Skip to main content

cargo_codesign/
ci.rs

1use crate::config::SignConfig;
2use std::fmt::Write;
3
4const WRAPPER_TEMPLATE: &str = include_str!("templates/github-actions-wrapper.yml");
5const MACOS_TEMPLATE: &str = include_str!("templates/github-actions-macos.yml");
6const WINDOWS_TEMPLATE: &str = include_str!("templates/github-actions-windows.yml");
7const LINUX_TEMPLATE: &str = include_str!("templates/github-actions-linux.yml");
8
9pub fn generate_workflow(config: &SignConfig) -> String {
10    let mut jobs = String::new();
11    jobs.push_str("jobs:\n");
12
13    if let Some(macos) = &config.macos {
14        let secrets = build_secrets_block(&collect_macos_env_vars(macos));
15        let job = MACOS_TEMPLATE.replace("{MACOS_SECRETS}", &secrets);
16        jobs.push_str(&job);
17        jobs.push('\n');
18    }
19
20    if let Some(windows) = &config.windows {
21        let secrets = build_secrets_block(&collect_windows_env_vars(windows));
22        let job = WINDOWS_TEMPLATE.replace("{WINDOWS_SECRETS}", &secrets);
23        jobs.push_str(&job);
24        jobs.push('\n');
25    }
26
27    if let Some(linux) = &config.linux {
28        let secrets = build_secrets_block(&collect_linux_env_vars(linux));
29        let job = LINUX_TEMPLATE.replace("{LINUX_SECRETS}", &secrets);
30        jobs.push_str(&job);
31        jobs.push('\n');
32    }
33
34    WRAPPER_TEMPLATE.replace("{JOBS}", jobs.trim_end())
35}
36
37fn build_secrets_block(env_vars: &[&str]) -> String {
38    let mut block = String::new();
39    for var in env_vars {
40        writeln!(block, "          {var}: ${{{{ secrets.{var} }}}}").unwrap();
41    }
42    block.trim_end().to_string()
43}
44
45fn collect_macos_env_vars(macos: &crate::config::MacosConfig) -> Vec<&str> {
46    let env = &macos.env;
47    let mut vars = Vec::new();
48    if let Some(v) = &env.certificate {
49        vars.push(v.as_str());
50    }
51    if let Some(v) = &env.certificate_password {
52        vars.push(v.as_str());
53    }
54    if let Some(v) = &env.notarization_key {
55        vars.push(v.as_str());
56    }
57    if let Some(v) = &env.notarization_key_id {
58        vars.push(v.as_str());
59    }
60    if let Some(v) = &env.notarization_issuer {
61        vars.push(v.as_str());
62    }
63    if let Some(v) = &env.apple_id {
64        vars.push(v.as_str());
65    }
66    if let Some(v) = &env.team_id {
67        vars.push(v.as_str());
68    }
69    if let Some(v) = &env.app_password {
70        vars.push(v.as_str());
71    }
72    vars
73}
74
75fn collect_windows_env_vars(windows: &crate::config::WindowsConfig) -> Vec<&str> {
76    let env = &windows.env;
77    let mut vars = Vec::new();
78    if let Some(v) = &env.tenant_id {
79        vars.push(v.as_str());
80    }
81    if let Some(v) = &env.client_id {
82        vars.push(v.as_str());
83    }
84    if let Some(v) = &env.client_secret {
85        vars.push(v.as_str());
86    }
87    if let Some(v) = &env.endpoint {
88        vars.push(v.as_str());
89    }
90    if let Some(v) = &env.account_name {
91        vars.push(v.as_str());
92    }
93    if let Some(v) = &env.cert_profile {
94        vars.push(v.as_str());
95    }
96    vars
97}
98
99fn collect_linux_env_vars(linux: &crate::config::LinuxConfig) -> Vec<&str> {
100    let mut vars = Vec::new();
101    if let Some(v) = &linux.env.key {
102        vars.push(v.as_str());
103    }
104    vars
105}