Files
tolaria/.github/workflows/release.yml
lucaronin d39b817625 ci: add release workflow for macOS OTA updates via GitHub Releases
Triggered on v* tags. Builds universal macOS binaries (aarch64 + x86_64)
using tauri-apps/tauri-action@v0, signs updater artifacts with
TAURI_SIGNING_PRIVATE_KEY secret, and publishes to GitHub Releases.

The updater endpoint in tauri.conf.json points to the latest.json artifact
from these releases, completing the OTA update pipeline.

No Apple code signing for now — macOS Gatekeeper will show unsigned-app
warnings until we add notarization in a future task.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-22 12:10:33 +01:00

58 lines
1.4 KiB
YAML

name: Release
on:
push:
tags:
- 'v*'
jobs:
release:
name: Build & Release (macOS)
permissions:
contents: write
strategy:
matrix:
include:
- target: aarch64-apple-darwin
runner: macos-latest
- target: x86_64-apple-darwin
runner: macos-latest
runs-on: ${{ matrix.runner }}
steps:
- uses: actions/checkout@v4
- name: Setup pnpm
uses: pnpm/action-setup@v4
with:
version: 10
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: '22'
cache: 'pnpm'
- name: Setup Rust
uses: dtolnay/rust-toolchain@stable
with:
targets: ${{ matrix.target }}
- name: Install dependencies
run: pnpm install --frozen-lockfile
- name: Build and release
uses: tauri-apps/tauri-action@v0
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
TAURI_SIGNING_PRIVATE_KEY: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY }}
TAURI_SIGNING_PRIVATE_KEY_PASSWORD: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY_PASSWORD }}
with:
tagName: ${{ github.ref_name }}
releaseName: 'Laputa v__VERSION__'
releaseBody: 'See the assets below to download and install this version.'
releaseDraft: false
prerelease: false
args: --target ${{ matrix.target }}