Skip to content
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
74 changes: 73 additions & 1 deletion .github/workflows/deploy-staging.yml
Original file line number Diff line number Diff line change
Expand Up @@ -219,16 +219,88 @@ jobs:
VITE_API_URL: ${{ vars.STAGING_API_URL }}
VITE_ENVIRONMENT: staging
VITE_GOOGLE_CLIENT_ID: ${{ vars.GOOGLE_CLIENT_ID }}
# winfsp-sys build script checks registry for WinFsp install dir.
# MSI install registry writes may not be visible to Cargo process;
# set explicit path as reliable fallback.
WINFSP_INSTALL_DIR: 'C:\Program Files (x86)\WinFsp'
with:
projectPath: apps/desktop
tauriScript: pnpm tauri
tagName: ${{ inputs.staging_tag || github.ref_name }}
releaseName: 'CipherBox Desktop ${{ inputs.staging_tag || github.ref_name }}'
releaseBody: 'Staging build for ${{ inputs.staging_tag || github.ref_name }}. macOS (unsigned - right-click > Open to launch) and Windows (unsigned - click "More info" > "Run anyway").'
releaseBody: 'Staging build for ${{ inputs.staging_tag || github.ref_name }}. macOS (unsigned - right-click > Open to launch), Windows (unsigned - click "More info" > "Run anyway"), and Linux (AppImage/deb).'

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor

Release notes text can flap across jobs.

Line 231 was updated, but Line 160 still has the old body. Since multiple jobs publish to the same release, the final release description depends on which job finishes last.

Suggested fix
-          releaseBody: 'Staging build for ${{ inputs.staging_tag || github.ref_name }}. macOS (unsigned - right-click > Open to launch) and Windows (unsigned - click "More info" > "Run anyway").'
+          releaseBody: 'Staging build for ${{ inputs.staging_tag || github.ref_name }}. macOS (unsigned - right-click > Open to launch), Windows (unsigned - click "More info" > "Run anyway"), and Linux (AppImage/deb).'
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In @.github/workflows/deploy-staging.yml at line 231, The release body is
duplicated and races between jobs; centralize the text so both publishers use
the same value — define a single variable (e.g., env RELEASE_BODY) containing
'Staging build for ${{ inputs.staging_tag || github.ref_name }}. macOS (unsigned
- right-click > Open to launch), Windows (unsigned - click "More info" > "Run
anyway"), and Linux (AppImage/deb).' and replace the two releaseBody occurrences
with ${{ env.RELEASE_BODY }} (or alternatively collapse publishing into a single
job/step that sets releaseBody once) so the final release description is
deterministic; update references where releaseBody appears to use the new
RELEASE_BODY symbol.

releaseDraft: false
prerelease: true
args: -- --no-default-features --features winfsp

build-desktop-linux:
name: Build Desktop App (Linux)
runs-on: ubuntu-22.04
environment: staging
permissions:
contents: write
steps:
- uses: actions/checkout@v4
with:
ref: ${{ inputs.staging_tag || github.ref_name }}

- name: Install system dependencies
run: |
sudo apt-get update
sudo apt-get install -y \
libwebkit2gtk-4.1-dev \
libayatana-appindicator3-dev \
librsvg2-dev \
libssl-dev \
libxdo-dev \
libfuse3-dev \
pkg-config \
build-essential

- name: Install Rust toolchain
run: rustup default stable

- uses: actions/cache@v4
with:
path: |
~/.cargo/registry
~/.cargo/git
apps/desktop/src-tauri/target
key: linux-cargo-${{ hashFiles('apps/desktop/src-tauri/Cargo.lock') }}
restore-keys: linux-cargo-

- uses: pnpm/action-setup@v4
with:
version: 10

- uses: actions/setup-node@v4
with:
node-version: '22'
cache: 'pnpm'

- name: Install dependencies
run: pnpm install --frozen-lockfile

- name: Build crypto package
run: pnpm --filter @cipherbox/crypto build

- uses: tauri-apps/tauri-action@v0
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
VITE_WEB3AUTH_CLIENT_ID: ${{ vars.VITE_WEB3AUTH_CLIENT_ID }}
VITE_API_URL: ${{ vars.STAGING_API_URL }}
VITE_ENVIRONMENT: staging
VITE_GOOGLE_CLIENT_ID: ${{ vars.GOOGLE_CLIENT_ID }}
with:
projectPath: apps/desktop
tauriScript: pnpm tauri
tagName: ${{ inputs.staging_tag || github.ref_name }}
releaseName: 'CipherBox Desktop ${{ inputs.staging_tag || github.ref_name }}'
releaseBody: 'Staging build for ${{ inputs.staging_tag || github.ref_name }}. macOS (unsigned - right-click > Open to launch), Windows (unsigned - click "More info" > "Run anyway"), and Linux (AppImage/deb).'
releaseDraft: false
prerelease: true
args: -- --no-default-features --features fuse

deploy-vps:
name: Deploy to Staging VPS
needs: [build-api, build-tee, build-web]
Expand Down