publish-nym-vpn-app #557

Workflow file for this run

.github/workflows/publish-nym-vpn-app.yml at b585b5b

	name: publish-nym-vpn-app
	on:
	schedule:
	- cron: "4 4 * * *"
	workflow_dispatch:
	inputs:
	tag_name:
	description: "Tag name for release"
	required: false
	default: nym-vpn-app-v1.2.3
	release_type:
	type: choice
	description: 'Release type, "stable" for public releases (signed Windows only), "nightly" for nightly build, "dev" for any other releases'
	options:
	- dev
	- nightly
	- stable
	default: dev
	required: true
	pre_release:
	description: 'Label as "Pre-release"'
	required: false
	type: boolean
	default: false
	updater:
	description: "Enable updater (Windows only) and bump metadata (always enabled for stable releases)"
	required: false
	type: boolean
	default: false
	dev_mode:
	description: "Enable dev mode (in-app dev menu)"
	required: true
	type: boolean
	default: false
	core_release_tag:
	description: "For Windows daemon, nym-vpn-core GH release tag (leave empty if using direct link)"
	required: false
	type: string
	core_artifact_url:
	description: "For Windows daemon, direct link to nym-vpn-core windows zip archive, eg. https://.._windows_x86_64.zip (leave empty if using GH release tag)"
	required: false
	type: string

	jobs:
	build-linux:
	uses: ./.github/workflows/build-nym-vpn-app-linux.yml
	with:
	dev_mode: ${{ github.event_name == 'schedule' \|\| contains(github.ref_name, 'dev') \|\| contains(github.ref_name, 'nightly') \|\| inputs.dev_mode == true }}
	secrets: inherit
	build-windows:
	uses: ./.github/workflows/build-nym-vpn-app-windows.yml
	with:
	dev_mode: ${{ github.event_name == 'schedule' \|\| contains(github.ref_name, 'dev') \|\| contains(github.ref_name, 'nightly') \|\| inputs.dev_mode == true }}
	core_release_tag: ${{ inputs.core_release_tag }}
	core_artifact_url: ${{ inputs.core_artifact_url }}
	sign: ${{ inputs.release_type == 'stable' }}
	updater_bundle: ${{ inputs.updater == true \|\| inputs.release_type == 'stable' }}
	updater_channel: ${{ inputs.release_type == 'stable' && 'stable' \|\| 'dev' }}
	secrets: inherit

	generate-build-info-nym-vpn-app:
	uses: ./.github/workflows/generate-build-info-nym-vpn-app.yml
	needs: build-linux
	with:
	build-profile: release
	rust-version: ${{ needs.build-linux.outputs.RUST_VERSION }}

	publish:
	needs:
	- build-linux
	- build-windows
	- generate-build-info-nym-vpn-app
	runs-on: arc-linux-latest
	outputs:
	release_tag: ${{ steps.set_tag.outputs.tag }}
	release_id: ${{ steps.create_release.outputs.id }}
	version: ${{ steps.cargo-get.outputs.metadata }}
	win_updater_exe: ${{ steps.win_updater.outputs.exe }}
	win_updater_sig: ${{ steps.win_updater.outputs.sig }}
	core_build_url_path: ${{ needs.build-windows.outputs.core_build_url_path }}
	env:
	# stable \| nightly \| dev
	RELEASE_TYPE: ${{ inputs.release_type \|\| (github.event_name == 'schedule' && 'nightly' \|\| 'dev') }}
	# GH needed for gh cli
	GH_REPO: ${{ github.repository }}
	GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	PKG_VERSION: ${{ needs.build-linux.outputs.PKG_VERSION }}
	UPLOAD_DIR_UBUNTU_22: ${{ needs.build-linux.outputs.UPLOAD_DIR_LINUX }}
	UPLOAD_DIR_WINDOWS: ${{ needs.build-windows.outputs.UPLOAD_DIR_WINDOWS }}
	UPDATER_ENABLED: ${{ inputs.updater == true \|\| inputs.release_type == 'stable' }}
	permissions: write-all
	steps:
	- name: Checkout repo
	uses: actions/checkout@v4

	- name: Install rust toolchain
	uses: dtolnay/rust-toolchain@master
	with:
	toolchain: ${{ vars.REQUIRED_RUSTC_VERSION }}
	components: rustfmt, clippy

	- name: Get package version
	id: cargo-get
	uses: nicolaiunrein/cargo-get@master
	with:
	subcommand: package.version --entry nym-vpn-app/src-tauri

	- name: Check tag name consistency
	if: github.event_name == 'push'
	shell: bash
	run: \|
	if [[ nym-vpn-app-v${{ steps.cargo-get.outputs.metadata }} != ${{ github.ref_name }} ]]; then
	exit 1
	fi

	- name: Download artifacts
	uses: actions/download-artifact@v5

	# Setup TAG_NAME, which is used as a general "name"
	- if: github.event_name == 'workflow_dispatch'
	run: echo "TAG_NAME=${{ github.event.inputs.tag_name }}" >> $GITHUB_ENV
	- if: ${{ env.RELEASE_TYPE == 'nightly' }}
	run: echo "TAG_NAME=nym-vpn-app-nightly" >> $GITHUB_ENV
	- if: github.event_name == 'push'
	run: echo "TAG_NAME=${{ github.ref_name }}" >> $GITHUB_ENV

	- name: Set output 'tag'
	id: set_tag
	run: echo "tag=${{ env.TAG_NAME }}" >> "$GITHUB_OUTPUT"

	- name: Set output for updater (Windows)
	if: ${{ env.UPDATER_ENABLED == 'true' }}
	id: win_updater
	working-directory: ${{ env.UPLOAD_DIR_WINDOWS }}
	run: \|
	shopt -s failglob
	exe=(*setup.exe)
	echo "exe=${exe[0]}" >> "$GITHUB_OUTPUT"
	sig=$(head -n 1 *.exe.sig)
	echo "sig=$sig" >> "$GITHUB_OUTPUT"

	- name: Remove previous nightly release
	if: ${{ env.RELEASE_TYPE == 'nightly' }}
	run: \|
	gh release delete nym-vpn-app-nightly --yes \|\| true
	git push origin :nym-vpn-app-nightly \|\| true

	- name: Generate checksums
	run: \|
	pushd ${{ env.UPLOAD_DIR_UBUNTU_22 }} \|\| exit 1
	for f in *; do sha256sum "$f" > "$f.sha256sum"; done
	popd
	pushd ${{ env.UPLOAD_DIR_WINDOWS }} \|\| exit 1
	exe=(*setup.exe)
	sha256sum "${exe[0]}" > "${exe[0]}.sha256sum";
	popd
	echo 'SHA256SUMS<<EOF' >> $GITHUB_ENV
	cat ${{ env.UPLOAD_DIR_UBUNTU_22 }}/*.sha256sum >> $GITHUB_ENV
	cat ${{ env.UPLOAD_DIR_WINDOWS }}/*.sha256sum >> $GITHUB_ENV
	echo 'EOF' >> $GITHUB_ENV

	- name: Build info
	run: \|
	echo 'BUILD_INFO<<EOF' >> $GITHUB_ENV
	cat build-info/build-info.txt >> $GITHUB_ENV
	echo 'EOF' >> $GITHUB_ENV

	- name: Set release notes header (stable)
	if: ${{ env.RELEASE_TYPE == 'stable' }}
	env:
	EMOJI: ":ship:"
	run: echo "RELEASE_NOTES_HEADER='$EMOJI Linux and Windows desktop app'" >> $GITHUB_ENV

	- name: Set release notes header (dev)
	if: ${{ env.RELEASE_TYPE == 'dev' }}
	env:
	EMOJI: ":hammer_and_wrench:"
	run: echo "RELEASE_NOTES_HEADER='$EMOJI Linux and Windows desktop app, dev build'" >> $GITHUB_ENV

	- name: Set release notes header (nightly)
	if: ${{ env.RELEASE_TYPE == 'nightly' }}
	env:
	EMOJI: ":night_with_stars:"
	run: echo "RELEASE_NOTES_HEADER='$EMOJI Linux and Windows desktop app, nightly build'" >> $GITHUB_ENV

	- name: Release notes
	run: \|
	{
	echo 'RELEASE_NOTES<<EOF'
	echo '${{ env.RELEASE_NOTES_HEADER }}

	```
	${{ env.BUILD_INFO }}
	```

	[CHANGELOG](https://github.com/nymtech/nym-vpn-client/blob/develop/nym-vpn-app/CHANGELOG.md)
	'
	echo EOF
	} >> "$GITHUB_ENV"

	- name: Create release
	id: create_release
	uses: softprops/action-gh-release@v2
	with:
	token: ${{ secrets.GITHUB_TOKEN }}
	body: ${{ env.RELEASE_NOTES }}
	tag_name: ${{ env.TAG_NAME }}
	name: ${{ env.TAG_NAME }}
	draft: false
	make_latest: ${{ env.RELEASE_TYPE == 'stable' }}
	prerelease: ${{ env.RELEASE_TYPE != 'stable' \|\| inputs.pre_release }}
	target_commitish: ${{ github.sha }}
	files: \|
	${{ env.UPLOAD_DIR_UBUNTU_22}}/*
	${{ env.UPLOAD_DIR_WINDOWS}}/*

	windows-updater:
	uses: ./.github/workflows/tauri-updater.yml
	needs: publish
	if: ${{ inputs.updater == true \|\| inputs.release_type == 'stable' }}
	with:
	channel: ${{ inputs.release_type == 'stable' && 'stable' \|\| 'dev' }}
	version: ${{ needs.publish.outputs.version }}
	platform: "windows-x86_64"
	url: https://github.com/nymtech/nym-vpn-client/releases/download/${{ needs.publish.outputs.release_tag }}/${{ needs.publish.outputs.win_updater_exe }}
	signature: ${{ needs.publish.outputs.win_updater_sig }}

	update-aur-app:
	uses: ./.github/workflows/publish-aur-nym-vpn-app.yml
	needs: publish
	if: ${{ inputs.release_type == 'stable' }}
	with:
	release_tag: ${{ needs.publish.outputs.release_tag }}
	pkgrel: 1
	publish_aur: true
	commit_msg: "v${{ needs.publish.outputs.version }}"
	secrets: inherit

	update-aur-vpnd:
	uses: ./.github/workflows/publish-aur-nym-vpnd.yml
	needs: publish
	if: ${{ inputs.release_type == 'stable' && inputs.core_release_tag }}
	with:
	release_tag: ${{ inputs.core_release_tag }}
	pkgrel: 1
	publish_aur: true
	commit_msg: "release ${{ inputs.core_release_tag }}"
	secrets: inherit

	post-release:
	uses: ./.github/workflows/tauri-post-release.yml
	needs: publish
	if: ${{ inputs.release_type == 'stable' }}
	with:
	release_tag: ${{ needs.publish.outputs.release_tag }}
	version: ${{ needs.publish.outputs.version }}
	core_release_tag: ${{ inputs.core_release_tag }}

	zulip-notify:
	runs-on: arc-linux-latest
	needs: publish
	continue-on-error: true
	env:
	# stable \| nightly \| dev
	RELEASE_TYPE: ${{ inputs.release_type \|\| (github.event_name == 'schedule' && 'nightly' \|\| 'dev') }}
	steps:
	- name: Set topic
	# tauri-release \| tauri-dev
	run: \|
	topic=${{ inputs.release_type == 'stable' && 'tauri-release' \|\| 'tauri-dev' }}
	echo $topic
	echo "TOPIC=$topic" >> "$GITHUB_ENV"

	- name: Set vpn-core link
	env:
	NYM_BUILDS_URL: "https://${{ secrets.CI_WWW_REMOTE_HOST }}/nym-vpn-client/nym-vpn-core"
	CORE_BUILD_URL_PATH: "${{ needs.publish.outputs.core_build_url_path }}"
	run: \|
	if [[ -n "${{ inputs.core_release_tag }}" ]]; then
	url=https://github.com/nymtech/nym-vpn-client/releases/tag/${{ inputs.core_release_tag }}
	elif [[ -n "${{ inputs.core_artifact_url }}" ]]; then
	url="$(dirname ${{ inputs.core_artifact_url }})/"
	elif [[ -n "$CORE_BUILD_URL_PATH" ]]; then
	url="${{ env.NYM_BUILDS_URL }}${{ env.CORE_BUILD_URL_PATH }}/"
	else
	url="${{ env.NYM_BUILDS_URL }}/develop/"
	fi
	echo $url
	echo "CORE_LINK=$url" >> "$GITHUB_ENV"

	- name: Set message
	env:
	VERSION: ${{ needs.publish.outputs.version }}
	APP_RELEASE_TAG: ${{ needs.publish.outputs.release_tag }}
	EMOJI: ${{ (env.RELEASE_TYPE == 'stable' && ':ship:') \|\| (env.RELEASE_TYPE == 'nightly' && ':night:') \|\| ':hammer_and_wrench:' }}
	NAME: ${{ env.RELEASE_TYPE == 'stable' && 'release' \|\| (env.RELEASE_TYPE == 'nightly' && 'nightly build') \|\| 'dev build' }}
	run: \|
	{
	echo 'MESSAGE<<EOF'
	echo '${{ env.EMOJI }} ${{ env.NAME }} `${{ env.VERSION }}`
	[app](https://github.com/nymtech/nym-vpn-client/releases/tag/${{ env.APP_RELEASE_TAG }}) \| [core](${{ env.CORE_LINK }})
	'
	echo EOF
	} >> "$GITHUB_ENV"

	- name: Send Zulip message
	uses: zulip/github-actions-zulip/send-message@v1
	with:
	api-key: ${{ secrets.ZULIP_APE_BOT_API_KEY }}
	email: ${{ secrets.ZULIP_APE_BOT_EMAIL }}
	organization-url: ${{ secrets.ZULIP_EXTERNALS_ORG_URL }}
	to: "24"
	type: "stream"
	topic: ${{ env.TOPIC }}
	content: ${{ env.MESSAGE }}

	gen-hashes:
	uses: ./.github/workflows/gen-hashes-json.yml
	needs: publish
	if: ${{ inputs.release_type == 'stable' }}
	with:
	release_tag: ${{ needs.publish.outputs.release_tag }}
	secrets: inherit

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

publish-nym-vpn-app #557

Workflow file

publish-nym-vpn-app #557

Uh oh!

Jobs

Run details

Workflow file for this run