fix(release): gate notarization + bump 0.8.1

2026-04-25 17:15:34 +02:00 · 2026-01-30 12:34:46 -08:00
parent 9261a2d747
commit 43797ba2b7
6 changed files with 74 additions and 8 deletions
--- a/.github/workflows/prerelease.yml
+++ b/.github/workflows/prerelease.yml
@@ -82,6 +82,7 @@ jobs:
      RELEASE_TAG: ${{ needs.prepare-release.outputs.release_tag }}
      RELEASE_NAME: ${{ needs.prepare-release.outputs.release_name }}
      RELEASE_BODY: ${{ needs.prepare-release.outputs.release_body }}
+      MACOS_NOTARIZE: ${{ vars.MACOS_NOTARIZE || 'false' }}

    strategy:
      fail-fast: false
@@ -227,7 +228,7 @@ jobs:
          chmod 755 "packages/desktop/src-tauri/sidecars/${target_name}"

      - name: Write notary API key
-        if: matrix.os_type == 'macos'
+        if: matrix.os_type == 'macos' && env.MACOS_NOTARIZE == 'true'
        env:
          APPLE_NOTARY_API_KEY_P8_BASE64: ${{ secrets.APPLE_NOTARY_API_KEY_P8_BASE64 }}
        run: |
@@ -239,7 +240,8 @@ jobs:

          echo "NOTARY_KEY_PATH=$NOTARY_KEY_PATH" >> "$GITHUB_ENV"

-      - name: Build + upload
+      - name: Build + upload (notarized)
+        if: matrix.os_type == 'macos' && env.MACOS_NOTARIZE == 'true'
        uses: tauri-apps/tauri-action@v0.5.17
        env:
          CI: true
@@ -269,3 +271,30 @@ jobs:
          args: ${{ matrix.args }}
          retryAttempts: 3
          includeUpdaterJson: true
+
+      - name: Build + upload
+        if: matrix.os_type != 'macos' || env.MACOS_NOTARIZE != 'true'
+        uses: tauri-apps/tauri-action@v0.5.17
+        env:
+          CI: true
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+          # Tauri updater signing
+          TAURI_SIGNING_PRIVATE_KEY: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY }}
+          TAURI_SIGNING_PRIVATE_KEY_PASSWORD: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY_PASSWORD }}
+
+          # macOS signing
+          APPLE_SIGNING_IDENTITY: ${{ secrets.APPLE_SIGNING_IDENTITY }}
+          APPLE_CERTIFICATE: ${{ secrets.APPLE_CODESIGN_CERT_P12_BASE64 }}
+          APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CODESIGN_CERT_PASSWORD }}
+        with:
+          tagName: ${{ env.RELEASE_TAG }}
+          releaseName: ${{ env.RELEASE_NAME }}
+          releaseBody: ${{ env.RELEASE_BODY }}
+          prerelease: true
+          releaseDraft: false
+          projectPath: packages/desktop
+          tauriScript: pnpm exec tauri -vvv
+          args: ${{ matrix.args }}
+          retryAttempts: 3
+          includeUpdaterJson: true