Add force command to powershell package installation command. #4

Summary
Jobs
- setup
- installer
Run details
- Usage
- Workflow file

Workflow file for this run

.github/workflows/test-code-signing.yaml at 0b41cb8

	name: test-code-signing

	on:
	push:
	branches: [code-signing]

	jobs:
	setup:
	if: github.repository == 'not-hsorby/mapclient'
	runs-on: ubuntu-latest
	outputs:
	matrix: ${{ steps.set-matrix.outputs.matrix }}
	run-installer: ${{ steps.set-matrix.outputs.run-installer }}
	package: ${{ steps.set-matrix.outputs.run-packaging }}
	tag: ${{ steps.get-tag.outputs.tag }}
	steps:
	- name: Get the tag
	id: get-tag
	shell: bash
	run: \|
	echo "Setting tag as: vX.Y.Z"
	echo "tag=vX.Y.Z" >> $GITHUB_OUTPUT
	- name: Get the release name
	id: get-release-name
	shell: bash
	run: \|
	tag=${{ steps.get-tag.outputs.tag }}
	bare_tag=${tag/v/}
	IFS='.' read -ra bare_tag_parts <<< "$bare_tag"
	name="${bare_tag_parts[0]}.${bare_tag_parts[1]}.${bare_tag_parts[2]}"
	echo "Setting name as: ${name}"
	echo "name=$name" >> $GITHUB_OUTPUT
	- name: Determine required assets
	id: set-variants
	shell: cmake -P {0}
	run: \|
	set(RELEASE_BODY "${{ github.event.release.body }}")

	string(REPLACE "\n" ";" _PARTS "${RELEASE_BODY}")

	set(VARIANTS standard)

	message(STATUS "variants=\"${VARIANTS}\"")
	file(APPEND $ENV{GITHUB_OUTPUT} "variants=\"${VARIANTS}\"")
	- name: set_matrix
	id: set-matrix
	shell: bash
	run: \|
	matrixElements=()
	variants=${{ steps.set-variants.outputs.variants }}
	for v in $variants; do
	matrixElements+=('{"os":"windows-2022","variant":"'$v'","tag":"${{ steps.get-tag.outputs.tag }}","release-name":"${{ steps.get-release-name.outputs.name }}","python-version":"3.9"}')
	done
	if [ "${#matrixElements[@]}" -eq "0" ]; then
	echo run-installer=false >> $GITHUB_OUTPUT
	echo run-packaging=false >> $GITHUB_OUTPUT
	else
	echo run-installer=true >> $GITHUB_OUTPUT
	echo run-packaging=true >> $GITHUB_OUTPUT
	fi

	function join_by { local IFS="$1"; shift; echo "$*"; }
	content=`join_by , ${matrixElements[@]}`
	echo "{\"include\":[$content]}"
	echo "matrix={\"include\":[$content]}" >> $GITHUB_OUTPUT

	installer:
	needs: setup
	name: installer
	if: needs.setup.outputs.run-installer == 'true'
	runs-on: ${{ matrix.os }}
	strategy:
	matrix: ${{fromJson(needs.setup.outputs.matrix)}}
	steps:
	- name: Install PowerShell module SignPath (Windows)
	if: runner.os == 'Windows'
	shell: pwsh
	run: \|
	Install-Module -Name SignPath -MinimumVersion 4.4.1
	- name: Set up Python
	uses: actions/setup-python@v5
	with:
	python-version: ${{ matrix.python-version }}
	- name: Checkout codebase
	uses: actions/checkout@v4
	with:
	ref: code-signing
	path: mapclient
	- name: Setup scripts
	uses: actions/checkout@v4
	with:
	repository: hsorby/mapclientreleasescripts
	path: scripts
	- name: Setup Python virtual environment
	id: python-environment
	shell: bash
	run: \|
	echo "Creating application asset"
	python -m venv venv
	if [ "$RUNNER_OS" == "macOS" ]; then
	python_exe=$GITHUB_WORKSPACE/venv/bin/python
	pip_exe=$GITHUB_WORKSPACE/venv/bin/pip
	# source venv/bin/activate
	elif [ "$RUNNER_OS" == "Windows" ]; then
	python_exe=$GITHUB_WORKSPACE/venv/Scripts/python.exe
	pip_exe=$GITHUB_WORKSPACE/venv/Scripts/pip.exe
	# source venv/Scripts/activate
	else
	echo "$RUNNER_OS not supported"
	exit 1
	fi

	cd mapclient
	echo "==============================================="
	echo "=== setting extensions.worktreeconfig false ==="
	echo "====== because Dulwich cannot handle it. ======"
	echo "==============================================="
	git config extensions.worktreeconfig false
	echo "---=---"
	git config --list
	cd ..

	python_exe=${python_exe//\\//}
	echo "python_exe=$python_exe"
	echo "python_exe=$python_exe" >> $GITHUB_OUTPUT
	pip_exe=${pip_exe//\\//}
	echo "pip_exe=$pip_exe"
	echo "pip_exe=$pip_exe" >> $GITHUB_OUTPUT

	- name: Create application asset
	id: create-application
	shell: bash
	run: \|
	echo "Creating application asset"

	if [ "${{ matrix.variant }}" == "standard" ]; then
	variant=
	else
	variant="-${{ matrix.variant }}"
	fi

	cd $GITHUB_WORKSPACE
	cd scripts
	# ${{ steps.get_tag.outputs.tag }}

	# Manually install PyInstaller rather than use the dev install requires from setup.py.
	${{ steps.python-environment.outputs.pip_exe }} install pyinstaller

	git fetch
	git switch ${{ matrix.variant }}
	git log -1 --oneline
	${{ steps.python-environment.outputs.python_exe }} create_mapclient_application.py -v "${{ matrix.variant }}" -l $GITHUB_WORKSPACE/mapclient ${{ matrix.tag }}

	if [ "$RUNNER_OS" == "Windows" ]; then
	asset="${GITHUB_WORKSPACE}/mapclient/res/pyinstaller/dist/MAP-Client${variant}/MAP-Client${variant}.exe"
	asset=${asset//\\//}
	fi

	echo "file=$asset" >> $GITHUB_OUTPUT
	cat $GITHUB_OUTPUT

	- name: Codesign application (Windows)
	if: runner.os == 'Windows'
	shell: pwsh
	run: \|
	# The user must be a submitter for the given signing policy!
	Submit-SigningRequest `
	-InputArtifactPath "${{ steps.create-application.outputs.file }}" `
	-ApiToken "${{ secrets.SIGNPATH_API_TOKEN }}" `
	-OrganizationId "${{ secrets.SIGNPATH_ORGANIZATION_ID }}" `
	-ProjectSlug "MAP_Client" `
	-SigningPolicySlug "MAP_Client_Release_Candidate_Policy" `
	-OutputArtifactPath "${{ steps.create-application.outputs.file }}" `
	-WaitForCompletion

	- name: Create installer asset
	id: create-installer
	shell: bash
	run: \|
	echo "Creating installer asset"

	if [ "${{ matrix.variant }}" == "standard" ]; then
	variant=
	else
	variant="-${{ matrix.variant }}"
	fi

	cd $GITHUB_WORKSPACE
	cd scripts

	${{ steps.python-environment.outputs.python_exe }} create_mapclient_installer.py -v "${{ matrix.variant }}" -l $GITHUB_WORKSPACE/mapclient ${{ matrix.tag }}

	if [ "$RUNNER_OS" == "macOS" ]; then
	asset=$GITHUB_WORKSPACE/mapclient/res/macos/MAP-Client${variant}-${{ matrix.release-name }}.dmg
	elif [ "$RUNNER_OS" == "Windows" ]; then
	asset=$GITHUB_WORKSPACE/mapclient/package/MAP-Client${variant}-${{ matrix.release-name }}.exe
	asset=${asset//\\//}
	else
	echo "$RUNNER_OS not supported"
	exit 1
	fi

	echo $asset
	echo "file=$asset" >> $GITHUB_OUTPUT

	- name: Codesign installer (Windows)
	if: runner.os == 'Windows'
	shell: pwsh
	run: \|
	# The user must be a submitter for the given signing policy!
	Submit-SigningRequest `
	-InputArtifactPath "${{ steps.create-installer.outputs.file }}" `
	-ApiToken "${{ secrets.SIGNPATH_API_TOKEN }}" `
	-OrganizationId "${{ secrets.SIGNPATH_ORGANIZATION_ID }}" `
	-ProjectSlug "MAP_Client" `
	-SigningPolicySlug "MAP_Client_Release_Candidate_Policy" `
	-OutputArtifactPath "${{ steps.create-installer.outputs.file }}" `
	-WaitForCompletion

	- name: Notarize and Staple installer (macOS)
	if: runner.os == 'macOS'
	run: \|
	#codesign -s "${{ secrets.APPLE_DEV_ID_APPLICATION}}" --timestamp --force "${{ steps.create-installer.outputs.file }}"
	xcrun notarytool submit "${{ steps.create-installer.outputs.file }}" --apple-id ${{ secrets.APPLE_NOTARIZATION_USERNAME }} --password ${{ secrets.APPLE_NOTARIZATION_PASSWORD }} --team-id ${{ secrets.APPLE_DEV_TEAM_ID }} --wait
	xcrun stapler staple "${{ steps.create-installer.outputs.file }}"

	- name: Upload asset
	uses: softprops/action-gh-release@v2
	with:
	files: ${{ steps.create-installer.outputs.file }}
	tag_name: ${{ matrix.tag }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add force command to powershell package installation command. #4

Workflow file

Add force command to powershell package installation command. #4

Jobs

Run details

Workflow file for this run