Merge pull request #20 from Super-Yyt/patch-1 #75

Workflow file for this run

	name: build
Check failure on line 1 in .github/workflows/build.yml View workflow run for this annotation GitHub Actions / .github/workflows/build.yml Invalid workflow file `(Line: 217, Col: 13): Unrecognized named-value: 'secrets'. Located at position 1 within expression: secrets.ANDROID_SIGNING_KEY != '', (Line: 227, Col: 13): Unrecognized named-value: 'secrets'. Located at position 1 within expression: secrets.ANDROID_SIGNING_KEY != ''`

	on:
	workflow_dispatch:
	inputs:
	version:
	description: "版本号（例如 1.2.3 或 v1.2.3）"
	required: true
	build:
	description: "构建命令标记（build:win\|build:mac\|build:linux\|build:all）"
	required: true

	permissions:
	contents: write

	jobs:
	parse:
	runs-on: ubuntu-latest
	outputs:
	version: ${{ steps.parse.outputs.version }}
	tag: ${{ steps.parse.outputs.tag }}
	build_script: ${{ steps.parse.outputs.build_script }}
	run_win: ${{ steps.parse.outputs.run_win }}
	run_mac: ${{ steps.parse.outputs.run_mac }}
	run_linux: ${{ steps.parse.outputs.run_linux }}
	run_android: ${{ steps.parse.outputs.run_android }}
	steps:
	- uses: actions/checkout@v4
	with:
	fetch-depth: 0

	- name: 读取提交信息
	id: msg
	shell: bash
	run: \|
	if [ "${{ github.event_name }}" = "workflow_dispatch" ]; then
	{
	echo "message<<__EOF__"
	echo "${{ github.event.inputs.version }} ${{ github.event.inputs.build }}"
	echo "__EOF__"
	} >> "$GITHUB_OUTPUT"
	else
	{
	echo "message<<__EOF__"
	echo "${{ github.event.head_commit.message }}"
	echo "__EOF__"
	} >> "$GITHUB_OUTPUT"
	fi

	- uses: actions/setup-node@v4
	with:
	node-version: 22

	- name: 解析版本与构建命令
	id: parse
	env:
	RELEASE_MESSAGE: ${{ steps.msg.outputs.message }}
	run: node scripts/ci/parse-commit.mjs

	build_win:
	needs: parse
	if: ${{ needs.parse.outputs.run_win == 'true' }}
	runs-on: windows-latest
	steps:
	- uses: actions/checkout@v4

	- uses: actions/setup-node@v4
	with:
	node-version: 22

	- uses: pnpm/action-setup@v4
	with:
	version: 10

	- name: 安装 Rust
	uses: dtolnay/rust-toolchain@stable
	with:
	targets: x86_64-pc-windows-msvc

	- name: 应用版本号
	run: node scripts/ci/apply-version.mjs ${{ needs.parse.outputs.version }}

	- name: 安装依赖
	run: pnpm install --frozen-lockfile

	- name: 构建（Windows）
	run: pnpm tauri build --target x86_64-pc-windows-msvc

	- uses: actions/upload-artifact@v4
	with:
	name: dist-win
	path: \|
	src-tauri/target/x86_64-pc-windows-msvc/release/bundle/**
	src-tauri/target/release/bundle/**

	build_mac:
	needs: parse
	if: ${{ needs.parse.outputs.run_mac == 'true' }}
	runs-on: macos-latest
	steps:
	- uses: actions/checkout@v4

	- uses: actions/setup-node@v4
	with:
	node-version: 22

	- uses: pnpm/action-setup@v4
	with:
	version: 10

	- name: 安装 Rust
	uses: dtolnay/rust-toolchain@stable
	with:
	targets: x86_64-apple-darwin

	- name: 应用版本号
	run: node scripts/ci/apply-version.mjs ${{ needs.parse.outputs.version }}

	- name: 安装依赖
	run: pnpm install --frozen-lockfile

	- name: 构建（macOS）
	run: pnpm tauri build --target x86_64-apple-darwin

	- uses: actions/upload-artifact@v4
	with:
	name: dist-mac
	path: \|
	src-tauri/target/x86_64-apple-darwin/release/bundle/**
	src-tauri/target/aarch64-apple-darwin/release/bundle/**
	src-tauri/target/universal-apple-darwin/release/bundle/**
	src-tauri/target/release/bundle/**

	build_linux:
	needs: parse
	if: ${{ needs.parse.outputs.run_linux == 'true' }}
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4

	- uses: actions/setup-node@v4
	with:
	node-version: 22

	- uses: pnpm/action-setup@v4
	with:
	version: 10

	- name: 安装 Rust
	uses: dtolnay/rust-toolchain@stable

	- name: 安装系统依赖
	run: \|
	sudo apt-get update
	sudo apt-get install -y libgtk-3-dev libwebkit2gtk-4.1-dev libappindicator3-dev librsvg2-dev patchelf

	- name: 应用版本号
	run: node scripts/ci/apply-version.mjs ${{ needs.parse.outputs.version }}

	- name: 安装依赖
	run: pnpm install --frozen-lockfile

	- name: 构建（Linux）
	run: pnpm tauri build --target x86_64-unknown-linux-gnu

	- uses: actions/upload-artifact@v4
	with:
	name: dist-linux
	path: \|
	src-tauri/target/x86_64-unknown-linux-gnu/release/bundle/**
	src-tauri/target/release/bundle/**

	build_android:
	needs: parse
	if: ${{ needs.parse.outputs.run_android == 'true' }}
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4

	- uses: actions/setup-node@v4
	with:
	node-version: 22

	- uses: pnpm/action-setup@v4
	with:
	version: 10

	- name: 安装 Rust
	uses: dtolnay/rust-toolchain@stable
	with:
	targets: aarch64-linux-android, armv7-linux-androideabi, x86_64-linux-android, i686-linux-android

	- name: 安装 NDK
	uses: nttld/setup-ndk@v1
	with:
	ndk-version: r25c

	- name: 安装 Java
	uses: actions/setup-java@v4
	with:
	distribution: "temurin"
	java-version: "17"

	- name: 应用版本号
	run: node scripts/ci/apply-version.mjs ${{ needs.parse.outputs.version }}

	- name: 安装依赖
	run: pnpm install --frozen-lockfile

	- name: 初始化 Android 项目
	run: pnpm tauri android init

	- name: 构建 Android 全架构
	run: pnpm tauri android build --target aarch64,armv7,x86_64

	- name: 安装 Android SDK Build Tools
	if: ${{ secrets.ANDROID_SIGNING_KEY != '' }}
	run: \|
	sdkmanager "build-tools;33.0.0"

	- name: 签名 APK
	env:
	ANDROID_SIGNING_KEY: ${{ secrets.ANDROID_SIGNING_KEY }}
	ANDROID_KEY_ALIAS: ${{ secrets.ANDROID_KEY_ALIAS }}
	ANDROID_KEY_PASSWORD: ${{ secrets.ANDROID_KEY_PASSWORD }}
	ANDROID_STORE_PASSWORD: ${{ secrets.ANDROID_STORE_PASSWORD }}
	if: ${{ secrets.ANDROID_SIGNING_KEY != '' }}
	run: \|
	# 创建临时密钥库文件
	echo "$ANDROID_SIGNING_KEY" \| base64 -d > /tmp/android_keystore.jks

	# 找到所有未签名的 APK 文件
	find src-tauri/gen/android/app/build/outputs -name "*-unsigned.apk" -type f \| while read -r apk; do
	# 生成签名后的文件名
	signed_apk="${apk/-unsigned/-signed}"

	# 使用 apksigner 签名
	"${ANDROID_SDK_ROOT}/build-tools/33.0.0/apksigner" sign \
	--ks /tmp/android_keystore.jks \
	--ks-key-alias "$ANDROID_KEY_ALIAS" \
	--ks-pass pass:"$ANDROID_STORE_PASSWORD" \
	--key-pass pass:"$ANDROID_KEY_PASSWORD" \
	--out "$signed_apk" \
	"$apk"

	echo "已签名: $signed_apk"

	# 验证签名
	"${ANDROID_SDK_ROOT}/build-tools/33.0.0/apksigner" verify "$signed_apk"

	# 删除未签名版本，重命名签名版本
	rm "$apk"
	mv "$signed_apk" "${apk/-unsigned/}"
	done

	# 清理密钥库
	rm -f /tmp/android_keystore.jks

	- uses: actions/upload-artifact@v4
	with:
	name: dist-android
	path: \|
	src-tauri/gen/android/app/build/outputs/apk/*/.apk
	src-tauri/gen/android/app/build/outputs/bundle/*/.aab

	release:
	needs: [parse, build_win, build_mac, build_linux, build_android]
	if: ${{ always() && needs.parse.outputs.tag != '' && !contains(needs..result, 'failure') && !contains(needs..result, 'cancelled') }}
	runs-on: ubuntu-latest
	steps:
	- uses: actions/download-artifact@v4
	with:
	path: artifacts
	merge-multiple: true

	- name: 列出所有构建产物
	run: find artifacts -type f \| sort

	- name: 创建 GitHub Release
	uses: softprops/action-gh-release@v2
	with:
	tag_name: ${{ needs.parse.outputs.tag }}
	name: SecScore ${{ needs.parse.outputs.tag }}
	draft: true
	prerelease: ${{ contains(needs.parse.outputs.version, '-') }}
	files: \|
	artifacts/*/.exe
	artifacts/*/.msi
	artifacts/*/.dmg
	artifacts/*/.app.tar.gz
	artifacts/*/.deb
	artifacts/*/.rpm
	artifacts/*/.AppImage
	artifacts/*/.apk
	artifacts/*/.aab

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Merge pull request #20 from Super-Yyt/patch-1 #75

Workflow file

Merge pull request #20 from Super-Yyt/patch-1 #75

Uh oh!

Workflow file for this run

GitHub Actions / .github/workflows/build.yml