diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index cdefcf0..240fd7d 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -83,22 +83,42 @@ jobs: - name: Install frontend deps run: pnpm install --frozen-lockfile + - name: Prepare Tauri signing key + shell: bash + run: | + RAW="${{ secrets.TAURI_SIGNING_PRIVATE_KEY }}" + # 如果是原始两行(以 untrusted comment: 开头) + if echo "$RAW" | head -n1 | grep -q '^untrusted comment:'; then + printf '%s' "$RAW" > "$RUNNER_TEMP/tauri.key" + # 否则尝试当作 Base64 解码恢复两行 + elif printf '%s' "$RAW" | base64 -d > "$RUNNER_TEMP/tauri.key" 2>/dev/null \ + && head -n1 "$RUNNER_TEMP/tauri.key" | grep -q '^untrusted comment:'; then + : + else + echo "❌ TAURI_SIGNING_PRIVATE_KEY 格式不对:需要两行文本且首行是 'untrusted comment:'" >&2 + exit 1 + fi + echo "✅ Tauri signing key prepared" + - name: Build Tauri App (macOS) if: runner.os == 'macOS' env: - TAURI_SIGNING_PRIVATE_KEY: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY }} + TAURI_SIGNING_PRIVATE_KEY_PATH: ${{ runner.temp }}/tauri.key + TAURI_SIGNING_PRIVATE_KEY_PASSWORD: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY_PASSWORD }} run: pnpm tauri build --target universal-apple-darwin - name: Build Tauri App (Windows) if: runner.os == 'Windows' env: - TAURI_SIGNING_PRIVATE_KEY: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY }} + TAURI_SIGNING_PRIVATE_KEY_PATH: ${{ runner.temp }}/tauri.key + TAURI_SIGNING_PRIVATE_KEY_PASSWORD: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY_PASSWORD }} run: pnpm tauri build - name: Build Tauri App (Linux) if: runner.os == 'Linux' env: - TAURI_SIGNING_PRIVATE_KEY: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY }} + TAURI_SIGNING_PRIVATE_KEY_PATH: ${{ runner.temp }}/tauri.key + TAURI_SIGNING_PRIVATE_KEY_PASSWORD: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY_PASSWORD }} run: pnpm tauri build - name: Prepare macOS Assets