refactor(ci): standardize Tauri signing key variable and update pubkey

- Update CI workflow to use TAURI_SIGNING_PRIVATE_KEY consistently - Simplify key handling logic and add password support - Update pubkey in tauri.conf.json to match new signing key
2025-09-09 22:26:37 +08:00
parent a95f974787
commit 74d4b42936
2 changed files with 10 additions and 8 deletions
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -87,13 +87,13 @@ jobs:
        shell: bash
        run: |
          # 调试：检查 Secret 是否存在
-          if [ -z "${{ secrets.TAURI_PRIVATE_KEY }}" ]; then
-            echo "❌ TAURI_PRIVATE_KEY Secret 为空或不存在" >&2
+          if [ -z "${{ secrets.TAURI_SIGNING_PRIVATE_KEY }}" ]; then
+            echo "❌ TAURI_SIGNING_PRIVATE_KEY Secret 为空或不存在" >&2
            echo "请检查 GitHub 仓库 Settings > Secrets and variables > Actions" >&2
            exit 1
          fi
          
-          RAW="${{ secrets.TAURI_PRIVATE_KEY }}"
+          RAW="${{ secrets.TAURI_SIGNING_PRIVATE_KEY }}"
          # 目标：提供正确的私钥“文件路径”给 Tauri CLI，避免内容解码歧义
          KEY_PATH="$RUNNER_TEMP/tauri_signing.key"
          # 情况 1：原始两行文本（第一行以 "untrusted comment:" 开头）
@@ -113,15 +113,17 @@ jobs:
                printf '%s\n%s\n' "untrusted comment: tauri signing key" "$ONE" > "$KEY_PATH"
                echo "✅ 使用一行 Base64 私钥，已构造两行文件"
              else
-                echo "❌ TAURI_PRIVATE_KEY 格式无法识别：既不是两行原文，也不是其 base64，亦非一行 base64" >&2
+                echo "❌ TAURI_SIGNING_PRIVATE_KEY 格式无法识别：既不是两行原文，也不是其 base64，亦非一行 base64" >&2
                echo "密钥前10个字符: $(echo "$RAW" | head -c 10)..." >&2
                exit 1
              fi
            fi
          fi
-          # 仅导出“路径”供 CLI 使用，避免误读为内容
-          echo "TAURI_PRIVATE_KEY_PATH=$KEY_PATH" >> $GITHUB_ENV
-          echo "TAURI_SIGNING_PRIVATE_KEY_PATH=$KEY_PATH" >> $GITHUB_ENV
+          # 仅导出“路径”供 CLI 使用（Tauri 支持“内容或路径”）
+          echo "TAURI_SIGNING_PRIVATE_KEY=$KEY_PATH" >> $GITHUB_ENV
+          if [ -n "${{ secrets.TAURI_SIGNING_PRIVATE_KEY_PASSWORD }}" ]; then
+            echo "TAURI_SIGNING_PRIVATE_KEY_PASSWORD=${{ secrets.TAURI_SIGNING_PRIVATE_KEY_PASSWORD }}" >> $GITHUB_ENV
+          fi
          echo "✅ Tauri signing key prepared"

      - name: Build Tauri App (macOS)
--- a/src-tauri/tauri.conf.json
+++ b/src-tauri/tauri.conf.json
@@ -42,7 +42,7 @@
  ,
  "plugins": {
    "updater": {
-      "pubkey": "RWQrfsDuoYVMiAZTIXmxysD1OTMhVzeirvQ2xU78mhvobMthsQaQyr3m",
+      "pubkey": "dW50cnVzdGVkIGNvbW1lbnQ6IG1pbmlzaWduIHB1YmxpYyBrZXk6IEM4MDI4QzlBNTczOTI4RTMKUldUaktEbFhtb3dDeUM5US9kT0FmdGR5Ti9vQzcwa2dTMlpibDVDUmQ2M0VGTzVOWnd0SGpFVlEK",
      "endpoints": [
        "https://github.com/jasonyoung/cc-switch/releases/latest/download/latest.json"
      ]