# Tauri v2 Windows 构建 + 签名 + 阿里云 OSS 发布(Gitea Actions) # runner:本机 act_runner(label: windows,host 模式)——工具链直接使用本机环境, # 故省去 setup-node/pnpm/rust 等 action,减少 host 模式下的下载与 toolcache 故障面。 # 发布产物走 OSS 分发(tauri-plugin-updater 读 latest.json),不依赖 Release 页面。 name: Release on: push: tags: - 'v*' jobs: release: runs-on: windows steps: - uses: actions/checkout@v4 - name: Install deps shell: pwsh run: pnpm install --frozen-lockfile - name: Verify signing key shell: pwsh env: TAURI_SIGNING_PRIVATE_KEY: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY }} run: | if ([string]::IsNullOrEmpty($env:TAURI_SIGNING_PRIVATE_KEY)) { Write-Error "TAURI_SIGNING_PRIVATE_KEY is EMPTY - update bundles will not be generated!" exit 1 } Write-Host "TAURI_SIGNING_PRIVATE_KEY is set" - name: Build(签名随环境变量注入) shell: pwsh env: TAURI_SIGNING_PRIVATE_KEY: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY }} TAURI_SIGNING_PRIVATE_KEY_PASSWORD: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY_PASSWORD }} run: pnpm tauri build --verbose - name: Upload to OSS & generate latest.json shell: pwsh env: OSS_KEY_ID: ${{ secrets.OSS_KEY_ID }} OSS_KEY_SECRET: ${{ secrets.OSS_KEY_SECRET }} OSS_BUCKET: ${{ secrets.OSS_BUCKET }} OSS_ENDPOINT: ${{ secrets.OSS_ENDPOINT }} run: | # 下载 ossutil $oss = "$env:GITHUB_WORKSPACE\ossutil64.exe" Invoke-WebRequest -Uri "https://gosspublic.alicdn.com/ossutil/1.7.17/ossutil-v1.7.17-windows-amd64.zip" -OutFile oss.zip Expand-Archive oss.zip -DestinationPath oss_tmp -Force $exeFound = Get-ChildItem oss_tmp -Filter "ossutil*.exe" -Recurse | Select-Object -First 1 Copy-Item $exeFound.FullName $oss $tag = "${{ github.ref_name }}" $version = $tag.TrimStart('v') $nsisDir = "$env:GITHUB_WORKSPACE\src-tauri\target\release\bundle\nsis" Write-Host "=== bundle dir ===" Get-ChildItem "$env:GITHUB_WORKSPACE\src-tauri\target\release\bundle" -Recurse | ForEach-Object { Write-Host $_.FullName } $all = Get-ChildItem $nsisDir $installer = $all | Where-Object { $_.Name.EndsWith('-setup.exe') } | Select-Object -First 1 $sigFile = $all | Where-Object { $_.Name.EndsWith('-setup.exe.sig') } | Select-Object -First 1 if (-not $installer) { Write-Error "installer not found!"; exit 1 } $bucket = "oss://$env:OSS_BUCKET" $endpoint = "https://$env:OSS_ENDPOINT" & $oss config -e $endpoint -i $env:OSS_KEY_ID -k $env:OSS_KEY_SECRET -L CH & $oss cp $installer.FullName "$bucket/releases/$tag/$($installer.Name)" -f if ($sigFile) { & $oss cp $sigFile.FullName "$bucket/releases/$tag/$($sigFile.Name)" -f $date = (Get-Date -Format 'yyyy-MM-ddTHH:mm:ssZ') $baseUrl = "https://$env:OSS_BUCKET.$env:OSS_ENDPOINT/releases/$tag" $sig = (Get-Content $sigFile.FullName -Raw).Trim() $json = [ordered]@{ version = $version pub_date = $date notes = "版本 $tag 已发布" platforms = [ordered]@{ 'windows-x86_64' = [ordered]@{ signature = $sig url = "$baseUrl/$($installer.Name)" } } } | ConvertTo-Json -Depth 5 $json | Out-File -FilePath latest.json -Encoding utf8NoBOM Write-Host "=== latest.json ===" Get-Content latest.json & $oss cp latest.json "$bucket/latest.json" -f Write-Host "latest.json uploaded" } else { Write-Warning "sigFile (.exe.sig) not found - skipping updater upload" }