Desktop configurator for the EPOMAKER EK21 (Tauri v2 + React + Rust), including keymap, macros, encoder, and lighting controls over HID/VIA protocol.
- Frontend: React + TypeScript + Vite
- Desktop shell: Tauri v2
- Backend: Rust (
hidapi)
Install dependencies:
npm ciRun frontend dev server:
npm run devBuild frontend:
npm run buildRun Tauri commands:
npm run tauri -- infoThis repository now includes security-focused CI workflows:
- PR security checks:
.github/workflows/pr-security.yml - Release security checks + SBOM + signing readiness:
.github/workflows/release-security.yml - CodeQL (Rust + JavaScript/TypeScript):
.github/workflows/codeql.yml - Dependabot weekly updates (npm + cargo):
.github/dependabot.yml
Detailed process docs:
- Builds and tests frontend + Rust backend.
- Runs
npm audit --omit=dev --audit-level=high. - Runs
cargo auditand blocks on RustSec vulnerabilities. - Uploads audit artifacts:
cargo-audit.jsonnpm-audit-summary.txt
- Runs stricter dependency scan including dev dependencies.
- Runs Rust checks/tests and
cargo audit. - Generates SBOM artifacts:
sbom-npm.jsonsbom-cargo.json
- Validates signing/notarization secret placeholders.
- If a GitHub Release already exists for the tag, security artifacts are attached to it.
The release workflow checks for the presence of:
APPLE_SIGNING_CERT_BASE64APPLE_SIGNING_CERT_PASSWORDAPPLE_SIGNING_IDENTITYAPPLE_TEAM_IDAPPLE_IDAPPLE_APP_SPECIFIC_PASSWORD
Note: This phase validates readiness only. It does not yet automate signed/notarized artifact publishing.
Configure repository branch protection for main to require:
PR Security / build-and-testPR Security / dependency-scanCodeQL / Analyze (javascript-typescript)CodeQL / Analyze (rust)
Also require up-to-date branches and disable direct pushes to main.