mirror of
https://github.com/outbackdingo/firezone.git
synced 2026-01-27 10:18:54 +00:00
40aba05742
Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 5. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/checkout/releases">actions/checkout's releases</a>.</em></p> <blockquote> <h2>v5.0.0</h2> <h2>What's Changed</h2> <ul> <li>Update actions checkout to use node 24 by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2226">actions/checkout#2226</a></li> <li>Prepare v5.0.0 release by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2238">actions/checkout#2238</a></li> </ul> <h2>⚠️ Minimum Compatible Runner Version</h2> <p><strong>v2.327.1</strong><br /> <a href="https://github.com/actions/runner/releases/tag/v2.327.1">Release Notes</a></p> <p>Make sure your runner is updated to this version or newer to use this release.</p> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v4...v5.0.0">https://github.com/actions/checkout/compare/v4...v5.0.0</a></p> <h2>v4.3.0</h2> <h2>What's Changed</h2> <ul> <li>docs: update README.md by <a href="https://github.com/motss"><code>@motss</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1971">actions/checkout#1971</a></li> <li>Add internal repos for checking out multiple repositories by <a href="https://github.com/mouismail"><code>@mouismail</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1977">actions/checkout#1977</a></li> <li>Documentation update - add recommended permissions to Readme by <a href="https://github.com/benwells"><code>@benwells</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2043">actions/checkout#2043</a></li> <li>Adjust positioning of user email note and permissions heading by <a href="https://github.com/joshmgross"><code>@joshmgross</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2044">actions/checkout#2044</a></li> <li>Update README.md by <a href="https://github.com/nebuk89"><code>@nebuk89</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2194">actions/checkout#2194</a></li> <li>Update CODEOWNERS for actions by <a href="https://github.com/TingluoHuang"><code>@TingluoHuang</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2224">actions/checkout#2224</a></li> <li>Update package dependencies by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2236">actions/checkout#2236</a></li> <li>Prepare release v4.3.0 by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2237">actions/checkout#2237</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/motss"><code>@motss</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/1971">actions/checkout#1971</a></li> <li><a href="https://github.com/mouismail"><code>@mouismail</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/1977">actions/checkout#1977</a></li> <li><a href="https://github.com/benwells"><code>@benwells</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/2043">actions/checkout#2043</a></li> <li><a href="https://github.com/nebuk89"><code>@nebuk89</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/2194">actions/checkout#2194</a></li> <li><a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/2236">actions/checkout#2236</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v4...v4.3.0">https://github.com/actions/checkout/compare/v4...v4.3.0</a></p> <h2>v4.2.2</h2> <h2>What's Changed</h2> <ul> <li><code>url-helper.ts</code> now leverages well-known environment variables by <a href="https://github.com/jww3"><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1941">actions/checkout#1941</a></li> <li>Expand unit test coverage for <code>isGhes</code> by <a href="https://github.com/jww3"><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1946">actions/checkout#1946</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v4.2.1...v4.2.2">https://github.com/actions/checkout/compare/v4.2.1...v4.2.2</a></p> <h2>v4.2.1</h2> <h2>What's Changed</h2> <ul> <li>Check out other refs/* by commit if provided, fall back to ref by <a href="https://github.com/orhantoy"><code>@orhantoy</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1924">actions/checkout#1924</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/Jcambass"><code>@Jcambass</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/1919">actions/checkout#1919</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v4.2.0...v4.2.1">https://github.com/actions/checkout/compare/v4.2.0...v4.2.1</a></p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="08c6903cd8"><code>08c6903</code></a> Prepare v5.0.0 release (<a href="https://redirect.github.com/actions/checkout/issues/2238">#2238</a>)</li> <li><a href="9f265659d3"><code>9f26565</code></a> Update actions checkout to use node 24 (<a href="https://redirect.github.com/actions/checkout/issues/2226">#2226</a>)</li> <li>See full diff in <a href="https://github.com/actions/checkout/compare/v4...v5">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
211 lines
8.0 KiB
YAML
211 lines
8.0 KiB
YAML
name: Tauri
|
|
on:
|
|
workflow_call:
|
|
workflow_dispatch:
|
|
|
|
defaults:
|
|
run:
|
|
working-directory: ./rust/gui-client
|
|
|
|
# Never tolerate warnings. Source of truth is `_rust.yml`
|
|
env:
|
|
RUSTFLAGS: "-Dwarnings"
|
|
RUSTDOCFLAGS: "-D warnings"
|
|
TSLINK_BUILD: true
|
|
|
|
permissions:
|
|
contents: "read"
|
|
id-token: "write"
|
|
|
|
jobs:
|
|
update-release-draft:
|
|
permissions:
|
|
contents: write # for updating the release draft
|
|
id-token: write
|
|
name: update-release-draft
|
|
runs-on: ubuntu-24.04
|
|
env:
|
|
# mark:next-gui-version
|
|
RELEASE_NAME: gui-client-1.5.8
|
|
steps:
|
|
- uses: release-drafter/release-drafter@b1476f6e6eb133afa41ed8589daba6dc69b4d3f5 # v6.1.0
|
|
if: "${{ github.event_name == 'workflow_dispatch' && github.ref_name == 'main' }}"
|
|
id: update-release-draft
|
|
with:
|
|
config-name: release-drafter-gui-client.yml
|
|
tag: ${{ env.RELEASE_NAME }}
|
|
version: ${{ env.RELEASE_NAME }}
|
|
name: ${{ env.RELEASE_NAME }}
|
|
commitish: ${{ github.sha }}
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
static-analysis:
|
|
runs-on: ubuntu-24.04
|
|
steps:
|
|
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
|
|
- uses: ./.github/actions/setup-node
|
|
with:
|
|
npmjs-token: ${{ secrets.NPMJS_TOKEN }}
|
|
lockfile-dir: ./rust/gui-client
|
|
- run: pnpm install
|
|
- run: pnpm eslint .
|
|
|
|
# Runs the Tauri client smoke test, built in debug mode. We can't run it in release
|
|
# mode because of a known issue: <https://github.com/firezone/firezone/blob/456e044f882c2bb314e19cc44c0d19c5ad817b7c/rust/windows-client/src-tauri/src/client.rs#L162-L164>
|
|
smoke-test:
|
|
name: gui-smoke-test-${{ matrix.runs-on }}
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
runs-on: [ubuntu-22.04, ubuntu-24.04, windows-2022, windows-2025]
|
|
runs-on: ${{ matrix.runs-on }}
|
|
defaults:
|
|
run:
|
|
# Must be in this dir for `pnpm` to work
|
|
working-directory: ./rust/gui-client
|
|
# The Windows client ignores RUST_LOG because it uses a settings file instead
|
|
steps:
|
|
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
|
|
- uses: ./.github/actions/setup-node
|
|
with:
|
|
npmjs-token: ${{ secrets.NPMJS_TOKEN }}
|
|
lockfile-dir: ./rust/gui-client
|
|
- uses: ./.github/actions/setup-rust
|
|
with:
|
|
sccache_azure_connection_string: ${{ secrets.SCCACHE_AZURE_CONNECTION_STRING }}
|
|
- uses: ./.github/actions/setup-tauri-v2
|
|
timeout-minutes: 15
|
|
with:
|
|
runtime: true
|
|
- run: pnpm install
|
|
- run: pnpm vite build
|
|
- name: Build client
|
|
run: cargo build -p firezone-gui-client --all-targets
|
|
- uses: taiki-e/install-action@d31232495ad76f47aad66e3501e47780b49f0f3e # v2.57.5
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
with:
|
|
tool: dump_syms
|
|
- name: Run smoke test
|
|
working-directory: ./rust
|
|
run: cargo run -p gui-smoke-test
|
|
timeout-minutes: 2
|
|
|
|
build-gui:
|
|
name: build-gui-${{ matrix.runs-on }}
|
|
needs: update-release-draft
|
|
runs-on: ${{ matrix.runs-on }}
|
|
permissions:
|
|
contents: write # for attaching the build artifacts to the release
|
|
id-token: write
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
include:
|
|
- runs-on: ubuntu-22.04
|
|
arch: x86_64
|
|
os: linux
|
|
pkg-extension: deb
|
|
- runs-on: ubuntu-22.04-arm
|
|
arch: aarch64
|
|
os: linux
|
|
pkg-extension: deb
|
|
- runs-on: windows-2022
|
|
arch: x86_64
|
|
os: windows
|
|
pkg-extension: msi
|
|
env:
|
|
# mark:next-gui-version
|
|
ARTIFACT_SRC: ./rust/gui-client/firezone-client-gui-${{ matrix.os }}_1.5.8_${{ matrix.arch }}
|
|
# mark:next-gui-version
|
|
ARTIFACT_DST: firezone-client-gui-${{ matrix.os }}_1.5.8_${{ matrix.arch }}
|
|
AZURE_KEY_VAULT_URI: ${{ secrets.AZURE_KEY_VAULT_URI }}
|
|
AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
|
|
AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
|
|
AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }}
|
|
AZURE_CERT_NAME: ${{ secrets.AZURE_CERT_NAME }}
|
|
# mark:next-gui-version
|
|
BINARY_DEST_PATH: firezone-client-gui-${{ matrix.os }}_1.5.8_${{ matrix.arch }}
|
|
# Seems like there's no way to de-dupe env vars that depend on each other
|
|
# mark:next-gui-version
|
|
FIREZONE_GUI_VERSION: 1.5.8
|
|
RENAME_SCRIPT: ../../scripts/build/tauri-rename-${{ matrix.os }}.sh
|
|
TEST_INSTALL_SCRIPT: ../../scripts/tests/gui-client-install-${{ matrix.os }}-${{ matrix.pkg-extension }}.sh
|
|
TARGET_DIR: ../target
|
|
UPLOAD_SCRIPT: ../../scripts/build/tauri-upload-${{ matrix.os }}.sh
|
|
steps:
|
|
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
|
|
with:
|
|
fetch-tags: true # Otherwise we cannot embed the correct version into the build.
|
|
- uses: ./.github/actions/setup-node
|
|
with:
|
|
npmjs-token: ${{ secrets.NPMJS_TOKEN }}
|
|
lockfile-dir: ./rust/gui-client
|
|
- uses: ./.github/actions/setup-rust
|
|
with:
|
|
sccache_azure_connection_string: ${{ secrets.SCCACHE_AZURE_CONNECTION_STRING }}
|
|
- uses: ./.github/actions/setup-tauri-v2
|
|
# Installing new packages can take time
|
|
timeout-minutes: 15
|
|
- uses: matbour/setup-sentry-cli@3e938c54b3018bdd019973689ef984e033b0454b #v2.0.0
|
|
with:
|
|
token: ${{ secrets.SENTRY_AUTH_TOKEN }}
|
|
organization: firezone-inc
|
|
- name: Install pnpm deps
|
|
run: pnpm install
|
|
- name: Install AzureSignTool
|
|
if: ${{ runner.os == 'Windows' }}
|
|
shell: bash
|
|
run: dotnet tool install --global AzureSignTool
|
|
- name: Build release exe and MSI / deb
|
|
env:
|
|
CARGO_PROFILE_RELEASE_LTO: thin # Fat LTO is getting too slow / RAM-hungry on Tauri builds
|
|
# Signs the exe before bundling it into the MSI
|
|
run: pnpm build
|
|
- name: Ensure unmodified Git workspace
|
|
run: git diff --exit-code
|
|
# We need to sign the exe inside the MSI. Currently
|
|
# we do this in a "beforeBundleCommand" hook in tauri.windows.conf.json.
|
|
# But this will soon be natively supported in Tauri.
|
|
# TODO: Use Tauri's native MSI signing with support for EV certs
|
|
# See https://github.com/tauri-apps/tauri/pull/8718
|
|
- name: Sign the MSI
|
|
if: ${{ runner.os == 'Windows' }}
|
|
shell: bash
|
|
run: ../../scripts/build/sign.sh ../target/release/bundle/msi/Firezone_${{ env.FIREZONE_GUI_VERSION }}_x64_en-US.msi
|
|
- name: Rename artifacts and compute SHA256
|
|
shell: bash
|
|
run: ${{ env.RENAME_SCRIPT }}
|
|
- name: Upload deb / msi package
|
|
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
|
|
with:
|
|
name: ${{ env.ARTIFACT_DST }}-${{ matrix.pkg-extension }}
|
|
path: ${{ env.ARTIFACT_SRC }}.${{ matrix.pkg-extension }}
|
|
if-no-files-found: error
|
|
- name: Upload rpm package
|
|
if: "${{ runner.os == 'Linux' }}"
|
|
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
|
|
with:
|
|
name: ${{ env.ARTIFACT_DST }}-rpm
|
|
path: ${{ env.ARTIFACT_SRC }}.rpm
|
|
if-no-files-found: error
|
|
- name: Test installation
|
|
if: "${{ github.event_name == 'workflow_dispatch' }}"
|
|
shell: bash
|
|
run: ${{ env.TEST_INSTALL_SCRIPT }}
|
|
|
|
- name: Upload debug symbols to Sentry
|
|
if: "${{ github.event_name == 'workflow_dispatch' && github.ref_name == 'main' }}"
|
|
run: |
|
|
sentry-cli debug-files upload --log-level info --project gui-client --include-sources ../target
|
|
|
|
- name: Upload Release Assets
|
|
if: "${{ github.event_name == 'workflow_dispatch' && github.ref_name == 'main' }}"
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
REPOSITORY: ${{ github.repository }}
|
|
TAG_NAME: gui-client-${{ env.FIREZONE_GUI_VERSION }}
|
|
shell: bash
|
|
run: ${{ env.UPLOAD_SCRIPT }}
|