dev-manager-tauri/.gitea/workflows/release.yml
lanrtop 865cd1b17c chore(cicd): 发版链路迁移至 Gitea Actions——本机 act_runner host 模式
- 新增 .gitea/workflows/release.yml:host 模式精简版(本机工具链直用,
  省去 setup-node/pnpm/rust action 减少故障面),构建+签名+OSS 上传逻辑不变
- 删除 .github/workflows/release.yml 死配置(GitHub 已退役,tag 不再推送触发)
- OSS bucket/endpoint/updater 配置全部不变,存量客户端更新链路无感

Rules-Applied: R01
2026-07-02 17:17:33 +09:00

102 lines
4.0 KiB
YAML
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Tauri v2 Windows 构建 + 签名 + 阿里云 OSS 发布Gitea Actions
# runner本机 act_runnerlabel: windowshost 模式)——工具链直接使用本机环境,
# 故省去 setup-node/pnpm/rust 等 action减少 host 模式下的下载与 toolcache 故障面。
# 发布产物走 OSS 分发tauri-plugin-updater 读 latest.json不依赖 Release 页面。
name: Release
on:
push:
tags:
- 'v*'
jobs:
release:
runs-on: windows
steps:
- uses: actions/checkout@v4
- name: Install deps
shell: pwsh
run: pnpm install --frozen-lockfile
- name: Verify signing key
shell: pwsh
env:
TAURI_SIGNING_PRIVATE_KEY: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY }}
run: |
if ([string]::IsNullOrEmpty($env:TAURI_SIGNING_PRIVATE_KEY)) {
Write-Error "TAURI_SIGNING_PRIVATE_KEY is EMPTY - update bundles will not be generated!"
exit 1
}
Write-Host "TAURI_SIGNING_PRIVATE_KEY is set"
- name: Build签名随环境变量注入
shell: pwsh
env:
TAURI_SIGNING_PRIVATE_KEY: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY }}
TAURI_SIGNING_PRIVATE_KEY_PASSWORD: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY_PASSWORD }}
run: pnpm tauri build --verbose
- name: Upload to OSS & generate latest.json
shell: pwsh
env:
OSS_KEY_ID: ${{ secrets.OSS_KEY_ID }}
OSS_KEY_SECRET: ${{ secrets.OSS_KEY_SECRET }}
OSS_BUCKET: ${{ secrets.OSS_BUCKET }}
OSS_ENDPOINT: ${{ secrets.OSS_ENDPOINT }}
run: |
# 下载 ossutil
$oss = "$env:GITHUB_WORKSPACE\ossutil64.exe"
Invoke-WebRequest -Uri "https://gosspublic.alicdn.com/ossutil/1.7.17/ossutil-v1.7.17-windows-amd64.zip" -OutFile oss.zip
Expand-Archive oss.zip -DestinationPath oss_tmp -Force
$exeFound = Get-ChildItem oss_tmp -Filter "ossutil*.exe" -Recurse | Select-Object -First 1
Copy-Item $exeFound.FullName $oss
$tag = "${{ github.ref_name }}"
$version = $tag.TrimStart('v')
$nsisDir = "$env:GITHUB_WORKSPACE\src-tauri\target\release\bundle\nsis"
Write-Host "=== bundle dir ==="
Get-ChildItem "$env:GITHUB_WORKSPACE\src-tauri\target\release\bundle" -Recurse | ForEach-Object { Write-Host $_.FullName }
$all = Get-ChildItem $nsisDir
$installer = $all | Where-Object { $_.Name.EndsWith('-setup.exe') } | Select-Object -First 1
$sigFile = $all | Where-Object { $_.Name.EndsWith('-setup.exe.sig') } | Select-Object -First 1
if (-not $installer) { Write-Error "installer not found!"; exit 1 }
$bucket = "oss://$env:OSS_BUCKET"
$endpoint = "https://$env:OSS_ENDPOINT"
& $oss config -e $endpoint -i $env:OSS_KEY_ID -k $env:OSS_KEY_SECRET -L CH
& $oss cp $installer.FullName "$bucket/releases/$tag/$($installer.Name)" -f
if ($sigFile) {
& $oss cp $sigFile.FullName "$bucket/releases/$tag/$($sigFile.Name)" -f
$date = (Get-Date -Format 'yyyy-MM-ddTHH:mm:ssZ')
$baseUrl = "https://$env:OSS_BUCKET.$env:OSS_ENDPOINT/releases/$tag"
$sig = (Get-Content $sigFile.FullName -Raw).Trim()
$json = [ordered]@{
version = $version
pub_date = $date
notes = "版本 $tag 已发布"
platforms = [ordered]@{
'windows-x86_64' = [ordered]@{
signature = $sig
url = "$baseUrl/$($installer.Name)"
}
}
} | ConvertTo-Json -Depth 5
$json | Out-File -FilePath latest.json -Encoding utf8NoBOM
Write-Host "=== latest.json ==="
Get-Content latest.json
& $oss cp latest.json "$bucket/latest.json" -f
Write-Host "latest.json uploaded"
} else {
Write-Warning "sigFile (.exe.sig) not found - skipping updater upload"
}