Skip to content

Commit

Permalink
292 code signing migration (#14925)
Browse files Browse the repository at this point in the history 
* changes to support new code signing system
* updated action
* Update package.yml
* added ignore file list
* version bump to test
  • Loading branch information
@insomnious
insomnious authored Nov 22, 2023
1 parent 4da1f4f commit 8a1ca70
Show file tree
Hide file tree
Showing 6 changed files with 292 additions and 166 deletions.
328 changes: 163 additions & 165 deletions .github/workflows/package.yml
View file
Original file line number Diff line number Diff line change
@@ -1,165 +1,163 @@
name: Package

on:
workflow_dispatch:
inputs:
version:
description: "The version to release (eg: 'v1.0.0')"
required: true
type: string
build-unpacked:
description: "Create unpacked artifact?"
required: true
type: boolean
default: true
build-installer:
description: "Create installer artifact?"
required: true
type: boolean
default: true
draft:
description: "Create a draft release? (not used)"
required: false
type: boolean
default: true
prerelease:
description: "Create a prerelease? (not used)"
required: false
type: boolean
default: true

env:
SigningCertificate: cert.pfx

jobs:
build:
runs-on: windows-latest
env:
ACTIONS_ALLOW_UNSECURE_COMMANDS: true # Allows AddPAth and SetEnv commands
CERT_PATH: Release

strategy:
matrix:
dotnet-version: [ 6.0.x ]

steps:
- name: Set Outputs
id: setOutputs
shell: pwsh
env:
InputVersion: ${{ inputs.version }}
run: |
$tagVersion = $env:InputVersion.StartsWith('v') ? $env:InputVersion : "v" + $env:InputVersion
$rawVersion = $env:InputVersion.StartsWith('v') ? $env:InputVersion.Substring(1) : $env:InputVersion
$validation = [System.Version]::Parse($rawVersion)
echo "tagVersion=$tagVersion" >> $env:GITHUB_OUTPUT
echo "rawVersion=$rawVersion" >> $env:GITHUB_OUTPUT
echo "artifactNameUnpacked=vortex-setup-$rawVersion-unpacked" >> $env:GITHUB_OUTPUT
echo "artifactNameInstaller=vortex-setup-$rawVersion-installer" >> $env:GITHUB_OUTPUT
- name: Get current time
uses: josStorer/get-current-time@v2
id: current-time
with:
format: 'YYYY-MM-DD HHmm'
- name: Use current time
env:
TIME: "${{ steps.current-time.outputs.time }}"
R_TIME: "${{ steps.current-time.outputs.readableTime }}"
F_TIME: "${{ steps.current-time.outputs.formattedTime }}"
YEAR: "${{ steps.current-time.outputs.year }}"
DAY: "${{ steps.current-time.outputs.day }}"
run: echo $TIME $R_TIME $F_TIME $YEAR $DAY

- uses: actions/checkout@v3
with:
submodules: "recursive"

- name: Download VC_redist
shell: pwsh
run: |
$vcredist = "https://aka.ms/vs/17/release/vc_redist.x64.exe"
Invoke-WebRequest $vcredist -OutFile build\VC_redist.x64.exe
- name: Use Node.js
uses: actions/setup-node@v3
with:
node-version: '16.x'
cache: "yarn"

- name: Install dependencies
run: yarn --frozen-lockfile --network-timeout 600000 install

- name: Print debug info
run: dotnet --info

- name: Decode PFX
shell: pwsh
id: decode-pfx
run: |
$certBytes = [System.Convert]::FromBase64String("${{ secrets.PFX_BASE64 }}")
$certPath = Join-Path -Path $env:RUNNER_TEMP -ChildPath $env:SigningCertificate
[IO.File]::WriteAllBytes("$certPath", $certBytes)
#- name: Update Licenses
# run: yarn update_aboutpage

- name: Build API
run: yarn --non-interactive build_api

- name: Build Install
run: yarn --non-interactive _install_app

- name: Build Subprojects
run: yarn --non-interactive subprojects_app

- name: Build Assets
run: yarn --non-interactive _assets_app

- name: Webpack
run: yarn build_dist

- name: Sign
shell: pwsh
run: |
$signtool = "C:\Program Files (x86)\Microsoft SDKs\ClickOnce\SignTool\signtool.exe"
$timestamp = "http://timestamp.digicert.com"
$certPath = Join-Path -Path $env:RUNNER_TEMP -ChildPath $env:SigningCertificate
& $signtool sign /f $certPath /p "${{ secrets.PFX_KEY }}" /td sha256 /fd sha256 /tr $timestamp "app\node_modules\winapi-bindings\build\Release\winapi.node"
- name: Package
run: yarn package
env:
DEBUG: electron-builder
CSC_LINK: ${{ secrets.PFX_BASE64 }} # works directly with base64 string and not a path
CSC_KEY_PASSWORD: ${{ secrets.PFX_KEY }}

- name: Extract Sourcemaps
run: yarn extract_sourcemaps

- name: Test
run: yarn test

- name: Remove PFX
shell: pwsh
run: |
$certPath = Join-Path -Path $env:RUNNER_TEMP -ChildPath $env:SigningCertificate
Remove-Item -Path $certPath
- name: Upload Unpacked
uses: actions/upload-artifact@v3
if: inputs.build-unpacked == true
with:
name: ${{ steps.setOutputs.outputs.artifactNameUnpacked }}
path: ./dist/win-unpacked
if-no-files-found: error

- name: Upload Installer
uses: actions/upload-artifact@v3
if: inputs.build-installer == true
with:
name: ${{ steps.setOutputs.outputs.artifactNameInstaller }}
path: |
./dist/vortex-setup-*.*.*.exe
./dist/latest.yml
if-no-files-found: error
name: Package

on:
workflow_dispatch:
inputs:
version:
description: "The version to release (eg: 'v1.0.0')"
required: true
type: string
build-unpacked:
description: "Create unpacked artifact?"
required: true
type: boolean
default: true
build-installer:
description: "Create installer artifact?"
required: true
type: boolean
default: true
deploy-epic:
description: "Deploy to Epic?"
required: false
type: boolean
default: true
release:
description: "Create a draft release?"
required: false
type: boolean
default: true

jobs:
build:
runs-on: windows-latest
env:
ES_USERNAME: ${{ secrets.ES_USERNAME }}
ES_PASSWORD: ${{ secrets.ES_PASSWORD }}
ES_CREDENTIAL_ID: ${{ secrets.ES_CREDENTIAL_ID }}
ES_TOTP_SECRET: ${{ secrets.ES_TOTP_SECRET }}
ACTIONS_ALLOW_UNSECURE_COMMANDS: true # Allows AddPAth and SetEnv commands

strategy:
matrix:
dotnet-version: [ 6.0.x ]

steps:
- name: Set Outputs
id: setOutputs
shell: pwsh
env:
InputVersion: ${{ inputs.version }}
GITHUB_RUN_NUMBER: ${{ github.run_number }}
run: |
$tagVersion = $env:InputVersion.StartsWith('v') ? $env:InputVersion : "v" + $env:InputVersion
$rawVersion = $env:InputVersion.StartsWith('v') ? $env:InputVersion.Substring(1) : $env:InputVersion
$validation = [System.Version]::Parse($rawVersion)
echo "tagVersion=$tagVersion" >> $env:GITHUB_OUTPUT
echo "rawVersion=$rawVersion" >> $env:GITHUB_OUTPUT
echo "artifactNameUnpacked=vortex-setup-$rawVersion-unpacked" >> $env:GITHUB_OUTPUT
echo "artifactNameInstaller=vortex-setup-$rawVersion-installer" >> $env:GITHUB_OUTPUT
echo "epicBuildString=$rawVersion+$env:GITHUB_RUN_NUMBER" >> $env:GITHUB_OUTPUT
echo "epicBuildString=$rawVersion+$env:GITHUB_RUN_NUMBER"
- name: Get current time
uses: josStorer/get-current-time@v2
id: current-time
with:
format: 'YYYY-MM-DD HHmm'
- name: Use current time
env:
TIME: "${{ steps.current-time.outputs.time }}"
R_TIME: "${{ steps.current-time.outputs.readableTime }}"
F_TIME: "${{ steps.current-time.outputs.formattedTime }}"
YEAR: "${{ steps.current-time.outputs.year }}"
DAY: "${{ steps.current-time.outputs.day }}"
run: echo $TIME $R_TIME $F_TIME $YEAR $DAY

- uses: actions/checkout@v3
with:
submodules: "recursive"

- name: Download VC_redist
shell: pwsh
run: |
$vcredist = "https://aka.ms/vs/17/release/vc_redist.x64.exe"
Invoke-WebRequest $vcredist -OutFile build\VC_redist.x64.exe
- name: Download CodeSignTool
id: codesign
shell: pwsh
run: .\download-codesigntool.ps1

- name: Use Node.js
uses: actions/setup-node@v3
with:
node-version: '16.x'
cache: "yarn"

- name: Install dependencies
run: yarn --frozen-lockfile --network-timeout 600000 install

- name: Print debug info
run: dotnet --info

- name: Build API
run: yarn --non-interactive build_api

- name: Build Install
run: yarn --non-interactive _install_app

- name: Build Subprojects
run: yarn --non-interactive subprojects_app

- name: Build Assets
run: yarn --non-interactive _assets_app

- name: Webpack
run: yarn build_dist

- name: Package
run: yarn package
env:
DEBUG: electron-builder

- name: Extract Sourcemaps
run: yarn extract_sourcemaps

- name: Test
run: yarn test

- name: Release
uses: softprops/action-gh-release@v1
if: inputs.release == true
with:
files: |
./dist/vortex-setup-${{ steps.setOutputs.outputs.rawVersion }}.exe
./dist/latest.yml
prerelease: true
draft: true
name: ${{ steps.setOutputs.outputs.rawVersion }}
tag_name: ${{ steps.setOutputs.outputs.tagVersion }}

- name: Deploy to Epic
if: inputs.deploy-epic == true
shell: pwsh
run: |
echo "${{ steps.setOutputs.outputs.epicBuildString }}"
- name: Upload Unpacked
uses: actions/upload-artifact@v3
if: inputs.build-unpacked == true
with:
name: ${{ steps.setOutputs.outputs.artifactNameUnpacked }}
path: ./dist/win-unpacked
if-no-files-found: error

- name: Upload Installer
uses: actions/upload-artifact@v3
if: inputs.build-installer == true
with:
name: ${{ steps.setOutputs.outputs.artifactNameInstaller }}
path: |
./dist/vortex-setup-*.*.*.exe
./dist/latest.yml
if-no-files-found: error
1 change: 1 addition & 0 deletions .gitignore
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ app/bundledPlugins
attachments
sourcemaps
*.env
CodeSignTool*

# User-specific files
*.suo
Expand Down
2 changes: 1 addition & 1 deletion app/package.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "vortex",
"version": "1.9.9",
"version": "1.9.10",
"productName": "Vortex",
"description": "Vortex",
"author": "Black Tree Gaming Ltd.",
Expand Down
Loading

0 comments on commit 8a1ca70

Please sign in to comment.