From 4eb304222defc86c4803220efa55a822594ce815 Mon Sep 17 00:00:00 2001 From: Vantz Stockwell Date: Wed, 18 Mar 2026 02:17:28 -0400 Subject: [PATCH] =?UTF-8?q?fix:=20use=20Tauri=20bundler=20for=20NSIS=20?= =?UTF-8?q?=E2=80=94=20runner=20now=20under=20ActRunner=20account?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Re-enable Tauri NSIS bundler (embeds frontend in exe). Runner runs as ActRunner service account with proper user profile, so Tauri's downloaded NSIS/tools should work. Removed manual NSIS step and template file from workflow. Co-Authored-By: Claude Opus 4.6 (1M context) --- .gitea/workflows/build-release.yml | 62 ++++++++---------------------- src-tauri/tauri.conf.json | 2 +- 2 files changed, 18 insertions(+), 46 deletions(-) diff --git a/.gitea/workflows/build-release.yml b/.gitea/workflows/build-release.yml index 7e1c3d3..8942062 100644 --- a/.gitea/workflows/build-release.yml +++ b/.gitea/workflows/build-release.yml @@ -56,28 +56,9 @@ jobs: shell: powershell run: | $env:Path = "$env:EXTRA_PATH;$env:Path" - cargo tauri build --no-bundle - Get-ChildItem src-tauri\target\release\Wraith.exe - - - name: Build NSIS installer - shell: powershell - run: | - $env:Path = "$env:EXTRA_PATH;$env:Path" - $ver = ("${{ github.ref_name }}" -replace '^v','') - $outExe = "Wraith_" + $ver + "_x64-setup.exe" - - New-Item -ItemType Directory -Force -Path dist-pkg | Out-Null - Copy-Item src-tauri\target\release\Wraith.exe dist-pkg\ - Copy-Item src-tauri\icons\icon.ico dist-pkg\wraith.ico -ErrorAction SilentlyContinue - - $nsi = Get-Content src-tauri\installer.nsi.template -Raw - $nsi = $nsi.Replace("OUTFILE_PLACEHOLDER", $outExe).Replace("VER_PLACEHOLDER", $ver) - [System.IO.File]::WriteAllText((Join-Path (Get-Location) "dist-pkg\installer.nsi"), $nsi) - - & makensis (Join-Path (Get-Location) "dist-pkg\installer.nsi") - Move-Item "dist-pkg\$outExe" . - Write-Host "=== Installer built ===" - Get-ChildItem $outExe + cargo tauri build + Write-Host "=== Build output ===" + Get-ChildItem -Recurse src-tauri\target\release\bundle\nsis\*.exe - name: Download jsign shell: powershell @@ -85,7 +66,6 @@ jobs: Invoke-WebRequest -Uri "https://github.com/ebourg/jsign/releases/download/7.0/jsign-7.0.jar" -OutFile jsign.jar - name: Get Azure token - id: azure-token shell: powershell run: | $body = @{ @@ -103,21 +83,12 @@ jobs: shell: powershell run: | $env:Path = "$env:EXTRA_PATH;$env:Path" - $ver = ("${{ github.ref_name }}" -replace '^v','') $token = [System.IO.File]::ReadAllText("$env:TEMP\aztoken.txt") - $installer = "Wraith_" + $ver + "_x64-setup.exe" - Write-Host "Looking for installer: $installer" - Write-Host "Current dir: $(Get-Location)" - Get-ChildItem *.exe -ErrorAction SilentlyContinue - $binaries = @("src-tauri\target\release\Wraith.exe", $installer) - foreach ($path in $binaries) { - if (Test-Path $path) { - Write-Host "Signing: $path" - java -jar jsign.jar --storetype AZUREKEYVAULT --keystore "${{ secrets.AZURE_KEY_VAULT_URL }}" --storepass $token --alias "${{ secrets.AZURE_CERT_NAME }}" --tsaurl http://timestamp.digicert.com --tsmode RFC3161 $path - Write-Host "Signed." - } else { - Write-Host "NOT FOUND: $path" - } + $binaries = Get-ChildItem -Recurse src-tauri\target\release\bundle\nsis\*.exe + foreach ($binary in $binaries) { + Write-Host "Signing: $($binary.FullName)" + java -jar jsign.jar --storetype AZUREKEYVAULT --keystore "${{ secrets.AZURE_KEY_VAULT_URL }}" --storepass $token --alias "${{ secrets.AZURE_CERT_NAME }}" --tsaurl http://timestamp.digicert.com --tsmode RFC3161 $binary.FullName + Write-Host "Signed: $($binary.Name)" } Remove-Item "$env:TEMP\aztoken.txt" -ErrorAction SilentlyContinue @@ -125,19 +96,20 @@ jobs: shell: powershell run: | $ver = ("${{ github.ref_name }}" -replace '^v','') - $installer = "Wraith_" + $ver + "_x64-setup.exe" $giteaUrl = "https://git.command.vigilcyber.com" $headers = @{ Authorization = "token ${{ secrets.GIT_TOKEN }}" } - # Version JSON - $hash = (Get-FileHash $installer -Algorithm SHA256).Hash.ToLower() - @{ version = $ver; filename = $installer; sha256 = $hash; platform = "windows"; architecture = "amd64"; released = (Get-Date -Format "yyyy-MM-ddTHH:mm:ssZ"); signed = $true } | ConvertTo-Json | Out-File version.json -Encoding utf8 + $installers = Get-ChildItem -Recurse src-tauri\target\release\bundle\nsis\*.exe + foreach ($file in $installers) { + $hash = (Get-FileHash $file.FullName -Algorithm SHA256).Hash.ToLower() + @{ version = $ver; filename = $file.Name; sha256 = $hash; platform = "windows"; architecture = "amd64"; released = (Get-Date -Format "yyyy-MM-ddTHH:mm:ssZ"); signed = $true } | ConvertTo-Json | Out-File version.json -Encoding utf8 - Write-Host "Uploading $installer" - Invoke-RestMethod -Uri "$giteaUrl/api/packages/vstockwell/generic/wraith/$ver/$installer" -Method PUT -Headers $headers -ContentType "application/octet-stream" -InFile $installer + Write-Host "Uploading: $($file.Name)" + Invoke-RestMethod -Uri "$giteaUrl/api/packages/vstockwell/generic/wraith/$ver/$($file.Name)" -Method PUT -Headers $headers -ContentType "application/octet-stream" -InFile $file.FullName - Write-Host "Uploading version.json" - Invoke-RestMethod -Uri "$giteaUrl/api/packages/vstockwell/generic/wraith/$ver/version.json" -Method PUT -Headers $headers -ContentType "application/octet-stream" -InFile version.json + Write-Host "Uploading: version.json" + Invoke-RestMethod -Uri "$giteaUrl/api/packages/vstockwell/generic/wraith/$ver/version.json" -Method PUT -Headers $headers -ContentType "application/octet-stream" -InFile version.json + } Write-Host "=== Upload complete ===" diff --git a/src-tauri/tauri.conf.json b/src-tauri/tauri.conf.json index bcdc339..2286d25 100644 --- a/src-tauri/tauri.conf.json +++ b/src-tauri/tauri.conf.json @@ -26,7 +26,7 @@ }, "bundle": { "active": true, - "targets": [], + "targets": ["nsis"], "icon": [ "icons/32x32.png", "icons/128x128.png",