rds_ssm_connect 1.7.10 → 1.7.11

package/.github/workflows/release.yml

@@ -74,7 +74,6 @@ jobs:
           rm src-tauri/binaries/gui-adapter-bundle.cjs
 
       - name: Build Tauri app
-        id: tauri
         uses: tauri-apps/tauri-action@v0
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -89,35 +88,53 @@ jobs:
           includeUpdaterJson: false
           args: --target ${{ matrix.rust_target }}
 
-      - name: Save updater signature
+      - name: Sign updater artifact and save signature
         shell: bash
         env:
-          ARTIFACT_PATHS: ${{ steps.tauri.outputs.artifactPaths }}
+          TAURI_SIGNING_PRIVATE_KEY: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY }}
+          TAURI_SIGNING_PRIVATE_KEY_PASSWORD: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY_PASSWORD }}
         run: |
           mkdir -p sigs
-          echo "=== All artifact paths ==="
-          echo "$ARTIFACT_PATHS" | jq '.' 2>/dev/null || echo "$ARTIFACT_PATHS"
-          echo "=== Looking for .sig files ==="
-          SIG_PATH=$(echo "$ARTIFACT_PATHS" | jq -r '.[] | select(endswith(".sig"))' 2>/dev/null | head -1)
-          echo "Sig path from artifacts: ${SIG_PATH:-none}"
-          if [ -n "$SIG_PATH" ] && [ -f "$SIG_PATH" ]; then
-            cp "$SIG_PATH" "sigs/${{ matrix.rust_target }}.sig"
-            echo "Saved signature ($(wc -c < "sigs/${{ matrix.rust_target }}.sig") bytes)"
+          BUNDLE="src-tauri/target/${{ matrix.rust_target }}/release/bundle"
+
+          # Find the updater artifact — must match what generate-update-json.js URLs point to:
+          # macOS: .app.tar.gz, Linux: .AppImage, Windows: -setup.exe
+          UPDATER_FILE=""
+          for pattern in "$BUNDLE"/macos/*.app.tar.gz "$BUNDLE"/appimage/*.AppImage "$BUNDLE"/nsis/*-setup.exe; do
+            for f in $pattern; do
+              if [ -f "$f" ]; then
+                UPDATER_FILE="$f"
+                break 2
+              fi
+            done
+          done
+
+          if [ -z "$UPDATER_FILE" ]; then
+            echo "WARNING: No updater artifact found"
+            find "$BUNDLE" -type f 2>/dev/null | head -20
+            exit 0
+          fi
+
+          echo "Signing: $UPDATER_FILE"
+          npx tauri signer sign "$UPDATER_FILE" --private-key "$TAURI_SIGNING_PRIVATE_KEY" --password "$TAURI_SIGNING_PRIVATE_KEY_PASSWORD"
+
+          # The signer creates a .sig file alongside the original
+          SIG_FILE="${UPDATER_FILE}.sig"
+          if [ -f "$SIG_FILE" ]; then
+            cp "$SIG_FILE" "sigs/${{ matrix.rust_target }}.sig"
+            echo "Signature saved ($(wc -c < "$SIG_FILE") bytes)"
+            cat "$SIG_FILE"
           else
-            echo "=== Sig not found via artifactPaths, searching filesystem ==="
-            find "src-tauri/target/${{ matrix.rust_target }}/release/bundle" -name '*.sig' -type f 2>/dev/null || echo "No .sig files found"
-            echo "=== All bundle files ==="
-            find "src-tauri/target/${{ matrix.rust_target }}/release/bundle" -type f 2>/dev/null | head -30
+            echo "ERROR: .sig file not created at $SIG_FILE"
+            exit 1
           fi
-          echo "=== sigs/ contents ==="
-          ls -la sigs/
 
       - name: Upload signature artifact
         uses: actions/upload-artifact@v4
         with:
           name: sig-${{ matrix.rust_target }}
           path: sigs/
-          if-no-files-found: ignore
+          if-no-files-found: error
 
   # Generate update manifest after all builds complete
   update-manifest:
@@ -147,14 +164,16 @@ jobs:
       - name: Generate latest.json
         run: |
           echo "=== Downloaded signatures ==="
-          ls -la sigs/ 2>/dev/null || echo "No signatures found"
-          cat sigs/*.sig 2>/dev/null || echo "No .sig file contents"
+          ls -la sigs/
+          echo "=== Signature contents ==="
+          for f in sigs/*.sig; do echo "--- $f ---"; cat "$f"; done
           node scripts/generate-update-json.js ${{ steps.version.outputs.VERSION }} https://github.com/${{ github.repository }}/releases/download/v${{ steps.version.outputs.VERSION }} sigs
 
       - name: Upload latest.json to release
-        uses: softprops/action-gh-release@v1
-        with:
-          files: latest.json
-          tag_name: v${{ steps.version.outputs.VERSION }}
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          TAG="v${{ steps.version.outputs.VERSION }}"
+          echo "=== latest.json content ==="
+          cat latest.json
+          gh release upload "$TAG" latest.json --clobber

package/connect.js

@@ -10,7 +10,7 @@ import { promisify } from 'node:util'
 import { PROJECT_CONFIGS } from './envPortMapping.js'
 
 // Package info for version checking
-const packageJson = { name: 'rds_ssm_connect', version: '1.7.10' }
+const packageJson = { name: 'rds_ssm_connect', version: '1.7.11' }
 
 const execAsync = promisify(exec)
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "rds_ssm_connect",
-  "version": "1.7.10",
+  "version": "1.7.11",
   "type": "module",
   "repository": {
     "type": "git",

package/src-tauri/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "rds-ssm-connect"
-version = "1.7.10"
+version = "1.7.11"
 description = "Secure RDS connections through AWS SSM"
 authors = ["Iaroslav Pyrogov"]
 edition = "2024"

package/src-tauri/tauri.conf.json

@@ -1,7 +1,7 @@
 {
   "$schema": "https://schema.tauri.app/config/2",
   "productName": "RDS SSM Connect",
-  "version": "1.7.10",
+  "version": "1.7.11",
   "identifier": "com.rds-ssm-connect.desktop",
   "build": {
     "beforeDevCommand": "npm run dev:vite",