From 68db0d8af2d0dae483aa101b88162251df807cfc Mon Sep 17 00:00:00 2001 From: Cmochance <3216202644@qq.com> Date: Mon, 1 Jun 2026 16:08:45 +0800 Subject: [PATCH 1/3] ci: add multi-platform release workflow (.dmg / .pkg / .exe) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit GitHub Actions release pipeline (push tag v* or workflow_dispatch): - macOS arm64 (macos-14) + Intel x64 (macos-15-intel): cargo tauri build app,dmg, then productbuild a .pkg from the bundled .app - Windows x64: NSIS .exe Signing: macOS uses ad-hoc identity by default (APPLE_SIGNING_IDENTITY="-") so the .app/.dmg/.pkg are openable via right-click — a fully unsigned .app is rejected outright by Gatekeeper on macOS 15+ ("damaged"). Optional Apple Developer ID + notarization kicks in automatically if the APPLE_* secrets are configured. Windows .exe is unsigned (SmartScreen warning, still usable). Each platform verifies its artifacts before upload (codesign --verify --deep --strict, hdiutil verify, pkg payload check, PE32 + size for .exe), ships a .sha256 sidecar, and uploads to a draft release. Locally validated the full macOS chain (build -> ad-hoc sign -> dmg -> productbuild pkg -> verify). README: document the release assets, the ad-hoc Gatekeeper right-click-open caveat, the Windows SmartScreen / macOS-only-runtime notes, and SHA256 verify. --- .github/workflows/release.yml | 271 ++++++++++++++++++++++++++++++++++ README.en.md | 23 ++- README.md | 23 ++- 3 files changed, 305 insertions(+), 12 deletions(-) create mode 100644 .github/workflows/release.yml diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000..1137e26 --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,271 @@ +name: release + +# 多平台自动打包 pipeline: +# macos-14 (Apple Silicon arm64 原生) + macos-15-intel (Intel x64 原生) + windows-latest +# 触发: push tag v* 或 workflow_dispatch(手动填 version) +# 产物: cargo tauri build 直出 .dmg / nsis .exe, macOS 额外 productbuild 出 .pkg, +# 每个产物附 .sha256, 收口到一个 draft GitHub release 让你手动确认转正式。 +# +# === 签名(重点,避免"打包出来不可用")=== +# macOS: 默认 ad-hoc 签名(APPLE_SIGNING_IDENTITY="-")。完全未签的 .app 在 macOS +# Sequoia 15+ 会被 Gatekeeper 无条件拒绝(报"已损坏"、连"仍要打开"都没有); +# ad-hoc 签后用户可"右键 → 打开"绕过。这是免费的最低保障。 +# 若日后配齐下面 6 个可选 secrets,则自动升级为真签名 + 公证(双击即用、无警告): +# APPLE_CERTIFICATE / APPLE_CERTIFICATE_PASSWORD Developer ID Application .p12 (base64) + 密码 +# APPLE_SIGNING_IDENTITY 形如 "Developer ID Application: Name (TEAMID)" +# APPLE_API_KEY_BASE64 / APPLE_API_KEY / APPLE_API_ISSUER App Store Connect API key(.p8 base64)+ Key ID + Issuer ID(公证用) +# Windows: NSIS .exe 未做 Authenticode 签名(SmartScreen 会提示未知发布者,可正常安装), +# 随包发 .sha256 供校验完整性。 +# +# 注意: macOS 不能"先 build app + 手动 codesign + 再 build dmg"——第二次 build 会重新 +# bundle .app 覆盖签名。必须让 Tauri 在同一次 build 内完成签名链(本 workflow 即如此)。 + +on: + push: + tags: ['v*'] + workflow_dispatch: + inputs: + version: + description: '不带 v 前缀(如 0.1.0)' + required: true + +permissions: + contents: write + +env: + CARGO_TERM_COLOR: always + +jobs: + build: + strategy: + fail-fast: false + matrix: + include: + - os: macos-14 + target: aarch64-apple-darwin + plat: macOS-arm64 + # Intel Mac: macos-15-intel 是 GitHub 在 macos-13 退役后为 Intel x64 新设的 + # runner 标签, 公开仓免费, 原生编译 x86_64-apple-darwin。 + - os: macos-15-intel + target: x86_64-apple-darwin + plat: macOS-x64 + - os: windows-latest + target: x86_64-pc-windows-msvc + plat: Windows-x64 + runs-on: ${{ matrix.os }} + steps: + - uses: actions/checkout@v4 + + - uses: actions/setup-node@v4 + with: + node-version: 20 + + - uses: dtolnay/rust-toolchain@stable + with: + targets: ${{ matrix.target }} + + - uses: Swatinem/rust-cache@v2 + with: + workspaces: 'src-tauri -> target' + key: ${{ matrix.target }} + + # windows-latest 冷编译 tauri-cli 需 15-25 min, 给独立 cache + 25 min timeout。 + - name: Cache cargo-tauri binary + id: cache-tauri-cli + uses: actions/cache@v4 + with: + path: | + ~/.cargo/bin/cargo-tauri + ~/.cargo/bin/cargo-tauri.exe + key: ${{ runner.os }}-${{ matrix.target }}-cargo-tauri-cli-v1 + + - name: Install tauri-cli + if: steps.cache-tauri-cli.outputs.cache-hit != 'true' + timeout-minutes: 25 + run: cargo install tauri-cli --version "^2" --locked + + - name: Install frontend deps + run: npm install + + - name: Resolve VERSION + id: ver + shell: bash + run: | + if [[ -n "${{ github.event.inputs.version }}" ]]; then + V="${{ github.event.inputs.version }}" + else + V="${GITHUB_REF_NAME#v}" + fi + echo "version=$V" >> "$GITHUB_OUTPUT" + echo "Resolved VERSION=$V" + + # 版本一致性: tag/输入的版本必须等于 tauri.conf.json 的 version, + # 否则产物名和 binary 内部版本会对不上, 早 fail。 + - name: Verify version matches tauri.conf.json + shell: bash + run: | + CONF_V=$(node -p "require('./src-tauri/tauri.conf.json').version") + if [[ "$CONF_V" != "${{ steps.ver.outputs.version }}" ]]; then + echo "::error::tag/输入版本 '${{ steps.ver.outputs.version }}' != tauri.conf.json version '$CONF_V'。请先把 src-tauri/tauri.conf.json 的 version 改成一致再发 tag。" + exit 1 + fi + echo "version OK: $CONF_V" + + # macOS: ad-hoc 默认, 有 Developer ID secret 则导入证书 + 公证。 + - name: Import macOS signing cert (optional) + if: startsWith(matrix.os, 'macos-') && env.CERT != '' + uses: apple-actions/import-codesign-certs@v3 + with: + p12-file-base64: ${{ secrets.APPLE_CERTIFICATE }} + p12-password: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }} + env: + CERT: ${{ secrets.APPLE_CERTIFICATE }} + + - name: Write Apple notary API key (optional) + if: startsWith(matrix.os, 'macos-') && env.KEY_B64 != '' + shell: bash + env: + KEY_B64: ${{ secrets.APPLE_API_KEY_BASE64 }} + KEY_ID: ${{ secrets.APPLE_API_KEY }} + run: | + mkdir -p ~/.appstoreconnect/private_keys + echo "$KEY_B64" | base64 -d > ~/.appstoreconnect/private_keys/AuthKey_${KEY_ID}.p8 + echo "APPLE_API_KEY_PATH=$HOME/.appstoreconnect/private_keys/AuthKey_${KEY_ID}.p8" >> "$GITHUB_ENV" + + - name: cargo tauri build + shell: bash + env: + APPLE_SIGNING_IDENTITY_RAW: ${{ secrets.APPLE_SIGNING_IDENTITY }} + APPLE_API_ISSUER_RAW: ${{ secrets.APPLE_API_ISSUER }} + APPLE_API_KEY_RAW: ${{ secrets.APPLE_API_KEY }} + run: | + set -euo pipefail + # 未配置的 secret 在 env 里是空串, 显式判空再 export, 空时不暴露给 build。 + [[ -n "${APPLE_SIGNING_IDENTITY_RAW:-}" ]] && export APPLE_SIGNING_IDENTITY="$APPLE_SIGNING_IDENTITY_RAW" + [[ -n "${APPLE_API_ISSUER_RAW:-}" ]] && export APPLE_API_ISSUER="$APPLE_API_ISSUER_RAW" + [[ -n "${APPLE_API_KEY_RAW:-}" ]] && export APPLE_API_KEY="$APPLE_API_KEY_RAW" + + if [[ "${{ matrix.os }}" == macos-* ]]; then + if [[ -z "${APPLE_SIGNING_IDENTITY:-}" ]]; then + # 无 Developer ID → ad-hoc, 让 Tauri 在 build 内 codesign --sign -。 + export APPLE_SIGNING_IDENTITY="-" + echo "::notice::macOS 无 Developer ID secret, 使用 ad-hoc 签名(-)" + fi + cargo tauri build --target "${{ matrix.target }}" --bundles app,dmg + else + cargo tauri build --target "${{ matrix.target }}" --bundles nsis + fi + + # macOS: 从 ad-hoc 签好的 .app 用 productbuild 生成 .pkg 安装器。 + # .pkg 本身未签(同 .dmg, 双击需右键打开), 但装进 /Applications 的 .app 是 ad-hoc 签的可运行。 + - name: Build macOS .pkg + if: startsWith(matrix.os, 'macos-') + shell: bash + run: | + set -euo pipefail + APP="src-tauri/target/${{ matrix.target }}/release/bundle/macos/agent_theme_companion.app" + PKG="src-tauri/target/${{ matrix.target }}/release/bundle/macos/agent_theme_companion_${{ steps.ver.outputs.version }}.pkg" + if [[ ! -d "$APP" ]]; then echo "::error::.app 不存在: $APP"; exit 1; fi + productbuild --component "$APP" /Applications "$PKG" + echo "Built pkg: $PKG" + + - name: Verify macOS bundles (codesign / hdiutil / pkg) + if: startsWith(matrix.os, 'macos-') + shell: bash + run: | + set -euo pipefail + BDIR="src-tauri/target/${{ matrix.target }}/release/bundle" + APP="$BDIR/macos/agent_theme_companion.app" + echo "::group::codesign --verify .app (深度严格)" + codesign --verify --deep --strict --verbose=2 "$APP" + echo "::endgroup::" + echo "::group::hdiutil verify dmg" + for d in "$BDIR"/dmg/*.dmg; do [[ -f "$d" ]] && hdiutil verify "$d"; done + echo "::endgroup::" + echo "::group::pkg payload sanity" + for p in "$BDIR"/macos/*.pkg; do + [[ -f "$p" ]] || continue + sz=$(wc -c < "$p"); (( sz > 1048576 )) || { echo "::error::.pkg 太小($sz)疑似坏包: $p"; exit 1; } + pkgutil --payload-files "$p" | grep -q "agent_theme_companion.app" || { echo "::error::.pkg 缺 .app payload: $p"; exit 1; } + echo "OK pkg: $p ($sz bytes)" + done + echo "::endgroup::" + + - name: Verify Windows .exe integrity + if: matrix.os == 'windows-latest' + shell: bash + run: | + set -euo pipefail + NSIS_DIR="src-tauri/target/${{ matrix.target }}/release/bundle/nsis" + for f in "$NSIS_DIR"/*-setup.exe; do + [[ -f "$f" ]] || continue + file "$f" | grep -qE "PE32\+? executable" || { echo "::error::非 PE32/PE32+ 可执行: $f"; exit 1; } + sz=$(wc -c < "$f"); (( sz > 1048576 )) || { echo "::error::Setup.exe 太小($sz)疑似坏包: $f"; exit 1; } + echo "OK exe: $f ($sz bytes)" + done + + - name: Stage + rename + sha256 + shell: bash + run: | + set -euo pipefail + V="${{ steps.ver.outputs.version }}"; PLAT="${{ matrix.plat }}" + BDIR="src-tauri/target/${{ matrix.target }}/release/bundle" + mkdir -p staging + shopt -s nullglob + case "$PLAT" in + macOS-*) + for f in "$BDIR"/dmg/*.dmg; do cp "$f" "staging/Agent-Theme-v${V}-${PLAT}.dmg"; done + for f in "$BDIR"/macos/*.pkg; do cp "$f" "staging/Agent-Theme-v${V}-${PLAT}.pkg"; done + ;; + Windows-x64) + for f in "$BDIR"/nsis/*-setup.exe; do cp "$f" "staging/Agent-Theme-v${V}-${PLAT}-Setup.exe"; done + ;; + esac + # sha256 旁车 + cd staging + for f in *; do + if command -v shasum >/dev/null; then shasum -a 256 "$f" > "$f.sha256"; + else sha256sum "$f" > "$f.sha256"; fi + done + echo "Staged for $PLAT:"; ls -la + files=(*) + if (( ${#files[@]} == 0 )); then + echo "::error::没有产物 staged($PLAT)"; find "../$BDIR" -maxdepth 3 -type f | sed -n '1,80p'; exit 1 + fi + + - uses: actions/upload-artifact@v4 + with: + name: bundle-${{ matrix.plat }} + path: staging/* + if-no-files-found: error + + release: + needs: build + runs-on: ubuntu-22.04 + steps: + - uses: actions/download-artifact@v4 + with: + path: dist + merge-multiple: true + + - name: Resolve VERSION + id: ver + shell: bash + run: | + if [[ -n "${{ github.event.inputs.version }}" ]]; then + V="${{ github.event.inputs.version }}" + else + V="${GITHUB_REF_NAME#v}" + fi + echo "version=$V" >> "$GITHUB_OUTPUT" + + - name: List artifacts + run: ls -la dist/ + + - uses: softprops/action-gh-release@v2 + with: + files: 'dist/*' + tag_name: v${{ steps.ver.outputs.version }} + name: v${{ steps.ver.outputs.version }} + draft: true + generate_release_notes: true diff --git a/README.en.md b/README.en.md index c02cef8..d7bf826 100644 --- a/README.en.md +++ b/README.en.md @@ -53,14 +53,25 @@ Every theme is **colour-matched individually** to its own background — glass t - 💾 **Persistent config** — settings saved to `~/.codex/agent-theme/config.json` - 🔒 **Single-instance guard** — prevents conflicting companion windows -## Install +## Download & Install -1. Download the latest `.dmg` from [Releases](https://github.com/Cmochance/agent-theme/releases) -2. Drag `Agent Theme Companion.app` into Applications -3. If macOS Gatekeeper blocks it on first launch ("unidentified developer"): `right-click → Open` once, or go to `System Settings → Privacy & Security` and click "Open Anyway" -4. Launch — the UI shows the agent's run state +Grab the asset for your platform from [Releases](https://github.com/Cmochance/agent-theme/releases) (each ships a `.sha256` checksum): -> **macOS only** for now (`agent.rs` process detection & paths depend on `~/Library/Application Support/`). Windows / Linux support is planned. +| Platform | Asset | Notes | +|---|---|---| +| macOS · Apple Silicon | `Agent-Theme-v-macOS-arm64.dmg` / `.pkg` | M-series | +| macOS · Intel | `Agent-Theme-v-macOS-x64.dmg` / `.pkg` | Intel x64 | +| Windows | `Agent-Theme-v-Windows-x64-Setup.exe` | NSIS installer | + +`.dmg` → drag into Applications; `.pkg` → double-click for the installer wizard. + +### macOS first launch (important) + +Not Apple-notarized yet, so the app uses **ad-hoc signing** (which avoids the "is damaged / can't be opened" error), but Gatekeeper will warn "unidentified developer" on first launch — **right-click the app (or .pkg) → Open** once to allow it, or go to `System Settings → Privacy & Security` and click "Open Anyway". Verify the download with `shasum -a 256 -c .sha256`. + +> Windows has no Authenticode signature, so SmartScreen may warn about an unknown publisher — click "More info → Run anyway"; verify with `.sha256`. + +> **Runtime platform**: the app logic is **macOS-only** for now (`agent.rs` process detection & paths depend on `~/Library/Application Support/`). The Windows installer installs & runs fine but won't detect Codex / Antigravity yet; cross-platform support is planned. ## Quick Start diff --git a/README.md b/README.md index 75f3789..24e143a 100644 --- a/README.md +++ b/README.md @@ -53,14 +53,25 @@ Agent Theme 是一个独立的桌面应用(Tauri v2)。代理(Codex Desktop / An - 💾 **配置持久化** —— 设置保存到 `~/.codex/agent-theme/config.json`,重启不丢失 - 🔒 **单实例保护** —— 防止多个伴侣窗口同时运行导致冲突 -## 安装 +## 下载与安装 -1. 从 [Releases](https://github.com/Cmochance/agent-theme/releases) 下载最新 `.dmg` -2. 将 `Agent Theme Companion.app` 拖入「应用程序」 -3. 首次打开若被 macOS Gatekeeper 拦截(「来自身份不明的开发者」):`右键 App → 打开` 一次性放行,或到 `系统设置 → 隐私与安全性` 点「仍要打开」 -4. 启动后界面即显示代理运行状态 +从 [Releases](https://github.com/Cmochance/agent-theme/releases) 下载对应平台的资产(每个包附 `.sha256` 校验文件): -> 当前**仅支持 macOS**(`agent.rs` 的进程检测与路径逻辑依赖 `~/Library/Application Support/`)。Windows / Linux 适配在计划中。 +| 平台 | 资产 | 说明 | +|---|---|---| +| macOS · Apple Silicon | `Agent-Theme-v<版本>-macOS-arm64.dmg` / `.pkg` | M 系列芯片 | +| macOS · Intel | `Agent-Theme-v<版本>-macOS-x64.dmg` / `.pkg` | Intel x64 | +| Windows | `Agent-Theme-v<版本>-Windows-x64-Setup.exe` | NSIS 安装器 | + +`.dmg` 拖入「应用程序」即可;`.pkg` 双击走安装向导。 + +### macOS 首次打开(重要) + +当前未做 Apple 公证,App 用 **ad-hoc 签名**(已避免「已损坏、无法打开」),但首次打开会被 Gatekeeper 提示「来自身份不明的开发者」——**右键 App(或 .pkg)→ 打开** 一次性放行即可,或到 `系统设置 → 隐私与安全性` 点「仍要打开」。下载完可用 `shasum -a 256 -c <文件>.sha256` 校验完整性。 + +> Windows 未做 Authenticode 签名,SmartScreen 可能提示未知发布者,点「更多信息 → 仍要运行」即可;可用 `.sha256` 校验。 + +> **运行平台**:App 逻辑当前**仅 macOS 可用**(`agent.rs` 的进程检测与路径依赖 `~/Library/Application Support/`)。Windows 安装包能正常安装运行,但暂时检测不到 Codex / Antigravity,跨平台适配在计划中。 ## 快速开始 From 7f82b76a5aa2a5b4f15a4b782bf9aff6dfd4b72a Mon Sep 17 00:00:00 2001 From: Cmochance <3216202644@qq.com> Date: Mon, 1 Jun 2026 16:31:58 +0800 Subject: [PATCH 2/3] ci: scope first release to macOS .app + .dmg (arm64 + Intel) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Drop the .pkg productbuild step and the Windows .exe job for the first release — keep it to the locally-validated macOS dmg path (arm64 + Intel). The Windows build is untested and, since `release` needs all build jobs, a Windows failure would block the whole release; .pkg / Windows can be re-added later. README download section trimmed to the two macOS .dmg assets. --- .github/workflows/release.yml | 101 ++++++++-------------------------- README.en.md | 15 ++--- README.md | 15 ++--- 3 files changed, 35 insertions(+), 96 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 1137e26..3f8e460 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,10 +1,11 @@ name: release -# 多平台自动打包 pipeline: -# macos-14 (Apple Silicon arm64 原生) + macos-15-intel (Intel x64 原生) + windows-latest +# 自动打包 pipeline(第一版:macOS .app + .dmg,arm64 + Intel)。 +# macos-14 (Apple Silicon arm64 原生) + macos-15-intel (Intel x64 原生) # 触发: push tag v* 或 workflow_dispatch(手动填 version) -# 产物: cargo tauri build 直出 .dmg / nsis .exe, macOS 额外 productbuild 出 .pkg, -# 每个产物附 .sha256, 收口到一个 draft GitHub release 让你手动确认转正式。 +# 产物: cargo tauri build 直出 .dmg, 每个附 .sha256, 收口到一个 draft GitHub +# release 让你手动确认转正式。 +# (.pkg / Windows .exe 暂未启用, 后续需要时再加。) # # === 签名(重点,避免"打包出来不可用")=== # macOS: 默认 ad-hoc 签名(APPLE_SIGNING_IDENTITY="-")。完全未签的 .app 在 macOS @@ -14,8 +15,6 @@ name: release # APPLE_CERTIFICATE / APPLE_CERTIFICATE_PASSWORD Developer ID Application .p12 (base64) + 密码 # APPLE_SIGNING_IDENTITY 形如 "Developer ID Application: Name (TEAMID)" # APPLE_API_KEY_BASE64 / APPLE_API_KEY / APPLE_API_ISSUER App Store Connect API key(.p8 base64)+ Key ID + Issuer ID(公证用) -# Windows: NSIS .exe 未做 Authenticode 签名(SmartScreen 会提示未知发布者,可正常安装), -# 随包发 .sha256 供校验完整性。 # # 注意: macOS 不能"先 build app + 手动 codesign + 再 build dmg"——第二次 build 会重新 # bundle .app 覆盖签名。必须让 Tauri 在同一次 build 内完成签名链(本 workflow 即如此)。 @@ -49,9 +48,6 @@ jobs: - os: macos-15-intel target: x86_64-apple-darwin plat: macOS-x64 - - os: windows-latest - target: x86_64-pc-windows-msvc - plat: Windows-x64 runs-on: ${{ matrix.os }} steps: - uses: actions/checkout@v4 @@ -69,14 +65,11 @@ jobs: workspaces: 'src-tauri -> target' key: ${{ matrix.target }} - # windows-latest 冷编译 tauri-cli 需 15-25 min, 给独立 cache + 25 min timeout。 - name: Cache cargo-tauri binary id: cache-tauri-cli uses: actions/cache@v4 with: - path: | - ~/.cargo/bin/cargo-tauri - ~/.cargo/bin/cargo-tauri.exe + path: ~/.cargo/bin/cargo-tauri key: ${{ runner.os }}-${{ matrix.target }}-cargo-tauri-cli-v1 - name: Install tauri-cli @@ -99,8 +92,8 @@ jobs: echo "version=$V" >> "$GITHUB_OUTPUT" echo "Resolved VERSION=$V" - # 版本一致性: tag/输入的版本必须等于 tauri.conf.json 的 version, - # 否则产物名和 binary 内部版本会对不上, 早 fail。 + # 版本一致性: tag/输入的版本必须等于 tauri.conf.json 的 version, 否则产物名 + # 和 binary 内部版本会对不上, 早 fail。 - name: Verify version matches tauri.conf.json shell: bash run: | @@ -113,7 +106,7 @@ jobs: # macOS: ad-hoc 默认, 有 Developer ID secret 则导入证书 + 公证。 - name: Import macOS signing cert (optional) - if: startsWith(matrix.os, 'macos-') && env.CERT != '' + if: env.CERT != '' uses: apple-actions/import-codesign-certs@v3 with: p12-file-base64: ${{ secrets.APPLE_CERTIFICATE }} @@ -122,7 +115,7 @@ jobs: CERT: ${{ secrets.APPLE_CERTIFICATE }} - name: Write Apple notary API key (optional) - if: startsWith(matrix.os, 'macos-') && env.KEY_B64 != '' + if: env.KEY_B64 != '' shell: bash env: KEY_B64: ${{ secrets.APPLE_API_KEY_BASE64 }} @@ -132,7 +125,7 @@ jobs: echo "$KEY_B64" | base64 -d > ~/.appstoreconnect/private_keys/AuthKey_${KEY_ID}.p8 echo "APPLE_API_KEY_PATH=$HOME/.appstoreconnect/private_keys/AuthKey_${KEY_ID}.p8" >> "$GITHUB_ENV" - - name: cargo tauri build + - name: cargo tauri build (app + dmg) shell: bash env: APPLE_SIGNING_IDENTITY_RAW: ${{ secrets.APPLE_SIGNING_IDENTITY }} @@ -144,33 +137,14 @@ jobs: [[ -n "${APPLE_SIGNING_IDENTITY_RAW:-}" ]] && export APPLE_SIGNING_IDENTITY="$APPLE_SIGNING_IDENTITY_RAW" [[ -n "${APPLE_API_ISSUER_RAW:-}" ]] && export APPLE_API_ISSUER="$APPLE_API_ISSUER_RAW" [[ -n "${APPLE_API_KEY_RAW:-}" ]] && export APPLE_API_KEY="$APPLE_API_KEY_RAW" - - if [[ "${{ matrix.os }}" == macos-* ]]; then - if [[ -z "${APPLE_SIGNING_IDENTITY:-}" ]]; then - # 无 Developer ID → ad-hoc, 让 Tauri 在 build 内 codesign --sign -。 - export APPLE_SIGNING_IDENTITY="-" - echo "::notice::macOS 无 Developer ID secret, 使用 ad-hoc 签名(-)" - fi - cargo tauri build --target "${{ matrix.target }}" --bundles app,dmg - else - cargo tauri build --target "${{ matrix.target }}" --bundles nsis + if [[ -z "${APPLE_SIGNING_IDENTITY:-}" ]]; then + # 无 Developer ID → ad-hoc, 让 Tauri 在 build 内 codesign --sign -。 + export APPLE_SIGNING_IDENTITY="-" + echo "::notice::macOS 无 Developer ID secret, 使用 ad-hoc 签名(-)" fi + cargo tauri build --target "${{ matrix.target }}" --bundles app,dmg - # macOS: 从 ad-hoc 签好的 .app 用 productbuild 生成 .pkg 安装器。 - # .pkg 本身未签(同 .dmg, 双击需右键打开), 但装进 /Applications 的 .app 是 ad-hoc 签的可运行。 - - name: Build macOS .pkg - if: startsWith(matrix.os, 'macos-') - shell: bash - run: | - set -euo pipefail - APP="src-tauri/target/${{ matrix.target }}/release/bundle/macos/agent_theme_companion.app" - PKG="src-tauri/target/${{ matrix.target }}/release/bundle/macos/agent_theme_companion_${{ steps.ver.outputs.version }}.pkg" - if [[ ! -d "$APP" ]]; then echo "::error::.app 不存在: $APP"; exit 1; fi - productbuild --component "$APP" /Applications "$PKG" - echo "Built pkg: $PKG" - - - name: Verify macOS bundles (codesign / hdiutil / pkg) - if: startsWith(matrix.os, 'macos-') + - name: Verify macOS bundles (codesign / hdiutil) shell: bash run: | set -euo pipefail @@ -180,30 +154,13 @@ jobs: codesign --verify --deep --strict --verbose=2 "$APP" echo "::endgroup::" echo "::group::hdiutil verify dmg" - for d in "$BDIR"/dmg/*.dmg; do [[ -f "$d" ]] && hdiutil verify "$d"; done - echo "::endgroup::" - echo "::group::pkg payload sanity" - for p in "$BDIR"/macos/*.pkg; do - [[ -f "$p" ]] || continue - sz=$(wc -c < "$p"); (( sz > 1048576 )) || { echo "::error::.pkg 太小($sz)疑似坏包: $p"; exit 1; } - pkgutil --payload-files "$p" | grep -q "agent_theme_companion.app" || { echo "::error::.pkg 缺 .app payload: $p"; exit 1; } - echo "OK pkg: $p ($sz bytes)" + for d in "$BDIR"/dmg/*.dmg; do + [[ -f "$d" ]] || continue + hdiutil verify "$d" + sz=$(wc -c < "$d"); (( sz > 1048576 )) || { echo "::error::.dmg 太小($sz)疑似坏包: $d"; exit 1; } done echo "::endgroup::" - - name: Verify Windows .exe integrity - if: matrix.os == 'windows-latest' - shell: bash - run: | - set -euo pipefail - NSIS_DIR="src-tauri/target/${{ matrix.target }}/release/bundle/nsis" - for f in "$NSIS_DIR"/*-setup.exe; do - [[ -f "$f" ]] || continue - file "$f" | grep -qE "PE32\+? executable" || { echo "::error::非 PE32/PE32+ 可执行: $f"; exit 1; } - sz=$(wc -c < "$f"); (( sz > 1048576 )) || { echo "::error::Setup.exe 太小($sz)疑似坏包: $f"; exit 1; } - echo "OK exe: $f ($sz bytes)" - done - - name: Stage + rename + sha256 shell: bash run: | @@ -212,21 +169,9 @@ jobs: BDIR="src-tauri/target/${{ matrix.target }}/release/bundle" mkdir -p staging shopt -s nullglob - case "$PLAT" in - macOS-*) - for f in "$BDIR"/dmg/*.dmg; do cp "$f" "staging/Agent-Theme-v${V}-${PLAT}.dmg"; done - for f in "$BDIR"/macos/*.pkg; do cp "$f" "staging/Agent-Theme-v${V}-${PLAT}.pkg"; done - ;; - Windows-x64) - for f in "$BDIR"/nsis/*-setup.exe; do cp "$f" "staging/Agent-Theme-v${V}-${PLAT}-Setup.exe"; done - ;; - esac - # sha256 旁车 + for f in "$BDIR"/dmg/*.dmg; do cp "$f" "staging/Agent-Theme-v${V}-${PLAT}.dmg"; done cd staging - for f in *; do - if command -v shasum >/dev/null; then shasum -a 256 "$f" > "$f.sha256"; - else sha256sum "$f" > "$f.sha256"; fi - done + for f in *; do shasum -a 256 "$f" > "$f.sha256"; done echo "Staged for $PLAT:"; ls -la files=(*) if (( ${#files[@]} == 0 )); then diff --git a/README.en.md b/README.en.md index d7bf826..3ca0063 100644 --- a/README.en.md +++ b/README.en.md @@ -55,23 +55,20 @@ Every theme is **colour-matched individually** to its own background — glass t ## Download & Install -Grab the asset for your platform from [Releases](https://github.com/Cmochance/agent-theme/releases) (each ships a `.sha256` checksum): +Grab the `.dmg` for your chip from [Releases](https://github.com/Cmochance/agent-theme/releases) (each ships a `.sha256` checksum): | Platform | Asset | Notes | |---|---|---| -| macOS · Apple Silicon | `Agent-Theme-v-macOS-arm64.dmg` / `.pkg` | M-series | -| macOS · Intel | `Agent-Theme-v-macOS-x64.dmg` / `.pkg` | Intel x64 | -| Windows | `Agent-Theme-v-Windows-x64-Setup.exe` | NSIS installer | +| macOS · Apple Silicon | `Agent-Theme-v-macOS-arm64.dmg` | M-series | +| macOS · Intel | `Agent-Theme-v-macOS-x64.dmg` | Intel x64 | -`.dmg` → drag into Applications; `.pkg` → double-click for the installer wizard. +Open the `.dmg` and drag the app into Applications. ### macOS first launch (important) -Not Apple-notarized yet, so the app uses **ad-hoc signing** (which avoids the "is damaged / can't be opened" error), but Gatekeeper will warn "unidentified developer" on first launch — **right-click the app (or .pkg) → Open** once to allow it, or go to `System Settings → Privacy & Security` and click "Open Anyway". Verify the download with `shasum -a 256 -c .sha256`. +Not Apple-notarized yet, so the app uses **ad-hoc signing** (which avoids the "is damaged / can't be opened" error), but Gatekeeper will warn "unidentified developer" on first launch — **right-click the app → Open** once to allow it, or go to `System Settings → Privacy & Security` and click "Open Anyway". Verify the download with `shasum -a 256 -c .sha256`. -> Windows has no Authenticode signature, so SmartScreen may warn about an unknown publisher — click "More info → Run anyway"; verify with `.sha256`. - -> **Runtime platform**: the app logic is **macOS-only** for now (`agent.rs` process detection & paths depend on `~/Library/Application Support/`). The Windows installer installs & runs fine but won't detect Codex / Antigravity yet; cross-platform support is planned. +> **Runtime platform**: **macOS only** for now (`agent.rs` process detection & paths depend on `~/Library/Application Support/`). Windows / Linux support is planned. ## Quick Start diff --git a/README.md b/README.md index 24e143a..0cebbdd 100644 --- a/README.md +++ b/README.md @@ -55,23 +55,20 @@ Agent Theme 是一个独立的桌面应用(Tauri v2)。代理(Codex Desktop / An ## 下载与安装 -从 [Releases](https://github.com/Cmochance/agent-theme/releases) 下载对应平台的资产(每个包附 `.sha256` 校验文件): +从 [Releases](https://github.com/Cmochance/agent-theme/releases) 下载对应芯片的 `.dmg`(每个附 `.sha256` 校验文件): | 平台 | 资产 | 说明 | |---|---|---| -| macOS · Apple Silicon | `Agent-Theme-v<版本>-macOS-arm64.dmg` / `.pkg` | M 系列芯片 | -| macOS · Intel | `Agent-Theme-v<版本>-macOS-x64.dmg` / `.pkg` | Intel x64 | -| Windows | `Agent-Theme-v<版本>-Windows-x64-Setup.exe` | NSIS 安装器 | +| macOS · Apple Silicon | `Agent-Theme-v<版本>-macOS-arm64.dmg` | M 系列芯片 | +| macOS · Intel | `Agent-Theme-v<版本>-macOS-x64.dmg` | Intel x64 | -`.dmg` 拖入「应用程序」即可;`.pkg` 双击走安装向导。 +下载后把 `.dmg` 里的 App 拖入「应用程序」即可。 ### macOS 首次打开(重要) -当前未做 Apple 公证,App 用 **ad-hoc 签名**(已避免「已损坏、无法打开」),但首次打开会被 Gatekeeper 提示「来自身份不明的开发者」——**右键 App(或 .pkg)→ 打开** 一次性放行即可,或到 `系统设置 → 隐私与安全性` 点「仍要打开」。下载完可用 `shasum -a 256 -c <文件>.sha256` 校验完整性。 +当前未做 Apple 公证,App 用 **ad-hoc 签名**(已避免「已损坏、无法打开」),但首次打开会被 Gatekeeper 提示「来自身份不明的开发者」——**右键 App → 打开** 一次性放行即可,或到 `系统设置 → 隐私与安全性` 点「仍要打开」。下载完可用 `shasum -a 256 -c <文件>.sha256` 校验完整性。 -> Windows 未做 Authenticode 签名,SmartScreen 可能提示未知发布者,点「更多信息 → 仍要运行」即可;可用 `.sha256` 校验。 - -> **运行平台**:App 逻辑当前**仅 macOS 可用**(`agent.rs` 的进程检测与路径依赖 `~/Library/Application Support/`)。Windows 安装包能正常安装运行,但暂时检测不到 Codex / Antigravity,跨平台适配在计划中。 +> **运行平台**:当前**仅支持 macOS**(`agent.rs` 的进程检测与路径依赖 `~/Library/Application Support/`)。Windows / Linux 适配在计划中。 ## 快速开始 From 8911b622824da6bf106b734ef2fe6ee344d78a28 Mon Sep 17 00:00:00 2001 From: Cmochance <3216202644@qq.com> Date: Mon, 1 Jun 2026 16:37:17 +0800 Subject: [PATCH 3/3] docs: add supported-apps list near the top of the README --- README.en.md | 9 +++++++++ README.md | 9 +++++++++ 2 files changed, 18 insertions(+) diff --git a/README.en.md b/README.en.md index 3ca0063..b6fbde4 100644 --- a/README.en.md +++ b/README.en.md @@ -21,6 +21,15 @@ Agent Theme is a standalone desktop app (Tauri v2). The agent (Codex Desktop / Antigravity) is launched with `--remote-debugging-port` to expose a CDP port; this app connects over WebSocket and uses `Page.addScriptToEvaluateOnNewDocument` to inject a script before the page loads — adding a background layer, overriding the agent UI's design tokens, and applying `backdrop-filter` frosted glass to each panel. The whole theme lives only at runtime: turn off the toggle or restart the agent and it disappears, **without modifying the agent's binary or any config file**. +## Supported Apps + +| Agent | Status | How it's reskinned | +|---|---|---| +| **Codex Desktop** | ✅ Supported | overrides Tailwind v4 `--color-token-*` design tokens + per-module frosted glass | +| **Antigravity** | ✅ Supported | overrides shadcn / `--vscode-*` semantic tokens + per-panel frosted glass + chat-prose / code-block recolouring | + +> Both are injected at the CDP runtime and share `theme.json`'s colour knobs; support for more agents will be added over time. + ## Theme Showcase Every theme is **colour-matched individually** to its own background — glass tinted from the image's dark tones, accent taken from the character's signature colour, and the legibility scrim calibrated per-wallpaper by brightness — so chat text stays readable on any image instead of hiding behind a uniform dark overlay. Below is the actual look on Antigravity (sidebar & input text blurred for privacy): diff --git a/README.md b/README.md index 0cebbdd..2231fcb 100644 --- a/README.md +++ b/README.md @@ -21,6 +21,15 @@ Agent Theme 是一个独立的桌面应用(Tauri v2)。代理(Codex Desktop / Antigravity)启动时附带 `--remote-debugging-port` 暴露 CDP 端口,本应用通过 WebSocket 连上去,用 `Page.addScriptToEvaluateOnNewDocument` 在页面加载前注入一段脚本:插入背景图层 + 覆盖代理 UI 的设计令牌(design tokens)+ 给各面板加 `backdrop-filter` 磨砂玻璃。整套主题只活在运行时,关掉开关或代理重启即自然消失,**不动代理的 binary、不改任何配置文件**。 +## 已适配应用 + +| 代理 | 状态 | 换肤方式 | +|---|---|---| +| **Codex Desktop** | ✅ 已适配 | 覆盖 Tailwind v4 `--color-token-*` 设计令牌 + 各模块磨砂玻璃 | +| **Antigravity** | ✅ 已适配 | 覆盖 shadcn / `--vscode-*` 语义令牌 + 各面板磨砂玻璃 + 对话正文 / 代码块重配色 | + +> 两者都通过 CDP 运行时注入、共用 `theme.json` 的配色旋钮;后续适配更多代理会陆续加入。 + ## 主题展示 每套主题都按自己的背景图**单独调色**——玻璃从画面暗部取色、强调色取角色的标志色、可读性 scrim 按壁纸亮度逐张校准,让聊天文字在任意壁纸上都清晰,而不是套一个统一的暗色蒙版。下面是 Antigravity 上的实际效果(侧栏与输入框文字已做模糊处理):