rho-cli 0.1.25

Rho CLI tools for encrypted agent collaboration, dataset publishing, controlled runs, and result release workflows
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79

name: Signed macOS Desktop

on:
  workflow_dispatch:
    inputs:
      tauri-target:
        description: "Rust/Tauri target triple"
        required: true
        default: "aarch64-apple-darwin"
        type: choice
        options:
          - aarch64-apple-darwin
          - x86_64-apple-darwin

concurrency:
  group: signed-desktop-${{ github.event_name }}-${{ inputs.tauri-target }}
  cancel-in-progress: false

env:
  CARGO_TERM_COLOR: always

jobs:
  signed-macos:
    name: signed-${{ inputs.tauri-target }}
    runs-on: namespace-profile-mac-medium
    timeout-minutes: 60

    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - name: Setup Rust
        uses: dtolnay/rust-toolchain@stable
        with:
          targets: ${{ inputs.tauri-target }}

      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:
          node-version-file: .nvmrc

      - name: Cache Rust
        uses: Swatinem/rust-cache@v2
        with:
          workspaces: |
            desktop/src-tauri
          key: signed-desktop-${{ inputs.tauri-target }}

      - name: Install desktop npm dependencies
        working-directory: desktop
        run: npm install

      - name: Build signed and notarized DMG
        shell: bash
        env:
          APPLE_ID: ${{ secrets.APPLE_ID }}
          APPLE_PASSWORD: ${{ secrets.APPLE_PASSWORD }}
          APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
          APPLE_SIGNING_IDENTITY: ${{ secrets.APPLE_SIGNING_IDENTITY }}
          SIGNING_CERTIFICATE_P12_DATA: ${{ secrets.SIGNING_CERTIFICATE_P12_DATA }}
          SIGNING_CERTIFICATE_PASSWORD: ${{ secrets.SIGNING_CERTIFICATE_PASSWORD }}
          KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
          TAURI_SIGNING_PRIVATE_KEY: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY }}
          TAURI_SIGNING_PRIVATE_KEY_PASSWORD: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY_PASSWORD }}
          TAURI_TARGET: ${{ inputs.tauri-target }}
        run: ./build-signed.sh

      - name: Gatekeeper check
        shell: bash
        run: ./check-gatekeeper.sh

      - name: Upload desktop artifacts
        uses: actions/upload-artifact@v4
        with:
          name: rho-desktop-signed-${{ inputs.tauri-target }}
          path: |
            desktop/src-tauri/target/**/release/bundle/**/*.dmg
            desktop/src-tauri/target/**/release/bundle/**/*.app.tar.gz
            desktop/src-tauri/target/**/release/bundle/**/*.sig