工作流拆分

.github/workflows/RELEASE-WORKFLOW.md

@@ -4,16 +4,43 @@
 
 该工作流用于自动化构建和发布 Claude AI Installer 应用程序，支持 Windows、macOS 和 Linux 三个平台。
 
+工作流采用模块化设计，按平台拆分为独立的构建工作流，由主 Release 工作流统一调用。
+
+## 工作流文件结构
+
+| 文件 | 说明 |
+|------|------|
+| `release.yml` | 主工作流，负责调用各平台构建并创建 Release |
+| `build-windows.yml` | Windows 平台构建 |
+| `build-macos-arm64.yml` | macOS ARM64 平台构建 (Apple Silicon) |
+| `build-macos-x64.yml` | macOS x64 平台构建 (Intel) |
+| `build-linux.yml` | Linux 平台构建 |
+
 ## 触发条件
 
+### release.yml（主工作流）
+
 ```yaml
 on:
+  workflow_dispatch:  # 手动触发，用于集成测试
   push:
     tags:
       - 'v*'
 ```
 
-当推送以 `v` 开头的 tag 时触发（如 `v1.0.0`、`v2.1.3`）。
+- 推送以 `v` 开头的 tag 时自动触发（如 `v1.0.0`、`v2.1.3`）
+- 支持手动触发用于测试
+
+### 各平台构建工作流
+
+```yaml
+on:
+  workflow_dispatch:  # 手动触发，用于单独调试
+  workflow_call:      # 被其他工作流调用
+```
+
+- 支持被 `release.yml` 调用
+- 支持手动触发用于单独调试
 
 ---
 
@@ -22,18 +49,25 @@ on:
 ```
 ┌─────────────────────┐
 │   推送 v* 标签       │
+│   或手动触发         │
 └──────────┬──────────┘
            ▼
-┌─────────────────────────────────────────────────────┐
-│              Job 1: build (并行执行)                  │
-├─────────────┬─────────────┬─────────────┬───────────┤
-│  Windows    │  macOS ARM  │ macOS Intel │  Linux    │
-│  x64        │  (M1/M2/M3) │    x64      │   x64     │
-└─────────────┴─────────────┴─────────────┴───────────┘
+┌─────────────────────────────────────────────────────────────────────┐
+│                         release.yml                                  │
+├─────────────────────────────────────────────────────────────────────┤
+│  调用各平台构建工作流（并行执行）                                      │
+│  ┌─────────────┬─────────────┬─────────────┬─────────────┐          │
+│  │ build-      │ build-      │ build-      │ build-      │          │
+│  │ windows.yml │ macos-      │ macos-      │ linux.yml   │          │
+│  │             │ arm64.yml   │ x64.yml     │             │          │
+│  │  Windows    │  macOS      │  macOS      │   Linux     │          │
+│  │    x64      │  ARM64      │   x64       │    x64      │          │
+│  └─────────────┴─────────────┴─────────────┴─────────────┘          │
+└─────────────────────────────────────────────────────────────────────┘
            │
            ▼
 ┌─────────────────────┐
-│  Job 2: release     │
+│  release job        │
 │  - 下载所有构建产物  │
 │  - 创建 GitHub Release │
 │  - 上传安装包        │
@@ -42,40 +76,84 @@ on:
 
 ---
 
-## Job 详细说明
+## 各工作流详细说明
+
+### build-windows.yml
+
+**运行环境**: `windows-latest`
+
+**Target**: `x86_64-pc-windows-msvc`
+
+| 步骤 | 说明 |
+|------|------|
+| Checkout code | 检出代码 |
+| Setup Node.js | 配置 Node.js 20，启用 npm 缓存 |
+| Install Rust toolchain | 安装 Rust 工具链及 Windows target |
+| Cache Rust | 缓存 Cargo 依赖加速构建 |
+| Install dependencies | 执行 `npm ci` 安装依赖 |
+| Build application | 执行 `node scripts/build.js --target x86_64-pc-windows-msvc` |
+| Upload artifacts | 上传构建产物到 `artifacts-win` |
+
+---
+
+### build-macos-arm64.yml
+
+**运行环境**: `macos-latest`
+
+**Target**: `aarch64-apple-darwin`
+
+| 步骤 | 说明 |
+|------|------|
+| Checkout code | 检出代码 |
+| Setup Node.js | 配置 Node.js 20，启用 npm 缓存 |
+| Install Rust toolchain | 安装 Rust 工具链及 ARM64 target |
+| Cache Rust | 缓存 Cargo 依赖加速构建 |
+| Install dependencies | 执行 `npm ci` 安装依赖 |
+| Build application | 执行 `node scripts/build.js --target aarch64-apple-darwin` |
+| Upload artifacts | 上传构建产物到 `artifacts-mac-arm64` |
+
+---
+
+### build-macos-x64.yml
 
-### Job 1: build
+**运行环境**: `macos-latest`
 
-**构建矩阵**:
+**Target**: `x86_64-apple-darwin`
 
-| 平台 | 运行环境 | Target |
-|------|----------|--------|
-| Windows | `windows-latest` | `x86_64-pc-windows-msvc` |
-| macOS ARM | `macos-latest` | `aarch64-apple-darwin` |
-| macOS Intel | `macos-latest` | `x86_64-apple-darwin` |
-| Linux | `ubuntu-22.04` | `x86_64-unknown-linux-gnu` |
+| 步骤 | 说明 |
+|------|------|
+| Checkout code | 检出代码 |
+| Setup Node.js | 配置 Node.js 20，启用 npm 缓存 |
+| Install Rust toolchain | 安装 Rust 工具链及 x64 target |
+| Cache Rust | 缓存 Cargo 依赖加速构建 |
+| Install dependencies | 执行 `npm ci` 安装依赖 |
+| Build application | 执行 `node scripts/build.js --target x86_64-apple-darwin` |
+| Upload artifacts | 上传构建产物到 `artifacts-mac-x64` |
+
+---
 
-**步骤**:
+### build-linux.yml
+
+**运行环境**: `ubuntu-22.04`
+
+**Target**: `x86_64-unknown-linux-gnu`
 
 | 步骤 | 说明 |
 |------|------|
-| Checkout code | 检出 main 分支最新代码 |
-| Setup Node.js | 配置 Node.js 20 |
-| Install Rust | 安装 Rust 工具链及对应 target |
-| Cache Cargo | 缓存 Cargo 依赖加速构建 |
-| Install Linux deps | (仅 Linux) 安装 GTK、WebKit 等系统依赖 |
-| Install dependencies | 安装 npm 依赖 |
-| Build application | 执行构建脚本 `node scripts/build.js` |
-| Upload artifacts | 上传构建产物到 `artifacts-{platform}` |
-
-**环境变量**:
-- `TAURI_SIGNING_PRIVATE_KEY` - Tauri 签名私钥（来自 Secrets）
+| Checkout code | 检出代码 |
+| Setup Node.js | 配置 Node.js 20，启用 npm 缓存 |
+| Install Rust toolchain | 安装 Rust 工具链及 Linux target |
+| Cache Rust | 缓存 Cargo 依赖加速构建 |
+| Install Linux dependencies | 安装系统依赖（使用缓存）：libwebkit2gtk-4.1-dev, libayatana-appindicator3-dev, librsvg2-dev, patchelf, libgtk-3-dev |
+| Install dependencies | 执行 `npm ci` 安装依赖 |
+| Build application | 执行 `node scripts/build.js --target x86_64-unknown-linux-gnu` |
+| Upload artifacts | 上传构建产物到 `artifacts-linux` |
 
 ---
 
-### Job 2: release
+### release.yml - release job
 
-**依赖**: `build`
+**依赖**: `build-windows`, `build-macos-arm64`, `build-macos-x64`, `build-linux`
 
 **运行环境**: `ubuntu-latest`
 
@@ -83,9 +161,20 @@ on:
 
 | 步骤 | 说明 |
 |------|------|
-| Download artifacts | 下载所有平台的构建产物并合并 |
+| Download all artifacts | 下载所有平台的构建产物（pattern: `artifacts-*`）并合并 |
 | List artifacts | 列出产物文件（调试用） |
-| Create Release | 创建 GitHub Release 并上传文件 |
+| Create Release | 使用 `softprops/action-gh-release@v1` 创建 GitHub Release 并上传文件 |
+
+---
+
+## 构建矩阵总览
+
+| 平台 | 运行环境 | Target | Artifact 名称 |
+|------|----------|--------|---------------|
+| Windows | `windows-latest` | `x86_64-pc-windows-msvc` | `artifacts-win` |
+| macOS ARM | `macos-latest` | `aarch64-apple-darwin` | `artifacts-mac-arm64` |
+| macOS Intel | `macos-latest` | `x86_64-apple-darwin` | `artifacts-mac-x64` |
+| Linux | `ubuntu-22.04` | `x86_64-unknown-linux-gnu` | `artifacts-linux` |
 
 ---
 
@@ -96,24 +185,40 @@ on:
 | **Windows** | `*-win-x64-setup.exe` | NSIS 安装程序（推荐） |
 | | `*-win-x64-portable.exe` | 便携版 |
 | | `*-win-x64.msi` | MSI 安装程序 |
-| **macOS** | `*-mac-arm64.dmg` | Apple Silicon |
+| **macOS** | `*-mac-arm64.dmg` | Apple Silicon (M1/M2/M3) |
 | | `*-mac-x64.dmg` | Intel |
 | **Linux** | `*-linux-x64.deb` | Debian/Ubuntu |
+| | `*-linux-x64.rpm` | Fedora/RHEL/CentOS |
 | | `*-linux-x64.AppImage` | 通用 AppImage |
 
 ---
 
+## 签名密钥配置
+
+Tauri 应用签名私钥从项目中的 `.keys/tauri-signing.key` 文件读取。
+
+**优先级**：
+1. 如果项目中存在 `.keys/tauri-signing.key` 文件，优先使用该文件内容
+2. 否则回退到 `TAURI_SIGNING_PRIVATE_KEY` 环境变量（来自 Secrets）
+
+**注意**：`.keys/` 目录应添加到 `.gitignore`，避免将私钥提交到版本控制。
+
+---
+
 ## 所需 Secrets
 
 | 名称 | 用途 |
 |------|------|
-| `TAURI_SIGNING_PRIVATE_KEY` | Tauri 应用签名私钥 |
+| `TAURI_SIGNING_PRIVATE_KEY` | Tauri 应用签名私钥（备用，当 `.keys/tauri-signing.key` 不存在时使用） |
+| `TAURI_SIGNING_PRIVATE_KEY_PASSWORD` | 签名私钥密码（当前为空） |
 | `GITHUB_TOKEN` | GitHub Release 创建（自动提供） |
 
 ---
 
 ## 使用方法
 
+### 发布新版本
+
 ```bash
 # 创建并推送版本标签
 git tag v1.0.0
@@ -121,3 +226,16 @@ git push origin v1.0.0
 ```
 
 工作流将自动执行构建并创建 Release。
+
+### 手动触发完整构建
+
+在 GitHub Actions 页面，选择 `Release` 工作流，点击 "Run workflow"。
+
+### 单独调试某平台构建
+
+在 GitHub Actions 页面，选择对应平台的工作流，点击 "Run workflow"：
+
+- `Build Windows` - Windows x64 构建
+- `Build macOS ARM64` - macOS Apple Silicon 构建
+- `Build macOS x64` - macOS Intel 构建
+- `Build Linux` - Linux x64 构建

.github/workflows/build-linux.yml

@@ -45,6 +45,9 @@ jobs:
           TAURI_SIGNING_PRIVATE_KEY_PASSWORD: ""
         run: |
           chmod +x build-linux.sh
+          if [ -f ".keys/tauri-signing.key" ]; then
+            export TAURI_SIGNING_PRIVATE_KEY=$(cat .keys/tauri-signing.key)
+          fi
           node scripts/build.js --target x86_64-unknown-linux-gnu
 
       - name: Upload artifacts

.github/workflows/build-macos-arm64.yml

@@ -0,0 +1,52 @@
+name: Build macOS ARM64
+
+on:
+  workflow_dispatch:  # 手动触发，用于单独调试
+  workflow_call:      # 被其他工作流调用
+
+jobs:
+  build:
+    runs-on: macos-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+          cache: 'npm'
+
+      - name: Install Rust toolchain
+        uses: dtolnay/rust-toolchain@stable
+        with:
+          targets: aarch64-apple-darwin
+
+      - name: Cache Rust
+        uses: Swatinem/rust-cache@v2
+        with:
+          workspaces: src-tauri -> target
+          cache-targets: true
+          shared-key: aarch64-apple-darwin
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Build application
+        env:
+          TAURI_SIGNING_PRIVATE_KEY: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY }}
+          TAURI_SIGNING_PRIVATE_KEY_PASSWORD: ""
+        run: |
+          chmod +x build-mac.sh
+          if [ -f ".keys/tauri-signing.key" ]; then
+            export TAURI_SIGNING_PRIVATE_KEY=$(cat .keys/tauri-signing.key)
+          fi
+          node scripts/build.js --target aarch64-apple-darwin
+
+      - name: Upload artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: artifacts-mac-arm64
+          path: built/*
+          if-no-files-found: error

.github/workflows/build-macos-x64.yml

@@ -0,0 +1,52 @@
+name: Build macOS x64
+
+on:
+  workflow_dispatch:  # 手动触发，用于单独调试
+  workflow_call:      # 被其他工作流调用
+
+jobs:
+  build:
+    runs-on: macos-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+          cache: 'npm'
+
+      - name: Install Rust toolchain
+        uses: dtolnay/rust-toolchain@stable
+        with:
+          targets: x86_64-apple-darwin
+
+      - name: Cache Rust
+        uses: Swatinem/rust-cache@v2
+        with:
+          workspaces: src-tauri -> target
+          cache-targets: true
+          shared-key: x86_64-apple-darwin
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Build application
+        env:
+          TAURI_SIGNING_PRIVATE_KEY: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY }}
+          TAURI_SIGNING_PRIVATE_KEY_PASSWORD: ""
+        run: |
+          chmod +x build-mac.sh
+          if [ -f ".keys/tauri-signing.key" ]; then
+            export TAURI_SIGNING_PRIVATE_KEY=$(cat .keys/tauri-signing.key)
+          fi
+          node scripts/build.js --target x86_64-apple-darwin
+
+      - name: Upload artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: artifacts-mac-x64
+          path: built/*
+          if-no-files-found: error

.github/workflows/build-macos.yml

@@ -1,103 +0,0 @@
-name: Build macOS
-
-on:
-  workflow_dispatch:  # 手动触发，用于单独调试
-    inputs:
-      target:
-        description: '构建目标'
-        type: choice
-        options:
-          - all
-          - arm64
-          - x64
-        default: 'all'
-  workflow_call:      # 被其他工作流调用
-
-jobs:
-  build-arm64:
-    if: ${{ github.event_name == 'workflow_call' || inputs.target == 'all' || inputs.target == 'arm64' }}
-    runs-on: macos-latest
-
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
-
-      - name: Setup Node.js
-        uses: actions/setup-node@v4
-        with:
-          node-version: '20'
-          cache: 'npm'
-
-      - name: Install Rust toolchain
-        uses: dtolnay/rust-toolchain@stable
-        with:
-          targets: aarch64-apple-darwin
-
-      - name: Cache Rust
-        uses: Swatinem/rust-cache@v2
-        with:
-          workspaces: src-tauri -> target
-          cache-targets: true
-          shared-key: aarch64-apple-darwin
-
-      - name: Install dependencies
-        run: npm ci
-
-      - name: Build application
-        env:
-          TAURI_SIGNING_PRIVATE_KEY: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY }}
-          TAURI_SIGNING_PRIVATE_KEY_PASSWORD: ""
-        run: |
-          chmod +x build-mac.sh
-          node scripts/build.js --target aarch64-apple-darwin
-
-      - name: Upload artifacts
-        uses: actions/upload-artifact@v4
-        with:
-          name: artifacts-mac-arm64
-          path: built/*
-          if-no-files-found: error
-
-  build-x64:
-    if: ${{ github.event_name == 'workflow_call' || inputs.target == 'all' || inputs.target == 'x64' }}
-    runs-on: macos-latest
-
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
-
-      - name: Setup Node.js
-        uses: actions/setup-node@v4
-        with:
-          node-version: '20'
-          cache: 'npm'
-
-      - name: Install Rust toolchain
-        uses: dtolnay/rust-toolchain@stable
-        with:
-          targets: x86_64-apple-darwin
-
-      - name: Cache Rust
-        uses: Swatinem/rust-cache@v2
-        with:
-          workspaces: src-tauri -> target
-          cache-targets: true
-          shared-key: x86_64-apple-darwin
-
-      - name: Install dependencies
-        run: npm ci
-
-      - name: Build application
-        env:
-          TAURI_SIGNING_PRIVATE_KEY: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY }}
-          TAURI_SIGNING_PRIVATE_KEY_PASSWORD: ""
-        run: |
-          chmod +x build-mac.sh
-          node scripts/build.js --target x86_64-apple-darwin
-
-      - name: Upload artifacts
-        uses: actions/upload-artifact@v4
-        with:
-          name: artifacts-mac-x64
-          path: built/*
-          if-no-files-found: error

.github/workflows/build-windows.yml

@@ -37,7 +37,13 @@ jobs:
         env:
           TAURI_SIGNING_PRIVATE_KEY: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY }}
           TAURI_SIGNING_PRIVATE_KEY_PASSWORD: ""
-        run: node scripts/build.js --target x86_64-pc-windows-msvc
+        shell: pwsh
+        run: |
+          $keyPath = ".keys/tauri-signing.key"
+          if (Test-Path $keyPath) {
+            $env:TAURI_SIGNING_PRIVATE_KEY = Get-Content $keyPath -Raw
+          }
+          node scripts/build.js --target x86_64-pc-windows-msvc
 
       - name: Upload artifacts
         uses: actions/upload-artifact@v4

.github/workflows/release.yml

@@ -12,8 +12,12 @@ jobs:
     uses: ./.github/workflows/build-windows.yml
     secrets: inherit
 
-  build-macos:
-    uses: ./.github/workflows/build-macos.yml
+  build-macos-arm64:
+    uses: ./.github/workflows/build-macos-arm64.yml
+    secrets: inherit
+
+  build-macos-x64:
+    uses: ./.github/workflows/build-macos-x64.yml
     secrets: inherit
 
   build-linux:
@@ -22,7 +26,7 @@ jobs:
 
   # 所有构建完成后创建 Release
   release:
-    needs: [build-windows, build-macos, build-linux]
+    needs: [build-windows, build-macos-arm64, build-macos-x64, build-linux]
     runs-on: ubuntu-latest
     permissions:
       contents: write