From 22791811d4bc27b131b29ae58680335e392108a3 Mon Sep 17 00:00:00 2001 From: halo Date: Fri, 21 Nov 2025 20:58:22 +0800 Subject: [PATCH 1/5] fix: add Apple ID and password secrets for Tauri app build --- .github/workflows/build.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index a53b5e9..c3e71e8 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -264,6 +264,8 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} TAURI_PRIVATE_KEY: ${{ secrets.TAURI_PRIVATE_KEY }} TAURI_KEY_PASSWORD: ${{ secrets.TAURI_KEY_PASSWORD }} + APPLE_ID: ${{ secrets.APPLE_ID }} + APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }} APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }} APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }} APPLE_SIGNING_IDENTITY: ${{ env.APPLE_SIGNING_IDENTITY }} From de7a7db6c49a5af1ac9610ebb24e2e310125b0f1 Mon Sep 17 00:00:00 2001 From: halo Date: Fri, 21 Nov 2025 21:20:02 +0800 Subject: [PATCH 2/5] fix: rename APPLE_ID_PASSWORD secret to APPLE_PASSWORD in build workflow --- .github/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index c3e71e8..e99ba9f 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -265,7 +265,7 @@ jobs: TAURI_PRIVATE_KEY: ${{ secrets.TAURI_PRIVATE_KEY }} TAURI_KEY_PASSWORD: ${{ secrets.TAURI_KEY_PASSWORD }} APPLE_ID: ${{ secrets.APPLE_ID }} - APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }} + APPLE_PASSWORD: ${{ secrets.APPLE_PASSWORD }} APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }} APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }} APPLE_SIGNING_IDENTITY: ${{ env.APPLE_SIGNING_IDENTITY }} From 2d665fa7952bbdbbee48ee9140eb599a2c57910f Mon Sep 17 00:00:00 2001 From: halo Date: Fri, 21 Nov 2025 21:50:36 +0800 Subject: [PATCH 3/5] fix: update APPLE_TEAM_ID secret to use secrets instead of env variable --- .github/workflows/build.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index e99ba9f..42585d2 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -266,10 +266,9 @@ jobs: TAURI_KEY_PASSWORD: ${{ secrets.TAURI_KEY_PASSWORD }} APPLE_ID: ${{ secrets.APPLE_ID }} APPLE_PASSWORD: ${{ secrets.APPLE_PASSWORD }} - APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }} APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }} APPLE_SIGNING_IDENTITY: ${{ env.APPLE_SIGNING_IDENTITY }} - APPLE_TEAM_ID: ${{ env.APPLE_TEAM_ID }} + APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} with: tagName: ${{ env.VERSION }} From a0ab4dba8b701e5c8a074943e26d958471a9c7ed Mon Sep 17 00:00:00 2001 From: halo Date: Fri, 21 Nov 2025 22:20:30 +0800 Subject: [PATCH 4/5] fix: update environment variables for Tauri app build to use secrets --- .github/workflows/build.yml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 42585d2..c97ed06 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -126,6 +126,10 @@ jobs: args: "" runs-on: ${{ matrix.platform }} + env: + APPLE_ID: ${{ secrets.APPLE_ID }} + APPLE_PASSWORD: ${{ secrets.APPLE_PASSWORD }} + APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} steps: - name: Check out git repository uses: actions/checkout@v4 @@ -264,11 +268,9 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} TAURI_PRIVATE_KEY: ${{ secrets.TAURI_PRIVATE_KEY }} TAURI_KEY_PASSWORD: ${{ secrets.TAURI_KEY_PASSWORD }} - APPLE_ID: ${{ secrets.APPLE_ID }} - APPLE_PASSWORD: ${{ secrets.APPLE_PASSWORD }} + APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }} APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }} APPLE_SIGNING_IDENTITY: ${{ env.APPLE_SIGNING_IDENTITY }} - APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} with: tagName: ${{ env.VERSION }} From 5ff591cb02f6d63c13010a7773d045bad9819d49 Mon Sep 17 00:00:00 2001 From: halo Date: Sat, 22 Nov 2025 15:52:57 +0800 Subject: [PATCH 5/5] fix: add signing step for embedded Go client binary on macOS --- .github/workflows/build.yml | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index c97ed06..56767c6 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -262,6 +262,43 @@ jobs: - name: Install frontend dependencies run: pnpm install + - name: Sign embedded Go client binary (macOS only) + if: matrix.platform == 'macos-latest' + env: + APPLE_SIGNING_IDENTITY: ${{ env.APPLE_SIGNING_IDENTITY }} + run: | + echo "Signing embedded Go client binary..." + + CLIENT_BIN="src-tauri/resources/bin/darwin-${{ matrix.target == 'aarch64-apple-darwin' && 'arm64' || 'amd64' }}/client" + + if [ ! -f "$CLIENT_BIN" ]; then + echo "❌ Embedded binary not found: $CLIENT_BIN" + ls -R src-tauri/resources/bin || true + exit 1 + fi + + echo "Found client binary: $CLIENT_BIN" + + codesign --force --options runtime --timestamp \ + --sign "$APPLE_SIGNING_IDENTITY" \ + "$CLIENT_BIN" + + JUMPSERVERCLIENT_BIN="src-tauri/resources/bin/darwin-${{ matrix.target == 'aarch64-apple-darwin' && 'arm64' || 'amd64' }}/JumpServerClient" + + if [ ! -f "$JUMPSERVERCLIENT_BIN" ]; then + echo "❌ Embedded binary not found: $JUMPSERVERCLIENT_BIN" + ls -R src-tauri/resources/bin || true + exit 1 + fi + + echo "Found JumpServerClient binary: $JUMPSERVERCLIENT_BIN" + + codesign --force --options runtime --timestamp \ + --sign "$APPLE_SIGNING_IDENTITY" \ + "$JUMPSERVERCLIENT_BIN" + + echo "✓ Embedded Go client binary signed successfully." + - name: Build Tauri app uses: tauri-apps/tauri-action@v0 env: