padloc/.github/workflows/publish-release.yml

name: Publish Release

on:
    workflow_dispatch:
        inputs:
            environment:
                type: environment
                default: "Beta"
            vendor_version:
                type: string
                description: "Vendor Version (semver) for the release -- what will be visible."
                default: "0.0.1"
                required: true
            build:
                type: string
                description: "Build number (int, 3 max digits) for the release."
                default: "0"
                required: true

jobs:
    create_release_tag:
        name: "Create release tag"
        environment: ${{ github.event.inputs.environment || 'Beta' }}
        env:
            PL_VENDOR_VERSION: ${{ github.event.inputs.vendor_version || '0.0.1' }}
            PL_VENDOR_BASE_URL: "https://github.com/${{ github.repository }}"

        runs-on: ubuntu-latest
        outputs:
            release_id: ${{ steps.create_release.outputs.id }}
        steps:
            - uses: actions/checkout@v2
            - uses: actions/setup-node@v2
              with:
                  node-version-file: ".nvmrc"
            - name: Install dependencies
              run: |
                  npm i -g npm@8.2.0
                  npm ci
            - name: Build tauri-update.json
              run: cd packages/tauri && node generate-tauri-update-file.js
            - uses: softprops/action-gh-release@v1
              id: create_release
              name: Create release and add tauri-update.json
              with:
                  tag_name: "v${{ env.PL_VENDOR_VERSION }}"
                  name: "v${{ env.PL_VENDOR_VERSION }}"
                  body: "v${{ env.PL_VENDOR_VERSION }}"
                  prerelease: true
                  draft: false
                  files: packages/tauri/tauri-update.json
                  fail_on_unmatched_files: true

    release_web_extension:
        name: "Release web extension"
        environment: ${{ github.event.inputs.environment || 'Beta' }}
        needs: create_release_tag
        env:
            RELEASE_BUILD: ${{ github.event.inputs.build || '0' }}
            PL_VENDOR_VERSION: ${{ github.event.inputs.vendor_version || '0.0.1' }}

        runs-on: ubuntu-latest
        steps:
            - uses: actions/checkout@v2
            - uses: actions/setup-node@v2
              with:
                  node-version-file: ".nvmrc"
            - name: Install dependencies
              run: |
                  npm i -g npm@8.2.0 web-ext@6.6.0
                  npm ci
            - name: Build
              env:
                  PL_SERVER_URL: ${{ secrets.PL_SERVER_URL }}
                  PL_BUILD_ENV: ${{ secrets.PL_BUILD_ENV }}
              run: npm run web-extension:build
            - name: Sign for Firefox
              run: cd packages/extension/dist && web-ext sign --id="${{ secrets.PL_WEB_EXTENSION_FIREFOX_ID }}" --channel=unlisted --api-key=${{ secrets.PL_WEB_EXTENSION_FIREFOX_API_KEY }} --api-secret=${{ secrets.PL_WEB_EXTENSION_FIREFOX_API_SECRET }}
            - name: Upload Signed Web Extension (Firefox)
              uses: svenstaro/upload-release-action@2.2.1
              with:
                  repo_token: ${{ secrets.GITHUB_TOKEN }}
                  tag: "v${{ env.PL_VENDOR_VERSION }}"
                  file: packages/extension/dist/web-ext-artifacts/padloc-${{ env.PL_VENDOR_VERSION }}.${{ env.RELEASE_BUILD }}.xpi
                  asset_name: padloc-web-extension-${{ env.PL_VENDOR_VERSION }}.${{ env.RELEASE_BUILD }}.xpi
                  prerelease: true
            - name: Pack for Chrome Extension
              uses: cardinalby/webext-buildtools-pack-extension-dir-action@v1
              with:
                  extensionDir: packages/extension/dist
                  zipFilePath: packages/extension/padloc.zip
                  zipIgnore: web-ext-artifacts/**|*.xpi
            - name: Upload Unsigned Web Extension (Chrome)
              uses: svenstaro/upload-release-action@2.2.1
              with:
                  repo_token: ${{ secrets.GITHUB_TOKEN }}
                  tag: "v${{ env.PL_VENDOR_VERSION }}"
                  file: packages/extension/padloc.zip
                  asset_name: padloc-web-extension-${{ env.PL_VENDOR_VERSION }}.${{ env.RELEASE_BUILD }}-unsigned.zip
                  prerelease: true
            - name: Sign for Chrome
              uses: cardinalby/webext-buildtools-chrome-crx-action@v2
              with:
                  zipFilePath: packages/extension/padloc.zip
                  crxFilePath: packages/extension/padloc-signed.crx
                  privateKey: ${{ secrets.PL_WEB_EXTENSION_CHROME_CRX_PRIVATE_KEY }}
            - name: Upload Signed Web Extension (Chrome)
              uses: svenstaro/upload-release-action@2.2.1
              with:
                  repo_token: ${{ secrets.GITHUB_TOKEN }}
                  tag: "v${{ env.PL_VENDOR_VERSION }}"
                  file: packages/extension/padloc-signed.crx
                  asset_name: padloc-web-extension-${{ env.PL_VENDOR_VERSION }}.${{ env.RELEASE_BUILD }}.crx
                  prerelease: true
            - name: Generate checksum (xpi)
              run: |
                  cd packages/extension/dist/web-ext-artifacts
                  sha256sum padloc*.xpi > sha256sum-xpi.txt
            - name: Upload checksum (xpi)
              uses: svenstaro/upload-release-action@2.2.1
              with:
                  repo_token: ${{ secrets.GITHUB_TOKEN }}
                  tag: "v${{ env.PL_VENDOR_VERSION }}"
                  file: packages/extension/dist/web-ext-artifacts/sha256sum-xpi.txt
                  asset_name: sha256sum-xpi.txt
                  prerelease: true
            - name: Generate checksum (crx)
              run: |
                  cd packages/extension
                  sha256sum padloc-signed.crx > sha256sum-crx.txt
            - name: Upload checksum (crx)
              uses: svenstaro/upload-release-action@2.2.1
              with:
                  repo_token: ${{ secrets.GITHUB_TOKEN }}
                  tag: "v${{ env.PL_VENDOR_VERSION }}"
                  file: packages/extension/sha256sum-crx.txt
                  asset_name: sha256sum-crx.txt
                  prerelease: true

    release_tauri:
        name: "Release Tauri apps"
        environment: ${{ github.event.inputs.environment || 'Beta' }}
        needs: create_release_tag
        env:
            RELEASE_ID: ${{ needs.create_release_tag.outputs.release_id }}
            PL_VENDOR_VERSION: ${{ github.event.inputs.vendor_version || '0.0.1' }}

        strategy:
            fail-fast: false
            matrix:
                platform: [macos-latest, ubuntu-latest, windows-latest]

        runs-on: ${{ matrix.platform }}
        steps:
            - uses: actions/checkout@v2
            - uses: actions/setup-node@v2
              with:
                  node-version-file: ".nvmrc"
            - name: Install Rust stable
              uses: actions-rs/toolchain@v1
              with:
                  toolchain: stable
            - name: Install tauri bundler
              run: cargo install tauri-bundler --force
            - name: Install webkit2gtk (ubuntu only)
              if: matrix.platform == 'ubuntu-latest'
              run: |
                  sudo apt-get update
                  sudo apt-get install -y webkit2gtk-4.0
            - name: Install coreutils
              if: matrix.platform == 'macos-latest'
              run: |
                  brew install coreutils
            - name: Install dependencies
              run: |
                  npm i -g npm@8.2.0
                  npm ci
            - uses: tauri-apps/tauri-action@v0.3.1
              env:
                  PL_SERVER_URL: ${{ secrets.PL_SERVER_URL }}
                  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
                  TAURI_PRIVATE_KEY: ${{ secrets.TAURI_PRIVATE_KEY }}
                  TAURI_KEY_PASSWORD: ${{ secrets.TAURI_KEY_PASSWORD }}
                  ENABLE_CODE_SIGNING: true
                  APPLE_CERTIFICATE: ${{ secrets.PL_MACOS_SIGNING_CERT_BASE64 }}
                  APPLE_CERTIFICATE_PASSWORD: ${{ secrets.PL_MACOS_SIGNING_CERT_PASSWORD }}
                  APPLE_SIGNING_IDENTITY: ${{ secrets.PL_MACOS_SIGNING_IDENTITY }}
                  APPLE_ID: ${{ secrets.PL_MACOS_NOTARIZE_APPLE_ID }}
                  APPLE_PASSWORD: ${{ secrets.PL_MACOS_NOTARIZE_PASSWORD }}
              with:
                  releaseId: ${{ env.RELEASE_ID }}
                  projectPath: packages/tauri
            - name: Generate checksum (AppImage)
              if: matrix.platform == 'ubuntu-latest'
              run: |
                  cd packages/tauri/src-tauri/target/release/bundle/appimage
                  sha256sum padloc*.AppImage > sha256sum-appimage.txt
            - name: Upload checksum (AppImage)
              if: matrix.platform == 'ubuntu-latest'
              uses: svenstaro/upload-release-action@2.2.1
              with:
                  repo_token: ${{ secrets.GITHUB_TOKEN }}
                  tag: "v${{ env.PL_VENDOR_VERSION }}"
                  file: packages/tauri/src-tauri/target/release/bundle/appimage/sha256sum-appimage.txt
                  asset_name: sha256sum-tauri-appimage.txt
                  prerelease: true
            - name: Generate checksum (deb)
              if: matrix.platform == 'ubuntu-latest'
              run: |
                  cd packages/tauri/src-tauri/target/release/bundle/deb
                  sha256sum *.deb > sha256sum-deb.txt
            - name: Upload checksum (deb)
              if: matrix.platform == 'ubuntu-latest'
              uses: svenstaro/upload-release-action@2.2.1
              with:
                  repo_token: ${{ secrets.GITHUB_TOKEN }}
                  tag: "v${{ env.PL_VENDOR_VERSION }}"
                  file: packages/tauri/src-tauri/target/release/bundle/deb/sha256sum-deb.txt
                  asset_name: sha256sum-tauri-deb.txt
                  prerelease: true
            - name: Generate checksum (dmg)
              if: matrix.platform == 'macos-latest'
              run: |
                  cd packages/tauri/src-tauri/target/release/bundle/dmg
                  sha256sum *.dmg > sha256sum-dmg.txt
            - name: Upload checksum (dmg)
              if: matrix.platform == 'macos-latest'
              uses: svenstaro/upload-release-action@2.2.1
              with:
                  repo_token: ${{ secrets.GITHUB_TOKEN }}
                  tag: "v${{ env.PL_VENDOR_VERSION }}"
                  file: packages/tauri/src-tauri/target/release/bundle/dmg/sha256sum-dmg.txt
                  asset_name: sha256sum-tauri-dmg.txt
                  prerelease: true
            - name: Generate checksum (msi)
              if: matrix.platform == 'windows-latest'
              run: |
                  cd packages/tauri/src-tauri/target/release/bundle/msi
                  sha256sum *.msi > sha256sum-msi.txt
            - name: Upload checksum (msi)
              if: matrix.platform == 'windows-latest'
              uses: svenstaro/upload-release-action@2.2.1
              with:
                  repo_token: ${{ secrets.GITHUB_TOKEN }}
                  tag: "v${{ env.PL_VENDOR_VERSION }}"
                  file: packages/tauri/src-tauri/target/release/bundle/msi/sha256sum-msi.txt
                  asset_name: sha256sum-tauri-msi.txt
                  prerelease: true

    release_electron:
        name: "Release Electron apps"
        environment: ${{ github.event.inputs.environment || 'Beta' }}
        needs: create_release_tag
        env:
            RELEASE_ID: ${{ needs.create_release_tag.outputs.release_id }}
            PL_VENDOR_VERSION: ${{ github.event.inputs.vendor_version || '0.0.1' }}

        strategy:
            fail-fast: false
            matrix:
                platform: [macos-latest, ubuntu-latest, windows-latest]

        runs-on: ${{ matrix.platform }}
        steps:
            - uses: actions/checkout@v2
            - uses: actions/setup-node@v2
              with:
                  node-version-file: ".nvmrc"
            - name: Install coreutils
              if: matrix.platform == 'macos-latest'
              run: |
                  brew install coreutils
            - name: Install dependencies
              run: |
                  npm i -g npm@8.2.0
                  npm ci
            - name: Build
              run: |
                  npm run electron:build
              env:
                  PL_PWA_URL: ${{ secrets.PL_PWA_URL }}
                  CSC_LINK: ${{ secrets.PL_MACOS_SIGNING_CERT_BASE64 }}
                  CSC_KEY_PASSWORD: ${{ secrets.PL_MACOS_SIGNING_CERT_PASSWORD }}
                  PL_MACOS_NOTARIZE_APPLE_ID: ${{ secrets.PL_MACOS_NOTARIZE_APPLE_ID }}
                  PL_MACOS_NOTARIZE_PASSWORD: ${{ secrets.PL_MACOS_NOTARIZE_PASSWORD }}
                  GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
                  EP_PRE_RELEASE: true
            - name: Generate checksum (AppImage)
              if: matrix.platform == 'ubuntu-latest'
              run: |
                  cd packages/electron/dist
                  sha256sum *.AppImage > sha256sum-appimage.txt
            - name: Upload checksum (AppImage)
              if: matrix.platform == 'ubuntu-latest'
              uses: svenstaro/upload-release-action@2.2.1
              with:
                  repo_token: ${{ secrets.GITHUB_TOKEN }}
                  tag: "v${{ env.PL_VENDOR_VERSION }}"
                  file: packages/electron/dist/sha256sum-appimage.txt
                  asset_name: sha256sum-electron-appimage.txt
                  prerelease: true
            - name: Generate checksum (dmg)
              if: matrix.platform == 'macos-latest'
              run: |
                  cd packages/electron/dist
                  sha256sum *.dmg > sha256sum-dmg.txt
            - name: Upload checksum (dmg)
              if: matrix.platform == 'macos-latest'
              uses: svenstaro/upload-release-action@2.2.1
              with:
                  repo_token: ${{ secrets.GITHUB_TOKEN }}
                  tag: "v${{ env.PL_VENDOR_VERSION }}"
                  file: packages/electron/dist/sha256sum-dmg.txt
                  asset_name: sha256sum-electron-dmg.txt
                  prerelease: true
            - name: Generate checksum (exe)
              if: matrix.platform == 'windows-latest'
              run: |
                  cd packages/electron/dist
                  sha256sum *.exe > sha256sum-exe.txt
            - name: Upload checksum (exe)
              if: matrix.platform == 'windows-latest'
              uses: svenstaro/upload-release-action@2.2.1
              with:
                  repo_token: ${{ secrets.GITHUB_TOKEN }}
                  tag: "v${{ env.PL_VENDOR_VERSION }}"
                  file: packages/electron/dist/sha256sum-exe.txt
                  asset_name: sha256sum-electron-exe.txt
                  prerelease: true

    release_cordova:
        name: "Release Cordova apps"
        environment: ${{ github.event.inputs.environment || 'Beta' }}
        needs: create_release_tag
        env:
            RELEASE_BUILD: ${{ github.event.inputs.build || '0' }}
            RELEASE_ID: ${{ needs.create_release_tag.outputs.release_id }}
            PL_VENDOR_VERSION: ${{ github.event.inputs.vendor_version || '0.0.1' }}
            PL_SERVER_URL: ${{ secrets.PL_SERVER_URL }}

        strategy:
            fail-fast: false
            matrix:
                platform: [macos-latest, ubuntu-latest]

        runs-on: ${{ matrix.platform }}
        steps:
            - uses: actions/checkout@v2
            - uses: actions/setup-java@v1
              if: matrix.platform == 'ubuntu-latest'
              with:
                  java-version: 1.8
            - uses: sdkman/sdkman-action@master
              if: matrix.platform == 'ubuntu-latest'
              with:
                  candidate: gradle
                  version: 7.2
            - uses: android-actions/setup-android@v2
              if: matrix.platform == 'ubuntu-latest'
            - uses: actions/setup-node@v2
              with:
                  node-version-file: ".nvmrc"
            - name: Install coreutils
              if: matrix.platform == 'macos-latest'
              run: |
                  brew install coreutils
            - name: Install dependencies
              run: |
                  npm i -g npm@8.2.0
                  npm ci
            - name: Create android-upload-key.keystore
              if: matrix.platform == 'ubuntu-latest'
              run: |
                  cd packages/cordova
                  echo '${{ secrets.PL_ANDROID_UPLOAD_KEY_BASE64}}' > android-upload-key.keystore.txt
                  base64 -d android-upload-key.keystore.txt > android-upload-key.keystore
                  rm -f android-upload-key.keystore.txt
            - name: Build Android
              if: matrix.platform == 'ubuntu-latest'
              run: |
                  cd packages/cordova
                  npm run prepare-build
                  ./node_modules/.bin/cordova build android --release -- --packageType=apk --keystore=./android-upload-key.keystore --storePassword='${{ secrets.PL_ANDROID_STORE_PASSWORD }}' --alias=${{ secrets.PL_ANDROID_KEYSTORE_ALIAS }} --password='${{ secrets.PL_ANDROID_STORE_PASSWORD }}'
            - name: Install the Apple certificate and provisioning profile
              if: matrix.platform == 'macos-latest'
              env:
                  PL_IOS_DISTRIBUTION_CERT_BASE64: ${{ secrets.PL_IOS_DISTRIBUTION_CERT_BASE64 }}
                  PL_IOS_DEVELOPMENT_CERT_BASE64: ${{ secrets.PL_IOS_DEVELOPMENT_CERT_BASE64 }}
                  PL_IOS_DISTRIBUTION_CERT_PASSWORD: ${{ secrets.PL_IOS_DISTRIBUTION_CERT_PASSWORD }}
                  PL_IOS_PROVISION_PROFILE_BASE64: ${{ secrets.PL_IOS_PROVISION_PROFILE_BASE64 }}
                  PL_IOS_DEV_PROVISION_PROFILE_BASE64: ${{ secrets.PL_IOS_DEV_PROVISION_PROFILE_BASE64 }}
                  PL_IOS_KEYCHAIN_PASSWORD: "new-password-does-not-matter"
              run: |
                  # create variables
                  DIST_CERT_PATH=$RUNNER_TEMP/distribution_certificate.p12
                  DEV_CERT_PATH=$RUNNER_TEMP/development_certificate.p12
                  DIST_PP_PATH=$RUNNER_TEMP/dist_pp.mobileprovision
                  DEV_PP_PATH=$RUNNER_TEMP/dev_pp.mobileprovision
                  KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db

                  # import certificate and provisioning profile from secrets
                  echo -n "$PL_IOS_DISTRIBUTION_CERT_BASE64" | base64 --decode --output $DIST_CERT_PATH
                  echo -n "$PL_IOS_DEVELOPMENT_CERT_BASE64" | base64 --decode --output $DEV_CERT_PATH
                  echo -n "$PL_IOS_PROVISION_PROFILE_BASE64" | base64 --decode --output $DIST_PP_PATH
                  echo -n "$PL_IOS_DEV_PROVISION_PROFILE_BASE64" | base64 --decode --output $DEV_PP_PATH

                  # create temporary keychain
                  security create-keychain -p "$PL_IOS_KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
                  security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
                  security unlock-keychain -p "$PL_IOS_KEYCHAIN_PASSWORD" $KEYCHAIN_PATH

                  # import certificate to keychain
                  security import $DIST_CERT_PATH -P "$PL_IOS_DISTRIBUTION_CERT_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
                  security import $DEV_CERT_PATH -P "$PL_IOS_DISTRIBUTION_CERT_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
                  security list-keychain -d user -s $KEYCHAIN_PATH
                  security set-key-partition-list -S apple-tool:,apple: -s -k "$PL_IOS_KEYCHAIN_PASSWORD" $KEYCHAIN_PATH

                  # apply provisioning profile
                  mkdir -p ~/Library/MobileDevice/Provisioning\ Profiles
                  cp $DIST_PP_PATH ~/Library/MobileDevice/Provisioning\ Profiles
                  cp $DEV_PP_PATH ~/Library/MobileDevice/Provisioning\ Profiles
            - name: Setup Xcode
              uses: maxim-lobanov/setup-xcode@v1
              if: matrix.platform == 'macos-latest'
              with:
                  xcode-version: "13.2.1"
            - name: Build iOS
              if: matrix.platform == 'macos-latest'
              run: |
                  cd packages/cordova
                  npm run prepare-build
                  npm run patch-ios
                  ./node_modules/.bin/cordova build ios --release --device --packageType=app-store --codeSignIdentity="${{ secrets.PL_IOS_CODE_SIGN_IDENTITY }}" --developmentTeam="${{ secrets.PL_IOS_DEVELOPMENT_TEAM }}"
            - name: Upload Signed APK
              if: matrix.platform == 'ubuntu-latest'
              uses: svenstaro/upload-release-action@2.2.1
              with:
                  repo_token: ${{ secrets.GITHUB_TOKEN }}
                  tag: "v${{ env.PL_VENDOR_VERSION }}"
                  file: packages/cordova/platforms/android/app/build/outputs/apk/release/app-release.apk
                  asset_name: padloc-${{ env.PL_VENDOR_VERSION }}.apk
                  prerelease: true
            - name: Upload Signed IPA
              if: matrix.platform == 'macos-latest'
              uses: svenstaro/upload-release-action@2.2.1
              with:
                  repo_token: ${{ secrets.GITHUB_TOKEN }}
                  tag: "v${{ env.PL_VENDOR_VERSION }}"
                  file: packages/cordova/platforms/ios/build/device/Padloc.ipa
                  asset_name: padloc-${{ env.PL_VENDOR_VERSION }}.ipa
                  prerelease: true
            - name: Generate checksum (apk)
              if: matrix.platform == 'ubuntu-latest'
              run: |
                  cd packages/cordova/platforms/android/app/build/outputs/apk/release
                  sha256sum app-release.apk > sha256sum-apk.txt
            - name: Upload checksum (apk)
              if: matrix.platform == 'ubuntu-latest'
              uses: svenstaro/upload-release-action@2.2.1
              with:
                  repo_token: ${{ secrets.GITHUB_TOKEN }}
                  tag: "v${{ env.PL_VENDOR_VERSION }}"
                  file: packages/cordova/platforms/android/app/build/outputs/apk/release/sha256sum-apk.txt
                  asset_name: sha256sum-apk.txt
                  prerelease: true
            - name: Generate checksum (ipa)
              if: matrix.platform == 'macos-latest'
              run: |
                  cd packages/cordova/platforms/ios/build/device
                  sha256sum Padloc.ipa > sha256sum-ipa.txt
            - name: Upload checksum (ipa)
              if: matrix.platform == 'macos-latest'
              uses: svenstaro/upload-release-action@2.2.1
              with:
                  repo_token: ${{ secrets.GITHUB_TOKEN }}
                  tag: "v${{ env.PL_VENDOR_VERSION }}"
                  file: packages/cordova/platforms/ios/build/device/sha256sum-ipa.txt
                  asset_name: sha256sum-ipa.txt
                  prerelease: true
            - name: Delete android-upload-key.keystore
              if: matrix.platform == 'ubuntu-latest' && always()
              run: rm -f ./packages/cordova/android-upload-key.keystore
            - name: Clean up keychain and provisioning profile
              if: matrix.platform == 'macos-latest' && always()
              run: |
                  security delete-keychain $RUNNER_TEMP/app-signing.keychain-db
                  rm -f ~/Library/MobileDevice/Provisioning\ Profiles/build_pp.mobileprovision

    release_web_checksums:
        name: "Release web checksums"
        environment: ${{ github.event.inputs.environment || 'Beta' }}
        needs: create_release_tag
        env:
            RELEASE_ID: ${{ needs.create_release_tag.outputs.release_id }}
            PL_VENDOR_VERSION: ${{ github.event.inputs.vendor_version || '0.0.1' }}

        runs-on: ubuntu-latest
        steps:
            - uses: actions/checkout@v2
            - uses: actions/setup-node@v2
              with:
                  node-version-file: ".nvmrc"
            - name: Install dependencies
              run: |
                  npm i -g npm@8.2.0
                  npm ci
            - name: Build
              run: |
                  npm run pwa:build
              env:
                  PL_PWA_URL: ${{ secrets.PL_PWA_URL }}
                  PL_SERVER_URL: ${{ secrets.PL_SERVER_URL }}
            - name: Generate pwa.tar.gz
              run: |
                  cd packages/pwa/dist
                  tar -czf ../pwa.tar.gz *
            - name: Upload pwa.tar.gz
              uses: svenstaro/upload-release-action@2.2.1
              with:
                  repo_token: ${{ secrets.GITHUB_TOKEN }}
                  tag: "v${{ env.PL_VENDOR_VERSION }}"
                  file: packages/pwa/pwa.tar.gz
                  asset_name: padloc-pwa-${{ env.PL_VENDOR_VERSION }}.${{ env.RELEASE_BUILD }}.tar.gz
                  prerelease: true
            - name: Generate checksums
              run: |
                  cd packages/pwa/dist
                  find . -type f ! -name "sha256sums-web.txt" -exec sha256sum {} > sha256sums-web.txt \;
            - name: Upload checksums
              uses: svenstaro/upload-release-action@2.2.1
              with:
                  repo_token: ${{ secrets.GITHUB_TOKEN }}
                  tag: "v${{ env.PL_VENDOR_VERSION }}"
                  file: packages/pwa/dist/sha256sums-web.txt
                  asset_name: sha256sums-web.txt
                  prerelease: true
            - name: Upload CSP parser
              uses: svenstaro/upload-release-action@2.2.1
              with:
                  repo_token: ${{ secrets.GITHUB_TOKEN }}
                  tag: "v${{ env.PL_VENDOR_VERSION }}"
                  file: docs/checksums/web/parse-csp.ts
                  asset_name: parse-csp.ts
                  prerelease: true