diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index f5d22eb7..0b11833c 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -88,7 +88,7 @@ jobs: - name: Build Tauri app env: TAURI_SIGNING_PRIVATE_KEY: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY }} - TAURI_SIGNING_PRIVATE_KEY_PASSWORD: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY_PASSWORD }} + TAURI_SIGNING_PRIVATE_KEY_PASSWORD: "" run: | pnpm tauri build --target ${{ matrix.target }} @@ -183,7 +183,7 @@ jobs: - name: Create universal updater tarball and sign env: TAURI_SIGNING_PRIVATE_KEY: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY }} - TAURI_SIGNING_PRIVATE_KEY_PASSWORD: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY_PASSWORD }} + TAURI_SIGNING_PRIVATE_KEY_PASSWORD: "" run: | set -euo pipefail @@ -195,7 +195,9 @@ jobs: npm install -g @tauri-apps/cli # Sign the tarball using Tauri's signer - tauri signer sign "$TARBALL" --private-key "$TAURI_SIGNING_PRIVATE_KEY" --password "$TAURI_SIGNING_PRIVATE_KEY_PASSWORD" + # Use env vars directly — Tauri reads TAURI_SIGNING_PRIVATE_KEY and + # TAURI_SIGNING_PRIVATE_KEY_PASSWORD automatically without needing --password flag + tauri signer sign "$TARBALL" --private-key "$TAURI_SIGNING_PRIVATE_KEY" echo "TARBALL_PATH=$TARBALL" >> "$GITHUB_ENV" echo "SIG_PATH=${TARBALL}.sig" >> "$GITHUB_ENV" diff --git a/src-tauri/tauri.conf.json b/src-tauri/tauri.conf.json index cb490c48..9dee21ec 100644 --- a/src-tauri/tauri.conf.json +++ b/src-tauri/tauri.conf.json @@ -49,7 +49,7 @@ "endpoints": [ "https://github.com/refactoringhq/laputa-app/releases/latest/download/latest.json" ], - "pubkey": "dW50cnVzdGVkIGNvbW1lbnQ6IG1pbmlzaWduIHB1YmxpYyBrZXk6IDIyRTQ2QURFOTdENkQ1NDAKUldSQTFkYVgzbXJrSXZuSm1NRkk5ZDB1a1FvcjhsWDlCbVFEaWJSZlVJSXpVVGxONzAzMm9zVXUK" + "pubkey": "dW50cnVzdGVkIGNvbW1lbnQ6IG1pbmlzaWduIHB1YmxpYyBrZXk6IEQxQjNDRUVGNTgxM0Q2RDQKUldUVTFoTlk3ODZ6MGNYSml6aWF4SzBvMTFvdDJFQWQwZHZ0d0lDeW9LekRHZ3h5MnJsb2lpenEK" } } } \ No newline at end of file