5 Commits

Author SHA1 Message Date
Douglas Teles e628d71a01 ci: pass the imported certificate identity to the bundler
The certificate import step only placed the Developer ID certificate
in the keychain; without APPLE_SIGNING_IDENTITY the tauri bundler
silently skips signing and notarization, so every published macOS
bundle shipped unsigned and Apple Silicon rejected the app with the
damaged-app dialog. Extract the identity from the keychain after the
import and export it for the build step, so no additional secret is
required.
2026-07-08 11:36:59 -03:00
Douglas Teles 32436514c0 Fix CI: remove invalid app.title, skip macOS signing when unconfigured
- Remove `app.title` from tauri.conf.json (not valid in Tauri 2 schema)
- Make Apple certificate import conditional on APPLE_CERTIFICATE secret

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-02 01:51:44 -03:00
Douglas Teles 24568f90af Add auto-update via tauri-plugin-updater + GitHub Releases
- tauri-plugin-updater + tauri-plugin-process for self-update
- check_app_update / install_app_update Rust commands (UpdaterExt)
- tauri.conf.json: createUpdaterArtifacts + updater endpoint
- Capabilities: updater:default, process:allow-restart, dialog:allow-ask
- Frontend: checkForAppUpdate() with native dialog prompt
- CI/CD: replaced manual build with tauri-apps/tauri-action@v0
  - includeUpdaterJson generates latest.json automatically
  - TAURI_SIGNING_PRIVATE_KEY for update signature verification
  - Rust cache via swatinem/rust-cache@v2
- i18n: app_update_title/text/updating in all 4 locales

NOTE: pubkey in tauri.conf.json is placeholder — replace after
running `cargo tauri signer generate` and adding secrets to GitHub.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-02 01:31:39 -03:00
Douglas Teles 39ebbe320f Add macOS code signing and notarization to CI/CD
- .gitignore: block secrets (build-mac.sh, *.p12, *.pem, *.key)
- build.yml: import Apple certificate from GitHub Secrets, set
  APPLE_ID/APPLE_PASSWORD/APPLE_TEAM_ID for notarization, cleanup
  keychain after build. Linux/Windows build unchanged.
- tauri.conf.json: add macOS bundle config (signingIdentity: null
  lets Tauri auto-discover from keychain)

GitHub Secrets needed (Settings > Secrets > Actions):
  APPLE_CERTIFICATE      - base64 of certificate.p12
  APPLE_CERTIFICATE_PASSWORD - certificate password
  APPLE_ID               - Apple ID email
  APPLE_PASSWORD          - App-Specific Password
  APPLE_TEAM_ID          - Team ID

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-02 00:30:32 -03:00
Douglas Teles 8aa385f04d System disk protection, macOS flash, CI/CD, app icon
- disk.rs: block system disks (/proc/mounts -> strip partition suffix)
- flash.rs: macOS implementation (diskutil unmount + osascript admin
  privileges + rdisk raw write + auto-mount for panel injection)
- flash.rs: decompress_xz shared between linux and macos (cfg any)
- tauri.conf.json: full icon set (32, 128, 128@2x, ico, icns, png)
- .github/workflows/build.yml: CI/CD for Linux, macOS, Windows
  (Tauri CLI build + artifact upload + draft release on tag)
- .gitignore: track icons/ (custom branding, not auto-generated)
- icons/: generated from Quantico font (AR FLASHER branding)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-02 00:10:55 -03:00