From 3c424c1657b099688e1461d6c5b74bfdaef08192 Mon Sep 17 00:00:00 2001 From: Lars Scheibling <24367830+scheibling@users.noreply.github.com> Date: Wed, 1 Apr 2026 00:57:15 +0200 Subject: [PATCH 01/11] New release type: Tauri --- .github/workflows/ossign-release.yml | 142 ++++++++++++++++++++------- 1 file changed, 104 insertions(+), 38 deletions(-) diff --git a/.github/workflows/ossign-release.yml b/.github/workflows/ossign-release.yml index ac4b7157..0898b5c6 100644 --- a/.github/workflows/ossign-release.yml +++ b/.github/workflows/ossign-release.yml @@ -1,19 +1,15 @@ name: Build and Package on: - workflow_dispatch: - inputs: - source_branch: - description: 'The source branch or ref to build from' - default: 'main' - required: true - release_name: - description: 'The name for the release' - required: true - + push: + branches: + - dev-new + +env: + NODE_VERSION: 22 + jobs: release: - environment: OSSign runs-on: windows-latest permissions: @@ -24,50 +20,120 @@ jobs: uses: actions/checkout@v4 with: repository: 'Beaver-Notes/Beaver-Notes' - ref: ${{ github.event.inputs.source_branch }} + ref: Tauri fetch-depth: 1 - - name: Setup Node.js + - name: Fix tauri + shell: bash + run: | + jq '.bundle.windows.signCommand = "hello World"' src-tauri/tauri.conf.json > src-tauri/tauri.conf.json.tmp + mv src-tauri/tauri.conf.json.tmp src-tauri/tauri.conf.json + + # package.json is the source of truth for the release version. + - name: Read version from package.json + id: version + shell: bash + run: | + echo "version=$(node -p "require('./package.json').version")" >> "$GITHUB_OUTPUT" + + - uses: ossign/ossign@main + with: + token: ${{ secrets.GITHUB_TOKEN }} + installOnly: true + + - name: Setup Node with Yarn cache uses: actions/setup-node@v4 with: - node-version: 22 + node-version: ${{ env.NODE_VERSION }} + cache: yarn - - name: Install dependencies - run: yarn install --frozen-lockfile --network-timeout 1000000 + # Use same yarn version everywhere + - name: Enable Corepack + shell: bash + run: | + corepack enable + corepack prepare yarn@stable --activate + yarn --version - - name: build Vite bundles - run: yarn build + # Install the Rust targets needed for each matrix job + - name: Setup Rust toolchain + uses: dtolnay/rust-toolchain@stable + with: + targets: x86_64-pc-windows-msvc - - name: Build and conditionally publish Electron app + + - name: Rust cache + uses: Swatinem/rust-cache@v2 + with: + workspaces: | + src-tauri -> target + + - name: Install JS dependencies + shell: bash + run: | + yarn install --frozen-lockfile + + - name: Build Windows bundles shell: bash env: - AST_VAULT: ${{ secrets.AST_VAULT }} - AST_CERT: ${{ secrets.AST_CERT }} - AST_IDENT: ${{ secrets.AST_IDENT }} - AST_SECRET: ${{ secrets.AST_SECRET }} - AST_TENANT: ${{ secrets.AST_TENANT }} - AST_TIMESTAMP: ${{ secrets.AST_TIMESTAMP }} - AST_TD: ${{ secrets.AST_TD }} - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + CI: 'true' + run: | + yarn tauri build \ + --target "x86_64-pc-windows-msvc" \ + --bundles nsis \ + --ci + + - name: Stage Windows assets + shell: pwsh + env: + T_TARGET: "" + T_SUFFIX: "" run: | - curl -L https://github.com/vcsjones/AzureSignTool/releases/download/v6.0.1/AzureSignTool-x64.exe -o AzureSignTool.exe - yarn electron-builder build --config electron-builder.config.cjs --publish never + $ErrorActionPreference = "Stop" + + $Version = "${{ steps.version.outputs.version }}" + $Target = "x86_64-pc-windows-msvc" + $OutDir = "release-assets" + New-Item -ItemType Directory -Force -Path $OutDir | Out-Null + + Get-ChildItem "src-tauri/target/$Target/release/bundle" -Recurse -File | + Where-Object { $_.Extension -in ".exe", ".msi", ".sig", ".json", ".zip" } | + ForEach-Object { Copy-Item $_.FullName -Destination $OutDir -Force } + + $Binary = "src-tauri/target/$Target/release/beaver-notes.exe" + $PortableName = "Beaver Notes-$Version-portable-windows-x64.zip" + Compress-Archive -Path $Binary -DestinationPath (Join-Path $OutDir $PortableName) -Force - name: Release uses: softprops/action-gh-release@v2 with: files: | - dist/* - README.md - package.json - yarn.lock - name: ${{ github.event.inputs.release_name }} - tag_name: ${{ github.run_id }} + release-assets/* + name: Release ${{ github.run_id }} + tag_name: ${{ github.run_id }}-TAURI body: | - # Signed Release ${{ github.event.inputs.release_name }} + # Signed Release - These are the distributable files for the signed release of Beaver-Notes ${{ github.event.inputs.release_name }} + These are the distributable files for the signed release of Beaver-Notes - The source code was fetched from https://github.com/Beaver-Notes/Beaver-Notes@${{ github.event.inputs.source_branch }} + The source code was fetched from https://github.com/Beaver-Notes/Beaver-Notes@Tauri + + + +# Windows is build +# - id: windows-x64 +# runner: windows-latest +# rust_targets: 'x86_64-pc-windows-msvc' +# tauri_target: 'x86_64-pc-windows-msvc' +# bundle_args: '--bundles nsis' +# asset_suffix: 'windows-x64' + +# # ARM64 Windows build +# - id: windows-arm64 +# runner: windows-11-arm +# rust_targets: 'aarch64-pc-windows-msvc' +# tauri_target: 'aarch64-pc-windows-msvc' +# bundle_args: '--bundles nsis' +# asset_suffix: 'windows-arm64' \ No newline at end of file From 2913d43b350fdf15397f956dc859de39c5aa850d Mon Sep 17 00:00:00 2001 From: Lars Scheibling <24367830+scheibling@users.noreply.github.com> Date: Wed, 1 Apr 2026 00:58:53 +0200 Subject: [PATCH 02/11] Fix sign command --- .github/workflows/ossign-release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ossign-release.yml b/.github/workflows/ossign-release.yml index 0898b5c6..7e3d74bc 100644 --- a/.github/workflows/ossign-release.yml +++ b/.github/workflows/ossign-release.yml @@ -26,7 +26,7 @@ jobs: - name: Fix tauri shell: bash run: | - jq '.bundle.windows.signCommand = "hello World"' src-tauri/tauri.conf.json > src-tauri/tauri.conf.json.tmp + jq '.bundle.windows.signCommand = "ossign.exe -t pecoff -o %1 %1 || true"' src-tauri/tauri.conf.json > src-tauri/tauri.conf.json.tmp mv src-tauri/tauri.conf.json.tmp src-tauri/tauri.conf.json # package.json is the source of truth for the release version. From 7a43fb17458570a38c8b023b0bdd1f26f299f15b Mon Sep 17 00:00:00 2001 From: Lars Scheibling <24367830+scheibling@users.noreply.github.com> Date: Wed, 1 Apr 2026 13:44:01 +0200 Subject: [PATCH 03/11] Update secrets for build --- .github/workflows/ossign-release.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.github/workflows/ossign-release.yml b/.github/workflows/ossign-release.yml index 7e3d74bc..7e391e89 100644 --- a/.github/workflows/ossign-release.yml +++ b/.github/workflows/ossign-release.yml @@ -77,6 +77,7 @@ jobs: shell: bash env: CI: 'true' + OSSIGN_CONFIG_BASE64: ${{ secrets.OSSIGN_CONFIG_BASE64 }} run: | yarn tauri build \ --target "x86_64-pc-windows-msvc" \ @@ -85,9 +86,6 @@ jobs: - name: Stage Windows assets shell: pwsh - env: - T_TARGET: "" - T_SUFFIX: "" run: | $ErrorActionPreference = "Stop" From c1856bfcff196937d08167f23155bc7dc6c25d13 Mon Sep 17 00:00:00 2001 From: Lars Scheibling <24367830+scheibling@users.noreply.github.com> Date: Wed, 1 Apr 2026 14:08:02 +0200 Subject: [PATCH 04/11] Test ossign is in path --- .github/workflows/ossign-release.yml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/ossign-release.yml b/.github/workflows/ossign-release.yml index 7e391e89..129f8ccd 100644 --- a/.github/workflows/ossign-release.yml +++ b/.github/workflows/ossign-release.yml @@ -29,17 +29,20 @@ jobs: jq '.bundle.windows.signCommand = "ossign.exe -t pecoff -o %1 %1 || true"' src-tauri/tauri.conf.json > src-tauri/tauri.conf.json.tmp mv src-tauri/tauri.conf.json.tmp src-tauri/tauri.conf.json + - uses: ossign/ossign@main + with: + token: ${{ secrets.GITHUB_TOKEN }} + installOnly: true + + # package.json is the source of truth for the release version. - name: Read version from package.json id: version shell: bash run: | + ossign.exe --help echo "version=$(node -p "require('./package.json').version")" >> "$GITHUB_OUTPUT" - - uses: ossign/ossign@main - with: - token: ${{ secrets.GITHUB_TOKEN }} - installOnly: true - name: Setup Node with Yarn cache uses: actions/setup-node@v4 @@ -79,10 +82,7 @@ jobs: CI: 'true' OSSIGN_CONFIG_BASE64: ${{ secrets.OSSIGN_CONFIG_BASE64 }} run: | - yarn tauri build \ - --target "x86_64-pc-windows-msvc" \ - --bundles nsis \ - --ci + yarn tauri build --target "x86_64-pc-windows-msvc" --bundles nsis --ci || true - name: Stage Windows assets shell: pwsh From b4b18243ab3a37c8facc9fb0a003c8797d596f10 Mon Sep 17 00:00:00 2001 From: Lars Scheibling <24367830+scheibling@users.noreply.github.com> Date: Wed, 1 Apr 2026 16:36:12 +0200 Subject: [PATCH 05/11] Rerun with verbose logging --- .github/workflows/ossign-release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ossign-release.yml b/.github/workflows/ossign-release.yml index 129f8ccd..176e21e2 100644 --- a/.github/workflows/ossign-release.yml +++ b/.github/workflows/ossign-release.yml @@ -82,7 +82,7 @@ jobs: CI: 'true' OSSIGN_CONFIG_BASE64: ${{ secrets.OSSIGN_CONFIG_BASE64 }} run: | - yarn tauri build --target "x86_64-pc-windows-msvc" --bundles nsis --ci || true + yarn tauri build --verbose --target "x86_64-pc-windows-msvc" --bundles nsis --ci || true - name: Stage Windows assets shell: pwsh From 24327ab12acbf2d7b5ed957da4aa4e17659ffb25 Mon Sep 17 00:00:00 2001 From: Lars Scheibling <24367830+scheibling@users.noreply.github.com> Date: Wed, 1 Apr 2026 17:34:23 +0200 Subject: [PATCH 06/11] Test new format for sign command --- .github/workflows/ossign-release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ossign-release.yml b/.github/workflows/ossign-release.yml index 176e21e2..d1ba67fe 100644 --- a/.github/workflows/ossign-release.yml +++ b/.github/workflows/ossign-release.yml @@ -26,7 +26,7 @@ jobs: - name: Fix tauri shell: bash run: | - jq '.bundle.windows.signCommand = "ossign.exe -t pecoff -o %1 %1 || true"' src-tauri/tauri.conf.json > src-tauri/tauri.conf.json.tmp + jq '.bundle.windows.signCommand = "ossign.exe -t pecoff -o %1 %1"' src-tauri/tauri.conf.json > src-tauri/tauri.conf.json.tmp mv src-tauri/tauri.conf.json.tmp src-tauri/tauri.conf.json - uses: ossign/ossign@main From f9777cead9a182e17691cea958276b267216c92c Mon Sep 17 00:00:00 2001 From: Lars Scheibling <24367830+scheibling@users.noreply.github.com> Date: Wed, 8 Apr 2026 16:40:54 +0200 Subject: [PATCH 07/11] Create new release CI --- .github/workflows/ossign-release.yml | 75 +++++++++++++++++++++------- 1 file changed, 56 insertions(+), 19 deletions(-) diff --git a/.github/workflows/ossign-release.yml b/.github/workflows/ossign-release.yml index d1ba67fe..56683125 100644 --- a/.github/workflows/ossign-release.yml +++ b/.github/workflows/ossign-release.yml @@ -1,9 +1,15 @@ name: Build and Package on: - push: - branches: - - dev-new + workflow_dispatch: + inputs: + source_branch: + description: 'The source branch or ref to build from' + default: 'main' + required: true + release_name: + description: 'The name for the release' + required: true env: NODE_VERSION: 22 @@ -11,9 +17,25 @@ env: jobs: release: runs-on: windows-latest - + # environment: OSSign + permissions: contents: write + + strategy: + matrix: + include: + - id: windows-x64 + runner: windows-latest + rust_targets: 'x86_64-pc-windows-msvc' + tauri_target: 'x86_64-pc-windows-msvc' + asset_suffix: 'windows-x64' + + - id: windows-arm64 + runner: windows-11-arm + rust_targets: 'aarch64-pc-windows-msvc' + tauri_target: 'aarch64-pc-windows-msvc' + asset_suffix: 'windows-arm64' steps: - name: Checkout code @@ -34,15 +56,12 @@ jobs: token: ${{ secrets.GITHUB_TOKEN }} installOnly: true - # package.json is the source of truth for the release version. - name: Read version from package.json id: version shell: bash run: | - ossign.exe --help echo "version=$(node -p "require('./package.json').version")" >> "$GITHUB_OUTPUT" - - name: Setup Node with Yarn cache uses: actions/setup-node@v4 @@ -62,8 +81,7 @@ jobs: - name: Setup Rust toolchain uses: dtolnay/rust-toolchain@stable with: - targets: x86_64-pc-windows-msvc - + targets: ${{ matrix.rust_targets }} - name: Rust cache uses: Swatinem/rust-cache@v2 @@ -82,7 +100,7 @@ jobs: CI: 'true' OSSIGN_CONFIG_BASE64: ${{ secrets.OSSIGN_CONFIG_BASE64 }} run: | - yarn tauri build --verbose --target "x86_64-pc-windows-msvc" --bundles nsis --ci || true + yarn tauri build --verbose --target "${{ matrix.tauri_target }}" --bundles nsis --ci || true - name: Stage Windows assets shell: pwsh @@ -99,24 +117,43 @@ jobs: ForEach-Object { Copy-Item $_.FullName -Destination $OutDir -Force } $Binary = "src-tauri/target/$Target/release/beaver-notes.exe" - $PortableName = "Beaver Notes-$Version-portable-windows-x64.zip" + $PortableName = "Beaver Notes-$Version-portable-${{ matrix.asset_suffix }}.zip" Compress-Archive -Path $Binary -DestinationPath (Join-Path $OutDir $PortableName) -Force + + - name: Upload build artifacts + uses: actions/upload-artifact@v4 + with: + name: ${{ matrix.asset_suffix }} + path: release-assets/* + if-no-files-found: error + + publish: + runs-on: ubuntu-latest + permissions: + contents: write + steps: + - name: Get artifacts (amd64) + uses: actions/download-artifact@v4 + with: + path: dist-artifacts + merge-multiple: true - name: Release uses: softprops/action-gh-release@v2 with: files: | - release-assets/* - name: Release ${{ github.run_id }} - tag_name: ${{ github.run_id }}-TAURI + dist/* + README.md + package.json + yarn.lock + name: ${{ github.event.inputs.release_name }} + tag_name: ${{ github.run_id }} body: | - # Signed Release + # Signed Release ${{ github.event.inputs.release_name }} - These are the distributable files for the signed release of Beaver-Notes + These are the distributable files for the signed release of Beaver-Notes ${{ github.event.inputs.release_name }} - The source code was fetched from https://github.com/Beaver-Notes/Beaver-Notes@Tauri - - + The source code was fetched from https://github.com/Beaver-Notes/Beaver-Notes@${{ github.event.inputs.source_branch }} From f912daec65f0053b05e31d45b075f530775b96b3 Mon Sep 17 00:00:00 2001 From: Lars Scheibling <24367830+scheibling@users.noreply.github.com> Date: Wed, 8 Apr 2026 16:42:38 +0200 Subject: [PATCH 08/11] Fix release artifacts selection --- .github/workflows/ossign-release.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.github/workflows/ossign-release.yml b/.github/workflows/ossign-release.yml index 56683125..5c7b0825 100644 --- a/.github/workflows/ossign-release.yml +++ b/.github/workflows/ossign-release.yml @@ -142,10 +142,8 @@ jobs: uses: softprops/action-gh-release@v2 with: files: | - dist/* + dist-artifacts/* README.md - package.json - yarn.lock name: ${{ github.event.inputs.release_name }} tag_name: ${{ github.run_id }} body: | From d87392b177755abd128fe7052b32578d807f4fbe Mon Sep 17 00:00:00 2001 From: Lars Scheibling <24367830+scheibling@users.noreply.github.com> Date: Wed, 8 Apr 2026 16:43:19 +0200 Subject: [PATCH 09/11] Add dependency --- .github/workflows/ossign-release.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/ossign-release.yml b/.github/workflows/ossign-release.yml index 5c7b0825..60e996bf 100644 --- a/.github/workflows/ossign-release.yml +++ b/.github/workflows/ossign-release.yml @@ -129,6 +129,7 @@ jobs: publish: runs-on: ubuntu-latest + needs: release permissions: contents: write steps: From 1bf277e063b8047b8a910e1343c6ad1b78d5e041 Mon Sep 17 00:00:00 2001 From: Lars Scheibling <24367830+scheibling@users.noreply.github.com> Date: Wed, 8 Apr 2026 17:34:40 +0200 Subject: [PATCH 10/11] Fix last text occurrence of x64 target --- .github/workflows/ossign-release.yml | 19 +------------------ 1 file changed, 1 insertion(+), 18 deletions(-) diff --git a/.github/workflows/ossign-release.yml b/.github/workflows/ossign-release.yml index 60e996bf..bc65bc6c 100644 --- a/.github/workflows/ossign-release.yml +++ b/.github/workflows/ossign-release.yml @@ -108,7 +108,7 @@ jobs: $ErrorActionPreference = "Stop" $Version = "${{ steps.version.outputs.version }}" - $Target = "x86_64-pc-windows-msvc" + $Target = "${{ matrix.rust_targets }}" $OutDir = "release-assets" New-Item -ItemType Directory -Force -Path $OutDir | Out-Null @@ -154,20 +154,3 @@ jobs: The source code was fetched from https://github.com/Beaver-Notes/Beaver-Notes@${{ github.event.inputs.source_branch }} - - -# Windows is build -# - id: windows-x64 -# runner: windows-latest -# rust_targets: 'x86_64-pc-windows-msvc' -# tauri_target: 'x86_64-pc-windows-msvc' -# bundle_args: '--bundles nsis' -# asset_suffix: 'windows-x64' - -# # ARM64 Windows build -# - id: windows-arm64 -# runner: windows-11-arm -# rust_targets: 'aarch64-pc-windows-msvc' -# tauri_target: 'aarch64-pc-windows-msvc' -# bundle_args: '--bundles nsis' -# asset_suffix: 'windows-arm64' \ No newline at end of file From 27b75f2df51c461b3e625166ca6ab25d6d241f33 Mon Sep 17 00:00:00 2001 From: Lars Scheibling <24367830+scheibling@users.noreply.github.com> Date: Wed, 8 Apr 2026 17:35:28 +0200 Subject: [PATCH 11/11] Rename workflow --- .../workflows/{ossign-release.yml => ossign-release-tauri.yml} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename .github/workflows/{ossign-release.yml => ossign-release-tauri.yml} (99%) diff --git a/.github/workflows/ossign-release.yml b/.github/workflows/ossign-release-tauri.yml similarity index 99% rename from .github/workflows/ossign-release.yml rename to .github/workflows/ossign-release-tauri.yml index bc65bc6c..de5c5b0b 100644 --- a/.github/workflows/ossign-release.yml +++ b/.github/workflows/ossign-release-tauri.yml @@ -1,4 +1,4 @@ -name: Build and Package +name: Build and Package Tauri on: workflow_dispatch: