ci(dependabot): auto merge #932
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Nightly | |
| on: | |
| push: | |
| branches: | |
| - master | |
| paths-ignore: | |
| - "**.md" | |
| - "documentation/**" | |
| - ".github/**" | |
| - "crowdin.yml" | |
| workflow_dispatch: | |
| permissions: | |
| contents: write | |
| concurrency: | |
| group: ${{ github.workflow }} | |
| cancel-in-progress: true | |
| jobs: | |
| continuous-integration: | |
| uses: ./.github/workflows/ci.yml | |
| update-tag: | |
| needs: continuous-integration | |
| runs-on: ubuntu-latest | |
| outputs: | |
| version: ${{ steps.gen-version.outputs.result }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - run: git fetch --tags --prune | |
| - name: Create or update 'nightly' tag (force overwrite) | |
| run: | | |
| git tag -f nightly | |
| git push origin --force --tags | |
| - name: Generate Version | |
| id: gen-version | |
| uses: actions/github-script@v7 | |
| with: | |
| script: | | |
| const fs = require('fs'); | |
| const packageJson = JSON.parse(fs.readFileSync('package.json', 'utf8')); | |
| const currentVersion = packageJson.version; | |
| const timestamp = new Date().toISOString().replace(/[-:T]/g, '').slice(2, 12); | |
| const nightlyVersion = `${currentVersion}-nightly.${timestamp}`; | |
| return nightlyVersion; | |
| build-binaries: | |
| needs: update-tag | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - platform: windows-2025 | |
| target: x86_64-pc-windows-msvc | |
| - platform: windows-2025 | |
| target: aarch64-pc-windows-msvc | |
| runs-on: ${{ matrix.platform }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: ./.github/actions/setup | |
| with: | |
| rust-targets: ${{ matrix.target }} | |
| cache-key-prefix: rust-build-${{ matrix.target }} | |
| - name: Install frontend dependencies | |
| run: npm install | |
| - name: Set Version | |
| run: | | |
| npx tsx scripts/versionish.ts ci ${{ needs.update-tag.outputs.version }} | |
| - name: Build Hook DLL | |
| run: cargo build --release --target ${{ matrix.target }} -p sluhk | |
| - name: Build | |
| env: | |
| TAURI_SIGNING_PRIVATE_KEY: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY }} | |
| TAURI_SIGNING_PRIVATE_KEY_PASSWORD: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY_PASSWORD }} | |
| run: npx tauri build --ci --verbose --no-bundle --target ${{ matrix.target }} | |
| - name: Upload binaries to artifacts | |
| id: upload-binaries | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: binaries-${{ matrix.target }} | |
| path: | | |
| target/${{ matrix.target }}/release/static/**/* | |
| target/${{ matrix.target }}/release/*.exe | |
| target/${{ matrix.target }}/release/*.dll | |
| target/${{ matrix.target }}/release/SHA256SUMS | |
| target/${{ matrix.target }}/release/SHA256SUMS.sig | |
| target/${{ matrix.target }}/release/seelen_ui.pdb | |
| merge-binaries: | |
| needs: build-binaries | |
| runs-on: ubuntu-latest | |
| outputs: | |
| artifact-id: ${{ steps.merge-binaries.outputs.artifact-id }} | |
| steps: | |
| - name: Merge binaries artifacts | |
| id: merge-binaries | |
| uses: actions/upload-artifact/merge@v4 | |
| with: | |
| name: binaries | |
| pattern: binaries-* | |
| separate-directories: true | |
| delete-merged: true | |
| sign-binaries: | |
| needs: merge-binaries | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Sign binaries with SignPath | |
| uses: signpath/github-action-submit-signing-request@v1 | |
| with: | |
| api-token: ${{ secrets.SIGNPATH_API_TOKEN }} | |
| organization-id: 1a9e9b37-229a-4540-a639-137deebee4e1 | |
| project-slug: seelen-ui | |
| signing-policy-slug: test-signing | |
| artifact-configuration-slug: binaries | |
| github-artifact-id: ${{ needs.merge-binaries.outputs.artifact-id }} | |
| output-artifact-directory: signed-binaries | |
| wait-for-completion: true | |
| - name: Upload signed binaries by target | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: signed-binaries-x86_64-pc-windows-msvc | |
| path: signed-binaries/binaries-x86_64-pc-windows-msvc/**/* | |
| - name: Upload signed binaries by target | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: signed-binaries-aarch64-pc-windows-msvc | |
| path: signed-binaries/binaries-aarch64-pc-windows-msvc/**/* | |
| bundle: | |
| needs: | |
| - update-tag | |
| - sign-binaries | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - platform: windows-2025 | |
| target: x86_64-pc-windows-msvc | |
| - platform: windows-2025 | |
| target: aarch64-pc-windows-msvc | |
| runs-on: ${{ matrix.platform }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: ./.github/actions/setup | |
| with: | |
| rust-targets: ${{ matrix.target }} | |
| cache-key-prefix: rust-bundle-${{ matrix.target }} | |
| - name: Install frontend dependencies | |
| run: npm install | |
| - name: Install MSIX dependencies | |
| shell: pwsh | |
| run: | | |
| winget upgrade winget --accept-package-agreements --accept-source-agreements --disable-interactivity --force || Write-Output "Ignoring winget update failure" | |
| winget install --id Microsoft.DotNet.AspNetCore.8 --accept-package-agreements --accept-source-agreements --force | |
| winget install --id Microsoft.DotNet.DesktopRuntime.8 --accept-package-agreements --accept-source-agreements --force | |
| winget install --id MarcinOtorowski.MSIXHero --accept-package-agreements --accept-source-agreements --force | |
| - name: Set Version | |
| run: | | |
| npx tsx scripts/versionish.ts ci ${{ needs.update-tag.outputs.version }} | |
| - name: Download signed binaries | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: signed-binaries-${{ matrix.target }} | |
| path: target/${{ matrix.target }}/release | |
| - name: Clean bundle folder from cache | |
| shell: pwsh | |
| run: | | |
| $bundlePath = "target/${{ matrix.target }}/release/bundle" | |
| if (Test-Path $bundlePath) { | |
| Remove-Item -Path $bundlePath -Recurse -Force | |
| Write-Output "Old bundles files deleted: $bundlePath" | |
| } | |
| - name: Bundle | |
| run: npx tauri bundle --ci --verbose --target ${{ matrix.target }} --no-sign | |
| - name: Bundle MSIX | |
| run: npx tsx scripts/bundle.msix.ts --target ${{ matrix.target }} | |
| - name: Upload bundles to artifacts | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: bundles-${{ matrix.target }} | |
| path: target/${{ matrix.target }}/release/bundle | |
| merge-bundles: | |
| needs: bundle | |
| runs-on: ubuntu-latest | |
| outputs: | |
| artifact-id: ${{ steps.upload-merged.outputs.artifact-id }} | |
| steps: | |
| - name: Merge artifacts | |
| id: upload-merged | |
| uses: actions/upload-artifact/merge@v4 | |
| with: | |
| name: bundles | |
| pattern: bundles-* | |
| delete-merged: true | |
| sign-bundles: | |
| needs: | |
| - update-tag | |
| - merge-bundles | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: 24 | |
| - name: Clean existing assets | |
| uses: actions/github-script@v7 | |
| with: | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| script: | | |
| const tagName = 'nightly'; | |
| const release = await github.rest.repos.getReleaseByTag({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| tag: tagName, | |
| }); | |
| const { data: assets } = await github.rest.repos.listReleaseAssets({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| release_id: release.data.id, | |
| }); | |
| core.info(`Found ${assets.length} existing assets to clean`); | |
| const deletions = assets.map(asset => { | |
| core.info(`Deleting ${asset.name}`); | |
| return github.rest.repos.deleteReleaseAsset({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| asset_id: asset.id, | |
| }); | |
| }); | |
| await Promise.all(deletions); | |
| core.info('✅ All existing assets cleaned'); | |
| - name: Submit to SignPath | |
| uses: signpath/github-action-submit-signing-request@v1 | |
| with: | |
| api-token: ${{ secrets.SIGNPATH_API_TOKEN }} | |
| organization-id: 1a9e9b37-229a-4540-a639-137deebee4e1 | |
| project-slug: seelen-ui | |
| signing-policy-slug: test-signing | |
| artifact-configuration-slug: nightly-bundles | |
| github-artifact-id: ${{ needs.merge-bundles.outputs.artifact-id }} | |
| output-artifact-directory: bundles | |
| - name: File Tree | |
| run: |- | |
| tree bundles | |
| - name: Tauri Updater Signature | |
| env: | |
| TAURI_PRIVATE_KEY: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY }} | |
| TAURI_PRIVATE_KEY_PASSWORD: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY_PASSWORD }} | |
| run: | | |
| npm install -g @tauri-apps/cli | |
| echo "Removing existing .sig files to regenerate with Tauri updater keys..." | |
| find ./bundles -name "*.sig" -type f -delete | |
| echo "Existing signatures removed" | |
| VERSION=${{ needs.update-tag.outputs.version }} | |
| PATH1="bundles/nsis/Seelen UI_${VERSION}_arm64-setup.exe" | |
| PATH2="bundles/nsis/Seelen UI_${VERSION}_x64-setup.exe" | |
| echo "Signing ${PATH1}..." | |
| tauri signer sign --verbose "$PATH1" | |
| echo "Signing ${PATH2}..." | |
| tauri signer sign --verbose "$PATH2" | |
| - name: Upload Signed Installers to release | |
| uses: svenstaro/upload-release-action@v2 | |
| with: | |
| tag: nightly | |
| file: bundles/**/* | |
| file_glob: true | |
| generate-update-file: | |
| needs: | |
| - update-tag | |
| - sign-bundles | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Get Release ID | |
| id: get-release | |
| uses: actions/github-script@v7 | |
| with: | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| script: | | |
| const release = await github.rest.repos.getReleaseByTag({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| tag: 'nightly', | |
| }); | |
| return release.data.id; | |
| - uses: ./.github/actions/generate-update-manifest | |
| with: | |
| release-id: ${{ steps.get-release.outputs.result }} | |
| version: ${{ needs.update-tag.outputs.version }} | |
| github-token: ${{ secrets.GITHUB_TOKEN }} |