lywsvip/note-gen
1
0
Fork 0
mirror of https://github.com/codexu/note-gen.git synced 2026-06-14 01:12:52 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
dev
note-gen/.github/workflows/release.yml

384 lines
15 KiB
YAML
Raw Permalink Blame History

name: 'publish'
on:
push:
branches:
- release
jobs:
build-android:
outputs:
appVersion: ${{ steps.get_version.outputs.version }}
runs-on: ubuntu-latest
permissions:
contents: write
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Setup pnpm
uses: pnpm/action-setup@v4
with:
version: 9
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: lts/*
cache: 'pnpm'
- name: Install Rust stable
uses: dtolnay/rust-toolchain@stable
with:
targets: aarch64-linux-android,armv7-linux-androideabi,i686-linux-android,x86_64-linux-android
- name: Setup Android SDK
uses: android-actions/setup-android@v3
- name: Install Android NDK
run: |
echo "y" | sdkmanager "ndk;29.0.14206865"
echo "ANDROID_NDK_HOME=$ANDROID_HOME/ndk/29.0.14206865" >> $GITHUB_ENV
echo "NDK_HOME=$ANDROID_HOME/ndk/29.0.14206865" >> $GITHUB_ENV
- name: Cache Rust dependencies
uses: actions/cache@v4
with:
path: |
~/.cargo/registry/index
~/.cargo/registry/cache
~/.cargo/git/db
src-tauri/target
key: ${{ runner.os }}-cargo-android-${{ hashFiles('**/Cargo.lock') }}
restore-keys: |
${{ runner.os }}-cargo-android-
- name: Install frontend dependencies
run: pnpm install
- name: Build frontend
run: pnpm build
- name: Setup NDK toolchain
run: |
export PATH=$PATH:$ANDROID_NDK_HOME/toolchains/llvm/prebuilt/linux-x86_64/bin
ln -sf llvm-ranlib $ANDROID_NDK_HOME/toolchains/llvm/prebuilt/linux-x86_64/bin/aarch64-linux-android-ranlib || true
- name: Initialize and Build Android
run: |
export PATH=$PATH:$ANDROID_NDK_HOME/toolchains/llvm/prebuilt/linux-x86_64/bin
# Recreate Android project on every CI run to avoid stale/incomplete generated files
echo "📱 Reinitializing Android project..."
rm -rf src-tauri/gen/android
pnpm tauri android init
# Verify initialization
if [ ! -d "src-tauri/gen/android/app/src/main" ]; then
echo "❌ Android initialization failed"
exit 1
fi
# Restore Android permissions that are tracked separately in git
echo "🎙️ Restoring Android recording permissions..."
MANIFEST_PATH="src-tauri/gen/android/app/src/main/AndroidManifest.xml"
if ! grep -q 'android.permission.RECORD_AUDIO' "$MANIFEST_PATH"; then
perl -0pi -e 's|<manifest([^>]*)>|<manifest$1>\n <uses-permission android:name="android.permission.RECORD_AUDIO" \/>\n <uses-feature android:name="android.hardware.microphone" android:required="false" \/>|' "$MANIFEST_PATH"
fi
# Set custom Android icon
echo "🎨 Setting custom Android icon..."
ICON_SOURCE="public/app-ios-icon.png"
MIPMAP_DIRS=(
"src-tauri/gen/android/app/src/main/res/mipmap-mdpi"
"src-tauri/gen/android/app/src/main/res/mipmap-hdpi"
"src-tauri/gen/android/app/src/main/res/mipmap-xhdpi"
"src-tauri/gen/android/app/src/main/res/mipmap-xxhdpi"
"src-tauri/gen/android/app/src/main/res/mipmap-xxxhdpi"
)
mkdir -p "${MIPMAP_DIRS[@]}"
# Install ImageMagick for icon conversion
sudo apt-get update && sudo apt-get install -y imagemagick
# Generate different sizes
convert "$ICON_SOURCE" -resize 48x48 "${MIPMAP_DIRS[0]}/ic_launcher.png"
convert "$ICON_SOURCE" -resize 72x72 "${MIPMAP_DIRS[1]}/ic_launcher.png"
convert "$ICON_SOURCE" -resize 96x96 "${MIPMAP_DIRS[2]}/ic_launcher.png"
convert "$ICON_SOURCE" -resize 144x144 "${MIPMAP_DIRS[3]}/ic_launcher.png"
convert "$ICON_SOURCE" -resize 192x192 "${MIPMAP_DIRS[4]}/ic_launcher.png"
echo "✅ Android icon set successfully"
echo "🔨 Building Android APK and AAB..."
pnpm tauri android build --apk --aab
- name: Decode keystore
env:
ANDROID_KEYSTORE_BASE64: ${{ secrets.ANDROID_KEYSTORE_BASE64 }}
run: |
echo "$ANDROID_KEYSTORE_BASE64" | base64 -d > src-tauri/android-release.keystore
ls -la src-tauri/android-release.keystore
- name: Get version
id: get_version
run: |
VERSION=$(grep -o '"version": *"[^"]*"' src-tauri/tauri.conf.json | head -1 | sed 's/"version": *"\(.*\)"/\1/')
echo "version=$VERSION" >> $GITHUB_OUTPUT
echo "Version: $VERSION"
- name: Sign and Rename APK
env:
ANDROID_KEYSTORE_PASSWORD: ${{ secrets.ANDROID_KEYSTORE_PASSWORD }}
ANDROID_KEY_PASSWORD: ${{ secrets.ANDROID_KEY_PASSWORD }}
run: |
cd src-tauri
APK_PATH="gen/android/app/build/outputs/apk/universal/release/app-universal-release-unsigned.apk"
VERSION="${{ steps.get_version.outputs.version }}"
SIGNED_APK="gen/android/app/build/outputs/apk/universal/release/NoteGen_${VERSION}_android-universal.apk"
if [ ! -f "$APK_PATH" ]; then
echo "❌ APK file not found at $APK_PATH"
ls -la gen/android/app/build/outputs/apk/universal/release/ || true
exit 1
fi
echo "📝 Signing APK with apksigner (V1 + V2 signatures)..."
$ANDROID_HOME/build-tools/$(ls $ANDROID_HOME/build-tools | tail -n 1)/apksigner sign \
--ks android-release.keystore \
--ks-key-alias note-gen \
--ks-pass pass:"$ANDROID_KEYSTORE_PASSWORD" \
--key-pass pass:"$ANDROID_KEY_PASSWORD" \
--out "$SIGNED_APK" \
"$APK_PATH"
echo "✅ APK signed successfully"
# Verify signature
echo "🔍 Verifying APK signature..."
$ANDROID_HOME/build-tools/$(ls $ANDROID_HOME/build-tools | tail -n 1)/apksigner verify --verbose "$SIGNED_APK"
# Show file info
ls -lh "$SIGNED_APK"
- name: Rename AAB
run: |
cd src-tauri
VERSION="${{ steps.get_version.outputs.version }}"
AAB_PATH="gen/android/app/build/outputs/bundle/universalRelease/app-universal-release.aab"
RENAMED_AAB="gen/android/app/build/outputs/bundle/universalRelease/NoteGen_${VERSION}_android-universal.aab"
if [ -f "$AAB_PATH" ]; then
mv "$AAB_PATH" "$RENAMED_AAB"
echo "✅ AAB renamed to: $RENAMED_AAB"
ls -lh "$RENAMED_AAB"
fi
- name: Upload APK as artifact
uses: actions/upload-artifact@v4
with:
name: android-apk
path: src-tauri/gen/android/app/build/outputs/apk/universal/release/NoteGen_*.apk
if-no-files-found: error
- name: Upload AAB as artifact
uses: actions/upload-artifact@v4
with:
name: android-aab
path: src-tauri/gen/android/app/build/outputs/bundle/universalRelease/NoteGen_*.aab
if-no-files-found: warn
- name: Upload to Release
uses: softprops/action-gh-release@v1
with:
tag_name: note-gen-v${{ steps.get_version.outputs.version }}
files: |
src-tauri/gen/android/app/build/outputs/apk/universal/release/NoteGen_*.apk
src-tauri/gen/android/app/build/outputs/bundle/universalRelease/NoteGen_*.aab
draft: false
prerelease: false
- name: Cleanup keystore
if: always()
run: |
rm -f src-tauri/android-release.keystore
upgradeLink-upload-android:
needs: build-android
permissions:
contents: write
runs-on: ubuntu-latest
steps:
- name: Send Android APK to UpgradeLink
uses: toolsetlink/upgradelink-action@3.0.2
with:
access_key: ${{ secrets.UPGRADE_LINK_ACCESS_KEY }}
access_secret: ${{ secrets.UPGRADE_LINK_ACCESS_SECRET }}
config: |
{
"app_type": "file",
"request": {
"app_key": "${{ secrets.UPGRADE_LINK_ANDROID_APP_KEY }}",
"version": "${{ needs.build-android.outputs.appVersion }}",
"url": "https://github.com/${{ github.repository }}/releases/download/note-gen-v${{ needs.build-android.outputs.appVersion }}/NoteGen_${{ needs.build-android.outputs.appVersion }}_android-universal.apk",
"prompt_upgrade_content": "新版本已发布,包含重要功能更新和 bug 修复"
}
}
publish-tauri:
outputs:
appVersion: ${{ steps.set_output.outputs.appVersion }}
permissions:
contents: write
strategy:
fail-fast: false
matrix:
include:
- platform: 'macos-latest'
args: '--target aarch64-apple-darwin'
name: 'macos-arm64'
bundlePath: 'src-tauri/target/aarch64-apple-darwin/release/bundle/dmg/NoteGen_*.dmg'
- platform: 'macos-latest'
args: '--target x86_64-apple-darwin'
name: 'macos-x64'
bundlePath: 'src-tauri/target/x86_64-apple-darwin/release/bundle/dmg/NoteGen_*.dmg'
- platform: 'ubuntu-24.04'
args: '--bundles deb,rpm'
name: 'linux-deb-rpm'
bundlePath: 'src-tauri/target/release/bundle/(rpm|deb)/NoteGen_*.(rpm|deb)'
- platform: 'ubuntu-22.04'
args: '--bundles appimage'
name: 'linux-appimage'
bundlePath: 'src-tauri/target/release/bundle/appimage/NoteGen_*.AppImage'
noSign: true
- platform: 'windows-latest'
args: ''
name: 'windows'
bundlePath: 'src-tauri\target\release\bundle\(nsis|msi)\NoteGen_*.(exe|msi)'
runs-on: ${{ matrix.platform }}
steps:
- uses: actions/checkout@v4
- uses: pnpm/action-setup@v4
with:
version: 9
run_install: true
- name: setup node
uses: actions/setup-node@v4
with:
node-version: lts/*
cache: 'pnpm'
- name: install Rust stable
uses: dtolnay/rust-toolchain@stable
with:
targets: ${{ matrix.platform == 'macos-latest' && 'aarch64-apple-darwin,x86_64-apple-darwin' || '' }}
- name: install dependencies (ubuntu only)
if: startsWith(matrix.platform, 'ubuntu-')
run: |
if [ "${{ matrix.platform }}" = "ubuntu-22.04" ]; then
sudo add-apt-repository -y ppa:pipewire-debian/pipewire-upstream
fi
sudo apt-get update
sudo apt-get install pkg-config libclang-dev libxcb1-dev libxrandr-dev libdbus-1-dev libpipewire-0.3-dev libwayland-dev libegl-dev libglib2.0-dev libgtk-3-dev libwebkit2gtk-4.1-dev libgbm-dev libappindicator3-dev librsvg2-dev patchelf
- name: install frontend dependencies
run: pnpm install
- name: Import Apple Certificate
if: matrix.platform == 'macos-latest'
env:
APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }}
APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD || 'temporary_keychain_password' }}
run: |
# Create variables
CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12
KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
# Import certificate from secrets
echo -n "$APPLE_CERTIFICATE" | base64 --decode -o $CERTIFICATE_PATH
# Create temporary keychain
security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
# Import certificate to keychain
security import $CERTIFICATE_PATH -P "$APPLE_CERTIFICATE_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
security list-keychain -d user -s $KEYCHAIN_PATH
# Enable codesigning from a non user interactive shell
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
- uses: tauri-apps/tauri-action@v0.5.23
id: tauri-action
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
TAURI_SIGNING_PRIVATE_KEY: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY }}
TAURI_SIGNING_PRIVATE_KEY_PASSWORD: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY_PASSWORD }}
APPLE_SIGNING_IDENTITY: ${{ secrets.APPLE_SIGNING_IDENTITY }}
with:
tagName: note-gen-v__VERSION__
releaseName: 'NoteGen v__VERSION__'
releaseBody: 'See the assets to download this version and install.'
releaseDraft: false
prerelease: false
args: ${{ matrix.args }}
- name: Upload artifacts
uses: actions/upload-artifact@v4
with:
name: ${{ matrix.platform }}
path: |
${{ matrix.bundlePath }}
if-no-files-found: warn
- name: Generate release tag
id: save_tag
if: matrix.platform == 'ubuntu-24.04'
run: |
# 调试输出
echo ${{ steps.tauri-action.outputs.appVersion }}
# 输出到步骤级
echo "appVersion=${{ steps.tauri-action.outputs.appVersion }}" >> $GITHUB_OUTPUT
- name: Set job output
id: set_output
if: matrix.platform == 'ubuntu-24.04'
run: |
# 注意:这里引用的是 save_tag 步骤的 tag_name 输出
echo "appVersion=${{ steps.save_tag.outputs.appVersion }}" >> $GITHUB_OUTPUT
- name: Cleanup keychain
if: matrix.platform == 'macos-latest' && always()
run: |
KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
security delete-keychain $KEYCHAIN_PATH || true
upgradeLink-upload:
needs: publish-tauri
permissions:
contents: write
runs-on: ubuntu-latest
steps:
- name: Send a request to UpgradeLink
uses: toolsetlink/upgradelink-action@3.0.2
with:
access_key: ${{ secrets.UPGRADE_LINK_ACCESS_KEY }}
access_secret: ${{ secrets.UPGRADE_LINK_ACCESS_SECRET }}
config: |
{
"app_type": "tauri",
"request": {
"app_key": "${{ secrets.UPGRADE_LINK_TAURI_KEY }}",
"latest_json_url": "https://github.com/${{ github.repository }}/releases/download/note-gen-v${{ needs.publish-tauri.outputs.appVersion }}/latest.json"
}
}
Reference in New Issue View Git Blame Copy Permalink