tauri-apps
Error while bundling + signing a MacOS application using the example template: `failed to bundle project: Error: The file “project” couldn’t be opened.`
I'm using the examples/publish-to-auto-release-universal-macos-app-with-signing-certificate.yml template available here.
I changed it a little bit for two things:
- A step to decode a base64 of the API key to the filesystem:
- name: decode API key to file
env:
APPLE_API_KEY: ${{ secrets.APPLE_API_KEY }}
APPLE_API_KEY_BASE64: ${{ secrets.APPLE_API_KEY_BASE64 }}
run: |
API_KEY_PATH=$PWD/AuthKey_${APPLE_API_KEY}.p8
API_KEY_DIR=$PWD
echo ${{ secrets.APPLE_API_KEY_BASE64 }} | base64 --decode > $API_KEY_PATH
echo "Decoded API key at path $API_KEY_PATH"
echo "APPLE_API_KEY_PATH=$API_KEY_DIR" >> $GITHUB_ENV
echo "Added API key directory to environment variables: $API_KEY_DIR"
- The environment variables provided to
tauri-action, to ensure that upload is done using an API key:
- name: build and publish
uses: tauri-apps/tauri-action@v0
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }}
APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
APPLE_API_KEY: ${{ secrets.APPLE_API_KEY }}
APPLE_API_ISSUER: ${{ secrets.APPLE_API_ISSUER }}
APPLE_API_KEY_PATH: ${{ env.APPLE_API_KEY_PATH }}
APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
APPLE_SIGNING_IDENTITY: ${{ env.CERT_ID }}
with:
tagName: app-v__VERSION__ # the action automatically replaces \_\_VERSION\_\_ with the app version.
releaseName: "App v__VERSION__"
releaseBody: "See the assets to download this version and install."
releaseDraft: true
prerelease: false
args: ${{ matrix.args }}
Note that in my case, CERT_ID is extracted from the verify certificate step.
Everything works fine until the tauri-action step, which builds the application fine, but fails during application signing (for some context, my application is called MailVista-App) :
Compiling app v0.1.0 (/Users/runner/work/MailVista-App/MailVista-App/frontend-web/src-tauri)
Finished `release` profile [optimized] target(s) in 1m 46s
Built application at: /Users/runner/work/MailVista-App/MailVista-App/frontend-web/src-tauri/target/universal-apple-darwin/release/app
Bundling MailVista.app (/Users/runner/work/MailVista-App/MailVista-App/frontend-web/src-tauri/target/universal-apple-darwin/release/bundle/macos/MailVista.app)
1 identity imported.
keychain: "/Users/runner/Library/Keychains/M5YsQohT2lkVyMiz.keychain-db"
version: 512
class: 0x00000010
attributes:
[redacted]
found cert "Apple Distribution: TeamWay (QR822RTV68)" with organization "TeamWay"
Signing with identity "Apple Distribution: TeamWay (QR822RTV68)"
Signing with identity "Apple Distribution: TeamWay (QR822RTV68)"
Signing /Users/runner/work/MailVista-App/MailVista-App/frontend-web/src-tauri/target/universal-apple-darwin/release/bundle/macos/MailVista.app/Contents/MacOS/app
/Users/runner/work/MailVista-App/MailVista-App/frontend-web/src-tauri/target/universal-apple-darwin/release/bundle/macos/MailVista.app/Contents/MacOS/app: replacing existing signature
Signing with identity "Apple Distribution: TeamWay (QR822RTV68)"
Signing /Users/runner/work/MailVista-App/MailVista-App/frontend-web/src-tauri/target/universal-apple-darwin/release/bundle/macos/MailVista.app
/Users/runner/work/MailVista-App/MailVista-App/frontend-web/src-tauri/target/universal-apple-darwin/release/bundle/macos/MailVista.app: replacing existing signature
Signing with identity "Apple Distribution: TeamWay (QR822RTV68)"
Signing /var/folders/x7/ch5v91h56_zbvbd1y2f600dm0000gn/T/.tmpJWWBMk/MailVista.zip
Notarizing /Users/runner/work/MailVista-App/MailVista-App/frontend-web/src-tauri/target/universal-apple-darwin/release/bundle/macos/MailVista.app
failed to bundle project: Error: The file “MailVista-App” couldn’t be opened.
: failed to notarize app
Error failed to bundle project: Error: The file “MailVista-App” couldn’t be opened.
: failed to notarize app
Error: Command "tauri ["build","--target","universal-apple-darwin"]" failed with exit code 1
Where could this path error come from? I'm unsure what's causing an issue at all, considering the first Signing /Users/runner/work/MailVista-App/MailVista-App/... seems to work fine... But Notarizing /Users/runner/work/MailVista-App/MailVista-App/... causes the issue.
just to double check it wasn't the last release that broke this, can you replace uses: tauri-apps/tauri-action@v0 with uses: tauri-apps/[email protected] ?
Thanks for your answer! I just tried and the behaviour is the same.
Here is the full workflow file, just in case: https://gist.github.com/tbarusseau/425716078c721a562b3efd78d1a1f782
My src-tauri/ directory isn't in the root directory, it's nested in another directory called frontend-web/. Could it be the reason why it fails?
To add more information: when I comment out the following environment variables, the build is done correctly and the artifact is properly uploaded to the corresponding GitHub workflow:
# TODO: Disabled for now.
# APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }}
# APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
# APPLE_API_KEY: ${{ secrets.APPLE_API_KEY }}
# APPLE_API_ISSUER: ${{ secrets.APPLE_API_ISSUER }}
# APPLE_API_KEY_PATH: ${{ env.APPLE_API_KEY_PATH }}
The signing/notarizing part seems to be the only part causing issues.
I see that the issue doesn't have much traction, how can I use act while using a local version of tauri-action? I'd like to add some logs in the Rust code and understand what's causing the issue to propose a fix, but I struggle to understand how to actually debug the code.
No idea tbh. I don't use act cause it never worked when I tried it 🤷
I'm still out of office and will be for the next 2-3 weeks so I can't help investigating it.
Weird that it seems to only affect you 🤔
I can't try to repro this because i cannot notarize apps 🙃 If you can still reproduce this, can you perhaps add the --verbose arg and see if that gets us more logs?