hoppscotch/hoppscotch
5 workflows · maturity 50% · 6 patterns · GitHub ↗
Practices
✓ Matrix○ Permissions✓ Security scan○ AI review✓ Cache○ Concurrency○ Reusable workflows
Detected patterns
Security dimensions
Tools: github/codeql-action/analyze, github/codeql-action/autobuild, github/codeql-action/init
Workflows (5)
build-hoppscotch-agent .github/workflows/build-hoppscotch-agent.yml
View raw YAML
name: Build Agent Self Host - AIO
on:
workflow_dispatch:
inputs:
version:
description: Tag of the version to build
required: true
branch:
description: Branch to checkout
required: true
default: "main"
release_notes:
description: Release notes for the update
required: false
default: "PLACEHOLDER RELEASE NOTES"
build_macos_x64:
description: Build for macOS x64
type: boolean
required: false
default: true
build_macos_arm64:
description: Build for macOS ARM64
type: boolean
required: false
default: true
build_linux_deb:
description: Build Linux DEB package
type: boolean
required: false
default: true
build_linux_appimage:
description: Build Linux AppImage
type: boolean
required: false
default: true
build_windows_installer:
description: Build Windows MSI installer
type: boolean
required: false
default: true
build_windows_portable:
description: Build Windows portable executable
type: boolean
required: false
default: true
env:
CARGO_TERM_COLOR: always
jobs:
build-macos-x86_64:
name: Build MacOS x86_64 (.dmg)
runs-on: macos-latest
if: ${{ inputs.build_macos_x64 }}
defaults:
run:
shell: bash
timeout-minutes: 60
steps:
- name: Checkout hoppscotch/hoppscotch
uses: actions/checkout@v3
with:
repository: hoppscotch/hoppscotch
ref: ${{ inputs.branch }}
token: ${{ secrets.HOPPSCOTCH_GITHUB_CHECKOUT_TOKEN }}
- name: Setup Node.js
uses: actions/setup-node@v3
with:
node-version: 20
- name: Setup pnpm
uses: pnpm/action-setup@v4
with:
version: 10.15.0
- name: Install Rust
uses: actions-rs/toolchain@v1
with:
toolchain: stable
override: true
- name: Install Rust target
timeout-minutes: 5
run: rustup target add x86_64-apple-darwin
- name: Install additional tools
timeout-minutes: 5
run: |
mkdir __dist/
cd __dist/
curl -LO "https://github.com/tauri-apps/tauri/releases/download/tauri-cli-v2.0.1/cargo-tauri-x86_64-apple-darwin.zip"
unzip cargo-tauri-x86_64-apple-darwin.zip
chmod +x cargo-tauri
sudo mv cargo-tauri /usr/local/bin/tauri
- name: Import Code-Signing Certificates
uses: apple-actions/import-codesign-certs@v3
with:
p12-file-base64: ${{ secrets.HOPPSCOTCH_APPLE_CERTIFICATE }}
p12-password: ${{ secrets.HOPPSCOTCH_APPLE_CERTIFICATE_PASSWORD }}
keychain-password: ${{ secrets.KEYCHAIN_PASSWORD }}
- name: Cache Rust dependencies
uses: actions/cache@v4
with:
path: |
~/.cargo/registry
~/.cargo/git
target
key: ${{ runner.os }}-cargo-x86-${{ hashFiles('**/Cargo.lock') }}
- name: Install dependencies
timeout-minutes: 15
run: |
cd packages/hoppscotch-agent
pnpm install --filter hoppscotch-agent
- name: Build Tauri app
timeout-minutes: 30
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
TAURI_SIGNING_PRIVATE_KEY: ${{ secrets.AGENT_TAURI_SIGNING_PRIVATE_KEY }}
TAURI_SIGNING_PRIVATE_KEY_PASSWORD: ${{ secrets.AGENT_TAURI_SIGNING_PASSWORD }}
APPLE_ID: ${{ secrets.HOPPSCOTCH_APPLE_ID }}
APPLE_PASSWORD: ${{ secrets.HOPPSCOTCH_APPLE_PASSWORD }}
APPLE_TEAM_ID: ${{ secrets.HOPPSCOTCH_APPLE_TEAM_ID }}
APPLE_SIGNING_IDENTITY: ${{ secrets.HOPPSCOTCH_APPLE_SIGNING_IDENTITY }}
run: |
cd packages/hoppscotch-agent
echo "Starting x86_64 build..."
pnpm tauri build --verbose --target x86_64-apple-darwin
echo "Build completed"
- name: Prepare artifacts
run: |
mkdir -p artifacts/{sigs,updaters,shas}
mv packages/hoppscotch-agent/src-tauri/target/x86_64-apple-darwin/release/bundle/dmg/*_x64.dmg artifacts/Hoppscotch_Agent_mac_x64.dmg
mv packages/hoppscotch-agent/src-tauri/target/x86_64-apple-darwin/release/bundle/macos/*.app.tar.gz artifacts/updaters/Hoppscotch_Agent_mac_update_x64.tar.gz
mv packages/hoppscotch-agent/src-tauri/target/x86_64-apple-darwin/release/bundle/macos/*.app.tar.gz.sig artifacts/sigs/Hoppscotch_Agent_mac_update_x64.tar.gz.sig
- name: Generate checksums
timeout-minutes: 2
run: |
cd artifacts
for file in *; do
if [ -f "$file" ]; then
shasum -a 256 "$file" > "shas/${file}.sha256"
fi
done
cd updaters
for file in *; do
if [ -f "$file" ]; then
shasum -a 256 "$file" > "../shas/${file}.sha256"
fi
done
- name: Upload artifacts
uses: actions/upload-artifact@v4
with:
name: Hoppscotch_Agent-macos-x86_64
path: artifacts/*
build-macos-aarch64:
name: Build MacOS ARM64 (.dmg)
runs-on: macos-latest
if: ${{ inputs.build_macos_arm64 }}
defaults:
run:
shell: bash
timeout-minutes: 60
steps:
- name: Checkout hoppscotch/hoppscotch
uses: actions/checkout@v3
with:
repository: hoppscotch/hoppscotch
ref: ${{ inputs.branch }}
token: ${{ secrets.HOPPSCOTCH_GITHUB_CHECKOUT_TOKEN }}
- name: Setup Node.js
uses: actions/setup-node@v3
with:
node-version: 20
- name: Setup pnpm
uses: pnpm/action-setup@v4
with:
version: 10.15.0
- name: Install Rust
uses: actions-rs/toolchain@v1
with:
toolchain: stable
override: true
- name: Install Rust target
timeout-minutes: 5
run: rustup target add aarch64-apple-darwin
- name: Install additional tools
timeout-minutes: 5
run: |
mkdir __dist/
cd __dist/
curl -LO "https://github.com/tauri-apps/tauri/releases/download/tauri-cli-v2.0.1/cargo-tauri-aarch64-apple-darwin.zip"
unzip cargo-tauri-aarch64-apple-darwin.zip
chmod +x cargo-tauri
sudo mv cargo-tauri /usr/local/bin/tauri
- name: Import Code-Signing Certificates
uses: apple-actions/import-codesign-certs@v3
with:
p12-file-base64: ${{ secrets.HOPPSCOTCH_APPLE_CERTIFICATE }}
p12-password: ${{ secrets.HOPPSCOTCH_APPLE_CERTIFICATE_PASSWORD }}
keychain-password: ${{ secrets.KEYCHAIN_PASSWORD }}
- name: Cache Rust dependencies
uses: actions/cache@v4
with:
path: |
~/.cargo/registry
~/.cargo/git
target
key: ${{ runner.os }}-cargo-arm-${{ hashFiles('**/Cargo.lock') }}
- name: Install dependencies
timeout-minutes: 15
run: |
cd packages/hoppscotch-agent
pnpm install --filter hoppscotch-agent
- name: Build Tauri app
timeout-minutes: 30
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
TAURI_SIGNING_PRIVATE_KEY: ${{ secrets.AGENT_TAURI_SIGNING_PRIVATE_KEY }}
TAURI_SIGNING_PRIVATE_KEY_PASSWORD: ${{ secrets.AGENT_TAURI_SIGNING_PASSWORD }}
APPLE_ID: ${{ secrets.HOPPSCOTCH_APPLE_ID }}
APPLE_PASSWORD: ${{ secrets.HOPPSCOTCH_APPLE_PASSWORD }}
APPLE_TEAM_ID: ${{ secrets.HOPPSCOTCH_APPLE_TEAM_ID }}
APPLE_SIGNING_IDENTITY: ${{ secrets.HOPPSCOTCH_APPLE_SIGNING_IDENTITY }}
run: |
cd packages/hoppscotch-agent
echo "Starting ARM64 build..."
pnpm tauri build --verbose --target aarch64-apple-darwin
echo "Build completed"
- name: Prepare artifacts
run: |
mkdir -p artifacts/{sigs,updaters,shas}
mv packages/hoppscotch-agent/src-tauri/target/aarch64-apple-darwin/release/bundle/dmg/*_aarch64.dmg artifacts/Hoppscotch_Agent_mac_aarch64.dmg
mv packages/hoppscotch-agent/src-tauri/target/aarch64-apple-darwin/release/bundle/macos/*.app.tar.gz artifacts/updaters/Hoppscotch_Agent_mac_update_aarch64.tar.gz
mv packages/hoppscotch-agent/src-tauri/target/aarch64-apple-darwin/release/bundle/macos/*.app.tar.gz.sig artifacts/sigs/Hoppscotch_Agent_mac_update_aarch64.tar.gz.sig
- name: Generate checksums
timeout-minutes: 2
run: |
cd artifacts
for file in *; do
if [ -f "$file" ]; then
shasum -a 256 "$file" > "shas/${file}.sha256"
fi
done
cd updaters
for file in *; do
if [ -f "$file" ]; then
shasum -a 256 "$file" > "../shas/${file}.sha256"
fi
done
- name: Upload artifacts
uses: actions/upload-artifact@v4
with:
name: Hoppscotch_Agent-macos-arm64
path: artifacts/*
build-linux-deb:
name: Build Linux x86_64 (.deb)
runs-on: ubuntu-22.04
if: ${{ inputs.build_linux_deb }}
defaults:
run:
shell: bash
timeout-minutes: 60
steps:
- name: Checkout hoppscotch/hoppscotch
uses: actions/checkout@v3
with:
repository: hoppscotch/hoppscotch
ref: ${{ inputs.branch }}
token: ${{ secrets.HOPPSCOTCH_GITHUB_CHECKOUT_TOKEN }}
- name: Setup Node.js
uses: actions/setup-node@v3
with:
node-version: 20
- name: Setup pnpm
uses: pnpm/action-setup@v4
with:
version: 10.15.0
- name: Install Rust
uses: actions-rs/toolchain@v1
with:
toolchain: stable
override: true
- name: Install system dependencies
timeout-minutes: 5
run: |
sudo apt-get update
sudo apt-get install -y libwebkit2gtk-4.1-dev \
build-essential \
curl \
wget \
file \
libxdo-dev \
libssl-dev \
libayatana-appindicator3-dev \
librsvg2-dev
- name: Install additional tools
timeout-minutes: 5
run: |
curl -LO "https://github.com/tauri-apps/tauri/releases/download/tauri-cli-v2.0.1/cargo-tauri-x86_64-unknown-linux-gnu.tgz"
tar -xzf cargo-tauri-x86_64-unknown-linux-gnu.tgz
chmod +x cargo-tauri
sudo mv cargo-tauri /usr/local/bin/tauri
curl -LO "https://github.com/thedodd/trunk/releases/download/v0.17.5/trunk-x86_64-unknown-linux-gnu.tar.gz"
tar -xzf trunk-x86_64-unknown-linux-gnu.tar.gz
chmod +x trunk
sudo mv trunk /usr/local/bin/
- name: Cache Rust dependencies
uses: actions/cache@v4
with:
path: |
~/.cargo/registry
~/.cargo/git
target
key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
- name: Install dependencies
timeout-minutes: 15
run: |
cd packages/hoppscotch-agent
pnpm install --filter hoppscotch-agent
- name: Build Tauri app
timeout-minutes: 30
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
TAURI_PRIVATE_KEY: ${{ secrets.TAURI_PRIVATE_KEY }}
TAURI_KEY_PASSWORD: ${{ secrets.TAURI_KEY_PASSWORD }}
run: |
cd packages/hoppscotch-agent
pnpm tauri build --verbose -b deb -b updater
- name: Prepare artifacts
run: |
mkdir -p artifacts/{sigs,shas}
mv packages/hoppscotch-agent/src-tauri/target/release/bundle/deb/*.deb artifacts/Hoppscotch_Agent_linux_x64.deb
- name: Generate checksums
run: |
cd artifacts
for file in *; do
if [ -f "$file" ]; then
sha256sum "$file" > "shas/${file}.sha256"
fi
done
- name: Upload artifacts
uses: actions/upload-artifact@v4
with:
name: Hoppscotch_Agent-linux-deb
path: artifacts/*
build-linux-appimage:
name: Build Linux x86_64 (.AppImage)
runs-on: ubuntu-22.04
if: ${{ inputs.build_linux_appimage }}
defaults:
run:
shell: bash
timeout-minutes: 60
steps:
- name: Checkout hoppscotch/hoppscotch
uses: actions/checkout@v3
with:
repository: hoppscotch/hoppscotch
ref: ${{ inputs.branch }}
token: ${{ secrets.HOPPSCOTCH_GITHUB_CHECKOUT_TOKEN }}
- name: Setup Node.js
uses: actions/setup-node@v3
with:
node-version: 20
- name: Setup pnpm
uses: pnpm/action-setup@v4
with:
version: 10.15.0
- name: Install Rust
uses: actions-rs/toolchain@v1
with:
toolchain: stable
override: true
- name: Install system dependencies
timeout-minutes: 5
run: |
sudo apt-get update
sudo apt-get install -y libwebkit2gtk-4.1-dev \
build-essential \
curl \
wget \
file \
libxdo-dev \
libssl-dev \
libayatana-appindicator3-dev \
librsvg2-dev
- name: Install additional tools
timeout-minutes: 5
run: |
curl -LO "https://github.com/tauri-apps/tauri/releases/download/tauri-cli-v2.0.1/cargo-tauri-x86_64-unknown-linux-gnu.tgz"
tar -xzf cargo-tauri-x86_64-unknown-linux-gnu.tgz
chmod +x cargo-tauri
sudo mv cargo-tauri /usr/local/bin/tauri
curl -LO "https://github.com/thedodd/trunk/releases/download/v0.17.5/trunk-x86_64-unknown-linux-gnu.tar.gz"
tar -xzf trunk-x86_64-unknown-linux-gnu.tar.gz
chmod +x trunk
sudo mv trunk /usr/local/bin/
- name: Cache Rust dependencies
uses: actions/cache@v4
with:
path: |
~/.cargo/registry
~/.cargo/git
target
key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
- name: Install dependencies
timeout-minutes: 15
run: |
cd packages/hoppscotch-agent
pnpm install --filter hoppscotch-agent
- name: Build Tauri app
timeout-minutes: 30
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
TAURI_SIGNING_PRIVATE_KEY: ${{ secrets.TAURI_PRIVATE_KEY }}
TAURI_SIGNING_PRIVATE_KEY_PASSWORD: ${{ secrets.TAURI_KEY_PASSWORD }}
run: |
cd packages/hoppscotch-agent
pnpm tauri build --verbose -b appimage -b updater
- name: Prepare artifacts
run: |
mkdir -p artifacts/{sigs,shas}
mv packages/hoppscotch-agent/src-tauri/target/release/bundle/appimage/*.AppImage artifacts/Hoppscotch_Agent_linux_x64.AppImage
mv packages/hoppscotch-agent/src-tauri/target/release/bundle/appimage/*.AppImage.sig artifacts/sigs/Hoppscotch_Agent_linux_x64.AppImage.sig
- name: Generate checksums
run: |
cd artifacts
for file in *; do
if [ -f "$file" ]; then
sha256sum "$file" > "shas/${file}.sha256"
fi
done
- name: Upload artifacts
uses: actions/upload-artifact@v4
with:
name: Hoppscotch_Agent-linux-appimage
path: artifacts/*
build-windows-installer:
name: Build Windows x86_64 (.msi)
runs-on: windows-latest
if: ${{ inputs.build_windows_installer }}
defaults:
run:
shell: bash
timeout-minutes: 60
steps:
- name: Checkout hoppscotch/hoppscotch
uses: actions/checkout@v3
with:
repository: hoppscotch/hoppscotch
ref: ${{ inputs.branch }}
token: ${{ secrets.HOPPSCOTCH_GITHUB_CHECKOUT_TOKEN }}
- name: Setup Node.js
uses: actions/setup-node@v3
with:
node-version: 20
- name: Setup pnpm
uses: pnpm/action-setup@v4
with:
version: 10.15.0
- name: Install Rust
uses: actions-rs/toolchain@v1
with:
toolchain: stable
override: true
- name: Download trusted-signing-cli
shell: pwsh
run: |
$ProgressPreference = 'SilentlyContinue'
Invoke-WebRequest -Uri "https://github.com/Levminer/trusted-signing-cli/releases/download/0.8.0/trusted-signing-cli.exe" -OutFile "trusted-signing-cli.exe"
Move-Item -Path "trusted-signing-cli.exe" -Destination "$env:GITHUB_WORKSPACE\trusted-signing-cli.exe"
echo "$env:GITHUB_WORKSPACE" | Out-File -FilePath $env:GITHUB_PATH -Append -Encoding utf8
- name: Setting up Windows Environment
timeout-minutes: 20
shell: bash
env:
WINDOWS_SIGN_COMMAND: trusted-signing-cli -e ${{ secrets.AZURE_ENDPOINT }} -a ${{ secrets.AZURE_CODE_SIGNING_NAME }} -c ${{ secrets.AZURE_CERT_PROFILE_NAME }} %1
run: |
cd packages/hoppscotch-agent
cat './src-tauri/tauri.conf.json' | jq '.bundle .windows += { "signCommand": env.WINDOWS_SIGN_COMMAND}' > './src-tauri/temp.json' && mv './src-tauri/temp.json' './src-tauri/tauri.conf.json'
- name: Cache Rust dependencies
uses: actions/cache@v4
with:
path: |
~/.cargo/registry
~/.cargo/git
target
key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
- name: Install dependencies
timeout-minutes: 15
shell: bash
run: |
cd packages/hoppscotch-agent
pnpm install --filter hoppscotch-agent
- name: Build Tauri app
timeout-minutes: 30
shell: powershell
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
TAURI_SIGNING_PRIVATE_KEY: ${{ secrets.AGENT_TAURI_SIGNING_PRIVATE_KEY }}
TAURI_SIGNING_PRIVATE_KEY_PASSWORD: ${{ secrets.AGENT_TAURI_SIGNING_PASSWORD }}
AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }}
run: |
cd packages/hoppscotch-agent
pnpm tauri build --verbose -b msi -b updater
- name: Prepare artifacts
shell: bash
run: |
mkdir -p artifacts/{sigs,shas}
mv packages/hoppscotch-agent/src-tauri/target/release/bundle/msi/*_x64_en-US.msi artifacts/Hoppscotch_Agent_win_x64.msi
mv packages/hoppscotch-agent/src-tauri/target/release/bundle/msi/*_x64_en-US.msi.sig artifacts/sigs/Hoppscotch_Agent_win_x64.msi.sig
- name: Generate checksums
shell: powershell
run: |
cd artifacts
Get-ChildItem -File | ForEach-Object {
$hash = Get-FileHash -Algorithm SHA256 $_.Name
$hash.Hash + " " + $_.Name | Out-File -Encoding UTF8 "shas/$($_.Name).sha256"
}
- name: Upload artifacts
uses: actions/upload-artifact@v4
with:
name: Hoppscotch_Agent-windows-installer
path: artifacts/*
build-windows-portable:
name: Build Windows x86_64 Portable
runs-on: windows-latest
if: ${{ inputs.build_windows_portable }}
defaults:
run:
shell: bash
timeout-minutes: 60
steps:
- name: Checkout hoppscotch/hoppscotch
uses: actions/checkout@v3
with:
repository: hoppscotch/hoppscotch
ref: ${{ inputs.branch }}
token: ${{ secrets.HOPPSCOTCH_GITHUB_CHECKOUT_TOKEN }}
- name: Setup Node.js
uses: actions/setup-node@v3
with:
node-version: 20
- name: Setup pnpm
uses: pnpm/action-setup@v4
with:
version: 10.15.0
- name: Install Rust
uses: actions-rs/toolchain@v1
with:
toolchain: stable
override: true
- name: Download trusted-signing-cli
shell: pwsh
run: |
$ProgressPreference = 'SilentlyContinue'
Invoke-WebRequest -Uri "https://github.com/Levminer/trusted-signing-cli/releases/download/0.8.0/trusted-signing-cli.exe" -OutFile "trusted-signing-cli.exe"
Move-Item -Path "trusted-signing-cli.exe" -Destination "$env:GITHUB_WORKSPACE\trusted-signing-cli.exe"
echo "$env:GITHUB_WORKSPACE" | Out-File -FilePath $env:GITHUB_PATH -Append -Encoding utf8
- name: Setting up Windows Environment
timeout-minutes: 20
shell: bash
env:
WINDOWS_SIGN_COMMAND: trusted-signing-cli -e ${{ secrets.AZURE_ENDPOINT }} -a ${{ secrets.AZURE_CODE_SIGNING_NAME }} -c ${{ secrets.AZURE_CERT_PROFILE_NAME }} %1
run: |
cd packages/hoppscotch-agent
cat './src-tauri/tauri.portable.conf.json' | jq '.bundle .windows += { "signCommand": env.WINDOWS_SIGN_COMMAND}' > './src-tauri/temp_portable.json' && mv './src-tauri/temp_portable.json' './src-tauri/tauri.portable.conf.json'
- name: Cache Rust dependencies
uses: actions/cache@v4
with:
path: |
~/.cargo/registry
~/.cargo/git
target
key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
- name: Install dependencies
timeout-minutes: 15
shell: bash
run: |
cd packages/hoppscotch-agent
pnpm install --filter hoppscotch-agent
- name: Build Tauri app
timeout-minutes: 30
shell: powershell
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
TAURI_SIGNING_PRIVATE_KEY: ${{ secrets.AGENT_TAURI_SIGNING_PRIVATE_KEY }}
TAURI_SIGNING_PRIVATE_KEY_PASSWORD: ${{ secrets.AGENT_TAURI_SIGNING_PASSWORD }}
AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }}
run: |
cd packages/hoppscotch-agent
pnpm tauri build --verbose --config src-tauri/tauri.portable.conf.json -- --no-default-features --features portable
- name: Sign portable executable
shell: powershell
env:
AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }}
run: |
cd packages/hoppscotch-agent
trusted-signing-cli -e ${{ secrets.AZURE_ENDPOINT }} -a ${{ secrets.AZURE_CODE_SIGNING_NAME }} -c ${{ secrets.AZURE_CERT_PROFILE_NAME }} "src-tauri/target/release/hoppscotch-agent.exe"
- name: Zip portable executable
shell: powershell
run: |
Compress-Archive -Path "packages/hoppscotch-agent/src-tauri/target/release/hoppscotch-agent.exe" -DestinationPath "packages/hoppscotch-agent/src-tauri/target/release/Hoppscotch_Agent_win_x64_portable.zip"
- name: Prepare artifacts
shell: bash
run: |
mkdir -p artifacts/{sigs,shas}
mv packages/hoppscotch-agent/src-tauri/target/release/Hoppscotch_Agent_win_x64_portable.zip artifacts/Hoppscotch_Agent_win_x64_portable.zip
- name: Generate checksums
shell: powershell
run: |
cd artifacts
Get-ChildItem -File | ForEach-Object {
$hash = Get-FileHash -Algorithm SHA256 $_.Name
$hash.Hash + " " + $_.Name | Out-File -Encoding UTF8 "shas/$($_.Name).sha256"
}
- name: Upload artifacts
uses: actions/upload-artifact@v4
with:
name: Hoppscotch_Agent-windows-portable
path: artifacts/*
create-update-manifest:
name: Create Update Manifest
needs: [build-macos-x86_64, build-macos-aarch64, build-linux-deb, build-linux-appimage, build-windows-installer, build-windows-portable]
runs-on: ubuntu-latest
if: ${{ inputs.build_macos_x64 && inputs.build_macos_arm64 && inputs.build_linux_appimage && inputs.build_windows_installer }}
steps:
- name: Download all artifacts
uses: actions/download-artifact@v4
with:
path: artifacts
- name: List downloaded artifacts
run: find artifacts -type f | sort
- name: Create update manifest
run: |
VERSION="${{ inputs.version }}"
CURRENT_DATE=$(date -u +"%Y-%m-%dT%H:%M:%S.%3NZ")
cat > artifacts/hoppscotch-agent-update.json << EOF
{
"version": "${VERSION}",
"notes": "${{ inputs.release_notes }}",
"pub_date": "${CURRENT_DATE}",
"platforms": {
"darwin-x86_64": {
"signature": "$(cat artifacts/Hoppscotch_Agent-macos-x86_64/sigs/Hoppscotch_Agent_mac_update_x64.tar.gz.sig)",
"url": "https://github.com/hoppscotch/agent-releases/releases/download/${VERSION}/Hoppscotch_Agent_mac_update_x64.tar.gz"
},
"darwin-aarch64": {
"signature": "$(cat artifacts/Hoppscotch_Agent-macos-arm64/sigs/Hoppscotch_Agent_mac_update_aarch64.tar.gz.sig)",
"url": "https://github.com/hoppscotch/agent-releases/releases/download/${VERSION}/Hoppscotch_Agent_mac_update_aarch64.tar.gz"
},
"linux-x86_64": {
"signature": "$(cat artifacts/Hoppscotch_Agent-linux-appimage/sigs/Hoppscotch_Agent_linux_x64.AppImage.sig)",
"url": "https://github.com/hoppscotch/agent-releases/releases/download/${VERSION}/Hoppscotch_Agent_linux_x64.AppImage"
},
"windows-x86_64": {
"signature": "$(cat artifacts/Hoppscotch_Agent-windows-installer/sigs/Hoppscotch_Agent_win_x64.msi.sig)",
"url": "https://github.com/hoppscotch/agent-releases/releases/download/${VERSION}/Hoppscotch_Agent_win_x64.msi"
}
}
}
EOF
- name: Upload manifest
uses: actions/upload-artifact@v4
with:
name: update-manifest
path: artifacts/hoppscotch-agent-update.json
build-hoppscotch-desktop .github/workflows/build-hoppscotch-desktop.yml
View raw YAML
name: Build Desktop Self Host - AIO
on:
workflow_dispatch:
inputs:
version:
description: Tag of the version to build
required: true
repository:
description: Repository to checkout
required: false
default: "hoppscotch/hoppscotch"
branch:
description: Branch to checkout
required: true
default: "main"
tag:
description: Tag to checkout (takes precedence over branch if provided)
required: false
default: ""
release_notes:
description: Release notes for the update
required: false
default: "PLACEHOLDER RELEASE NOTES"
disable_signing:
description: Disable executable signing
required: false
type: boolean
default: false
build_linux:
description: Build for Linux
type: boolean
required: false
default: true
build_windows:
description: Build for Windows
type: boolean
required: false
default: true
build_macos_x64:
description: Build for macOS x64
type: boolean
required: false
default: true
build_macos_arm64:
description: Build for macOS ARM64
type: boolean
required: false
default: true
env:
CARGO_TERM_COLOR: always
WORKSPACE_PATH: ${{ github.workspace }}
WEB_PATH: ${{ github.workspace }}/packages/hoppscotch-selfhost-web
DESKTOP_PATH: ${{ github.workspace }}/packages/hoppscotch-desktop
BUNDLER_PATH: ${{ github.workspace }}/packages/hoppscotch-desktop/crates/webapp-bundler
jobs:
build-linux:
runs-on: ubuntu-24.04
if: ${{ inputs.build_linux }}
steps:
- uses: actions/checkout@v3
with:
repository: ${{ inputs.repository }}
ref: ${{ inputs.tag != '' && inputs.tag || inputs.branch }}
token: ${{ secrets.HOPPSCOTCH_GITHUB_CHECKOUT_TOKEN }}
- uses: actions/setup-node@v3
with:
node-version: 20
- uses: pnpm/action-setup@v4
with:
version: 10.18.3
- uses: actions-rs/toolchain@v1
with:
toolchain: nightly
override: true
- name: Install additional tools
run: |
curl -LO "https://github.com/tauri-apps/tauri/releases/download/tauri-cli-v2.2.0/cargo-tauri-x86_64-unknown-linux-gnu.tgz"
tar -xzf cargo-tauri-x86_64-unknown-linux-gnu.tgz
chmod +x cargo-tauri
sudo mv cargo-tauri /usr/local/bin/tauri
- name: Install system dependencies
run: |
sudo apt update;
sudo apt install -y \
build-essential \
curl \
wget \
file \
libssl-dev \
libgtk-3-dev \
libappindicator3-dev \
librsvg2-dev;
sudo apt install -y \
libwebkit2gtk-4.1-0=2.44.0-2 \
libwebkit2gtk-4.1-dev=2.44.0-2 \
libjavascriptcoregtk-4.1-0=2.44.0-2 \
libjavascriptcoregtk-4.1-dev=2.44.0-2 \
gir1.2-javascriptcoregtk-4.1=2.44.0-2 \
gir1.2-webkit2-4.1=2.44.0-2;
- uses: actions/cache@v4
with:
path: |
~/.cargo/registry
~/.cargo/git
target
key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
- name: Setup environment
run: |
if [ ! -z "${{ secrets.ENV_FILE_CONTENT }}" ]; then
echo "${{ secrets.ENV_FILE_CONTENT }}" > ${{ env.WORKSPACE_PATH }}/.env
echo "Created .env file from repository secret"
elif [ -f "${{ env.WORKSPACE_PATH }}/.env" ]; then
echo "Using existing .env file found in repository"
else
cp ${{ env.WORKSPACE_PATH }}/.env.example ${{ env.WORKSPACE_PATH }}/.env
echo "No .env found, copied from .env.example template"
fi
pnpm install --dir ${{ env.DESKTOP_PATH }}
- name: Build web app
run: |
pnpm install --dir ${{ env.WEB_PATH }}
pnpm --dir ${{ env.WEB_PATH }} generate
- name: Build and run webapp-bundler
run: |
cargo build --release --manifest-path ${{ env.BUNDLER_PATH }}/Cargo.toml
${{ env.BUNDLER_PATH }}/target/release/webapp-bundler \
--input ${{ env.WEB_PATH }}/dist \
--output ${{ env.DESKTOP_PATH }}/bundle.zip \
--manifest ${{ env.DESKTOP_PATH }}/manifest.json
- name: Build AppImage
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
TAURI_SIGNING_PRIVATE_KEY: ${{ secrets.TAURI_PRIVATE_KEY }}
TAURI_SIGNING_PRIVATE_KEY_PASSWORD: ${{ secrets.TAURI_KEY_PASSWORD }}
RUST_LOG: debug
run: pnpm --dir ${{ env.DESKTOP_PATH }} tauri build --verbose -b appimage -b updater
- name: Build DEB
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
TAURI_SIGNING_PRIVATE_KEY: ${{ secrets.TAURI_PRIVATE_KEY }}
TAURI_SIGNING_PRIVATE_KEY_PASSWORD: ${{ secrets.TAURI_KEY_PASSWORD }}
RUST_LOG: debug
run: pnpm --dir ${{ env.DESKTOP_PATH }} tauri build --verbose -b deb -b updater
- name: Prepare artifacts
run: |
ls -lahR ${{ env.DESKTOP_PATH }}/src-tauri/target/release/bundle/
mkdir -p dist
cp ${{ env.DESKTOP_PATH }}/src-tauri/target/release/bundle/appimage/*.AppImage dist/Hoppscotch_SelfHost_linux_x64.AppImage
cp ${{ env.DESKTOP_PATH }}/src-tauri/target/release/bundle/appimage/*.AppImage.sig dist/Hoppscotch_SelfHost_linux_x64.AppImage.sig
cp ${{ env.DESKTOP_PATH }}/src-tauri/target/release/bundle/deb/*.deb dist/Hoppscotch_SelfHost_linux_x64.deb
- name: Upload artifacts
uses: actions/upload-artifact@v4
with:
name: selfhost-desktop-linux
path: dist/*
build-windows:
runs-on: windows-latest
if: ${{ inputs.build_windows }}
steps:
- uses: actions/checkout@v3
with:
repository: ${{ inputs.repository }}
ref: ${{ inputs.tag != '' && inputs.tag || inputs.branch }}
token: ${{ secrets.HOPPSCOTCH_GITHUB_CHECKOUT_TOKEN }}
- name: Set Perl environment variables
shell: pwsh
run: |
echo "PERL=$((where.exe perl)[0])" | Out-File -FilePath $env:GITHUB_ENV -Append -Encoding utf8
echo "OPENSSL_SRC_PERL=$((where.exe perl)[0])" | Out-File -FilePath $env:GITHUB_ENV -Append -Encoding utf8
- uses: actions/setup-node@v3
with:
node-version: 20
- uses: pnpm/action-setup@v4
with:
version: 10.18.3
- uses: actions-rs/toolchain@v1
with:
toolchain: nightly
override: true
- name: Download trusted-signing-cli
if: ${{ inputs.disable_signing != true }}
shell: pwsh
run: |
$ProgressPreference = 'SilentlyContinue'
Invoke-WebRequest -Uri "https://github.com/Levminer/trusted-signing-cli/releases/download/0.8.0/trusted-signing-cli.exe" -OutFile "trusted-signing-cli.exe"
Move-Item -Path "trusted-signing-cli.exe" -Destination "$env:GITHUB_WORKSPACE\trusted-signing-cli.exe"
echo "$env:GITHUB_WORKSPACE" | Out-File -FilePath $env:GITHUB_PATH -Append -Encoding utf8
- name: Setting up Windows Signing Environment
if: ${{ inputs.disable_signing != true }}
timeout-minutes: 20
shell: bash
env:
WINDOWS_SIGN_COMMAND: trusted-signing-cli -e ${{ secrets.AZURE_ENDPOINT }} -a ${{ secrets.AZURE_CODE_SIGNING_NAME }} -c ${{ secrets.AZURE_CERT_PROFILE_NAME }} %1
run: |
cat "${{ env.DESKTOP_PATH }}/src-tauri/tauri.conf.json" | jq '.bundle .windows += { "signCommand": env.WINDOWS_SIGN_COMMAND}' > "${{ env.DESKTOP_PATH }}/src-tauri/temp.json" && mv "${{ env.DESKTOP_PATH }}/src-tauri/temp.json" "${{ env.DESKTOP_PATH }}/src-tauri/tauri.conf.json"
- uses: actions/cache@v4
with:
path: |
~/.cargo/registry
~/.cargo/git
target
key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
- name: Setup environment
shell: pwsh
run: |
if ("${{ secrets.ENV_FILE_CONTENT }}" -ne "") {
"${{ secrets.ENV_FILE_CONTENT }}" | Out-File -FilePath ${{ env.WORKSPACE_PATH }}\.env -Encoding utf8
Write-Host "Created .env file from repository secret"
} elseif (Test-Path -Path "${{ env.WORKSPACE_PATH }}\.env") {
Write-Host "Using existing .env file found in repository"
} else {
Copy-Item ${{ env.WORKSPACE_PATH }}\.env.example ${{ env.WORKSPACE_PATH }}\.env
Write-Host "No .env found, copied from .env.example template"
}
pnpm install -f --shamefully-hoist --ignore-scripts
pnpm --filter hoppscotch-backend exec prisma generate
pnpm install -f --shamefully-hoist --dir ${{ env.DESKTOP_PATH }}
- name: Build web app
shell: pwsh
run: |
pnpm install --dir ${{ env.WEB_PATH }}
pnpm --dir ${{ env.WEB_PATH }} generate
- name: Build and run webapp-bundler
shell: pwsh
run: |
cargo build --release --manifest-path ${{ env.BUNDLER_PATH }}\Cargo.toml
${{ env.BUNDLER_PATH }}\target\release\webapp-bundler.exe `
--input ${{ env.WEB_PATH }}\dist `
--output ${{ env.DESKTOP_PATH }}\bundle.zip `
--manifest ${{ env.DESKTOP_PATH }}\manifest.json
- name: Build Tauri app with Azure signing
if: ${{ inputs.disable_signing != true }}
shell: powershell
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
TAURI_SIGNING_PRIVATE_KEY: ${{ secrets.TAURI_PRIVATE_KEY }}
TAURI_SIGNING_PRIVATE_KEY_PASSWORD: ${{ secrets.TAURI_KEY_PASSWORD }}
AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }}
RUST_LOG: debug
run: pnpm --dir ${{ env.DESKTOP_PATH }} tauri build --verbose -b msi -b updater
- name: Build Tauri app without Azure signing
if: ${{ inputs.disable_signing == true }}
shell: powershell
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
TAURI_SIGNING_PRIVATE_KEY: ${{ secrets.TAURI_PRIVATE_KEY }}
TAURI_SIGNING_PRIVATE_KEY_PASSWORD: ${{ secrets.TAURI_KEY_PASSWORD }}
RUST_LOG: debug
run: pnpm --dir ${{ env.DESKTOP_PATH }} tauri build --verbose -b msi -b updater
- name: Prepare artifacts
shell: pwsh
run: |
Get-ChildItem -Recurse ${{ env.DESKTOP_PATH }}\src-tauri\target\release\bundle
mkdir dist
Copy-Item ${{ env.DESKTOP_PATH }}\src-tauri\target\release\bundle\msi\*_x64_en-US.msi dist\Hoppscotch_SelfHost_win_x64.msi
Copy-Item ${{ env.DESKTOP_PATH }}\src-tauri\target\release\bundle\msi\*_x64_en-US.msi.sig dist\Hoppscotch_SelfHost_win_x64.msi.sig
- name: Upload artifacts
uses: actions/upload-artifact@v4
with:
name: selfhost-desktop-windows
path: dist/*
build-macos-x64:
runs-on: macos-latest
if: ${{ inputs.build_macos_x64 }}
steps:
- uses: actions/checkout@v3
with:
repository: ${{ inputs.repository }}
ref: ${{ inputs.tag != '' && inputs.tag || inputs.branch }}
token: ${{ secrets.HOPPSCOTCH_GITHUB_CHECKOUT_TOKEN }}
- uses: actions/setup-node@v3
with:
node-version: 20
- uses: pnpm/action-setup@v4
with:
version: 10.18.3
- uses: actions-rs/toolchain@v1
with:
toolchain: nightly
override: true
- name: Install Rust target
run: rustup target add x86_64-apple-darwin
- name: Install additional tools
run: |
mkdir __dist/
cd __dist/
curl -LO "https://github.com/tauri-apps/tauri/releases/download/tauri-cli-v2.2.0/cargo-tauri-x86_64-apple-darwin.zip"
unzip cargo-tauri-x86_64-apple-darwin.zip
chmod +x cargo-tauri
sudo mv cargo-tauri /usr/local/bin/tauri
- uses: apple-actions/import-codesign-certs@v3
if: ${{ inputs.disable_signing != true }}
with:
p12-file-base64: ${{ secrets.HOPPSCOTCH_APPLE_CERTIFICATE }}
p12-password: ${{ secrets.HOPPSCOTCH_APPLE_CERTIFICATE_PASSWORD }}
keychain-password: ${{ secrets.KEYCHAIN_PASSWORD }}
- uses: actions/cache@v4
with:
path: |
~/.cargo/registry
~/.cargo/git
target
key: ${{ runner.os }}-cargo-x86_64-${{ hashFiles('**/Cargo.lock') }}
- name: Setup environment
run: |
if [ ! -z "${{ secrets.ENV_FILE_CONTENT }}" ]; then
echo "${{ secrets.ENV_FILE_CONTENT }}" > ${{ env.WORKSPACE_PATH }}/.env
echo "Created .env file from repository secret"
elif [ -f "${{ env.WORKSPACE_PATH }}/.env" ]; then
echo "Using existing .env file found in repository"
else
cp ${{ env.WORKSPACE_PATH }}/.env.example ${{ env.WORKSPACE_PATH }}/.env
echo "No .env found, copied from .env.example template"
fi
pnpm install --dir ${{ env.DESKTOP_PATH }}
- name: Build web app
run: |
pnpm install --dir ${{ env.WEB_PATH }}
pnpm --dir ${{ env.WEB_PATH }} generate
- name: Build and run webapp-bundler
run: |
cargo build --release --manifest-path ${{ env.BUNDLER_PATH }}/Cargo.toml
${{ env.BUNDLER_PATH }}/target/release/webapp-bundler \
--input ${{ env.WEB_PATH }}/dist \
--output ${{ env.DESKTOP_PATH }}/bundle.zip \
--manifest ${{ env.DESKTOP_PATH }}/manifest.json
- name: Build Tauri app with Apple signing
if: ${{ inputs.disable_signing != true }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
TAURI_SIGNING_PRIVATE_KEY: ${{ secrets.TAURI_PRIVATE_KEY }}
TAURI_SIGNING_PRIVATE_KEY_PASSWORD: ${{ secrets.TAURI_KEY_PASSWORD }}
APPLE_ID: ${{ secrets.HOPPSCOTCH_APPLE_ID }}
APPLE_PASSWORD: ${{ secrets.HOPPSCOTCH_APPLE_PASSWORD }}
APPLE_TEAM_ID: ${{ secrets.HOPPSCOTCH_APPLE_TEAM_ID }}
APPLE_SIGNING_IDENTITY: ${{ secrets.HOPPSCOTCH_APPLE_SIGNING_IDENTITY }}
RUST_LOG: debug
run: pnpm --dir ${{ env.DESKTOP_PATH }} tauri build --verbose --target x86_64-apple-darwin
- name: Build Tauri app without Apple signing
if: ${{ inputs.disable_signing == true }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
TAURI_SIGNING_PRIVATE_KEY: ${{ secrets.TAURI_PRIVATE_KEY }}
TAURI_SIGNING_PRIVATE_KEY_PASSWORD: ${{ secrets.TAURI_KEY_PASSWORD }}
RUST_LOG: debug
run: pnpm --dir ${{ env.DESKTOP_PATH }} tauri build --verbose --target x86_64-apple-darwin
- name: Prepare artifacts
run: |
ls -lahR ${{ env.DESKTOP_PATH }}/src-tauri/target/x86_64-apple-darwin/release/bundle/
mkdir -p dist
cp ${{ env.DESKTOP_PATH }}/src-tauri/target/x86_64-apple-darwin/release/bundle/dmg/*.dmg dist/Hoppscotch_SelfHost_mac_x64.dmg
cp ${{ env.DESKTOP_PATH }}/src-tauri/target/x86_64-apple-darwin/release/bundle/macos/Hoppscotch.app.tar.gz dist/Hoppscotch_SelfHost_mac_x64.tar.gz
cp ${{ env.DESKTOP_PATH }}/src-tauri/target/x86_64-apple-darwin/release/bundle/macos/Hoppscotch.app.tar.gz.sig dist/Hoppscotch_SelfHost_mac_x64.tar.gz.sig
- name: Upload artifacts
uses: actions/upload-artifact@v4
with:
name: selfhost-desktop-macos-x64
path: dist/*
build-macos-arm64:
runs-on: macos-latest
if: ${{ inputs.build_macos_arm64 }}
steps:
- uses: actions/checkout@v3
with:
repository: ${{ inputs.repository }}
ref: ${{ inputs.tag != '' && inputs.tag || inputs.branch }}
token: ${{ secrets.HOPPSCOTCH_GITHUB_CHECKOUT_TOKEN }}
- uses: actions/setup-node@v3
with:
node-version: 20
- uses: pnpm/action-setup@v4
with:
version: 10.18.3
- uses: actions-rs/toolchain@v1
with:
toolchain: nightly
override: true
- name: Install Rust target
run: rustup target add aarch64-apple-darwin
- name: Install additional tools
run: |
mkdir __dist/
cd __dist/
curl -LO "https://github.com/tauri-apps/tauri/releases/download/tauri-cli-v2.2.0/cargo-tauri-aarch64-apple-darwin.zip"
unzip cargo-tauri-aarch64-apple-darwin.zip
chmod +x cargo-tauri
sudo mv cargo-tauri /usr/local/bin/tauri
- uses: apple-actions/import-codesign-certs@v3
if: ${{ inputs.disable_signing != true }}
with:
p12-file-base64: ${{ secrets.HOPPSCOTCH_APPLE_CERTIFICATE }}
p12-password: ${{ secrets.HOPPSCOTCH_APPLE_CERTIFICATE_PASSWORD }}
keychain-password: ${{ secrets.KEYCHAIN_PASSWORD }}
- uses: actions/cache@v4
with:
path: |
~/.cargo/registry
~/.cargo/git
target
key: ${{ runner.os }}-cargo-aarch64-${{ hashFiles('**/Cargo.lock') }}
- name: Setup environment
run: |
if [ ! -z "${{ secrets.ENV_FILE_CONTENT }}" ]; then
echo "${{ secrets.ENV_FILE_CONTENT }}" > ${{ env.WORKSPACE_PATH }}/.env
echo "Created .env file from repository secret"
elif [ -f "${{ env.WORKSPACE_PATH }}/.env" ]; then
echo "Using existing .env file found in repository"
else
cp ${{ env.WORKSPACE_PATH }}/.env.example ${{ env.WORKSPACE_PATH }}/.env
echo "No .env found, copied from .env.example template"
fi
pnpm install --dir ${{ env.DESKTOP_PATH }}
- name: Build web app
run: |
pnpm install --dir ${{ env.WEB_PATH }}
pnpm --dir ${{ env.WEB_PATH }} generate
- name: Build and run webapp-bundler
run: |
cargo build --release --manifest-path ${{ env.BUNDLER_PATH }}/Cargo.toml
${{ env.BUNDLER_PATH }}/target/release/webapp-bundler \
--input ${{ env.WEB_PATH }}/dist \
--output ${{ env.DESKTOP_PATH }}/bundle.zip \
--manifest ${{ env.DESKTOP_PATH }}/manifest.json
- name: Build Tauri app with Apple signing
if: ${{ inputs.disable_signing != true }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
TAURI_SIGNING_PRIVATE_KEY: ${{ secrets.TAURI_PRIVATE_KEY }}
TAURI_SIGNING_PRIVATE_KEY_PASSWORD: ${{ secrets.TAURI_KEY_PASSWORD }}
APPLE_ID: ${{ secrets.HOPPSCOTCH_APPLE_ID }}
APPLE_PASSWORD: ${{ secrets.HOPPSCOTCH_APPLE_PASSWORD }}
APPLE_TEAM_ID: ${{ secrets.HOPPSCOTCH_APPLE_TEAM_ID }}
APPLE_SIGNING_IDENTITY: ${{ secrets.HOPPSCOTCH_APPLE_SIGNING_IDENTITY }}
RUST_LOG: debug
run: pnpm --dir ${{ env.DESKTOP_PATH }} tauri build --verbose --target aarch64-apple-darwin
- name: Build Tauri app without Apple signing
if: ${{ inputs.disable_signing == true }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
TAURI_SIGNING_PRIVATE_KEY: ${{ secrets.TAURI_PRIVATE_KEY }}
TAURI_SIGNING_PRIVATE_KEY_PASSWORD: ${{ secrets.TAURI_KEY_PASSWORD }}
RUST_LOG: debug
run: pnpm --dir ${{ env.DESKTOP_PATH }} tauri build --verbose --target aarch64-apple-darwin
- name: Prepare artifacts
run: |
ls -lahR ${{ env.DESKTOP_PATH }}/src-tauri/target/aarch64-apple-darwin/release/bundle/
mkdir -p dist
cp ${{ env.DESKTOP_PATH }}/src-tauri/target/aarch64-apple-darwin/release/bundle/dmg/*.dmg dist/Hoppscotch_SelfHost_mac_aarch64.dmg
cp ${{ env.DESKTOP_PATH }}/src-tauri/target/aarch64-apple-darwin/release/bundle/macos/Hoppscotch.app.tar.gz dist/Hoppscotch_SelfHost_mac_aarch64.tar.gz
cp ${{ env.DESKTOP_PATH }}/src-tauri/target/aarch64-apple-darwin/release/bundle/macos/Hoppscotch.app.tar.gz.sig dist/Hoppscotch_SelfHost_mac_aarch64.tar.gz.sig
- name: Upload artifacts
uses: actions/upload-artifact@v4
with:
name: selfhost-desktop-macos-aarch64
path: dist/*
create-update-manifest:
needs: [build-linux, build-windows, build-macos-x64, build-macos-arm64]
runs-on: ubuntu-latest
if: ${{ inputs.build_linux && inputs.build_windows && inputs.build_macos_x64 && inputs.build_macos_arm64 }}
steps:
- name: Download all artifacts
uses: actions/download-artifact@v4
with:
path: artifacts
- name: Create update manifest
run: |
VERSION="${{ inputs.version }}"
CURRENT_DATE=$(date -u +"%Y-%m-%dT%H:%M:%S.%3NZ")
cat > artifacts/hoppscotch-selfhost-desktop.json << EOF
{
"version": "${VERSION}",
"notes": "${{ inputs.release_notes }}",
"pub_date": "${CURRENT_DATE}",
"platforms": {
"linux-x86_64": {
"signature": "$(cat artifacts/selfhost-desktop-linux/Hoppscotch_SelfHost_linux_x64.AppImage.sig)",
"url": "https://github.com/hoppscotch/releases/releases/download/${VERSION}/Hoppscotch_SelfHost_linux_x64.AppImage"
},
"windows-x86_64": {
"signature": "$(cat artifacts/selfhost-desktop-windows/Hoppscotch_SelfHost_win_x64.msi.sig)",
"url": "https://github.com/hoppscotch/releases/releases/download/${VERSION}/Hoppscotch_SelfHost_win_x64.msi"
},
"darwin-x86_64": {
"signature": "$(cat artifacts/selfhost-desktop-macos-x64/Hoppscotch_SelfHost_mac_x64.tar.gz.sig)",
"url": "https://github.com/hoppscotch/releases/releases/download/${VERSION}/Hoppscotch_SelfHost_mac_x64.tar.gz"
},
"darwin-aarch64": {
"signature": "$(cat artifacts/selfhost-desktop-macos-aarch64/Hoppscotch_SelfHost_mac_aarch64.tar.gz.sig)",
"url": "https://github.com/hoppscotch/releases/releases/download/${VERSION}/Hoppscotch_SelfHost_mac_aarch64.tar.gz"
}
}
}
EOF
- name: Upload manifest
uses: actions/upload-artifact@v4
with:
name: selfhost-desktop-update-manifest
path: artifacts/hoppscotch-selfhost-desktop.json
codeql-analysis security .github/workflows/codeql-analysis.yml
View raw YAML
name: "CodeQL analysis"
on:
push:
branches: [main]
pull_request:
branches: [main]
schedule:
# ┌───────────── minute (0 - 59)
# │ ┌───────────── hour (0 - 23)
# │ │ ┌───────────── day of the month (1 - 31)
# │ │ │ ┌───────────── month (1 - 12 or JAN-DEC)
# │ │ │ │ ┌───────────── day of the week (0 - 6 or SUN-SAT)
# │ │ │ │ │
# │ │ │ │ │
# │ │ │ │ │
# * * * * *
- cron: '30 1 * * 0'
jobs:
analyze:
name: Analyze
# CodeQL runs on ubuntu-latest, windows-latest, and macos-latest
runs-on: ubuntu-latest
permissions:
# required for all workflows
security-events: write
# only required for workflows in private repositories
actions: read
contents: read
steps:
- name: Checkout
uses: actions/checkout@v4
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v2
with:
# Run extended queries including queries using machine learning
queries: security-extended
languages: ${{ matrix.language }}
# Autobuild attempts to build any compiled languages (C/C++, C#, Go, or Java).
# If this step fails, then you should remove it and run the build manually (see below).
- name: Autobuild
uses: github/codeql-action/autobuild@v2
# ℹ️ Command-line programs to run using the OS shell.
# 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
# ✏️ If the Autobuild fails above, remove it and uncomment the following
# three lines and modify them (or add more) to build your code if your
# project uses a compiled language
#- run: |
# make bootstrap
# make release
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2
release-push-docker matrix .github/workflows/release-push-docker.yml
View raw YAML
name: "Push containers to Docker Hub on release"
on:
push:
tags:
- '*.*.*'
workflow_dispatch:
inputs:
# NO INPUTS
jobs:
build:
strategy:
matrix:
platform: [
{ platform: linux/amd64, cache: docker-release-amd64, artifactSuffix: amd64 },
{ platform: linux/arm64, cache: docker-release-arm64, artifactSuffix: arm64 },
]
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup environment
run: cp .env.example .env
- name: Setup QEMU
uses: docker/setup-qemu-action@v3
- name: Setup Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Log in to Docker Hub
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Build and push the backend container by digest
id: backend-build
uses: docker/build-push-action@v4
with:
context: .
file: ./prod.Dockerfile
target: backend
cache-from: type=gha,timeout=200m,scope=${{ matrix.platform.cache }}
cache-to: type=gha,mode=max,timeout=200m,scope=${{ matrix.platform.cache }}
platforms: |
${{ matrix.platform.platform }}
tags: |
${{ secrets.DOCKER_ORG_NAME }}/${{ secrets.DOCKER_BACKEND_CONTAINER_NAME }}
outputs: type=image,push-by-digest=true,name-canonical=true,push=true
- name: Build and push the frontend container by digest
id: frontend-build
uses: docker/build-push-action@v4
with:
context: .
file: ./prod.Dockerfile
target: app
cache-from: type=gha,timeout=200m,scope=${{ matrix.platform.cache }}
cache-to: type=gha,mode=max,timeout=200m,scope=${{ matrix.platform.cache }}
platforms: |
${{ matrix.platform.platform }}
tags: |
${{ secrets.DOCKER_ORG_NAME }}/${{ secrets.DOCKER_FRONTEND_CONTAINER_NAME }}
outputs: type=image,push-by-digest=true,name-canonical=true,push=true
- name: Build and push the admin dashboard container by digest
id: sh_admin-build
uses: docker/build-push-action@v4
with:
context: .
file: ./prod.Dockerfile
target: sh_admin
cache-from: type=gha,timeout=200m,scope=${{ matrix.platform.cache }}
cache-to: type=gha,mode=max,timeout=200m,scope=${{ matrix.platform.cache }}
platforms: |
${{ matrix.platform.platform }}
tags: |
${{ secrets.DOCKER_ORG_NAME }}/${{ secrets.DOCKER_SH_ADMIN_CONTAINER_NAME }}
outputs: type=image,push-by-digest=true,name-canonical=true,push=true
- name: Build and push the AIO container by digest
id: aio-build
uses: docker/build-push-action@v4
with:
context: .
file: ./prod.Dockerfile
target: aio
cache-from: type=gha,timeout=200m,scope=${{ matrix.platform.cache }}
cache-to: type=gha,mode=max,timeout=200m,scope=${{ matrix.platform.cache }}
platforms: |
${{ matrix.platform.platform }}
tags: |
${{ secrets.DOCKER_ORG_NAME }}/${{ secrets.DOCKER_AIO_CONTAINER_NAME }}
outputs: type=image,push-by-digest=true,name-canonical=true,push=true
- name: Make digest files
run: |
backend_digest="${{ steps.backend-build.outputs.digest }}"
frontend_digest="${{ steps.frontend-build.outputs.digest }}"
sh_admin_digest="${{ steps.sh_admin-build.outputs.digest }}"
aio_digest="${{ steps.aio-build.outputs.digest }}"
mkdir -p digests/backend digests/frontend digests/sh_admin digests/aio
touch "digests/backend/${backend_digest#sha256:}"
touch "digests/frontend/${frontend_digest#sha256:}"
touch "digests/sh_admin/${sh_admin_digest#sha256:}"
touch "digests/aio/${aio_digest#sha256:}"
- name: Upload digests files as artifacts
uses: actions/upload-artifact@v4
with:
name: release-docker-build-digests-${{ github.ref_name }}-${{ matrix.platform.artifactSuffix }}
path: digests/*
if-no-files-found: error
retention-days: 1
assemble-and-push-to-docker-hub:
runs-on: ubuntu-latest
needs:
- build
steps:
- name: Download digests from artifacts
uses: actions/download-artifact@v4
with:
path: digests
pattern: release-docker-build-digests-${{ github.ref_name }}-*
merge-multiple: true
- name: Setup QEMU
uses: docker/setup-qemu-action@v3
- name: Setup Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Log in to Docker Hub
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: "[Backend] - Create manifest list and push"
working-directory: digests/backend
run: |
docker buildx imagetools create -t ${{ secrets.DOCKER_ORG_NAME }}/${{ secrets.DOCKER_BACKEND_CONTAINER_NAME }}:${{ github.ref_name }} \
$(printf '${{ secrets.DOCKER_ORG_NAME }}/${{ secrets.DOCKER_BACKEND_CONTAINER_NAME }}@sha256:%s ' *)
docker buildx imagetools create -t ${{ secrets.DOCKER_ORG_NAME }}/${{ secrets.DOCKER_BACKEND_CONTAINER_NAME }}:latest \
$(printf '${{ secrets.DOCKER_ORG_NAME }}/${{ secrets.DOCKER_BACKEND_CONTAINER_NAME }}@sha256:%s ' *)
- name: "[Frontend] - Create manifest list and push"
working-directory: digests/frontend
run: |
docker buildx imagetools create -t ${{ secrets.DOCKER_ORG_NAME }}/${{ secrets.DOCKER_FRONTEND_CONTAINER_NAME }}:${{ github.ref_name }} \
$(printf '${{ secrets.DOCKER_ORG_NAME }}/${{ secrets.DOCKER_FRONTEND_CONTAINER_NAME }}@sha256:%s ' *)
docker buildx imagetools create -t ${{ secrets.DOCKER_ORG_NAME }}/${{ secrets.DOCKER_FRONTEND_CONTAINER_NAME }}:latest \
$(printf '${{ secrets.DOCKER_ORG_NAME }}/${{ secrets.DOCKER_FRONTEND_CONTAINER_NAME }}@sha256:%s ' *)
- name: "[SH Admin] - Create manifest list and push"
working-directory: digests/sh_admin
run: |
docker buildx imagetools create -t ${{ secrets.DOCKER_ORG_NAME }}/${{ secrets.DOCKER_SH_ADMIN_CONTAINER_NAME }}:${{ github.ref_name }} \
$(printf '${{ secrets.DOCKER_ORG_NAME }}/${{ secrets.DOCKER_SH_ADMIN_CONTAINER_NAME }}@sha256:%s ' *)
docker buildx imagetools create -t ${{ secrets.DOCKER_ORG_NAME }}/${{ secrets.DOCKER_SH_ADMIN_CONTAINER_NAME }}:latest \
$(printf '${{ secrets.DOCKER_ORG_NAME }}/${{ secrets.DOCKER_SH_ADMIN_CONTAINER_NAME }}@sha256:%s ' *)
- name: "[AIO] - Create manifest list and push"
working-directory: digests/aio
run: |
docker buildx imagetools create -t ${{ secrets.DOCKER_ORG_NAME }}/${{ secrets.DOCKER_AIO_CONTAINER_NAME }}:${{ github.ref_name }} \
$(printf '${{ secrets.DOCKER_ORG_NAME }}/${{ secrets.DOCKER_AIO_CONTAINER_NAME }}@sha256:%s ' *)
docker buildx imagetools create -t ${{ secrets.DOCKER_ORG_NAME }}/${{ secrets.DOCKER_AIO_CONTAINER_NAME }}:latest \
$(printf '${{ secrets.DOCKER_ORG_NAME }}/${{ secrets.DOCKER_AIO_CONTAINER_NAME }}@sha256:%s ' *)
tests matrix .github/workflows/tests.yml
View raw YAML
name: Node.js CI
on:
push:
branches: [main, next, patch]
pull_request:
branches: [main, next, patch]
jobs:
test:
name: Test
runs-on: ubuntu-latest
strategy:
matrix:
# Pinned to Node.js 22 due to known test failures on Node.js 24.
# Future TODO: Investigate test failures and move to Node.js 24 (Active LTS).
node-version: [22]
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup environment
run: mv .env.example .env
- name: Setup node
uses: actions/setup-node@v4
with:
node-version: ${{ matrix.node-version }}
- name: Setup pnpm
uses: pnpm/action-setup@v3
with:
version: 10
run_install: false
- name: Install dependencies
run: pnpm install
env:
DATABASE_URL: postgresql://postgres:testpass@localhost:5432/hoppscotch
DATA_ENCRYPTION_KEY: "12345678901234567890123456789012"
- name: Run tests
run: pnpm test