name: 'Modrinth App build' on: push: branches: - main tags: - 'v*' paths: - .github/workflows/theseus-release.yml - 'apps/app/**' - 'apps/app-frontend/**' - 'packages/app-lib/**' - 'packages/app-macros/**' - 'packages/assets/**' - 'packages/ui/**' - 'packages/utils/**' workflow_dispatch: inputs: sign-windows-binaries: description: Sign Windows binaries type: boolean default: true required: false jobs: build: strategy: fail-fast: false matrix: platform: [macos-latest, windows-latest, ubuntu-22.04] runs-on: ${{ matrix.platform }} steps: - uses: actions/checkout@v4 - name: Rust setup (mac) if: startsWith(matrix.platform, 'macos') uses: actions-rust-lang/setup-rust-toolchain@v1 with: rustflags: '' target: x86_64-apple-darwin - name: Rust setup if: "!startsWith(matrix.platform, 'macos')" uses: actions-rust-lang/setup-rust-toolchain@v1 with: rustflags: '' - name: Setup rust cache uses: actions/cache@v4 with: path: | target/** !target/*/release/bundle/*/*.dmg !target/*/release/bundle/*/*.app.tar.gz !target/*/release/bundle/*/*.app.tar.gz.sig !target/release/bundle/*/*.dmg !target/release/bundle/*/*.app.tar.gz !target/release/bundle/*/*.app.tar.gz.sig !target/release/bundle/appimage/*.AppImage !target/release/bundle/appimage/*.AppImage.tar.gz !target/release/bundle/appimage/*.AppImage.tar.gz.sig !target/release/bundle/deb/*.deb !target/release/bundle/rpm/*.rpm !target/release/bundle/msi/*.msi !target/release/bundle/msi/*.msi.zip !target/release/bundle/msi/*.msi.zip.sig !target/release/bundle/nsis/*.exe !target/release/bundle/nsis/*.nsis.zip !target/release/bundle/nsis/*.nsis.zip.sig key: ${{ runner.os }}-rust-target-${{ hashFiles('**/Cargo.lock') }} restore-keys: | ${{ runner.os }}-rust-target- - name: Setup Node.js uses: actions/setup-node@v4 with: node-version-file: .nvmrc - name: Install pnpm via corepack shell: bash run: | corepack enable corepack prepare --activate - name: Get pnpm store directory id: pnpm-cache shell: bash run: | echo "STORE_PATH=$(pnpm store path)" >> $GITHUB_OUTPUT - name: Setup pnpm cache uses: actions/cache@v4 with: path: ${{ steps.pnpm-cache.outputs.STORE_PATH }} key: ${{ runner.os }}-pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }} restore-keys: | ${{ runner.os }}-pnpm-store- - name: install dependencies (ubuntu only) if: startsWith(matrix.platform, 'ubuntu') run: | sudo apt-get update sudo apt-get install -y libwebkit2gtk-4.1-dev build-essential curl wget file libxdo-dev libssl-dev pkg-config libayatana-appindicator3-dev librsvg2-dev - name: Install code signing client (Windows only) if: startsWith(matrix.platform, 'windows') run: choco install jsign --ignore-dependencies # GitHub runners come with a global Java installation already - name: Install frontend dependencies run: pnpm install - name: Disable Windows code signing for non-final release builds if: ${{ startsWith(matrix.platform, 'windows') && !startsWith(github.ref, 'refs/tags/v') && !inputs.sign-windows-binaries }} run: | jq 'del(.bundle.windows.signCommand)' apps/app/tauri-release.conf.json > apps/app/tauri-release.conf.json.new Move-Item -Path apps/app/tauri-release.conf.json.new -Destination apps/app/tauri-release.conf.json -Force - name: build app (macos) run: pnpm --filter=@modrinth/app run tauri build --target universal-apple-darwin --config tauri-release.conf.json if: startsWith(matrix.platform, 'macos') env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} ENABLE_CODE_SIGNING: ${{ secrets.APPLE_CERTIFICATE }} APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }} APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }} APPLE_SIGNING_IDENTITY: ${{ secrets.APPLE_SIGNING_IDENTITY }} APPLE_ID: ${{ secrets.APPLE_ID }} APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} APPLE_PASSWORD: ${{ secrets.APPLE_PASSWORD }} TAURI_SIGNING_PRIVATE_KEY: ${{ secrets.TAURI_PRIVATE_KEY }} TAURI_SIGNING_PRIVATE_KEY_PASSWORD: ${{ secrets.TAURI_KEY_PASSWORD }} - name: build app (Linux) run: pnpm --filter=@modrinth/app run tauri build --config tauri-release.conf.json if: startsWith(matrix.platform, 'ubuntu') env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} TAURI_SIGNING_PRIVATE_KEY: ${{ secrets.TAURI_PRIVATE_KEY }} TAURI_SIGNING_PRIVATE_KEY_PASSWORD: ${{ secrets.TAURI_KEY_PASSWORD }} - name: build app (Windows) run: | [System.Convert]::FromBase64String("$env:DIGICERT_ONE_SIGNER_CLIENT_CERTIFICATE_BASE64") | Set-Content -Path signer-client-cert.p12 -AsByteStream $env:DIGICERT_ONE_SIGNER_CREDENTIALS = "$env:DIGICERT_ONE_SIGNER_API_KEY|$PWD\signer-client-cert.p12|$env:DIGICERT_ONE_SIGNER_CLIENT_CERTIFICATE_PASSWORD" $env:JAVA_HOME = "$env:JAVA_HOME_11_X64" pnpm --filter=@modrinth/app run tauri build --config tauri-release.conf.json --verbose --bundles 'nsis,updater' Remove-Item -Path signer-client-cert.p12 if: startsWith(matrix.platform, 'windows') env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} TAURI_SIGNING_PRIVATE_KEY: ${{ secrets.TAURI_PRIVATE_KEY }} TAURI_SIGNING_PRIVATE_KEY_PASSWORD: ${{ secrets.TAURI_KEY_PASSWORD }} DIGICERT_ONE_SIGNER_API_KEY: ${{ secrets.DIGICERT_ONE_SIGNER_API_KEY }} DIGICERT_ONE_SIGNER_CLIENT_CERTIFICATE_BASE64: ${{ secrets.DIGICERT_ONE_SIGNER_CLIENT_CERTIFICATE_BASE64 }} DIGICERT_ONE_SIGNER_CLIENT_CERTIFICATE_PASSWORD: ${{ secrets.DIGICERT_ONE_SIGNER_CLIENT_CERTIFICATE_PASSWORD }} - name: upload ${{ matrix.platform }} uses: actions/upload-artifact@v4 with: name: ${{ matrix.platform }} path: | target/*/release/bundle/*/*.dmg target/*/release/bundle/*/*.app.tar.gz target/*/release/bundle/*/*.app.tar.gz.sig target/release/bundle/*/*.dmg target/release/bundle/*/*.app.tar.gz target/release/bundle/*/*.app.tar.gz.sig target/release/bundle/*/*.AppImage target/release/bundle/*/*.AppImage.tar.gz target/release/bundle/*/*.AppImage.tar.gz.sig target/release/bundle/*/*.deb target/release/bundle/*/*.rpm target/release/bundle/msi/*.msi target/release/bundle/msi/*.msi.zip target/release/bundle/msi/*.msi.zip.sig target/release/bundle/nsis/*.exe target/release/bundle/nsis/*.nsis.zip target/release/bundle/nsis/*.nsis.zip.sig