chore(cicd): 发版链路迁移至 Gitea Actions——本机 act_runner host 模式

- 新增 .gitea/workflows/release.yml:host 模式精简版(本机工具链直用,
  省去 setup-node/pnpm/rust action 减少故障面),构建+签名+OSS 上传逻辑不变
- 删除 .github/workflows/release.yml 死配置(GitHub 已退役,tag 不再推送触发)
- OSS bucket/endpoint/updater 配置全部不变,存量客户端更新链路无感

Rules-Applied: R01
This commit is contained in:
lanrtop 2026-07-02 17:17:33 +09:00
parent 29ff519627
commit 865cd1b17c
2 changed files with 17 additions and 65 deletions

View File

@ -110,8 +110,8 @@ Gitea push → POST /webhook/gitea/:project_id
- complexity: L - complexity: L
- acceptance: TBD —— 静态检查 + 测试自修 + PR review作为复杂项目可选增配不进基线档 - acceptance: TBD —— 静态检查 + 测试自修 + PR review作为复杂项目可选增配不进基线档
### 📋 R0. 炼境自身发版链路迁移(本机 act_runner + Gitea Actions ### 🔵 R0. 炼境自身发版链路迁移(本机 act_runner + Gitea Actions
- status: todo - status: in_progress
- complexity: M - complexity: M
- depends: Gitea Actions workflow 生成 - depends: Gitea Actions workflow 生成
- files: .gitea/workflows/release.yml生成, .github/workflows/release.yml删除 - files: .gitea/workflows/release.yml生成, .github/workflows/release.yml删除

View File

@ -1,5 +1,7 @@
# Tauri v2 Windows 自动构建 + 签名 + 阿里云 OSS 发布 # Tauri v2 Windows 构建 + 签名 + 阿里云 OSS 发布Gitea Actions
# 完整部署教程与踩坑指南见 docs/tauri-cicd-guide.md # runner本机 act_runnerlabel: windowshost 模式)——工具链直接使用本机环境,
# 故省去 setup-node/pnpm/rust 等 action减少 host 模式下的下载与 toolcache 故障面。
# 发布产物走 OSS 分发tauri-plugin-updater 读 latest.json不依赖 Release 页面。
name: Release name: Release
on: on:
@ -9,33 +11,14 @@ on:
jobs: jobs:
release: release:
runs-on: windows-latest runs-on: windows
permissions:
contents: write
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v4
- uses: pnpm/action-setup@v4 - name: Install deps
with: shell: pwsh
version: 9 run: pnpm install --frozen-lockfile
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: '20'
cache: 'pnpm'
- name: Install Rust
uses: dtolnay/rust-toolchain@stable
- name: Rust cache
uses: swatinem/rust-cache@v2
with:
workspaces: './src-tauri -> target'
- run: pnpm install --frozen-lockfile
# 诊断:确认签名密钥已注入
- name: Verify signing key - name: Verify signing key
shell: pwsh shell: pwsh
env: env:
@ -45,39 +28,15 @@ jobs:
Write-Error "TAURI_SIGNING_PRIVATE_KEY is EMPTY - update bundles will not be generated!" Write-Error "TAURI_SIGNING_PRIVATE_KEY is EMPTY - update bundles will not be generated!"
exit 1 exit 1
} }
$lines = $env:TAURI_SIGNING_PRIVATE_KEY.Split("`n").Count Write-Host "TAURI_SIGNING_PRIVATE_KEY is set"
Write-Host "TAURI_SIGNING_PRIVATE_KEY is set ($lines lines)"
# 先创建 GitHub Release解决 tauri-action 权限问题) - name: Build签名随环境变量注入
- name: Create Release shell: pwsh
uses: softprops/action-gh-release@v2
with:
tag_name: ${{ github.ref_name }}
name: 炼境 ${{ github.ref_name }}
body: |
## 更新内容
请查看提交记录了解详情。
draft: false
prerelease: false
# 构建 Tauri 应用tauri-action 发现已有 Release 后只上传文件
- name: Build & Release
uses: tauri-apps/tauri-action@v0
env: env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
TAURI_SIGNING_PRIVATE_KEY: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY }} TAURI_SIGNING_PRIVATE_KEY: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY }}
TAURI_SIGNING_PRIVATE_KEY_PASSWORD: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY_PASSWORD }} TAURI_SIGNING_PRIVATE_KEY_PASSWORD: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY_PASSWORD }}
with: run: pnpm tauri build --verbose
tagName: ${{ github.ref_name }}
releaseName: 炼境 ${{ github.ref_name }}
releaseBody: |
## 更新内容
请查看提交记录了解详情。
releaseDraft: false
prerelease: false
args: --verbose
# 上传到阿里云 OSS + 生成 latest.json
- name: Upload to OSS & generate latest.json - name: Upload to OSS & generate latest.json
shell: pwsh shell: pwsh
env: env:
@ -89,39 +48,32 @@ jobs:
# 下载 ossutil # 下载 ossutil
$oss = "$env:GITHUB_WORKSPACE\ossutil64.exe" $oss = "$env:GITHUB_WORKSPACE\ossutil64.exe"
Invoke-WebRequest -Uri "https://gosspublic.alicdn.com/ossutil/1.7.17/ossutil-v1.7.17-windows-amd64.zip" -OutFile oss.zip Invoke-WebRequest -Uri "https://gosspublic.alicdn.com/ossutil/1.7.17/ossutil-v1.7.17-windows-amd64.zip" -OutFile oss.zip
Expand-Archive oss.zip -DestinationPath oss_tmp Expand-Archive oss.zip -DestinationPath oss_tmp -Force
$exeFound = Get-ChildItem oss_tmp -Filter "ossutil*.exe" -Recurse | Select-Object -First 1 $exeFound = Get-ChildItem oss_tmp -Filter "ossutil*.exe" -Recurse | Select-Object -First 1
Copy-Item $exeFound.FullName $oss Copy-Item $exeFound.FullName $oss
# 直接在本步骤找文件,不依赖 step outputs
$tag = "${{ github.ref_name }}" $tag = "${{ github.ref_name }}"
$version = $tag.TrimStart('v') $version = $tag.TrimStart('v')
$nsisDir = "$env:GITHUB_WORKSPACE\src-tauri\target\release\bundle\nsis" $nsisDir = "$env:GITHUB_WORKSPACE\src-tauri\target\release\bundle\nsis"
Write-Host "=== bundle dir (all) ===" Write-Host "=== bundle dir ==="
Get-ChildItem "$env:GITHUB_WORKSPACE\src-tauri\target\release\bundle" -Recurse | ForEach-Object { Write-Host $_.FullName } Get-ChildItem "$env:GITHUB_WORKSPACE\src-tauri\target\release\bundle" -Recurse | ForEach-Object { Write-Host $_.FullName }
$all = Get-ChildItem $nsisDir $all = Get-ChildItem $nsisDir
# Tauri v2: 更新包是 .exe + .exe.sig不再是 .nsis.zip
$installer = $all | Where-Object { $_.Name.EndsWith('-setup.exe') } | Select-Object -First 1 $installer = $all | Where-Object { $_.Name.EndsWith('-setup.exe') } | Select-Object -First 1
$sigFile = $all | Where-Object { $_.Name.EndsWith('-setup.exe.sig') } | Select-Object -First 1 $sigFile = $all | Where-Object { $_.Name.EndsWith('-setup.exe.sig') } | Select-Object -First 1
Write-Host "installer : $($installer?.FullName)"
Write-Host "sigFile : $($sigFile?.FullName)"
if (-not $installer) { Write-Error "installer not found!"; exit 1 } if (-not $installer) { Write-Error "installer not found!"; exit 1 }
$bucket = "oss://$env:OSS_BUCKET" $bucket = "oss://$env:OSS_BUCKET"
$endpoint = "https://$env:OSS_ENDPOINT" $endpoint = "https://$env:OSS_ENDPOINT"
& $oss config -e $endpoint -i $env:OSS_KEY_ID -k $env:OSS_KEY_SECRET -L CH & $oss config -e $endpoint -i $env:OSS_KEY_ID -k $env:OSS_KEY_SECRET -L CH
& $oss cp $installer.FullName "$bucket/releases/$tag/$($installer.Name)" -f & $oss cp $installer.FullName "$bucket/releases/$tag/$($installer.Name)" -f
if ($sigFile) { if ($sigFile) {
& $oss cp $sigFile.FullName "$bucket/releases/$tag/$($sigFile.Name)" -f & $oss cp $sigFile.FullName "$bucket/releases/$tag/$($sigFile.Name)" -f
# 生成 latest.jsonTauri v2 格式url 指向 .exesignature 来自 .exe.sig
$date = (Get-Date -Format 'yyyy-MM-ddTHH:mm:ssZ') $date = (Get-Date -Format 'yyyy-MM-ddTHH:mm:ssZ')
$baseUrl = "https://$env:OSS_BUCKET.$env:OSS_ENDPOINT/releases/$tag" $baseUrl = "https://$env:OSS_BUCKET.$env:OSS_ENDPOINT/releases/$tag"
$sig = (Get-Content $sigFile.FullName -Raw).Trim() $sig = (Get-Content $sigFile.FullName -Raw).Trim()
@ -145,5 +97,5 @@ jobs:
& $oss cp latest.json "$bucket/latest.json" -f & $oss cp latest.json "$bucket/latest.json" -f
Write-Host "latest.json uploaded" Write-Host "latest.json uploaded"
} else { } else {
Write-Warning "sigFile (.exe.sig) not found skipping updater upload" Write-Warning "sigFile (.exe.sig) not found - skipping updater upload"
} }