feat: add desktop binary build to staging deploy#155
Conversation
Add plan to extend deploy-staging.yml with a build-desktop job that builds macOS .dmg via tauri-apps/tauri-action and uploads to a GitHub pre-release, running in parallel with existing jobs. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- New build-desktop job runs on macos-latest in parallel with existing jobs - Installs macFUSE headers for vendored fuser crate compilation - Uses tauri-apps/tauri-action@v0 to build .dmg and upload to GitHub pre-release - Bakes staging VITE_* env vars (API URL, Web3Auth client ID, Google client ID) - Not in deploy-vps.needs — desktop build failure cannot block server deploy Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Tasks completed: 1/1 - Add build-desktop job to deploy-staging.yml SUMMARY: .planning/quick/017-desktop-binary-staging-release/017-SUMMARY.md Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
WalkthroughA new GitHub Actions workflow job "Build Desktop App (macOS)" is added to the deploy-staging pipeline. The job builds a macOS desktop application (.dmg) using Tauri, installs required dependencies via Homebrew, and uploads the binary as a GitHub pre-release artifact. Planning documentation outlines the implementation and decision rationale. Changes
Estimated code review effort🎯 2 (Simple) | ⏱️ ~12 minutes Possibly related PRs
🚥 Pre-merge checks | ✅ 3✅ Passed checks (3 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Actionable comments posted: 1
🧹 Nitpick comments (1)
.github/workflows/deploy-staging.yml (1)
116-118:macos-latestbuilds arm64-only — Intel Mac testers will need Rosetta 2GitHub's
macos-latestrunner is now Apple Silicon (arm64). The produced.dmgwill be an arm64-only binary. Testers on Intel Macs can still run it via Rosetta 2, but this isn't mentioned in thereleaseBody. Consider either noting this in the release body or, when the project matures to production signing, building a universal binary via--target universal-apple-darwin.💬 Optional: clarify arch in release body (Line 157)
- releaseBody: 'Staging build for ${{ inputs.staging_tag || github.ref_name }}. macOS only (unsigned - right-click > Open to launch).' + releaseBody: 'Staging build for ${{ inputs.staging_tag || github.ref_name }}. macOS arm64 only (unsigned - right-click > Open to launch). Intel Macs require Rosetta 2.'🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.github/workflows/deploy-staging.yml around lines 116 - 118, The workflow uses the build-desktop job with runs-on: macos-latest which is an Apple Silicon (arm64) runner, so the produced .dmg is arm64-only; update the releaseBody to explicitly note the artifact is arm64 and that Intel Mac testers must use Rosetta 2, or alternately change the build step for build-desktop to produce a universal binary when ready by adding the macOS packaging flag --target universal-apple-darwin (used with your pack/forge/build command) and signing pipeline adjustments; reference build-desktop, runs-on: macos-latest, releaseBody, and --target universal-apple-darwin when making the change.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In @.github/workflows/deploy-staging.yml:
- Around line 127-128: The CI step that runs "brew install --cask macfuse" can
leave no fuse.pc so the vendored crate's build.rs (which does a pkg-config probe
and .unwrap()) will panic; update the workflow to ensure pkg-config can find
fuse.pc by either verifying the brew install produced fuse.pc in a pkg-config
searchable path and setting PKG_CONFIG_PATH accordingly, or replace the brew
step with downloading the macFUSE SDK from the macfuse releases and exporting
PKG_CONFIG_PATH to the SDK's pkgconfig dir (or use a prebuilt macOS
runner/workflow that includes FUSE headers) so the build.rs probe for "fuse" /
"osxfuse" succeeds instead of unwrapping a missing result.
---
Nitpick comments:
In @.github/workflows/deploy-staging.yml:
- Around line 116-118: The workflow uses the build-desktop job with runs-on:
macos-latest which is an Apple Silicon (arm64) runner, so the produced .dmg is
arm64-only; update the releaseBody to explicitly note the artifact is arm64 and
that Intel Mac testers must use Rosetta 2, or alternately change the build step
for build-desktop to produce a universal binary when ready by adding the macOS
packaging flag --target universal-apple-darwin (used with your pack/forge/build
command) and signing pipeline adjustments; reference build-desktop, runs-on:
macos-latest, releaseBody, and --target universal-apple-darwin when making the
change.
| - name: Install macFUSE headers | ||
| run: brew install --cask macfuse |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
# Check if fuser's build.rs exists and examine its contents
echo "=== Checking vendored fuser build.rs ==="
find apps/desktop/src-tauri/vendor/fuser -name "build.rs" -type fRepository: FSM1/cipher-box
Length of output: 144
🏁 Script executed:
#!/bin/bash
# Look for PKG_CONFIG_PATH, FUSE_INCLUDE_DIR or any macfuse-related setup in fuser
echo "=== Searching for pkg-config and FUSE setup in vendored fuser ==="
rg -n "PKG_CONFIG_PATH|FUSE_INCLUDE|pkg.config|probe|macfuse" apps/desktop/src-tauri/vendor/fuser/ 2>/dev/null || echo "Pattern not found"
echo -e "\n=== Checking build.rs for platform-specific handling ==="
fd "build\.rs" apps/desktop/src-tauri/vendor/fuser -type f -exec head -50 {} \;Repository: FSM1/cipher-box
Length of output: 4177
🏁 Script executed:
#!/bin/bash
# Check the actual deploy-staging workflow to see what steps run on macOS
echo "=== Checking deploy-staging.yml for macOS-specific setup ==="
grep -n "macos" .github/workflows/deploy-staging.yml -i
grep -n "macfuse\|fuse\|PKG_CONFIG" .github/workflows/deploy-staging.ymlRepository: FSM1/cipher-box
Length of output: 381
🏁 Script executed:
#!/bin/bash
# Check if there are any other workflows or setup scripts that handle macfuse installation
echo "=== Searching for macfuse references across the repo ==="
rg -l "macfuse|macFUSE" --type yaml --type shRepository: FSM1/cipher-box
Length of output: 115
🏁 Script executed:
#!/bin/bash
# Read the full build.rs to understand error handling
echo "=== Full build.rs content ==="
cat -n apps/desktop/src-tauri/vendor/fuser/build.rsRepository: FSM1/cipher-box
Length of output: 2536
🏁 Script executed:
#!/bin/bash
# Check if there's a Cargo.lock or Cargo.toml at the root that shows how fuser is used
echo "=== Checking how fuser is configured in the tauri app's Cargo.toml ==="
grep -n "fuser\|libfuse" apps/desktop/src-tauri/Cargo.toml | head -20Repository: FSM1/cipher-box
Length of output: 461
🏁 Script executed:
#!/bin/bash
# Check if there's any GitHub Actions setup or workaround scripts
echo "=== Looking for any pre-build setup or environment scripts ==="
fd "setup|install|pre" .github/workflows/ -type f
cat -n .github/workflows/deploy-staging.yml | head -140Repository: FSM1/cipher-box
Length of output: 4923
brew install --cask macfuse may fail or not properly install pkg-config files on GitHub's hosted macOS runners, causing the Rust build to fail
The vendored fuser's build.rs (line 31) has a hard .unwrap() on the pkg-config probe for fuse or osxfuse. If brew install --cask macfuse succeeds but doesn't lay down the fuse.pc pkg-config file — which can happen if the kernel extension approval is required but unavailable in a headless CI environment — the build will panic during compilation.
Confirm that brew install --cask macfuse successfully installs fuse.pc to a location discoverable by pkg-config on a GitHub Actions macOS runner, or use an alternative approach such as:
- Downloading the macFUSE SDK directly from macFUSE releases and setting
PKG_CONFIG_PATHmanually - Using a pre-built GitHub Actions workflow that already includes FUSE headers
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In @.github/workflows/deploy-staging.yml around lines 127 - 128, The CI step
that runs "brew install --cask macfuse" can leave no fuse.pc so the vendored
crate's build.rs (which does a pkg-config probe and .unwrap()) will panic;
update the workflow to ensure pkg-config can find fuse.pc by either verifying
the brew install produced fuse.pc in a pkg-config searchable path and setting
PKG_CONFIG_PATH accordingly, or replace the brew step with downloading the
macFUSE SDK from the macfuse releases and exporting PKG_CONFIG_PATH to the SDK's
pkgconfig dir (or use a prebuilt macOS runner/workflow that includes FUSE
headers) so the build.rs probe for "fuse" / "osxfuse" succeeds instead of
unwrapping a missing result.
Summary
build-desktopjob todeploy-staging.ymlthat builds a macOS.dmgviatauri-apps/tauri-actionand uploads it to a GitHub pre-releaseTest plan
v*-staging-rc-*tag and verify thebuild-desktopjob starts on a macOS runner.dmgappears on the GitHub Release page as a pre-release.dmg(right-click > Open to bypass Gatekeeper)deploy-vpsjob completes independently of desktop build🤖 Generated with Claude Code
Summary by CodeRabbit