[Snyk] Security upgrade next from 14.2.13 to 14.2.15 #96

Workflow file for this run

	name: cross-platform-build

	on:
	push:
	branches:
	- main
	- dev
	- tauri
	pull_request:
	branches:
	- main
	- dev
	- tauri

	jobs:
	build:
	runs-on: ${{ matrix.os }}

	strategy:
	matrix:
	os: [macos-latest, ubuntu-latest, macos-13, windows-latest ]
	steps:
	- name: Checkout
	uses: actions/checkout@v4

	- uses: pnpm/action-setup@v4
	name: Install pnpm
	with:
	version: 9
	run_install: false

	- name: Install Node.js
	uses: actions/setup-node@v4
	with:
	node-version: 20
	cache: 'pnpm'

	- name: install Rust stable
	uses: dtolnay/rust-toolchain@stable
	with:
	# Those targets are only used on macos runners so it's in an `if` to slightly speed up windows and linux builds.
	targets: ${{ matrix.os == 'macos-latest' && 'aarch64-apple-darwin,x86_64-apple-darwin' \|\| '' }}


	- name: install dependencies (ubuntu only)
	if: matrix.os == 'ubuntu-latest' # This must match the platform value defined above.
	run: \|
	sudo apt-get update
	sudo apt-get install -y libwebkit2gtk-4.0-dev libwebkit2gtk-4.1-dev libappindicator3-dev librsvg2-dev patchelf
	# webkitgtk 4.0 is for Tauri v1 - webkitgtk 4.1 is for Tauri v2.
	# You can remove the one that doesn't apply to your app to speed up the workflow a bit.


	- name: Install dependencies
	run: pnpm install

	- name: write api key to file
	run: \|
	mkdir -p ~/private_keys
	echo "${{ secrets.APPLE_API_KEY_PATH }}" > ~/private_keys/authkey_${{secrets.APPLE_API_KEY}}.p8
	chmod 600 ~/private_keys/authkey_${{secrets.APPLE_API_KEY}}.p8

	- name: ios build (macos only)
	env:
	# IOS_CERTIFICATE: ${{ secrets.IOS_CERTIFICATE }}
	# IOS_CERTIFICATE_PASSWORD: ${{ secrets.IOS_CERTIFICATE_PASSWORD }}
	# IOS_MOBILE_PROVISION: ${{ secrets.IOS_MOBILE_PROVISION }}
	APPLE_API_ISSUER: ${{ secrets.APPLE_API_ISSUER }}
	APPLE_API_KEY: ${{ secrets.APPLE_API_KEY }}
	APPLE_API_KEY_PATH: ~/private_keys/authkey_${{secrets.APPLE_API_KEY}}.p8

	if: matrix.os == 'macos-latest'
	run: \|
	rustup target add aarch64-apple-ios
	pnpm tauri ios build --export-method app-store-connect
	xcrun altool --upload-app --type ios --file "src-tauri/gen/apple/build/arm64/amplitune.ipa" --apiKey ${{ secrets.APPLE_API_KEY }} --apiIssuer ${{ secrets.APPLE_API_ISSUER }} --skip-submission



	- name: Import Apple Developer Certificate
	uses: apple-actions/import-codesign-certs@v3
	if: (matrix.os == 'macos-latest') \|\| (matrix.os == 'macos-13')
	with:
	p12-file-base64: ${{ secrets.APPLE_CERTIFICATE }}
	p12-password: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
	keychain-password: ${{ secrets.KEYCHAIN_PASSWORD }}
	keychain: build

	- name: Verify Certificate
	if: (matrix.os == 'macos-latest') \|\| (matrix.os == 'macos-13')
	run: \|
	CERT_INFO=$(security find-identity -v -p codesigning build.keychain \| grep "Developer ID Application")
	CERT_ID=$(echo "$CERT_INFO" \| awk -F'"' '{print $2}')
	echo "CERT_ID=$CERT_ID" >> $GITHUB_ENV
	echo "Certificate imported."
	- uses: tauri-apps/tauri-action@v0
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }}
	APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
	APPLE_SIGNING_IDENTITY: ${{ env.CERT_ID }}
	APPLE_API_ISSUER: ${{ secrets.APPLE_API_ISSUER }}
	APPLE_API_KEY: ${{ secrets.APPLE_API_KEY }}
	APPLE_API_KEY_PATH: ~/private_keys/authkey_${{secrets.APPLE_API_KEY}}.p8

	with:
	args: ${{ matrix.args }}





	- name: publish artifacts
	uses: actions/upload-artifact@v4
	with:
	name: build ${{ matrix.os }} ${{ github.sha }}
	path: \|
	./src-tauri/target/release/bundle
	if-no-files-found: error
	overwrite: true

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Security upgrade next from 14.2.13 to 14.2.15 #96

Workflow file

[Snyk] Security upgrade next from 14.2.13 to 14.2.15 #96

Jobs

Run details

Workflow file for this run