Build native Tauri apps in CI (BloopAI#237)

* Test Tauri build workflows

* Run Docker workflows only on manual dispatch

* Dependencies?

* No cache

* Minimize LFS use

* Don't pass secrets to 3rd party actions

* Add test & proper triggers

* Forgot about this for tests

* Enable m1 cross

* Cross build for aarch64

.github/workflows/build-on-pr.yml

@@ -1,5 +1,5 @@
 name: Build and push docker container
-on: pull_request
+on: workflow_dispatch
 
 jobs:
   build_and_push:

.github/workflows/client-test.yml

@@ -29,17 +29,22 @@ jobs:
         uses: actions/checkout@v3
         with:
           fetch-depth: 0
+
       - name: Use Node.js
         uses: actions/setup-node@v3
         with:
           node-version: 16
           cache: "npm"
+
       - name: Install dependencies
         run: npm ci --legacy-peer-deps
+
       - name: Run lint
         run: npm run lint
+
       - name: Run type-check
         run: npm run client-type-check
+
 #       - name: Publish to Chromatic
 #         uses: chromaui/action@v1
 #         with:

.github/workflows/dependencies.yml

@@ -51,10 +51,8 @@ jobs:
             core.setOutput('package-name', package_name)
 
       - uses: actions/checkout@v3
-        with:
-          lfs: true
-
       - run: env
+
       - name: Setup nix
         uses: cachix/install-nix-action@v20
         with:

.github/workflows/server-test.yml

@@ -18,9 +18,8 @@ jobs:
   clippy-test:
     runs-on: nixos
     steps:
-      - uses: actions/checkout@v3
-        with:
-          lfs: true
+      - name: Checkout code
+        uses: nschloe/action-cached-lfs-checkout@v1
 
       - name: Rustfmt
         run: nix develop -c bash -c 'cargo --locked fmt -p bleep -- --check'

.github/workflows/tauri-release.yml

@@ -1,129 +1,56 @@
 name: Tauri Release
 
-on: workflow_dispatch
-
-env:
-  TAURI_BIN_PATH: apps/desktop/src-tauri/bin
-  TAURI_PRIVATE_KEY: ${{ secrets.TAURI_PRIVATE_KEY }}
-  TAURI_KEY_PASSWORD: ${{ secrets.TAURI_KEY_PASSWORD }}
+on:
+  workflow_dispatch:
+  pull_request:
+    paths:
+      - ".github/workflows/tauri-release.yml"
+  release:
+    types:
+      [published, prereleased]
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
   cancel-in-progress: true
 
 jobs:
-  checks:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v3
-        with:
-          lfs: true
-
-      - name: Install dependencies (ubuntu only)
-        run: |
-          sudo apt-get update
-          sudo apt-get install -y libgtk-3-dev webkit2gtk-4.0 libappindicator3-dev librsvg2-dev patchelf
-
-      - uses: Swatinem/rust-cache@v2
-        with:
-          prefix-key: "bloop"
-          shared-key: "tauri-checks"
-
-      - name: Install Rust stable
-        uses: actions-rs/toolchain@v1
-        with:
-          toolchain: stable
-
-      - name: Check Formatting
-        run: |
-          cargo --locked fmt -p bloop -- --check
-
-      - name: Run tests
-        run: |
-          cargo --locked test -p bloop --verbose
-
-  build-mac-linux-ctags:
+  build-and-sign-tauri:
     strategy:
       fail-fast: false
       matrix:
-        name: [ubuntu-latest, macos-latest]
+        target: [
+          x86_64-unknown-linux-gnu,
+          x86_64-apple-darwin,
+          aarch64-apple-darwin,
+        ]
 
-    runs-on: ${{ matrix.name }}
-    steps:
-      - uses: actions/checkout@v3
-        with:
-          lfs: true
+        include:
+          - target: x86_64-unknown-linux-gnu
+            name: ubuntu-latest
 
-      - run: env
-      - name: Setup nix
-        uses: cachix/install-nix-action@v18
-      - name: Enable cachix
-        uses: cachix/cachix-action@v12
-        with:
-          name: bloopai
-          authToken: "${{ secrets.CACHIX_AUTH_TOKEN }}"
+          - target: x86_64-apple-darwin
+            name: macos-latest
 
-      - name: Build universal-ctags
-        run: |
-          # ctags_path=$(nix-build -I channel:nixos-22.05 ./nix/universal-ctags)
-          ctags_path=$(nix build --json --access-tokens ${{ secrets.GITHUB_TOKEN }} .#my-ctags | jq -r '.[0].outputs.out')
-          echo ctags_path=$ctags_path >> $GITHUB_ENV
-          mkdir ctags_bundle
-          cp $ctags_path/bin/* ctags_bundle
-
-      - name: Copy macOS dynamic dependencies
-        if: matrix.name == 'macos-latest'
-        run: |
-          copy_deps() {
-              local lib=$2/$(basename $1)
-
-              cp -n $1 $lib || true
-              chmod +w $lib
-
-              local deps="$(otool -L $lib |awk '/\/nix\/store\// { gsub(":", ""); print $1 }' | tr '\n' ' ')"
-              for dep in $(echo $deps);
-              do
-                if [ ! -f "$2/$(basename $dep)" ]
-                then
-                  copy_deps $dep $2 || true
-                fi
-              done
-
-              for dep in $(echo $deps);
-              do
-                echo install_name_tool -change $dep @executable_path/$(basename $dep) $lib
-                install_name_tool -change $dep @executable_path/$(basename $dep) $lib
-              done
-          }
-
-          copy_deps ${{ env.ctags_path }}/bin/ctags  ctags_bundle
-          ls ctags_bundle
-
-      - name: Upload binaries
-        uses: actions/upload-artifact@v3
-        with:
-          name: "ctags_${{ matrix.name }}"
-          path: ctags_bundle
-
-  build-and-sign-tauri:
-    needs: [checks, build-mac-linux-ctags]
+          - target: aarch64-apple-darwin
+            name: macos-latest
 
-    strategy:
-      fail-fast: false
-      matrix:
-        name: [macos-latest, ubuntu-latest, windows-latest]
     runs-on: ${{ matrix.name }}
+    env:
+      ORT_LIB_LOCATION: ${{ github.workspace }}/lib/${{ matrix.target }}/onnxruntime
 
     steps:
-      - uses: actions/checkout@v3
+      - name: Checkout code
+        uses: nschloe/action-cached-lfs-checkout@v1
+
+      - name: Setup nix
+        uses: cachix/install-nix-action@v20
         with:
-          lfs: true
+          github_access_token: "${{ secrets.GITHUB_TOKEN }}"
 
-      - name: Install dependencies (ubuntu only)
-        if: matrix.name == 'ubuntu-latest'
-        run: |
-          sudo apt-get update
-          sudo apt-get install -y libgtk-3-dev libwebkit2gtk-4.0-dev libappindicator3-dev librsvg2-dev patchelf
+      - run: nix profile install nixpkgs#protobuf
+
+      - if: matrix.name == 'ubuntu-latest'
+        run: sudo apt-get install -y libgtk-3-dev webkit2gtk-4.0 libappindicator3-dev librsvg2-dev patchelf protobuf-compiler
 
       - name: Use Node.js
         uses: actions/setup-node@v3
@@ -134,34 +61,22 @@ jobs:
       - name: Install app dependencies
         run: npm ci --legacy-peer-deps
 
-      - uses: Swatinem/rust-cache@v2
-        with:
-          prefix-key: "bloop"
-          shared-key: "tauri-release"
       - name: Install Rust stable
         uses: actions-rs/toolchain@v1
         with:
           toolchain: stable
+          profile: minimal
+          target: ${{ matrix.target }}
 
-      - name: Download binaries (mac/linux)
-        if: matrix.name == 'ubuntu-latest' || matrix.name == 'macos-latest'
-        uses: actions/download-artifact@v3
+      - uses: Swatinem/rust-cache@v2
         with:
-          name: "ctags_${{ matrix.name }}"
-          path: "${{ env.TAURI_BIN_PATH }}/ctags"
+          prefix-key: "bloop-tauri-release-1"
 
-      - name: Set permissions (mac/linux)
-        if: matrix.name == 'ubuntu-latest' || matrix.name == 'macos-latest'
+      - name: Run tests
         run: |
-          resdir=${{ env.TAURI_BIN_PATH }}
-          chmod +x $resdir/ctags/*
-          host=$(rustc -Vv |grep host |cut -d\  -f2)
-          rm $resdir/ctags-$host
-          mkdir $resdir/ctags-$host
-          mv $resdir/ctags/* $resdir/ctags-$host
-          ls -lR $resdir
-
-      - name: Download binaries (windows)
+          cargo --locked test --verbose --release -p bloop 
+
+      - name: Download binaries (windows) (windows is disabled)
         if: matrix.name == 'windows-latest'
         shell: bash
         run: |
@@ -175,14 +90,13 @@ jobs:
 
       - name: Check if Segment key exists
         env:
-          segment_key: ${{ secrets.ANALYTICS_WRITE_KEY_PROD }}
+          segment_key: ${{ secrets.ANALYTICS_FE_WRITE_KEY_PROD }}
           sentry_key_fe: ${{ secrets.SENTRY_DSN_FE }}
-          sentry_key_be: ${{ secrets.SENTRY_DSN_BE }}
-        if: ${{ env.segment_key == '' || env.sentry_key_fe == '' || env.sentry_key_be == '' }}
+        if: ${{ env.segment_key == '' || env.sentry_key_fe == '' }}
         run: exit 1
 
       - name: Set environment
-        run: echo "ANALYTICS_WRITE_KEY_PROD=${{ secrets.ANALYTICS_WRITE_KEY_PROD }}\nSENTRY_DSN_FE=${{ secrets.SENTRY_DSN_FE }}\nSENTRY_DSN_BE=${{ secrets.SENTRY_DSN_BE }}" >> apps/desktop/.env
+        run: echo "ANALYTICS_FE_WRITE_KEY_PROD=${{ secrets.ANALYTICS_FE_WRITE_KEY_PROD }}\nSENTRY_DSN_FE=${{ secrets.SENTRY_DSN_FE }}" >> apps/desktop/.env
 
       - name: Set providerShortName in tauri.conf.json
         uses: jossef/action-set-json-field@v2
@@ -198,21 +112,25 @@ jobs:
           field: tauri.bundle.macOS.signingIdentity
           value: ${{ secrets.APPLE_SIGNING_IDENTITY }}
 
-      - uses: tauri-apps/tauri-action@v0
+      - uses: tauri-apps/tauri-action@dev
         env:
+          ORT_LIB_LOCATION: ${{ github.workspace }}/lib/${{ matrix.target }}/onnxruntime
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           ENABLE_CODE_SIGNING: ${{ secrets.APPLE_CERTIFICATE }}
           APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }}
           APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
           APPLE_SIGNING_IDENTITY: ${{ secrets.APPLE_SIGNING_IDENTITY }}
           APPLE_ID: ${{ secrets.APPLE_ID }}
           APPLE_PASSWORD: ${{ secrets.APPLE_PASSWORD }}
+          TAURI_BIN_PATH: apps/desktop/src-tauri/bin
+          TAURI_PRIVATE_KEY: ${{ secrets.TAURI_PRIVATE_KEY }}
+          TAURI_KEY_PASSWORD: ${{ secrets.TAURI_KEY_PASSWORD }}
         with:
-          args: --locked -v -- -v
+          args: -- --target "${{ matrix.target }}" -v
 
       - name: Upload artifacts
         uses: actions/upload-artifact@v3
         with:
           name: ${{ matrix.name }}-app
-          path: target/release/bundle
+          path: target/${{ matrix.target }}/release/bundle
           retention-days: 5

package.json

@@ -6,6 +6,7 @@
     "start-web": "npm --prefix client run dev",
     "build-app": "npm --prefix apps/desktop run tauri-build",
     "build-web": "npm --prefix client run build",
+    "tauri": "npm --prefix apps/desktop run tauri",
     "lint": "eslint client/src apps/**/src --ext ts --ext tsx --ext js --ext jsx --ext html",
     "client-type-check": "npm --prefix client run type-check"
   },