mirror of
https://github.com/outbackdingo/firezone.git
synced 2026-01-27 18:18:55 +00:00
204 lines
7.6 KiB
YAML
204 lines
7.6 KiB
YAML
name: Tauri
|
|
on:
|
|
workflow_call:
|
|
workflow_dispatch:
|
|
|
|
defaults:
|
|
run:
|
|
working-directory: ./rust/gui-client
|
|
|
|
# Never tolerate warnings. Source of truth is `_rust.yml`
|
|
env:
|
|
RUSTFLAGS: "-Dwarnings"
|
|
RUSTDOCFLAGS: "-D warnings"
|
|
TSLINK_BUILD: true
|
|
|
|
permissions:
|
|
contents: "read"
|
|
id-token: "write"
|
|
|
|
jobs:
|
|
update-release-draft:
|
|
permissions:
|
|
contents: write # for updating the release draft
|
|
id-token: write
|
|
name: update-release-draft
|
|
runs-on: ubuntu-22.04-xlarge
|
|
env:
|
|
# mark:next-gui-version
|
|
RELEASE_NAME: gui-client-1.5.7
|
|
steps:
|
|
- uses: release-drafter/release-drafter@b1476f6e6eb133afa41ed8589daba6dc69b4d3f5 # v6.1.0
|
|
if: "${{ github.event_name == 'workflow_dispatch' && github.ref_name == 'main' }}"
|
|
id: update-release-draft
|
|
with:
|
|
config-name: release-drafter-gui-client.yml
|
|
tag: ${{ env.RELEASE_NAME }}
|
|
version: ${{ env.RELEASE_NAME }}
|
|
name: ${{ env.RELEASE_NAME }}
|
|
commitish: ${{ github.sha }}
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
static-analysis:
|
|
runs-on: ubuntu-22.04-xlarge
|
|
steps:
|
|
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
|
- uses: ./.github/actions/setup-node
|
|
- run: pnpm install
|
|
- run: pnpm eslint .
|
|
|
|
# Runs the Tauri client smoke test, built in debug mode. We can't run it in release
|
|
# mode because of a known issue: <https://github.com/firezone/firezone/blob/456e044f882c2bb314e19cc44c0d19c5ad817b7c/rust/windows-client/src-tauri/src/client.rs#L162-L164>
|
|
smoke-test:
|
|
name: gui-smoke-test-${{ matrix.runs-on }}
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
runs-on:
|
|
[
|
|
ubuntu-22.04-xlarge,
|
|
ubuntu-24.04-xlarge,
|
|
windows-2022-xlarge,
|
|
windows-2025-xlarge,
|
|
]
|
|
runs-on: ${{ matrix.runs-on }}
|
|
defaults:
|
|
run:
|
|
# Must be in this dir for `pnpm` to work
|
|
working-directory: ./rust/gui-client
|
|
# The Windows client ignores RUST_LOG because it uses a settings file instead
|
|
steps:
|
|
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
|
- uses: ./.github/actions/setup-node
|
|
- uses: ./.github/actions/setup-rust
|
|
- uses: ./.github/actions/setup-tauri-v2
|
|
timeout-minutes: 10
|
|
with:
|
|
runtime: true
|
|
- run: pnpm install
|
|
- run: pnpm vite build
|
|
- name: Build client
|
|
run: cargo build -p firezone-gui-client --all-targets
|
|
- uses: taiki-e/install-action@c99cc51b309eee71a866715cfa08c922f11cf898 # v2.56.19
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
with:
|
|
tool: dump_syms
|
|
- name: Run smoke test
|
|
working-directory: ./rust
|
|
run: cargo run -p gui-smoke-test
|
|
timeout-minutes: 2
|
|
|
|
build-gui:
|
|
name: build-gui-${{ matrix.runs-on }}
|
|
needs: update-release-draft
|
|
runs-on: ${{ matrix.runs-on }}
|
|
permissions:
|
|
contents: write # for attaching the build artifacts to the release
|
|
id-token: write
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
include:
|
|
- runs-on: ubuntu-22.04-xlarge
|
|
arch: x86_64
|
|
os: linux
|
|
pkg-extension: deb
|
|
- runs-on: ubuntu-22.04-arm-xlarge
|
|
arch: aarch64
|
|
os: linux
|
|
pkg-extension: deb
|
|
- runs-on: windows-2022-xlarge
|
|
arch: x86_64
|
|
os: windows
|
|
pkg-extension: msi
|
|
env:
|
|
# mark:next-gui-version
|
|
ARTIFACT_SRC: ./rust/gui-client/firezone-client-gui-${{ matrix.os }}_1.5.7_${{ matrix.arch }}
|
|
# mark:next-gui-version
|
|
ARTIFACT_DST: firezone-client-gui-${{ matrix.os }}_1.5.7_${{ matrix.arch }}
|
|
AZURE_KEY_VAULT_URI: ${{ secrets.AZURE_KEY_VAULT_URI }}
|
|
AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
|
|
AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
|
|
AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }}
|
|
AZURE_CERT_NAME: ${{ secrets.AZURE_CERT_NAME }}
|
|
# mark:next-gui-version
|
|
BINARY_DEST_PATH: firezone-client-gui-${{ matrix.os }}_1.5.7_${{ matrix.arch }}
|
|
# Seems like there's no way to de-dupe env vars that depend on each other
|
|
# mark:next-gui-version
|
|
FIREZONE_GUI_VERSION: 1.5.7
|
|
RENAME_SCRIPT: ../../scripts/build/tauri-rename-${{ matrix.os }}.sh
|
|
TEST_INSTALL_SCRIPT: ../../scripts/tests/gui-client-install-${{ matrix.os }}-${{ matrix.pkg-extension }}.sh
|
|
TARGET_DIR: ../target
|
|
UPLOAD_SCRIPT: ../../scripts/build/tauri-upload-${{ matrix.os }}.sh
|
|
steps:
|
|
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
|
with:
|
|
fetch-tags: true # Otherwise we cannot embed the correct version into the build.
|
|
- uses: ./.github/actions/setup-node
|
|
- uses: ./.github/actions/setup-rust
|
|
- uses: ./.github/actions/setup-tauri-v2
|
|
# Installing new packages can take time
|
|
timeout-minutes: 10
|
|
- uses: matbour/setup-sentry-cli@3e938c54b3018bdd019973689ef984e033b0454b #v2.0.0
|
|
with:
|
|
token: ${{ secrets.SENTRY_AUTH_TOKEN }}
|
|
organization: firezone-inc
|
|
- name: Install pnpm deps
|
|
run: pnpm install
|
|
- name: Install AzureSignTool
|
|
if: ${{ runner.os == 'Windows' }}
|
|
shell: bash
|
|
run: dotnet tool install --global AzureSignTool
|
|
- name: Build release exe and MSI / deb
|
|
env:
|
|
CARGO_PROFILE_RELEASE_LTO: thin # Fat LTO is getting too slow / RAM-hungry on Tauri builds
|
|
# Signs the exe before bundling it into the MSI
|
|
run: pnpm build
|
|
- name: Ensure unmodified Git workspace
|
|
run: git diff --exit-code
|
|
# We need to sign the exe inside the MSI. Currently
|
|
# we do this in a "beforeBundleCommand" hook in tauri.windows.conf.json.
|
|
# But this will soon be natively supported in Tauri.
|
|
# TODO: Use Tauri's native MSI signing with support for EV certs
|
|
# See https://github.com/tauri-apps/tauri/pull/8718
|
|
- name: Sign the MSI
|
|
if: ${{ runner.os == 'Windows' }}
|
|
shell: bash
|
|
run: ../../scripts/build/sign.sh ../target/release/bundle/msi/Firezone_${{ env.FIREZONE_GUI_VERSION }}_x64_en-US.msi
|
|
- name: Rename artifacts and compute SHA256
|
|
shell: bash
|
|
run: ${{ env.RENAME_SCRIPT }}
|
|
- name: Upload deb / msi package
|
|
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
|
|
with:
|
|
name: ${{ env.ARTIFACT_DST }}-${{ matrix.pkg-extension }}
|
|
path: ${{ env.ARTIFACT_SRC }}.${{ matrix.pkg-extension }}
|
|
if-no-files-found: error
|
|
- name: Upload rpm package
|
|
if: "${{ runner.os == 'Linux' }}"
|
|
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
|
|
with:
|
|
name: ${{ env.ARTIFACT_DST }}-rpm
|
|
path: ${{ env.ARTIFACT_SRC }}.rpm
|
|
if-no-files-found: error
|
|
- name: Test installation
|
|
if: "${{ github.event_name == 'workflow_dispatch' }}"
|
|
shell: bash
|
|
run: ${{ env.TEST_INSTALL_SCRIPT }}
|
|
|
|
- name: Upload debug symbols to Sentry
|
|
if: "${{ github.event_name == 'workflow_dispatch' && github.ref_name == 'main' }}"
|
|
run: |
|
|
sentry-cli debug-files upload --log-level info --project gui-client --include-sources ../target
|
|
|
|
- name: Upload Release Assets
|
|
if: "${{ github.event_name == 'workflow_dispatch' && github.ref_name == 'main' }}"
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
REPOSITORY: ${{ github.repository }}
|
|
TAG_NAME: gui-client-${{ env.FIREZONE_GUI_VERSION }}
|
|
shell: bash
|
|
run: ${{ env.UPLOAD_SCRIPT }}
|