Skip to content

fix(ci): wire Tauri signing keys into staging desktop builds#370

Merged
FSM1 merged 1 commit into
mainfrom
fix/tauri-signing-env
Mar 26, 2026
Merged

fix(ci): wire Tauri signing keys into staging desktop builds#370
FSM1 merged 1 commit into
mainfrom
fix/tauri-signing-env

Conversation

@FSM1

@FSM1 FSM1 commented Mar 26, 2026

Copy link
Copy Markdown
Owner

Summary

  • Pass TAURI_SIGNING_PRIVATE_KEY and TAURI_SIGNING_PRIVATE_KEY_PASSWORD repo secrets to all three desktop build jobs (macOS, Windows, Linux) in the staging deploy workflow
  • The updater pubkey was already configured in tauri.conf.json but the corresponding private key wasn't passed at build time, causing A public key has been found, but no private key errors

Test plan

  • Merge and trigger staging deploy — desktop builds should complete without signing errors

🤖 Generated with Claude Code

Summary by CodeRabbit

  • Chores
    • Updated deployment pipeline configuration with signing credentials for application build and release processes on macOS, Windows, and Linux platforms.

The updater pubkey in tauri.conf.json requires TAURI_SIGNING_PRIVATE_KEY
at build time. Pass the repo secrets to all three desktop build jobs
(macOS, Windows, Linux).

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Entire-Checkpoint: 69aff622d140
@coderabbitai

coderabbitai Bot commented Mar 26, 2026

Copy link
Copy Markdown

Walkthrough

The deploy-staging GitHub Actions workflow is updated to pass Tauri signing credentials (TAURI_SIGNING_PRIVATE_KEY and TAURI_SIGNING_PRIVATE_KEY_PASSWORD) as environment variables to the tauri-apps/tauri-action build steps across macOS, Windows, and Linux desktop jobs, sourced from repository secrets.

Changes

Cohort / File(s) Summary
Tauri Signing Environment Variables
.github/workflows/deploy-staging.yml
Added TAURI_SIGNING_PRIVATE_KEY and TAURI_SIGNING_PRIVATE_KEY_PASSWORD environment variables to the env block for tauri-apps/tauri-action steps in macOS, Windows, and Linux desktop build jobs, each sourced from corresponding GitHub secrets.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~5 minutes

Possibly related PRs

🚥 Pre-merge checks | ✅ 3
✅ Passed checks (3 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title 'fix(ci): wire Tauri signing keys into staging desktop builds' accurately describes the main change: adding Tauri signing key environment variables to the staging desktop build jobs in the CI workflow.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch fix/tauri-signing-env

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@FSM1 FSM1 enabled auto-merge (squash) March 26, 2026 04:08

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧹 Nitpick comments (1)
.github/workflows/deploy-staging.yml (1)

178-178: Standardize tauri-apps/tauri-action version across workflows.

Version drift detected: deploy-staging.yml (lines 178, 272, 348) uses @v0, while build-desktop.yml uses @v1. Align to the same major version to avoid subtle behavior differences between staging and release pipelines.

🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In @.github/workflows/deploy-staging.yml at line 178, Update the tauri Action
usage in the staging workflow: replace every occurrence of "uses:
tauri-apps/tauri-action@v0" in deploy-staging.yml with the same major version
used in build-desktop.yml (e.g., "uses: tauri-apps/tauri-action@v1") so both
workflows use the same tauri-action major release; ensure you update all
instances in the file and run a quick workflow lint to confirm syntax.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In @.github/workflows/deploy-staging.yml:
- Line 178: Update the tauri Action usage in the staging workflow: replace every
occurrence of "uses: tauri-apps/tauri-action@v0" in deploy-staging.yml with the
same major version used in build-desktop.yml (e.g., "uses:
tauri-apps/tauri-action@v1") so both workflows use the same tauri-action major
release; ensure you update all instances in the file and run a quick workflow
lint to confirm syntax.

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 0766574d-761d-4039-a6c5-69146ff3fd3a

📥 Commits

Reviewing files that changed from the base of the PR and between d51f70a and d80b0a1.

📒 Files selected for processing (1)
  • .github/workflows/deploy-staging.yml

@FSM1 FSM1 merged commit ed62930 into main Mar 26, 2026
26 checks passed
@FSM1 FSM1 deleted the fix/tauri-signing-env branch March 26, 2026 04:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant