fix(webview/slack): media perms + deep-link isolation (#1074) (#1080) #40
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: Build | |
| on: | |
| push: | |
| branches: [main] | |
| pull_request: | |
| permissions: | |
| contents: read | |
| pull-requests: read | |
| # Required for Sentry to associate commits with releases | |
| actions: read | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.head_ref || github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| build: | |
| name: Build Tauri App | |
| runs-on: ubuntu-22.04 | |
| container: | |
| image: ghcr.io/tinyhumansai/openhuman_ci:rust-1.93.0 | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 1 | |
| submodules: recursive | |
| - name: Cache Rust build artifacts | |
| uses: Swatinem/rust-cache@v2 | |
| with: | |
| workspaces: | | |
| . -> target | |
| app/src-tauri -> target | |
| cache-on-failure: true | |
| # CEF (Chromium Embedded Framework) runtime is downloaded on-demand by | |
| # cef-dll-sys + the vendored tauri-cli. Cache it across builds — the | |
| # payload is ~400MB per platform and fetching every run is painful. | |
| - name: Cache CEF binary distribution | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.cache/tauri-cef | |
| key: cef-ubuntu-22.04-${{ hashFiles('app/src-tauri/Cargo.toml') }} | |
| restore-keys: | | |
| cef-ubuntu-22.04- | |
| # Note: the vendored CEF-aware tauri-cli is pre-installed in the | |
| # ghcr.io/tinyhumansai/openhuman_ci image (see .github/Dockerfile), | |
| # so `cargo tauri build` below resolves to the fork without any | |
| # per-run compile step. | |
| - name: Setup pnpm | |
| uses: pnpm/action-setup@v4 | |
| with: | |
| cache: true | |
| - name: Setup Node.js 24.x | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: 24.x | |
| - name: Install dependencies | |
| run: pnpm install --frozen-lockfile | |
| - name: Install cmake (for whisper-rs) | |
| run: apt-get update && apt-get install -y --no-install-recommends cmake && | |
| rm -rf /var/lib/apt/lists/* | |
| # Core is linked into the Tauri binary as a path dep — no separate | |
| # sidecar build / stage step needed. | |
| - name: Build Tauri app (CEF default) | |
| working-directory: app | |
| run: | | |
| # Skip tsc in beforeBuildCommand — typechecking runs in the dedicated | |
| # `typecheck` workflow, so doing it again here is duplicated CI time. | |
| TAURI_CONFIG_OVERRIDE='{"build":{"beforeBuildCommand":"npx vite build"},"plugins":{"updater":{"active":false}}}' | |
| cargo tauri build -c "$TAURI_CONFIG_OVERRIDE" --bundles deb | |
| env: | |
| NODE_ENV: production | |
| CARGO_PROFILE_RELEASE_OPT_LEVEL: "1" | |
| CARGO_PROFILE_RELEASE_CODEGEN_UNITS: "16" | |
| CARGO_PROFILE_RELEASE_LTO: "false" | |
| CARGO_PROFILE_RELEASE_STRIP: "true" | |
| CARGO_PROFILE_RELEASE_DEBUG: "false" |