vstockwell/wraith
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 67 Wiki Activity

fix: use Tauri bundler for NSIS — runner now under ActRunner account
All checks were successful
Build & Sign Wraith / Build Windows + Sign (push) Successful in 5m30s
Details

Browse Source 
Re-enable Tauri NSIS bundler (embeds frontend in exe). Runner
runs as ActRunner service account with proper user profile,
so Tauri's downloaded NSIS/tools should work. Removed manual
NSIS step and template file from workflow.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Vantz Stockwell 2026-03-18 02:17:28 -04:00
parent 24e5bcbf4d
commit 4eb304222d
2 changed files with 18 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

62
.gitea/workflows/build-release.yml
View File

@ -56,28 +56,9 @@ jobs:
shell: powershell
run: |
$env:Path = "$env:EXTRA_PATH;$env:Path"
cargo tauri build --no-bundle
Get-ChildItem src-tauri\target\release\Wraith.exe
- name: Build NSIS installer
shell: powershell
run: |
$env:Path = "$env:EXTRA_PATH;$env:Path"
$ver = ("${{ github.ref_name }}" -replace '^v','')
$outExe = "Wraith_" + $ver + "_x64-setup.exe"
New-Item -ItemType Directory -Force -Path dist-pkg | Out-Null
Copy-Item src-tauri\target\release\Wraith.exe dist-pkg\
Copy-Item src-tauri\icons\icon.ico dist-pkg\wraith.ico -ErrorAction SilentlyContinue
$nsi = Get-Content src-tauri\installer.nsi.template -Raw
$nsi = $nsi.Replace("OUTFILE_PLACEHOLDER", $outExe).Replace("VER_PLACEHOLDER", $ver)
[System.IO.File]::WriteAllText((Join-Path (Get-Location) "dist-pkg\installer.nsi"), $nsi)
& makensis (Join-Path (Get-Location) "dist-pkg\installer.nsi")
Move-Item "dist-pkg\$outExe" .
Write-Host "=== Installer built ==="
Get-ChildItem $outExe
cargo tauri build
Write-Host "=== Build output ==="
Get-ChildItem -Recurse src-tauri\target\release\bundle\nsis\*.exe
- name: Download jsign
shell: powershell
@ -85,7 +66,6 @@ jobs:
Invoke-WebRequest -Uri "https://github.com/ebourg/jsign/releases/download/7.0/jsign-7.0.jar" -OutFile jsign.jar
- name: Get Azure token
id: azure-token
shell: powershell
run: |
$body = @{
@ -103,21 +83,12 @@ jobs:
shell: powershell
run: |
$env:Path = "$env:EXTRA_PATH;$env:Path"
$ver = ("${{ github.ref_name }}" -replace '^v','')
$token = [System.IO.File]::ReadAllText("$env:TEMP\aztoken.txt")
$installer = "Wraith_" + $ver + "_x64-setup.exe"
Write-Host "Looking for installer: $installer"
Write-Host "Current dir: $(Get-Location)"
Get-ChildItem *.exe -ErrorAction SilentlyContinue
$binaries = @("src-tauri\target\release\Wraith.exe", $installer)
foreach ($path in $binaries) {
if (Test-Path $path) {
Write-Host "Signing: $path"
java -jar jsign.jar --storetype AZUREKEYVAULT --keystore "${{ secrets.AZURE_KEY_VAULT_URL }}" --storepass $token --alias "${{ secrets.AZURE_CERT_NAME }}" --tsaurl http://timestamp.digicert.com --tsmode RFC3161 $path
Write-Host "Signed."
} else {
Write-Host "NOT FOUND: $path"
}
$binaries = Get-ChildItem -Recurse src-tauri\target\release\bundle\nsis\*.exe
foreach ($binary in $binaries) {
Write-Host "Signing: $($binary.FullName)"
java -jar jsign.jar --storetype AZUREKEYVAULT --keystore "${{ secrets.AZURE_KEY_VAULT_URL }}" --storepass $token --alias "${{ secrets.AZURE_CERT_NAME }}" --tsaurl http://timestamp.digicert.com --tsmode RFC3161 $binary.FullName
Write-Host "Signed: $($binary.Name)"
}
Remove-Item "$env:TEMP\aztoken.txt" -ErrorAction SilentlyContinue
@ -125,19 +96,20 @@ jobs:
shell: powershell
run: |
$ver = ("${{ github.ref_name }}" -replace '^v','')
$installer = "Wraith_" + $ver + "_x64-setup.exe"
$giteaUrl = "https://git.command.vigilcyber.com"
$headers = @{ Authorization = "token ${{ secrets.GIT_TOKEN }}" }
# Version JSON
$hash = (Get-FileHash $installer -Algorithm SHA256).Hash.ToLower()
@{ version = $ver; filename = $installer; sha256 = $hash; platform = "windows"; architecture = "amd64"; released = (Get-Date -Format "yyyy-MM-ddTHH:mm:ssZ"); signed = $true } | ConvertTo-Json | Out-File version.json -Encoding utf8
$installers = Get-ChildItem -Recurse src-tauri\target\release\bundle\nsis\*.exe
foreach ($file in $installers) {
$hash = (Get-FileHash $file.FullName -Algorithm SHA256).Hash.ToLower()
@{ version = $ver; filename = $file.Name; sha256 = $hash; platform = "windows"; architecture = "amd64"; released = (Get-Date -Format "yyyy-MM-ddTHH:mm:ssZ"); signed = $true } | ConvertTo-Json | Out-File version.json -Encoding utf8
Write-Host "Uploading $installer"
Invoke-RestMethod -Uri "$giteaUrl/api/packages/vstockwell/generic/wraith/$ver/$installer" -Method PUT -Headers $headers -ContentType "application/octet-stream" -InFile $installer
Write-Host "Uploading: $($file.Name)"
Invoke-RestMethod -Uri "$giteaUrl/api/packages/vstockwell/generic/wraith/$ver/$($file.Name)" -Method PUT -Headers $headers -ContentType "application/octet-stream" -InFile $file.FullName
Write-Host "Uploading version.json"
Invoke-RestMethod -Uri "$giteaUrl/api/packages/vstockwell/generic/wraith/$ver/version.json" -Method PUT -Headers $headers -ContentType "application/octet-stream" -InFile version.json
Write-Host "Uploading: version.json"
Invoke-RestMethod -Uri "$giteaUrl/api/packages/vstockwell/generic/wraith/$ver/version.json" -Method PUT -Headers $headers -ContentType "application/octet-stream" -InFile version.json
}
Write-Host "=== Upload complete ==="

2
src-tauri/tauri.conf.json
View File

@ -26,7 +26,7 @@
},
"bundle": {
"active": true,
"targets": [],
"targets": ["nsis"],
"icon": [
"icons/32x32.png",
"icons/128x128.png",