mirror of
https://github.com/outbackdingo/firezone.git
synced 2026-01-28 10:18:51 +00:00
4c0c605c72
Bumps [taiki-e/install-action](https://github.com/taiki-e/install-action) from 2.55.3 to 2.56.19. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/taiki-e/install-action/releases">taiki-e/install-action's releases</a>.</em></p> <blockquote> <h2>2.56.19</h2> <ul> <li>Update <code>cargo-llvm-cov@latest</code> to 0.6.18.</li> </ul> <h2>2.56.18</h2> <ul> <li>Update <code>just@latest</code> to 1.42.3.</li> </ul> <h2>2.56.17</h2> <ul> <li>Update <code>wasmtime@latest</code> to 34.0.2.</li> </ul> <h2>2.56.16</h2> <ul> <li> <p>Update <code>cargo-zigbuild@latest</code> to 0.20.1.</p> </li> <li> <p>Update <code>cargo-lambda@latest</code> to 1.8.6.</p> </li> <li> <p>Update <code>vacuum@latest</code> to 0.17.6.</p> </li> <li> <p>Update <code>earthly@latest</code> to 0.8.16.</p> </li> </ul> <h2>2.56.15</h2> <ul> <li> <p>Fix <code>cargo-valgrind</code> installation error due to their tag rename.</p> </li> <li> <p>Update <code>cargo-valgrind@latest</code> to 2.3.2.</p> </li> <li> <p>Update <code>just@latest</code> to 1.42.2.</p> </li> </ul> <h2>2.56.14</h2> <ul> <li> <p>Update <code>zola@latest</code> to 0.21.0.</p> </li> <li> <p>Update <code>wait-for-them@latest</code> to 0.5.1.</p> </li> <li> <p>Update <code>mdbook@latest</code> to 0.4.52.</p> </li> <li> <p>Update <code>just@latest</code> to 1.42.1.</p> </li> <li> <p>Update <code>cargo-shear@latest</code> to 1.4.0.</p> </li> <li> <p>Update <code>cyclonedx@latest</code> to 0.29.0.</p> </li> </ul> <h2>2.56.13</h2> <ul> <li>Update <code>cargo-nextest@latest</code> to 0.9.101.</li> </ul> <h2>2.56.12</h2> <ul> <li>Update <code>cargo-hack@latest</code> to 0.6.37.</li> </ul> <h2>2.56.11</h2> <ul> <li> <p>Update <code>osv-scanner@latest</code> to 2.1.0.</p> </li> <li> <p>Update <code>cargo-no-dev-deps@latest</code> to 0.2.16.</p> </li> <li> <p>Update <code>cargo-minimal-versions@latest</code> to 0.1.31.</p> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/taiki-e/install-action/blob/main/CHANGELOG.md">taiki-e/install-action's changelog</a>.</em></p> <blockquote> <h1>Changelog</h1> <p>All notable changes to this project will be documented in this file.</p> <p>This project adheres to <a href="https://semver.org">Semantic Versioning</a>.</p> <!-- raw HTML omitted --> <h2>[Unreleased]</h2> <h2>[2.56.19] - 2025-07-19</h2> <ul> <li>Update <code>cargo-llvm-cov@latest</code> to 0.6.18.</li> </ul> <h2>[2.56.18] - 2025-07-19</h2> <ul> <li>Update <code>just@latest</code> to 1.42.3.</li> </ul> <h2>[2.56.17] - 2025-07-18</h2> <ul> <li>Update <code>wasmtime@latest</code> to 34.0.2.</li> </ul> <h2>[2.56.16] - 2025-07-18</h2> <ul> <li> <p>Update <code>cargo-zigbuild@latest</code> to 0.20.1.</p> </li> <li> <p>Update <code>cargo-lambda@latest</code> to 1.8.6.</p> </li> <li> <p>Update <code>vacuum@latest</code> to 0.17.6.</p> </li> <li> <p>Update <code>earthly@latest</code> to 0.8.16.</p> </li> </ul> <h2>[2.56.15] - 2025-07-16</h2> <ul> <li> <p>Fix <code>cargo-valgrind</code> installation error due to their tag rename.</p> </li> <li> <p>Update <code>cargo-valgrind@latest</code> to 2.3.2.</p> </li> <li> <p>Update <code>just@latest</code> to 1.42.2.</p> </li> </ul> <h2>[2.56.14] - 2025-07-15</h2> <ul> <li> <p>Update <code>zola@latest</code> to 0.21.0.</p> </li> <li> <p>Update <code>wait-for-them@latest</code> to 0.5.1.</p> </li> <li> <p>Update <code>mdbook@latest</code> to 0.4.52.</p> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="c99cc51b30"><code>c99cc51</code></a> Release 2.56.19</li> <li><a href="35aa282e0f"><code>35aa282</code></a> Update <code>cargo-llvm-cov@latest</code> to 0.6.18</li> <li><a href="8962e8bc90"><code>8962e8b</code></a> Release 2.56.18</li> <li><a href="86ed27786e"><code>86ed277</code></a> Update <code>just@latest</code> to 1.42.3</li> <li><a href="d8fcd11e5f"><code>d8fcd11</code></a> Release 2.56.17</li> <li><a href="03efa19be6"><code>03efa19</code></a> Update readme</li> <li><a href="14dc975de9"><code>14dc975</code></a> ci: Fix debian 10 setup</li> <li><a href="00c7072f52"><code>00c7072</code></a> Update wasmtime manifest</li> <li><a href="8520ed0913"><code>8520ed0</code></a> Release 2.56.16</li> <li><a href="56de642f63"><code>56de642</code></a> Update <code>cargo-zigbuild@latest</code> to 0.20.1</li> <li>Additional commits viewable in <a href="9ca1734d89...c99cc51b30">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
204 lines
7.6 KiB
YAML
204 lines
7.6 KiB
YAML
name: Tauri
|
|
on:
|
|
workflow_call:
|
|
workflow_dispatch:
|
|
|
|
defaults:
|
|
run:
|
|
working-directory: ./rust/gui-client
|
|
|
|
# Never tolerate warnings. Source of truth is `_rust.yml`
|
|
env:
|
|
RUSTFLAGS: "-Dwarnings"
|
|
RUSTDOCFLAGS: "-D warnings"
|
|
TSLINK_BUILD: true
|
|
|
|
permissions:
|
|
contents: "read"
|
|
id-token: "write"
|
|
|
|
jobs:
|
|
update-release-draft:
|
|
permissions:
|
|
contents: write # for updating the release draft
|
|
id-token: write
|
|
name: update-release-draft
|
|
runs-on: ubuntu-22.04-xlarge
|
|
env:
|
|
# mark:next-gui-version
|
|
RELEASE_NAME: gui-client-1.5.6
|
|
steps:
|
|
- uses: release-drafter/release-drafter@b1476f6e6eb133afa41ed8589daba6dc69b4d3f5 # v6.1.0
|
|
if: "${{ github.event_name == 'workflow_dispatch' && github.ref_name == 'main' }}"
|
|
id: update-release-draft
|
|
with:
|
|
config-name: release-drafter-gui-client.yml
|
|
tag: ${{ env.RELEASE_NAME }}
|
|
version: ${{ env.RELEASE_NAME }}
|
|
name: ${{ env.RELEASE_NAME }}
|
|
commitish: ${{ github.sha }}
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
static-analysis:
|
|
runs-on: ubuntu-22.04-xlarge
|
|
steps:
|
|
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
|
- uses: ./.github/actions/setup-node
|
|
- run: pnpm install
|
|
- run: pnpm eslint .
|
|
|
|
# Runs the Tauri client smoke test, built in debug mode. We can't run it in release
|
|
# mode because of a known issue: <https://github.com/firezone/firezone/blob/456e044f882c2bb314e19cc44c0d19c5ad817b7c/rust/windows-client/src-tauri/src/client.rs#L162-L164>
|
|
smoke-test:
|
|
name: gui-smoke-test-${{ matrix.runs-on }}
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
runs-on:
|
|
[
|
|
ubuntu-22.04-xlarge,
|
|
ubuntu-24.04-xlarge,
|
|
windows-2022-xlarge,
|
|
windows-2025-xlarge,
|
|
]
|
|
runs-on: ${{ matrix.runs-on }}
|
|
defaults:
|
|
run:
|
|
# Must be in this dir for `pnpm` to work
|
|
working-directory: ./rust/gui-client
|
|
# The Windows client ignores RUST_LOG because it uses a settings file instead
|
|
steps:
|
|
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
|
- uses: ./.github/actions/setup-node
|
|
- uses: ./.github/actions/setup-rust
|
|
- uses: ./.github/actions/setup-tauri-v2
|
|
timeout-minutes: 10
|
|
with:
|
|
runtime: true
|
|
- run: pnpm install
|
|
- run: pnpm vite build
|
|
- name: Build client
|
|
run: cargo build -p firezone-gui-client --all-targets
|
|
- uses: taiki-e/install-action@c99cc51b309eee71a866715cfa08c922f11cf898 # v2.56.19
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
with:
|
|
tool: dump_syms
|
|
- name: Run smoke test
|
|
working-directory: ./rust
|
|
run: cargo run -p gui-smoke-test
|
|
timeout-minutes: 2
|
|
|
|
build-gui:
|
|
name: build-gui-${{ matrix.runs-on }}
|
|
needs: update-release-draft
|
|
runs-on: ${{ matrix.runs-on }}
|
|
permissions:
|
|
contents: write # for attaching the build artifacts to the release
|
|
id-token: write
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
include:
|
|
- runs-on: ubuntu-22.04-xlarge
|
|
arch: x86_64
|
|
os: linux
|
|
pkg-extension: deb
|
|
- runs-on: ubuntu-22.04-arm-xlarge
|
|
arch: aarch64
|
|
os: linux
|
|
pkg-extension: deb
|
|
- runs-on: windows-2022-xlarge
|
|
arch: x86_64
|
|
os: windows
|
|
pkg-extension: msi
|
|
env:
|
|
# mark:next-gui-version
|
|
ARTIFACT_SRC: ./rust/gui-client/firezone-client-gui-${{ matrix.os }}_1.5.6_${{ matrix.arch }}
|
|
# mark:next-gui-version
|
|
ARTIFACT_DST: firezone-client-gui-${{ matrix.os }}_1.5.6_${{ matrix.arch }}
|
|
AZURE_KEY_VAULT_URI: ${{ secrets.AZURE_KEY_VAULT_URI }}
|
|
AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
|
|
AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
|
|
AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }}
|
|
AZURE_CERT_NAME: ${{ secrets.AZURE_CERT_NAME }}
|
|
# mark:next-gui-version
|
|
BINARY_DEST_PATH: firezone-client-gui-${{ matrix.os }}_1.5.6_${{ matrix.arch }}
|
|
# Seems like there's no way to de-dupe env vars that depend on each other
|
|
# mark:next-gui-version
|
|
FIREZONE_GUI_VERSION: 1.5.6
|
|
RENAME_SCRIPT: ../../scripts/build/tauri-rename-${{ matrix.os }}.sh
|
|
TEST_INSTALL_SCRIPT: ../../scripts/tests/gui-client-install-${{ matrix.os }}-${{ matrix.pkg-extension }}.sh
|
|
TARGET_DIR: ../target
|
|
UPLOAD_SCRIPT: ../../scripts/build/tauri-upload-${{ matrix.os }}.sh
|
|
steps:
|
|
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
|
with:
|
|
fetch-tags: true # Otherwise we cannot embed the correct version into the build.
|
|
- uses: ./.github/actions/setup-node
|
|
- uses: ./.github/actions/setup-rust
|
|
- uses: ./.github/actions/setup-tauri-v2
|
|
# Installing new packages can take time
|
|
timeout-minutes: 10
|
|
- uses: matbour/setup-sentry-cli@3e938c54b3018bdd019973689ef984e033b0454b #v2.0.0
|
|
with:
|
|
token: ${{ secrets.SENTRY_AUTH_TOKEN }}
|
|
organization: firezone-inc
|
|
- name: Install pnpm deps
|
|
run: pnpm install
|
|
- name: Install AzureSignTool
|
|
if: ${{ runner.os == 'Windows' }}
|
|
shell: bash
|
|
run: dotnet tool install --global AzureSignTool
|
|
- name: Build release exe and MSI / deb
|
|
env:
|
|
CARGO_PROFILE_RELEASE_LTO: thin # Fat LTO is getting too slow / RAM-hungry on Tauri builds
|
|
# Signs the exe before bundling it into the MSI
|
|
run: pnpm build
|
|
- name: Ensure unmodified Git workspace
|
|
run: git diff --exit-code
|
|
# We need to sign the exe inside the MSI. Currently
|
|
# we do this in a "beforeBundleCommand" hook in tauri.windows.conf.json.
|
|
# But this will soon be natively supported in Tauri.
|
|
# TODO: Use Tauri's native MSI signing with support for EV certs
|
|
# See https://github.com/tauri-apps/tauri/pull/8718
|
|
- name: Sign the MSI
|
|
if: ${{ runner.os == 'Windows' }}
|
|
shell: bash
|
|
run: ../../scripts/build/sign.sh ../target/release/bundle/msi/Firezone_${{ env.FIREZONE_GUI_VERSION }}_x64_en-US.msi
|
|
- name: Rename artifacts and compute SHA256
|
|
shell: bash
|
|
run: ${{ env.RENAME_SCRIPT }}
|
|
- name: Upload deb / msi package
|
|
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
|
|
with:
|
|
name: ${{ env.ARTIFACT_DST }}-${{ matrix.pkg-extension }}
|
|
path: ${{ env.ARTIFACT_SRC }}.${{ matrix.pkg-extension }}
|
|
if-no-files-found: error
|
|
- name: Upload rpm package
|
|
if: "${{ runner.os == 'Linux' }}"
|
|
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
|
|
with:
|
|
name: ${{ env.ARTIFACT_DST }}-rpm
|
|
path: ${{ env.ARTIFACT_SRC }}.rpm
|
|
if-no-files-found: error
|
|
- name: Test installation
|
|
if: "${{ github.event_name == 'workflow_dispatch' }}"
|
|
shell: bash
|
|
run: ${{ env.TEST_INSTALL_SCRIPT }}
|
|
|
|
- name: Upload debug symbols to Sentry
|
|
if: "${{ github.event_name == 'workflow_dispatch' && github.ref_name == 'main' }}"
|
|
run: |
|
|
sentry-cli debug-files upload --log-level info --project gui-client --include-sources ../target
|
|
|
|
- name: Upload Release Assets
|
|
if: "${{ github.event_name == 'workflow_dispatch' && github.ref_name == 'main' }}"
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
REPOSITORY: ${{ github.repository }}
|
|
TAG_NAME: gui-client-${{ env.FIREZONE_GUI_VERSION }}
|
|
shell: bash
|
|
run: ${{ env.UPLOAD_SCRIPT }}
|