Files
goldenChart/scripts/publish-desktop-update.sh
T
Macbook eae4ccd4c6 fix: Mac desktop updater — v0.1.2 with signed pubkey; clearer errors
Rebuild dmg with real updater.pub. Improve check failure messages and
fix publish signing when TAURI_SIGNING_PRIVATE_KEY is set.

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-06-14 11:55:03 +09:00

98 lines
3.2 KiB
Bash
Executable File

#!/usr/bin/env bash
# GoldenChart Desktop — updater 서명 + latest.json + 웹 static 배포
set -euo pipefail
ROOT="$(cd "$(dirname "$0")/.." && pwd)"
ARTIFACT_DIR="${ARTIFACT_DIR:-$ROOT/dist-desktop}"
UPDATES_SRC="${UPDATES_SRC:-$ARTIFACT_DIR/updates}"
UPDATES_DIR="${UPDATES_DIR:-${WORK_TREE:-$ROOT}/frontend/public/desktop/updates}"
WEB_STATIC_DIR="${WEB_STATIC_DIR:-$UPDATES_DIR}"
BASE_URL="${DESKTOP_UPDATE_BASE_URL:-https://exdev.co.kr/desktop/updates}"
DESKTOP_RELEASE_DIR="${GC_DESKTOP_APP_RELEASE_DIR:-$ROOT/data/desktop-releases}"
KEY_PATH="${TAURI_SIGNER_KEY:-$HOME/.tauri/goldenchart.key}"
DESKTOP_DIR="$ROOT/desktop"
CONF="$DESKTOP_DIR/src-tauri/tauri.conf.json"
VERSION="$(node -p "require('$CONF').version")"
NOTES="${DESKTOP_RELEASE_NOTES:-GoldenChart Desktop $VERSION}"
BUILD_INFO="$ARTIFACT_DIR/build-info.json"
export PATH="/opt/homebrew/bin:/opt/homebrew/sbin:/usr/local/bin:${PATH:-/usr/bin:/bin}"
# shellcheck disable=SC1091
[[ -f "$HOME/.cargo/env" ]] && source "$HOME/.cargo/env"
log() { echo "[publish-desktop] $*"; }
log "=== Publish Desktop v$VERSION ==="
log "Updates src: $UPDATES_SRC"
log "Web static: $WEB_STATIC_DIR"
mkdir -p "$WEB_STATIC_DIR"
# 설치 파일(dist-desktop/*.dmg, *setup.exe) 복사 — nginx static + backend API 디렉터리
if [[ -d "$ARTIFACT_DIR" ]]; then
mkdir -p "$DESKTOP_RELEASE_DIR"
find "$ARTIFACT_DIR" -maxdepth 1 -type f \( -name '*.dmg' -o -name '*setup.exe' \) | while read -r f; do
cp -f "$f" "$WEB_STATIC_DIR/"
cp -f "$f" "$DESKTOP_RELEASE_DIR/"
log "Installer: $(basename "$f")"
done
fi
PUBLISH_UPDATES="$WEB_STATIC_DIR"
mkdir -p "$PUBLISH_UPDATES"
if [[ -d "$UPDATES_SRC" ]]; then
cp -f "$UPDATES_SRC"/* "$PUBLISH_UPDATES/" 2>/dev/null || true
fi
# updater 번들 서명
if [[ -f "$KEY_PATH" ]]; then
shopt -s nullglob
for bundle in "$PUBLISH_UPDATES"/*.tar.gz "$PUBLISH_UPDATES"/*.nsis.zip "$PUBLISH_UPDATES"/*.zip; do
[[ -f "$bundle" ]] || continue
[[ "$bundle" == *.sig ]] && continue
log "Signing $(basename "$bundle")"
unset TAURI_SIGNING_PRIVATE_KEY TAURI_SIGNING_PRIVATE_KEY_PASSWORD 2>/dev/null || true
(cd "$DESKTOP_DIR" && npx tauri signer sign -f "$KEY_PATH" -p "${TAURI_SIGNING_PRIVATE_KEY_PASSWORD-}" "$bundle")
done
shopt -u nullglob
else
log "[WARN] TAURI_SIGNER_KEY 없음 ($KEY_PATH) — updater 서명 생략"
log " ./scripts/setup-desktop-updater-keys.sh 실행 후 Jenkins Credential 등록"
fi
# build-info 복사
if [[ -f "$BUILD_INFO" ]]; then
cp -f "$BUILD_INFO" "$PUBLISH_UPDATES/build-info.json"
fi
# latest.json
set +e
node "$ROOT/scripts/generate-desktop-latest-json.mjs" \
--version "$VERSION" \
--dir "$PUBLISH_UPDATES" \
--base-url "$BASE_URL" \
--notes "$NOTES"
GEN_RC=$?
set -e
if [[ "$GEN_RC" -eq 2 ]]; then
log "[WARN] signed updater bundle 없음 — placeholder latest.json 작성"
cat > "$PUBLISH_UPDATES/latest.json" <<EOF
{
"version": "$VERSION",
"notes": "$NOTES",
"pub_date": "$(date -u +%Y-%m-%dT%H:%M:%SZ)",
"platforms": {}
}
EOF
elif [[ "$GEN_RC" -ne 0 ]]; then
exit "$GEN_RC"
fi
log "Published:"
ls -la "$PUBLISH_UPDATES"
log "nginx: /desktop/updates/ → frontend/public/desktop/updates (Docker rebuild 시 반영)"
log "Done."