug mode. We can't run it in release
# mode because of a known issue: <https://github.com/firezone/firezone/blob/456e044f882c2bb314e19cc44c0d19c5ad817b7c/rust/windows-client/src-tauri/src/client.rs#L162-L164>
smoke-test:
name: gui-smoke-test-${{ matrix.runs-on }}
strategy:
fail-fast: ${{ github.event_name == 'merge_group' }}
matrix:
runs-on: [ubuntu-22.04, ubuntu-24.04, windows-2022, windows-2025]
runs-on: ${{ matrix.runs-on }}
defaults:
run:
# Must be in this dir for `pnpm` to work
working-directory: ./rust/gui-client
# The Windows client ignores RUST_LOG because it uses a settings file instead
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- uses: ./.github/actions/setup-node
with:
npmjs-token: ${{ secrets.NPMJS_TOKEN }}
lockfile-dir: ./rust/gui-client
- uses: ./.github/actions/setup-rust
with:
sccache_azure_connection_string: ${{ secrets.SCCACHE_AZURE_CONNECTION_STRING }}
- uses: ./.github/actions/setup-tauri-v2
timeout-minutes: 15
with:
runtime: true
- run: pnpm install
- run: pnpm vite build
- name: Build client
run: cargo build -p firezone-gui-client --all-targets
- uses: taiki-e/install-action@d31232495ad76f47aad66e3501e47780b49f0f3e # v2.57.5
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tool: dump_syms
- name: Run smoke test
working-directory: ./rust
run: cargo run -p gui-smoke-test
timeout-minutes: 2
build-gui:
name: build-gui-${{ matrix.runs-on }}
needs: update-release-draft
runs-on: ${{ matrix.runs-on }}
permissions:
contents: write # for attaching the build artifacts to the release
id-token: write
strategy:
fail-fast: ${{ github.event_name == 'merge_group' }}
matrix:
include:
- runs-on: ubuntu-22.04
arch: x86_64
os: linux
pkg-extension: deb
- runs-on: ubuntu-22.04-arm
arch: aarch64
os: linux
pkg-extension: deb
- runs-on: windows-2022
arch: x86_64
os: windows
pkg-extension: msi
env:
# mark:next-gui-version
ARTIFACT_SRC: ./rust/gui-client/firezone-client-gui-${{ matrix.os }}_1.5.9_${{ matrix.arch }}
# mark:next-gui-version
ARTIFACT_DST: firezone-client-gui-${{ matrix.os }}_1.5.9_${{ matrix.arch }}
AZURE_KEY_VAULT_URI: ${{ secrets.AZURE_KEY_VAULT_URI }}
AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }}
AZURE_CERT_NAME: ${{ secrets.AZURE_CERT_NAME }}
# mark:next-gui-version
BINARY_DEST_PATH: firezone-client-gui-${{ matrix.os }}_1.5.9_${{ matrix.arch }}
# Seems like there's no way to de-dupe env vars that depend on each other
# mark:next-gui-version
FIREZONE_GUI_VERSION: 1.5.9
RENAME_SCRIPT: ../../scripts/build/tauri-rename-${{ matrix.os }}.sh
TEST_INSTALL_SCRIPT: ../../scripts/tests/gui-client-install-${{ matrix.os }}-${{ matrix.pkg-extension }}.sh
TARGET_DIR: ../target
UPLOAD_SCRIPT: ../../scripts/build/tauri-upload-${{ matrix.os }}.sh
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
fetch-tags: true # Otherwise we cannot embed the correct version into the build.
- uses: ./.github/actions/setup-node
with:
npmjs-token: ${{ secrets.NPMJS_TOKEN }}
lockfile-dir: ./rust/gui-client
- uses: ./.github/actions/setup-rust
with:
sccache_azure_connection_string: ${{ secrets.SCCACHE_AZURE_CONNECTION_STRING }}
- uses: ./.github/actions/setup-tauri-v2
# Installing new packages can take time
timeout-minutes: 15
- uses: matbour/setup-sentry-cli@3e938c54b3018bdd019973689ef984e033b0454b #v2.0.0
with:
token: ${{ secrets.SENTRY_AUTH_TOKEN }}
organization: firezone-inc
- name: Install pnpm deps
run: pnpm install
- uses: ./.github/actions/setup-azure-sign-tool
- name: Build release exe and MSI / deb
env:
CARGO_PROFILE_RELEASE_LTO: thin # Fat LTO is getting too slow / RAM-hungry on Tauri builds
# Signs the exe before bundling it into the MSI
run: pnpm build
- name: Ensure unmodified Git workspace
run: git diff --exit-code
# We need to sign the exe inside the MSI. Currently
# we do this in a "beforeBundleCommand" hook in tauri.windows.conf.json.
# But this will soon be natively supported in Tauri.
# TODO: Use Tauri's native MSI signing with support for EV certs
# See https://github.com/tauri-apps/tauri/pull/8718
- name: Sign the MSI
if: ${{ runner.os == 'Windows' }}
shell: bash
run: ../../scripts/build/sign.sh ../target/release/bundle/msi/Firezone_${{ env.FIREZONE_GUI_VERSION }}_x64_en-US.msi
- name: Rename artifacts and compute SHA256
shell: bash
run: ${{ env.RENAME_SCRIPT }}
- name: Upload deb / msi package
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
with:
name: ${{ env.ARTIFACT_DST }}-${{ matrix.pkg-extension }}
path: ${{ env.ARTIFACT_SRC }}.${{ matrix.pkg-extension }}
if-no-files-found: error
- name: Upload rpm package
if: "${{ runner.os == 'Linux' }}"
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
with:
name: ${{ env.ARTIFACT_DST }}-rpm
path: ${{ env.ARTIFACT_SRC }}.rpm
if-no-files-found: error
- name: Test installation
if: "${{ github.event_name == 'workflow_dispatch' }}"
shell: bash
run: ${{ env.TEST_INSTALL_SCRIPT }}
- name: Upload debug symbols to Sentry
if: "${{ github.event_name == 'workflow_dispatch' && github.ref_name == 'main' }}"
run: |
sentry-cli debug-files upload --log-level info --project gui-client --include-sources ../target
- name: Upload Release Assets
if: "${{ github.event_name == 'workflow_dispatch' && github.ref_name == 'main' }}"
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
REPOSITORY: ${{ github.repository }}
TAG_NAME: gui-client-${{ env.FIREZONE_GUI_VERSION }}
shell: bash
run: ${{ env.UPLOAD_SCRIPT }}
- name: Upload to preview repository
if: ${{ github.event_name == 'workflow_dispatch' && github.ref_name == 'main' && runner.os == 'Linux' }}
shell: bash
run: |
az storage blob upload-batch \
--destination apt \
--source . \
--pattern "*.deb" \
--destination-path import-preview \
--overwrite \
--no-progress \
--connection-string "${{ secrets.AZURERM_ARTIFACTS_CONNECTION_STRING }}"
regenerate-apt-index:
needs: build-gui
if: ${{ github.event_name == 'workflow_dispatch' && github.ref_name == 'main' }}
uses: ./.github/workflows/_apt.yml
secrets: inherit
Reference in New Issue View Git Blame Copy Permalink