MrSphay/Modrinth-plus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Allow installer builds before updater signing secrets
All checks were successful
Codex Template Compliance / template-compliance (push) Successful in 7s
Details
Build / build-windows (push) Successful in 37m41s
Details

Browse Source
This commit is contained in:
MrSphay
2026-05-15 23:40:43 +02:00
parent d0ba75e18e
commit 7e4d11016d
1 changed files with 35 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

63
.gitea/workflows/build.yml
View File

@@ -69,14 +69,14 @@ jobs:
- name: Prepare Modrinth Plus update metadata - name: Prepare Modrinth Plus update metadata
shell: bash shell: bash
run: | run: |
if [ -z "${TAURI_SIGNING_PRIVATE_KEY}" ] || [ -z "${TAURI_SIGNING_PUBLIC_KEY}" ]; then
echo "::error::TAURI_SIGNING_PRIVATE_KEY and TAURI_SIGNING_PUBLIC_KEY secrets are required for self-updating builds."
exit 1
fi
build_version="1.0.${GITHUB_RUN_NUMBER}" build_version="1.0.${GITHUB_RUN_NUMBER}"
node -e "const fs=require('fs'); const path='apps/app-frontend/package.json'; const pkg=JSON.parse(fs.readFileSync(path,'utf8')); pkg.version=process.argv[1]; fs.writeFileSync(path, JSON.stringify(pkg,null,'\\t')+'\\n');" "${build_version}" node -e "const fs=require('fs'); const path='apps/app-frontend/package.json'; const pkg=JSON.parse(fs.readFileSync(path,'utf8')); pkg.version=process.argv[1]; fs.writeFileSync(path, JSON.stringify(pkg,null,'\\t')+'\\n');" "${build_version}"
node -e "const fs=require('fs'); const path='apps/app/tauri-release.conf.json'; const config=JSON.parse(fs.readFileSync(path,'utf8')); config.plugins.updater.pubkey=process.env.TAURI_SIGNING_PUBLIC_KEY; fs.writeFileSync(path, JSON.stringify(config,null,'\\t')+'\\n');" if [ -n "${TAURI_SIGNING_PRIVATE_KEY}" ] && [ -n "${TAURI_SIGNING_PUBLIC_KEY}" ]; then
node -e "const fs=require('fs'); const path='apps/app/tauri-release.conf.json'; const config=JSON.parse(fs.readFileSync(path,'utf8')); config.plugins.updater.pubkey=process.env.TAURI_SIGNING_PUBLIC_KEY; fs.writeFileSync(path, JSON.stringify(config,null,'\\t')+'\\n');"
else
echo "::warning::TAURI_SIGNING_PRIVATE_KEY and TAURI_SIGNING_PUBLIC_KEY are not set. Building installer without publishing self-update metadata."
node -e "const fs=require('fs'); const path='apps/app/tauri-release.conf.json'; const config=JSON.parse(fs.readFileSync(path,'utf8')); config.plugins.updater.pubkey='dW50cnVzdGVkIGNvbW1lbnQ6IG1pbmlzaWduIHB1YmxpYyBrZXk6IDIwMzM5QkE0M0FCOERBMzkKUldRNTJyZzZwSnN6SUdPRGdZREtUUGxMblZqeG9OVHYxRUlRTzJBc2U3MUNJaDMvZDQ1UytZZmYK'; fs.writeFileSync(path, JSON.stringify(config,null,'\\t')+'\\n');"
fi
- name: Build Windows desktop client - name: Build Windows desktop client
run: pnpm --filter @modrinth/app exec tauri build --runner cargo-xwin --target x86_64-pc-windows-msvc run: pnpm --filter @modrinth/app exec tauri build --runner cargo-xwin --target x86_64-pc-windows-msvc
@@ -110,45 +110,52 @@ jobs:
fi fi
mapfile -d '' updater_bundles < <(find target/x86_64-pc-windows-msvc/release/bundle/nsis -maxdepth 1 -type f -name '*.nsis.zip' -print0) mapfile -d '' updater_bundles < <(find target/x86_64-pc-windows-msvc/release/bundle/nsis -maxdepth 1 -type f -name '*.nsis.zip' -print0)
if [ "${#updater_bundles[@]}" -eq 0 ]; then updater_bundle=""
echo "No Windows updater bundle found to publish" updater_signature=""
exit 1 if [ "${#updater_bundles[@]}" -gt 0 ]; then
fi updater_bundle="${updater_bundles[0]}"
updater_signature="${updater_bundle}.sig"
updater_bundle="${updater_bundles[0]}" if [ ! -f "${updater_signature}" ]; then
updater_signature="${updater_bundle}.sig" echo "::warning::No Windows updater signature found at ${updater_signature}; skipping self-update metadata publishing."
if [ ! -f "${updater_signature}" ]; then updater_bundle=""
echo "No Windows updater signature found at ${updater_signature}" fi
exit 1 else
echo "::warning::No Windows updater bundle found; skipping self-update metadata publishing."
fi fi
rm -rf "${package_dir}" rm -rf "${package_dir}"
mkdir -p "${package_dir}/versioned" "${package_dir}/latest" mkdir -p "${package_dir}/versioned" "${package_dir}/latest"
cp "${artifacts[0]}" "${package_dir}/versioned/Modrinth-Plus-Windows-Setup-${package_version}.exe" cp "${artifacts[0]}" "${package_dir}/versioned/Modrinth-Plus-Windows-Setup-${package_version}.exe"
cp "${updater_bundle}" "${package_dir}/versioned/Modrinth-Plus-Windows-Update-${package_version}.nsis.zip"
curl --fail-with-body \ curl --fail-with-body \
--user "${repository_owner}:${REGISTRY_TOKEN}" \ --user "${repository_owner}:${REGISTRY_TOKEN}" \
--upload-file "${package_dir}/versioned/Modrinth-Plus-Windows-Setup-${package_version}.exe" \ --upload-file "${package_dir}/versioned/Modrinth-Plus-Windows-Setup-${package_version}.exe" \
"${gitea_server}/api/packages/${repository_owner}/generic/${package_name}/${package_version}/Modrinth-Plus-Windows-Setup-${package_version}.exe" "${gitea_server}/api/packages/${repository_owner}/generic/${package_name}/${package_version}/Modrinth-Plus-Windows-Setup-${package_version}.exe"
update_url="${gitea_server}/api/packages/${repository_owner}/generic/${package_name}/${package_version}/Modrinth-Plus-Windows-Update-${package_version}.nsis.zip" if [ -n "${updater_bundle}" ]; then
curl --fail-with-body \ cp "${updater_bundle}" "${package_dir}/versioned/Modrinth-Plus-Windows-Update-${package_version}.nsis.zip"
--user "${repository_owner}:${REGISTRY_TOKEN}" \ update_url="${gitea_server}/api/packages/${repository_owner}/generic/${package_name}/${package_version}/Modrinth-Plus-Windows-Update-${package_version}.nsis.zip"
--upload-file "${package_dir}/versioned/Modrinth-Plus-Windows-Update-${package_version}.nsis.zip" \ curl --fail-with-body \
"${update_url}" --user "${repository_owner}:${REGISTRY_TOKEN}" \
--upload-file "${package_dir}/versioned/Modrinth-Plus-Windows-Update-${package_version}.nsis.zip" \
"${update_url}"
fi
curl --silent --show-error --user "${repository_owner}:${REGISTRY_TOKEN}" --request DELETE "${latest_url}" || true curl --silent --show-error --user "${repository_owner}:${REGISTRY_TOKEN}" --request DELETE "${latest_url}" || true
cp "${artifacts[0]}" "${package_dir}/latest/Modrinth-Plus-Windows-Setup.exe" cp "${artifacts[0]}" "${package_dir}/latest/Modrinth-Plus-Windows-Setup.exe"
signature="$(cat "${updater_signature}")" if [ -n "${updater_bundle}" ]; then
node -e "const fs=require('fs'); const [version, url, signature]=process.argv.slice(1); const metadata={version, notes:'Modrinth Plus launcher update', pub_date:new Date().toISOString(), platforms:{'windows-x86_64':{signature,url}}}; fs.writeFileSync('package-registry/latest/latest.json', JSON.stringify(metadata,null,2)+'\\n');" "${app_version}" "${update_url}" "${signature}" signature="$(cat "${updater_signature}")"
node -e "const fs=require('fs'); const [version, url, signature]=process.argv.slice(1); const metadata={version, notes:'Modrinth Plus launcher update', pub_date:new Date().toISOString(), platforms:{'windows-x86_64':{signature,url}}}; fs.writeFileSync('package-registry/latest/latest.json', JSON.stringify(metadata,null,2)+'\\n');" "${app_version}" "${update_url}" "${signature}"
fi
curl --fail-with-body \ curl --fail-with-body \
--user "${repository_owner}:${REGISTRY_TOKEN}" \ --user "${repository_owner}:${REGISTRY_TOKEN}" \
--upload-file "${package_dir}/latest/Modrinth-Plus-Windows-Setup.exe" \ --upload-file "${package_dir}/latest/Modrinth-Plus-Windows-Setup.exe" \
"${latest_url}/Modrinth-Plus-Windows-Setup.exe" "${latest_url}/Modrinth-Plus-Windows-Setup.exe"
curl --fail-with-body \ if [ -f "${package_dir}/latest/latest.json" ]; then
--user "${repository_owner}:${REGISTRY_TOKEN}" \ curl --fail-with-body \
--upload-file "${package_dir}/latest/latest.json" \ --user "${repository_owner}:${REGISTRY_TOKEN}" \
"${latest_url}/latest.json" --upload-file "${package_dir}/latest/latest.json" \
"${latest_url}/latest.json"
fi