Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
54 changes: 53 additions & 1 deletion .github/workflows/build-macos.yml
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,15 @@ on:
tag:
required: true
type: string
secrets:
TAURI_SIGNING_PRIVATE_KEY:
required: false
TAURI_SIGNING_PRIVATE_KEY_PASSWORD:
required: false
GPG_PRIVATE_KEY:
required: false
GPG_PASSPHRASE:
required: false
workflow_dispatch:
inputs:
tag:
Expand All @@ -19,6 +28,9 @@ permissions:
jobs:
build:
runs-on: macos-latest
env:
HAS_TAURI_SIGNING_PRIVATE_KEY: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY != '' }}
HAS_GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY != '' }}

steps:
- name: Checkout
Expand Down Expand Up @@ -55,14 +67,54 @@ jobs:
- name: Lint
run: pnpm lint

- name: Check updater signing key
if: env.HAS_TAURI_SIGNING_PRIVATE_KEY != 'true'
run: |
echo "TAURI_SIGNING_PRIVATE_KEY is required because bundle.createUpdaterArtifacts is enabled."
exit 1

- name: Build and upload unsigned DMG
uses: tauri-apps/tauri-action@v0
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
TAURI_SIGNING_PRIVATE_KEY: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY }}
TAURI_SIGNING_PRIVATE_KEY_PASSWORD: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY_PASSWORD }}
with:
tagName: ${{ inputs.tag }}
releaseName: 'AISync ${{ inputs.tag }}'
releaseBody: 'Unsigned macOS DMG. macOS Gatekeeper may warn on first open.'
releaseBody: 'Unsigned macOS DMG with Tauri updater signatures. macOS Gatekeeper may warn on first open.'
releaseDraft: false
prerelease: false
args: --target universal-apple-darwin

- name: Create SHA256 checksums
run: |
find src-tauri/target/universal-apple-darwin/release/bundle -type f \( -name '*.dmg' -o -name '*.tar.gz' -o -name '*.sig' -o -name 'latest.json' \) -print0 \
| sort -z \
| xargs -0 shasum -a 256 \
> SHASUMS256.txt

- name: Import GPG key
if: env.HAS_GPG_PRIVATE_KEY == 'true'
env:
GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
run: |
printf '%s' "$GPG_PRIVATE_KEY" | gpg --batch --import

- name: Sign SHA256 checksums
if: env.HAS_GPG_PRIVATE_KEY == 'true'
env:
GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
run: |
gpg --batch --yes --pinentry-mode loopback --passphrase "$GPG_PASSPHRASE" \
--armor --detach-sign --output SHASUMS256.txt.asc SHASUMS256.txt

- name: Upload verification assets
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
assets=(SHASUMS256.txt)
if [ -f SHASUMS256.txt.asc ]; then
assets+=(SHASUMS256.txt.asc)
fi
gh release upload "${{ inputs.tag }}" "${assets[@]}" --clobber
1 change: 1 addition & 0 deletions .github/workflows/release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -67,3 +67,4 @@ jobs:
uses: ./.github/workflows/build-macos.yml
with:
tag: ${{ inputs.tag || needs.release-please.outputs.tag_name }}
secrets: inherit
12 changes: 12 additions & 0 deletions Caskfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
cask "aisync" do
version "0.3.0" # x-release-please-version
sha256 :no_check

url "https://github.com/mohammedhammoud/aisync/releases/download/aisync-v#{version}/AISync_#{version}_universal.dmg",
verified: "github.com/mohammedhammoud/aisync/"
name "AISync"
desc "Local desktop utility for AI provider, skill, instruction, and sync management"
homepage "https://github.com/mohammedhammoud/aisync"

app "AISync.app"
end
8 changes: 5 additions & 3 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -97,7 +97,7 @@ If that still does not work, remove the quarantine flag manually. Only do this f
xattr -dr com.apple.quarantine /Applications/AISync.app
```

The app checks the latest GitHub Release on startup and shows an in-app notification when a newer stable version is available.
The app checks for updates on startup and can install signed Tauri updater releases in-app. If updater metadata is unavailable, the notice falls back to the GitHub Release page.

## Quick start

Expand Down Expand Up @@ -139,13 +139,15 @@ pnpm tauri build

## Release

The `Release` workflow runs Release Please from Conventional Commits on `main`. It opens a release PR; merging that PR updates versions and changelog, creates the `v*.*.*` tag, then builds an unsigned universal macOS DMG.
The `Release` workflow runs Release Please from Conventional Commits on `main`. It opens a release PR; merging that PR updates versions and changelog, creates the `aisync-v*.*.*` tag, then builds an unsigned universal macOS DMG plus Tauri updater artifacts.

The same workflow can also be run manually with an existing tag to rebuild/upload the DMG.

No Apple Developer Program is required for this workflow. macOS Gatekeeper may warn users on first open because the app is not signed or notarized.

The release build uploads the DMG to the GitHub Release.
The release build uploads the DMG, updater metadata, SHA256 checksums, and a detached GPG signature for the checksum file when `GPG_PRIVATE_KEY` is configured.

Updater signing uses the public key in `src-tauri/tauri.conf.json`. Keep the private key outside the repo and configure `TAURI_SIGNING_PRIVATE_KEY` in GitHub Actions secrets.

## Quality checks

Expand Down
2 changes: 2 additions & 0 deletions docs/QUICKSTART.md
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,8 @@ Open the DMG, drag `AISync.app` to `Applications`, then launch it.

AISync is currently unsigned. If macOS blocks the first launch, right-click `AISync.app`, choose `Open`, then confirm.

After installation, AISync can install signed in-app updates when release updater metadata is available.

## 2. Choose the AISync folder

By default, AISync stores its source files in:
Expand Down
2 changes: 2 additions & 0 deletions package.json
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,8 @@
"@tanstack/react-router": "^1.169.2",
"@tauri-apps/api": "^2",
"@tauri-apps/plugin-opener": "^2",
"@tauri-apps/plugin-process": "~2.3.1",
"@tauri-apps/plugin-updater": "~2.10.1",
"date-fns": "^4.1.0",
"diff": "^9.0.0",
"i18next": "^26.0.10",
Expand Down
20 changes: 20 additions & 0 deletions pnpm-lock.yaml

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

4 changes: 4 additions & 0 deletions release-please-config.json
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,10 @@
"type": "toml",
"path": "src-tauri/Cargo.toml",
"jsonpath": "$.package.version"
},
{
"type": "generic",
"path": "Caskfile"
}
]
}
Expand Down
Loading