d834ca5e77
- Upload Windows artifacts (exe/msi) for SignPath signing - Configure SignPath action with organization secrets - Fix artifact name to 'windows-unsigned' - Add bilingual comments for required secrets
214 lines
7.5 KiB
YAML
214 lines
7.5 KiB
YAML
name: Release Editor App
|
||
|
||
on:
|
||
push:
|
||
tags:
|
||
- 'editor-v*'
|
||
workflow_dispatch:
|
||
inputs:
|
||
version:
|
||
description: 'Release version (e.g., 1.0.0)'
|
||
required: true
|
||
default: '1.0.0'
|
||
|
||
jobs:
|
||
build-tauri:
|
||
strategy:
|
||
fail-fast: false
|
||
matrix:
|
||
include:
|
||
- platform: windows-latest
|
||
target: x86_64-pc-windows-msvc
|
||
arch: x64
|
||
- platform: macos-latest
|
||
target: x86_64-apple-darwin
|
||
arch: x64
|
||
- platform: macos-latest
|
||
target: aarch64-apple-darwin
|
||
arch: arm64
|
||
|
||
runs-on: ${{ matrix.platform }}
|
||
|
||
steps:
|
||
- name: Checkout code
|
||
uses: actions/checkout@v4
|
||
|
||
- name: Install pnpm
|
||
uses: pnpm/action-setup@v4
|
||
|
||
- name: Setup Node.js
|
||
uses: actions/setup-node@v4
|
||
with:
|
||
node-version: '20.x'
|
||
cache: 'pnpm'
|
||
|
||
- name: Install Rust stable
|
||
uses: dtolnay/rust-toolchain@stable
|
||
with:
|
||
targets: ${{ matrix.target }}
|
||
|
||
- name: Rust cache
|
||
uses: Swatinem/rust-cache@v2
|
||
with:
|
||
workspaces: packages/editor-app/src-tauri
|
||
cache-on-failure: true
|
||
|
||
- name: Install dependencies (Ubuntu)
|
||
if: matrix.platform == 'ubuntu-latest'
|
||
run: |
|
||
sudo apt-get update
|
||
sudo apt-get install -y libgtk-3-dev libwebkit2gtk-4.0-dev libappindicator3-dev librsvg2-dev patchelf
|
||
|
||
- name: Install frontend dependencies
|
||
run: pnpm install
|
||
|
||
- name: Update version in config files (for manual trigger)
|
||
if: github.event_name == 'workflow_dispatch'
|
||
run: |
|
||
cd packages/editor-app
|
||
node -e "const pkg=require('./package.json'); pkg.version='${{ github.event.inputs.version }}'; require('fs').writeFileSync('./package.json', JSON.stringify(pkg, null, 2)+'\n')"
|
||
node scripts/sync-version.js
|
||
|
||
- name: Install wasm-pack
|
||
run: cargo install wasm-pack
|
||
|
||
# 使用 Turborepo 自动按依赖顺序构建所有包
|
||
# 这会自动处理:core -> asset-system -> editor-core -> ui -> 等等
|
||
- name: Build all packages with Turborepo
|
||
run: pnpm run build
|
||
|
||
- name: Copy WASM files to ecs-engine-bindgen
|
||
shell: bash
|
||
run: |
|
||
mkdir -p packages/ecs-engine-bindgen/src/wasm
|
||
cp packages/engine/pkg/es_engine.js packages/ecs-engine-bindgen/src/wasm/
|
||
cp packages/engine/pkg/es_engine.d.ts packages/ecs-engine-bindgen/src/wasm/
|
||
cp packages/engine/pkg/es_engine_bg.wasm packages/ecs-engine-bindgen/src/wasm/
|
||
cp packages/engine/pkg/es_engine_bg.wasm.d.ts packages/ecs-engine-bindgen/src/wasm/
|
||
|
||
- name: Bundle runtime files for Tauri
|
||
run: |
|
||
cd packages/editor-app
|
||
node scripts/bundle-runtime.mjs
|
||
|
||
- name: Build Tauri app
|
||
id: tauri
|
||
uses: tauri-apps/tauri-action@v0.5
|
||
env:
|
||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||
TAURI_SIGNING_PRIVATE_KEY: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY }}
|
||
TAURI_SIGNING_PRIVATE_KEY_PASSWORD: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY_PASSWORD }}
|
||
with:
|
||
projectPath: packages/editor-app
|
||
tagName: ${{ github.event_name == 'workflow_dispatch' && format('editor-v{0}', github.event.inputs.version) || github.ref_name }}
|
||
releaseName: 'ECS Editor v${{ github.event.inputs.version || github.ref_name }}'
|
||
releaseBody: 'See the assets to download this version and install.'
|
||
releaseDraft: true
|
||
prerelease: false
|
||
includeUpdaterJson: true
|
||
updaterJsonKeepUniversal: false
|
||
args: ${{ matrix.platform == 'macos-latest' && format('--target {0}', matrix.target) || '' }}
|
||
|
||
# Windows 构建上传 artifact 供 SignPath 签名
|
||
- name: Upload Windows artifacts for signing
|
||
if: matrix.platform == 'windows-latest'
|
||
uses: actions/upload-artifact@v4
|
||
with:
|
||
name: windows-unsigned
|
||
path: |
|
||
packages/editor-app/src-tauri/target/release/bundle/nsis/*.exe
|
||
packages/editor-app/src-tauri/target/release/bundle/msi/*.msi
|
||
retention-days: 1
|
||
|
||
# SignPath 代码签名(Windows)
|
||
# SignPath OSS code signing for Windows
|
||
# 注意:需要先在 https://signpath.io 申请 OSS 证书
|
||
# Note: Apply for OSS certificate at https://signpath.io first
|
||
# 并配置 GitHub Secrets: SIGNPATH_API_TOKEN, SIGNPATH_ORGANIZATION_ID
|
||
# Configure GitHub Secrets: SIGNPATH_API_TOKEN, SIGNPATH_ORGANIZATION_ID
|
||
sign-windows:
|
||
needs: build-tauri
|
||
runs-on: ubuntu-latest
|
||
if: success() && secrets.SIGNPATH_API_TOKEN != ''
|
||
|
||
steps:
|
||
- name: Checkout
|
||
uses: actions/checkout@v4
|
||
|
||
- name: Download Windows artifact
|
||
uses: actions/download-artifact@v4
|
||
with:
|
||
name: windows-unsigned
|
||
path: ./artifacts
|
||
|
||
- name: Submit to SignPath for code signing
|
||
id: signpath
|
||
uses: signpath/github-action-submit-signing-request@v1
|
||
with:
|
||
api-token: ${{ secrets.SIGNPATH_API_TOKEN }}
|
||
organization-id: ${{ secrets.SIGNPATH_ORGANIZATION_ID }}
|
||
project-slug: 'ecs-framework'
|
||
signing-policy-slug: 'release-signing'
|
||
artifact-configuration-slug: 'default'
|
||
github-artifact-name: 'windows-unsigned'
|
||
wait-for-completion: true
|
||
wait-for-completion-timeout-in-seconds: 600
|
||
output-artifact-directory: './signed'
|
||
|
||
- name: Upload signed artifacts to release
|
||
uses: softprops/action-gh-release@v1
|
||
with:
|
||
files: ./signed/*
|
||
tag_name: ${{ github.event_name == 'workflow_dispatch' && format('editor-v{0}', github.event.inputs.version) || github.ref_name }}
|
||
draft: false
|
||
env:
|
||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||
|
||
# 构建成功后,创建 PR 更新版本号
|
||
update-version-pr:
|
||
needs: sign-windows
|
||
if: github.event_name == 'workflow_dispatch' && success()
|
||
runs-on: ubuntu-latest
|
||
|
||
steps:
|
||
- name: Checkout code
|
||
uses: actions/checkout@v4
|
||
|
||
- name: Setup Node.js
|
||
uses: actions/setup-node@v4
|
||
with:
|
||
node-version: '20.x'
|
||
|
||
- name: Update version files
|
||
run: |
|
||
cd packages/editor-app
|
||
node -e "const pkg=require('./package.json'); pkg.version='${{ github.event.inputs.version }}'; require('fs').writeFileSync('./package.json', JSON.stringify(pkg, null, 2)+'\n')"
|
||
node scripts/sync-version.js
|
||
|
||
- name: Create Pull Request
|
||
uses: peter-evans/create-pull-request@v6
|
||
with:
|
||
token: ${{ secrets.GITHUB_TOKEN }}
|
||
commit-message: "chore(editor): bump version to ${{ github.event.inputs.version }}"
|
||
branch: release/editor-v${{ github.event.inputs.version }}
|
||
delete-branch: true
|
||
title: "chore(editor): Release v${{ github.event.inputs.version }}"
|
||
body: |
|
||
## Release v${{ github.event.inputs.version }}
|
||
|
||
This PR updates the editor version after successful release build.
|
||
|
||
### Changes
|
||
- Updated `packages/editor-app/package.json` → `${{ github.event.inputs.version }}`
|
||
- Updated `packages/editor-app/src-tauri/tauri.conf.json` → `${{ github.event.inputs.version }}`
|
||
|
||
### Release
|
||
- [GitHub Release](https://github.com/${{ github.repository }}/releases/tag/editor-v${{ github.event.inputs.version }})
|
||
|
||
---
|
||
*This PR was automatically created by the release workflow.*
|
||
labels: |
|
||
release
|
||
editor
|
||
automated pr
|