Build eigenwallet release #1530

Workflow file for this run

.github/workflows/build-gui-release-binaries.yml at 93ded4c

	# This file is used to build the release binaries for the Tauri GUI
	name: "Build eigenwallet release"

	on:
	pull_request:
	release:
	types: [created]

	concurrency:
	group: build-gui-release-${{ github.event_name == 'pull_request' && github.event.pull_request.number \|\| github.event.release.tag_name }}
	cancel-in-progress: true

	jobs:
	draft-cb-release:
	# don't do it for PR's
	if: ${{ github.event_name != 'pull_request' && !contains(github.ref_name, 'preview') }}
	runs-on: ubuntu-24.04
	steps:
	- uses: actions/checkout@v4

	- name: Set env variables
	uses: ./.github/actions/set-monero-env

	- name: Create Draft Release
	uses: crabnebula-dev/cloud-release@v0
	with:
	command: release draft ${{ env.CN_APPLICATION }} --framework tauri
	api-key: ${{ secrets.CN_API_KEY }}

	build_gui:
	permissions:
	contents: write
	strategy:
	fail-fast: false
	matrix:
	include:
	- host: "macos-15" # for Arm based macs (M1 and above).
	target: "aarch64-apple-darwin"
	- host: "macos-15-intel" # for Intel based macs.
	target: "x86_64-apple-darwin"
	- host: "ubuntu-24.04"
	target: "x86_64-unknown-linux-gnu"
	- host: "ubuntu-24.04" # cross build windows from ubuntu
	target: "x86_64-pc-windows-gnu"

	runs-on: ${{ matrix.host }}
	steps:
	- uses: actions/checkout@v4

	- name: Setup build environment (cli tools, dependencies)
	uses: ./.github/actions/setup-build-environment
	with:
	host: ${{ matrix.host }}
	target: ${{ matrix.target }}

	- name: build tauri app and upload to github releases page
	uses: tauri-apps/tauri-action@v0
	env:
	GITHUB_TOKEN: ${{ secrets.BOTTY_GITHUB_TOKEN }}
	APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }}
	APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
	APPLE_SIGNING_IDENTITY: ${{ secrets.APPLE_SIGNING_IDENTITY }}
	APPLE_ID: ${{ secrets.APPLE_ID }}
	APPLE_PASSWORD: ${{ secrets.APPLE_PASSWORD }}
	APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
	TAURI_SIGNING_PRIVATE_KEY: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY }}
	TAURI_SIGNING_PRIVATE_KEY_PASSWORD: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY_PASSWORD }}
	with:
	# Empty releaseId for PRs prevents uploading to GitHub releases
	# Empty strings are treated as an omitted argument: https://github.com/actions/runner/issues/924
	# When releaseId is omitted, no release is published: https://github.com/tauri-apps/tauri-action?tab=readme-ov-file#tips-and-caveats
	releaseId: ${{ github.event.release.id \|\| '' }}
	projectPath: src-tauri
	tauriScript: yarn tauri
	args: --target ${{ matrix.target }}

	# TODO: Remove this duplication of the steps in build-release-binaries.yml
	- name: Install GnuPG (macOS)
	if: github.event_name == 'release' && runner.os == 'macOS'
	shell: bash
	run: \|
	brew install gnupg

	- name: Install GnuPG (Linux)
	if: github.event_name == 'release' && runner.os == 'Linux'
	shell: bash
	run: \|
	sudo apt-get update -y
	sudo apt-get install -y gnupg

	- name: Import GPG private key
	if: github.event_name == 'release'
	env:
	GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
	shell: bash
	run: \|
	set -euo pipefail

	if [[ -z "${GPG_PRIVATE_KEY:-}" ]]; then
	echo "GPG_PRIVATE_KEY secret is not set." >&2
	exit 1
	fi

	export GNUPGHOME="$(umask 077; mktemp -d)"

	# Allow loopback pinentry when passphrase is provided
	echo "allow-loopback-pinentry" >> "$GNUPGHOME/gpg-agent.conf"
	echo "use-agent" >> "$GNUPGHOME/gpg.conf"
	gpgconf --reload gpg-agent \|\| true

	# Import ASCII-armored or binary private key material
	printf "%s" "$GPG_PRIVATE_KEY" \| gpg --batch --import

	# Grab the first secret key fingerprint and expose it to later steps
	FPR="$(gpg --batch --list-secret-keys --with-colons \| awk -F: '/^fpr:/ {print $10; exit}')"
	if [[ -z "$FPR" ]]; then
	echo "Failed to import a signing key." >&2
	exit 1
	fi

	echo "GNUPGHOME=$GNUPGHOME" >> "$GITHUB_ENV"
	echo "GPG_FPR=$FPR" >> "$GITHUB_ENV"

	- name: Sign artifacts with GPG
	if: github.event_name == 'release'
	env:
	GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
	shell: bash
	run: \|
	set -euo pipefail

	# Find release artifacts at the top level of each bundle subdirectory
	# Using maxdepth=2 avoids descending into .app bundles and other internal structures
	find target/${{ matrix.target }}/release/bundle -maxdepth 2 -type f \
	! -name "*.sig" \
	! -name "*.asc" \
	-print0 \| while IFS= read -r -d '' file; do
	echo "Signing: $file"
	gpg --batch --yes --pinentry-mode loopback --passphrase "$GPG_PASSPHRASE" \
	-u "$GPG_FPR" --armor --output "${file}.asc" --detach-sign "$file"
	done



	- name: Upload artifact signatures to GitHub release
	if: github.event_name == 'release'
	shell: bash
	env:
	GITHUB_TOKEN: ${{ secrets.BOTTY_GITHUB_TOKEN }}
	run: \|
	set -euo pipefail

	# Find all .asc signature files we just created
	find target/${{ matrix.target }}/release/bundle -type f -name "*.asc" -print0 \| while IFS= read -r -d '' sig_file; do
	echo "Uploading signature: $sig_file"
	gh release upload "${{ github.event.release.tag_name }}" \
	"$sig_file" \
	--clobber
	done

	- name: Clean up Rust build cache before building Flatpak
	if: ${{ github.event_name != 'pull_request' && !contains(github.ref_name, 'preview') && matrix.target == 'x86_64-unknown-linux-gnu' }}
	shell: bash
	run: \|
	rm -rf target/*/release/{deps,build,incremental}
	df -h .

	- name: Upload flatpak release
	if: ${{ github.event_name != 'pull_request' && !contains(github.ref_name, 'preview') && matrix.target == 'x86_64-unknown-linux-gnu' }}
	shell: bash
	run: \|
	set -euxo pipefail

	deb=$(find "$PWD" -name *.deb -print -quit)
	jq --arg deb_path "$deb" --arg PWD "$PWD" '
	.modules[0].sources[0] = {
	"type": "file",
	"path": $deb_path
	} \|
	.modules[0].sources[1].path = $PWD + "/" + .modules[0].sources[1].path \|
	.modules[0].sources[2].path = $PWD + "/" + .modules[0].sources[2].path
	' < flatpak/org.eigenwallet.app.json > target/manifest.json

	outdir=target/flatpak-repo
	flatpak remote-add --user --if-not-exists flathub https://dl.flathub.org/repo/flathub.flatpakrepo
	flatpak-builder build-dir --gpg-sign="$GPG_FPR" --default-branch=stable --user --install-deps-from=flathub --disable-rofiles-fuse --disable-updates --repo="$outdir" target/manifest.json
	flatpak build-update-repo --gpg-sign="$GPG_FPR" --default-branch=stable --generate-static-deltas --prune "$outdir"
	flatpak build-bundle --gpg-sign="$GPG_FPR" "$outdir" "$outdir/org.eigenwallet.app.flatpak" org.eigenwallet.app stable

	ln flatpak/index.html flatpak/.flatpakre src-tauri/icons/icon.png README.md "$outdir/"
	> "$outdir/.nojekyll"

	IFS=/ read -r user repo <<< "$GITHUB_REPOSITORY"
	sed -e "s\|%Url%\|https://$user.github.io/$repo\|" \
	-e "s\|%Homepage%\|https://github.com/$GITHUB_REPOSITORY\|" \
	-e "s\|%GPGKey%\|$(gpg --export "$GPG_FPR" \| base64 -w0)\|" \
	-i "$outdir"/.flatpakre

	git -C "$outdir" init
	git -C "$outdir" add .
	git -C "$outdir" config user.name "${{ secrets.BOTTY_NAME }}"
	git -C "$outdir" config user.email "${{ secrets.BOTTY_EMAIL }}"
	git -C "$outdir" commit -m "Build Flatpak repository from $GITHUB_REF_NAME ($GITHUB_SHA)"
	git fetch -f "$outdir" HEAD:gh-pages
	git push -f origin gh-pages

	- name: Upload to crabnebula release (not for previews)
	if: ${{ github.event_name != 'pull_request' && !contains(github.ref_name, 'preview') }}
	uses: crabnebula-dev/cloud-release@v0
	with:
	command: release upload ${{ env.CN_APPLICATION }} --framework tauri
	api-key: ${{ secrets.CN_API_KEY }}
	args: --target ${{ matrix.target }}

	generate-homebrew-formula:
	needs: [build_gui]
	runs-on: ubuntu-24.04
	steps:
	- uses: actions/checkout@v4

	- name: Download DMG files and generate formula
	env:
	GITHUB_TOKEN: ${{ secrets.BOTTY_GITHUB_TOKEN }}
	run: \|
	set -euo pipefail

	VERSION="${{ github.event.release.tag_name }}"

	echo "Creating download directory /tmp/dmgs ..."
	mkdir -p /tmp/dmgs

	echo "Downloading all *.dmg assets from release $VERSION ..."
	gh release download "$VERSION" --pattern "*.dmg" --dir /tmp/dmgs

	echo "Download complete. Contents of /tmp/dmgs:"
	ls -la /tmp/dmgs

	# Calculate SHA256 checksums
	AARCH64_DMG=$(ls /tmp/dmgs/eigenwallet_*_aarch64.dmg)
	X64_DMG=$(ls /tmp/dmgs/eigenwallet_*_x64.dmg)

	echo "Found DMGs:"
	echo " aarch64 -> $(basename "$AARCH64_DMG")"
	echo " x64 -> $(basename "$X64_DMG")"

	AARCH64_SHA256=$(sha256sum "$AARCH64_DMG" \| awk '{print $1}')
	X64_SHA256=$(sha256sum "$X64_DMG" \| awk '{print $1}')

	echo "aarch64 SHA256: $AARCH64_SHA256"
	echo "x64 SHA256: $X64_SHA256"

	# Generate the Homebrew formula from template
	sed -e "s/VERSION_PLACEHOLDER/$VERSION/g" \
	-e "s/AARCH64_SHA256_PLACEHOLDER/$AARCH64_SHA256/g" \
	-e "s/X64_SHA256_PLACEHOLDER/$X64_SHA256/g" \
	dev-scripts/homebrew/eigenwallet.rb.template \| tee eigenwallet.rb

	- name: Upload Homebrew formula to release
	env:
	GITHUB_TOKEN: ${{ secrets.BOTTY_GITHUB_TOKEN }}
	run: \|
	gh release upload "${{ github.event.release.tag_name }}" \
	eigenwallet.rb \
	--clobber

	publish:
	# don't publish previews to crabnebula
	if: ${{ github.event_name != 'pull_request' && !contains(github.ref_name, 'preview') }}
	needs: [draft-cb-release, build_gui]
	runs-on: ubuntu-24.04
	steps:
	- uses: actions/checkout@v4

	- name: Set env variables
	uses: ./.github/actions/set-monero-env

	- name: Publish Release
	uses: crabnebula-dev/cloud-release@v0
	with:
	command: release publish ${{ env.CN_APPLICATION }} --framework tauri
	api-key: ${{ secrets.CN_API_KEY }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Build eigenwallet release #1530

Workflow file

Build eigenwallet release #1530

Uh oh!

Workflow file for this run