- 新增 .gitea/workflows/release.yml:host 模式精简版(本机工具链直用, 省去 setup-node/pnpm/rust action 减少故障面),构建+签名+OSS 上传逻辑不变 - 删除 .github/workflows/release.yml 死配置(GitHub 已退役,tag 不再推送触发) - OSS bucket/endpoint/updater 配置全部不变,存量客户端更新链路无感 Rules-Applied: R01
102 lines
4.0 KiB
YAML
102 lines
4.0 KiB
YAML
# Tauri v2 Windows 构建 + 签名 + 阿里云 OSS 发布(Gitea Actions)
|
||
# runner:本机 act_runner(label: windows,host 模式)——工具链直接使用本机环境,
|
||
# 故省去 setup-node/pnpm/rust 等 action,减少 host 模式下的下载与 toolcache 故障面。
|
||
# 发布产物走 OSS 分发(tauri-plugin-updater 读 latest.json),不依赖 Release 页面。
|
||
name: Release
|
||
|
||
on:
|
||
push:
|
||
tags:
|
||
- 'v*'
|
||
|
||
jobs:
|
||
release:
|
||
runs-on: windows
|
||
steps:
|
||
- uses: actions/checkout@v4
|
||
|
||
- name: Install deps
|
||
shell: pwsh
|
||
run: pnpm install --frozen-lockfile
|
||
|
||
- name: Verify signing key
|
||
shell: pwsh
|
||
env:
|
||
TAURI_SIGNING_PRIVATE_KEY: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY }}
|
||
run: |
|
||
if ([string]::IsNullOrEmpty($env:TAURI_SIGNING_PRIVATE_KEY)) {
|
||
Write-Error "TAURI_SIGNING_PRIVATE_KEY is EMPTY - update bundles will not be generated!"
|
||
exit 1
|
||
}
|
||
Write-Host "TAURI_SIGNING_PRIVATE_KEY is set"
|
||
|
||
- name: Build(签名随环境变量注入)
|
||
shell: pwsh
|
||
env:
|
||
TAURI_SIGNING_PRIVATE_KEY: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY }}
|
||
TAURI_SIGNING_PRIVATE_KEY_PASSWORD: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY_PASSWORD }}
|
||
run: pnpm tauri build --verbose
|
||
|
||
- name: Upload to OSS & generate latest.json
|
||
shell: pwsh
|
||
env:
|
||
OSS_KEY_ID: ${{ secrets.OSS_KEY_ID }}
|
||
OSS_KEY_SECRET: ${{ secrets.OSS_KEY_SECRET }}
|
||
OSS_BUCKET: ${{ secrets.OSS_BUCKET }}
|
||
OSS_ENDPOINT: ${{ secrets.OSS_ENDPOINT }}
|
||
run: |
|
||
# 下载 ossutil
|
||
$oss = "$env:GITHUB_WORKSPACE\ossutil64.exe"
|
||
Invoke-WebRequest -Uri "https://gosspublic.alicdn.com/ossutil/1.7.17/ossutil-v1.7.17-windows-amd64.zip" -OutFile oss.zip
|
||
Expand-Archive oss.zip -DestinationPath oss_tmp -Force
|
||
$exeFound = Get-ChildItem oss_tmp -Filter "ossutil*.exe" -Recurse | Select-Object -First 1
|
||
Copy-Item $exeFound.FullName $oss
|
||
|
||
$tag = "${{ github.ref_name }}"
|
||
$version = $tag.TrimStart('v')
|
||
$nsisDir = "$env:GITHUB_WORKSPACE\src-tauri\target\release\bundle\nsis"
|
||
|
||
Write-Host "=== bundle dir ==="
|
||
Get-ChildItem "$env:GITHUB_WORKSPACE\src-tauri\target\release\bundle" -Recurse | ForEach-Object { Write-Host $_.FullName }
|
||
|
||
$all = Get-ChildItem $nsisDir
|
||
$installer = $all | Where-Object { $_.Name.EndsWith('-setup.exe') } | Select-Object -First 1
|
||
$sigFile = $all | Where-Object { $_.Name.EndsWith('-setup.exe.sig') } | Select-Object -First 1
|
||
|
||
if (-not $installer) { Write-Error "installer not found!"; exit 1 }
|
||
|
||
$bucket = "oss://$env:OSS_BUCKET"
|
||
$endpoint = "https://$env:OSS_ENDPOINT"
|
||
|
||
& $oss config -e $endpoint -i $env:OSS_KEY_ID -k $env:OSS_KEY_SECRET -L CH
|
||
& $oss cp $installer.FullName "$bucket/releases/$tag/$($installer.Name)" -f
|
||
|
||
if ($sigFile) {
|
||
& $oss cp $sigFile.FullName "$bucket/releases/$tag/$($sigFile.Name)" -f
|
||
|
||
$date = (Get-Date -Format 'yyyy-MM-ddTHH:mm:ssZ')
|
||
$baseUrl = "https://$env:OSS_BUCKET.$env:OSS_ENDPOINT/releases/$tag"
|
||
$sig = (Get-Content $sigFile.FullName -Raw).Trim()
|
||
|
||
$json = [ordered]@{
|
||
version = $version
|
||
pub_date = $date
|
||
notes = "版本 $tag 已发布"
|
||
platforms = [ordered]@{
|
||
'windows-x86_64' = [ordered]@{
|
||
signature = $sig
|
||
url = "$baseUrl/$($installer.Name)"
|
||
}
|
||
}
|
||
} | ConvertTo-Json -Depth 5
|
||
|
||
$json | Out-File -FilePath latest.json -Encoding utf8NoBOM
|
||
Write-Host "=== latest.json ==="
|
||
Get-Content latest.json
|
||
|
||
& $oss cp latest.json "$bucket/latest.json" -f
|
||
Write-Host "latest.json uploaded"
|
||
} else {
|
||
Write-Warning "sigFile (.exe.sig) not found - skipping updater upload"
|
||
}
|