-
Notifications
You must be signed in to change notification settings - Fork 17
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Build portable msi, rework workflows, fixes #62
- Loading branch information
Showing
8 changed files
with
390 additions
and
320 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,137 @@ | ||
| name: build-signed | ||
| description: builds a signed executable | ||
|
|
||
| inputs: | ||
| configuration: | ||
| required: true | ||
| description: "dotnet build configuration" | ||
| default: "Release" | ||
|
|
||
| solution_path: | ||
| required: true | ||
| description: "The path to the solution file" | ||
| default: "BrowserPicker.sln" | ||
|
|
||
| project_path: | ||
| required: true | ||
| description: "The path to the application project file to publish" | ||
| default: "src/BrowserPicker.App/BrowserPicker.App.csproj" | ||
|
|
||
| dotnet_args: | ||
| required: true | ||
| description: "Extra arguments for dotnet" | ||
|
|
||
| package_project: | ||
| required: true | ||
| description: "Path to wixproj to build" | ||
|
|
||
| package_version: | ||
| required: true | ||
| description: "MSI package VersionPrefix" | ||
|
|
||
| package: | ||
| required: true | ||
| description: "Path to msi package to build and sign" | ||
|
|
||
| package_name: | ||
| required: true | ||
| description: "Name of the uploaded package artifact" | ||
|
|
||
| package_path: | ||
| required: true | ||
| description: "Path to the package to upload" | ||
|
|
||
| binaries: | ||
| required: true | ||
| description: "Pattern matching binaries to be signed and bundled" | ||
| default: "" | ||
|
|
||
| bundle_name: | ||
| required: true | ||
| description: "Name of the uploaded bundle artifact" | ||
|
|
||
| bundle_path: | ||
| required: true | ||
| description: "Path to the files to bundle and upload" | ||
|
|
||
| signtool: | ||
| required: true | ||
| description: "Path to signtool" | ||
| default: "C:\\Program Files (x86)\\Microsoft SDKs\\ClickOnce\\SignTool\\signtool.exe" | ||
|
|
||
| timestamp_server: | ||
| required: true | ||
| description: "Timestamp server for signtool" | ||
| default: "http://timestamp.digicert.com" | ||
|
|
||
| base64_encoded_pfx: | ||
| description: 'Base64 encoded pfx file' | ||
| required: true | ||
|
|
||
| pfx_key: | ||
| description: 'pfx password' | ||
| required: true | ||
|
|
||
| runs: | ||
| using: composite | ||
| steps: | ||
| - name: Install .NET Core | ||
| uses: actions/setup-dotnet@v4 | ||
| with: | ||
| dotnet-version: 8.0.x | ||
|
|
||
| # Restore dotnet tools | ||
| - name: Restore tools | ||
| shell: bash | ||
| run: dotnet tool restore | ||
|
|
||
| # Restore the application to populate the obj folder with RuntimeIdentifiers | ||
| - name: Restore the application | ||
| shell: bash | ||
| run: dotnet restore ${{ inputs.solution_path }} ${{ inputs.dotnet_args }} | ||
|
|
||
| # Build and publish the application | ||
| - name: Build application | ||
| shell: bash | ||
| run: dotnet publish -c ${{ inputs.configuration }} ${{ inputs.project_path }} ${{ inputs.dotnet_args }} | ||
|
|
||
| # Decode the base 64 encoded pfx and save the Signing_Certificate | ||
| - name: Decode the pfx | ||
| shell: bash | ||
| run: echo "${{ inputs.base64_encoded_pfx }}" | base64 -d > GitHubActionsWorkflow.pfx | ||
|
|
||
| - name: Sign the executable | ||
| shell: powershell | ||
| env: | ||
| pfx_key: ${{ inputs.pfx_key }} | ||
| run: | | ||
| & "${{ inputs.signtool }}" sign /debug /tr ${{ inputs.timestamp_server }} /td sha256 /fd sha256 /f GitHubActionsWorkflow.pfx /p $Env:pfx_key ${{ inputs.binaries }} | ||
| # Create the app package by building and packaging the Windows Application Packaging project | ||
| - name: Create the installer | ||
| shell: bash | ||
| run: dotnet build ${{ inputs.package_project }} --no-dependencies -c ${{ inputs.configuration }} -p Version=${{ inputs.package_version }} | ||
|
|
||
| - name: Sign the installer | ||
| shell: powershell | ||
| env: | ||
| pfx_key: ${{ inputs.pfx_key }} | ||
| run: | | ||
| & "${{ inputs.signtool }}" sign /debug /tr ${{ inputs.timestamp_server }} /td sha256 /fd sha256 /f GitHubActionsWorkflow.pfx /p $Env:pfx_key ${{ inputs.package }} | ||
| # Remove the pfx | ||
| - name: Remove the pfx | ||
| shell: bash | ||
| run: rm GitHubActionsWorkflow.pfx | ||
|
|
||
| - name: Upload msi | ||
| uses: actions/upload-artifact@v4 | ||
| with: | ||
| name: ${{ inputs.package_name }} | ||
| path: ${{ inputs.package_path }} | ||
|
|
||
| - name: Upload bundle | ||
| uses: actions/upload-artifact@v4 | ||
| with: | ||
| name: ${{ inputs.bundle_name }} | ||
| path: ${{ inputs.bundle_path }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -5,189 +5,86 @@ on: | |
| branches: [ "main" ] | ||
|
|
||
| jobs: | ||
| prepare: | ||
|
|
||
| dependent: | ||
|
|
||
| strategy: | ||
| matrix: | ||
| configuration: [Debug, Release] | ||
|
|
||
| runs-on: windows-latest | ||
|
|
||
| env: | ||
| Solution_Name: BrowserPicker.sln | ||
| App_Project_Path: src/BrowserPicker.App/BrowserPicker.App.csproj | ||
| Wix_Project_Directory: dist/Setup | ||
| Wix_Project_Path: dist/Setup/Setup.wixproj | ||
| signtool: "C:\\Program Files (x86)\\Microsoft SDKs\\ClickOnce\\SignTool\\signtool.exe" | ||
| runs-on: ubuntu-latest | ||
|
|
||
| steps: | ||
| - name: Checkout | ||
| uses: actions/checkout@v4 | ||
| with: | ||
| fetch-depth: 0 | ||
|
|
||
| # Install the .NET Core workload | ||
| - name: Install .NET Core | ||
| uses: actions/setup-dotnet@v4 | ||
| with: | ||
| dotnet-version: 8.0.x | ||
|
|
||
| - name: Determine version | ||
| id: version | ||
| uses: paulhatch/[email protected] | ||
| with: | ||
| version_format: "${major}.${minor}.${patch}-beta${increment}" | ||
| version_format: "${major}.${minor}.${patch}" | ||
|
|
||
| # Execute all unit tests in the solution | ||
| #- name: Execute unit tests | ||
| # run: dotnet test | ||
| outputs: | ||
| version: ${{ steps.version.outputs.version}} | ||
| version_suffix: "beta${{ steps.version.outputs.increment }}" | ||
| package_version: "${{ steps.version.outputs.major }}.${{ steps.version.outputs.minor }}.${{ steps.version.outputs.patch }}.${{ steps.version.outputs.increment }}" | ||
|
|
||
| # Restore dotnet tools | ||
| - name: Restore tools | ||
| run: dotnet tool restore | ||
|
|
||
| # Restore the application to populate the obj folder with RuntimeIdentifiers | ||
| - name: Restore the application | ||
| run: dotnet restore $env:Solution_Name -p VersionPrefix=${env:major}.${env:minor}.${env:patch} -p VersionSuffix=beta${env:increment} | ||
| env: | ||
| major: ${{ steps.version.outputs.major }} | ||
| minor: ${{ steps.version.outputs.minor }} | ||
| patch: ${{ steps.version.outputs.patch }} | ||
| increment: ${{ steps.version.outputs.increment }} | ||
|
|
||
| # Build and publish the application | ||
| - name: Build application | ||
| run: dotnet publish -c $env:Configuration $env:App_Project_Path -p VersionPrefix=${env:major}.${env:minor}.${env:patch} -p VersionSuffix=beta${env:increment} | ||
| env: | ||
| Configuration: ${{ matrix.configuration }} | ||
| major: ${{ steps.version.outputs.major }} | ||
| minor: ${{ steps.version.outputs.minor }} | ||
| patch: ${{ steps.version.outputs.patch }} | ||
| increment: ${{ steps.version.outputs.increment }} | ||
|
|
||
| # Decode the base 64 encoded pfx and save the Signing_Certificate | ||
| - name: Decode the pfx | ||
| run: | | ||
| $pfx_cert_byte = [System.Convert]::FromBase64String("${{ secrets.Base64_Encoded_Pfx }}") | ||
| [IO.File]::WriteAllBytes("GitHubActionsWorkflow.pfx", $pfx_cert_byte) | ||
| - name: Sign the executable | ||
| run: | | ||
| & $env:signtool sign /debug /tr http://timestamp.digicert.com /td sha256 /fd sha256 /f GitHubActionsWorkflow.pfx /p '${{ secrets.Pfx_Key }}' src\BrowserPicker.App\bin\${env:Configuration}\net8.0-windows\publish\BrowserPicker*.dll src\BrowserPicker.App\bin\${env:Configuration}\net8.0-windows\publish\BrowserPicker.exe | ||
| env: | ||
| Configuration: ${{ matrix.configuration }} | ||
| dependent: | ||
|
|
||
| # Create the app package by building and packaging the Windows Application Packaging project | ||
| - name: Create the installer | ||
| run: dotnet build $env:Wix_Project_Path --no-dependencies -c $env:Configuration -p Version=${env:major}.${env:minor}.${env:patch}.${env:increment} | ||
| env: | ||
| Configuration: ${{ matrix.configuration }} | ||
| major: ${{ steps.version.outputs.major }} | ||
| minor: ${{ steps.version.outputs.minor }} | ||
| patch: ${{ steps.version.outputs.patch }} | ||
| increment: ${{ steps.version.outputs.increment }} | ||
| strategy: | ||
| matrix: | ||
| configuration: [Debug, Release] | ||
|
|
||
| - name: Sign the installer | ||
| run: | | ||
| & $env:signtool sign /debug /tr http://timestamp.digicert.com /td sha256 /fd sha256 /f GitHubActionsWorkflow.pfx /p '${{ secrets.Pfx_Key }}' dist\Setup\bin\${env:Configuration}\BrowserPicker.msi | ||
| env: | ||
| Configuration: ${{ matrix.configuration }} | ||
|
|
||
| # Remove the pfx | ||
| - name: Remove the pfx | ||
| run: Remove-Item -path GitHubActionsWorkflow.pfx | ||
| runs-on: windows-latest | ||
| needs: prepare | ||
|
|
||
| - name: Upload msi | ||
| uses: actions/upload-artifact@v4 | ||
| steps: | ||
| - name: Checkout | ||
| uses: actions/checkout@v4 | ||
| with: | ||
| name: Setup-${{ steps.version.outputs.version }}-${{ matrix.configuration }} | ||
| path: ${{ env.Wix_Project_Directory }}/bin/${{ matrix.configuration }} | ||
| fetch-depth: 0 | ||
|
|
||
| - name: Upload bundle | ||
| uses: actions/upload-artifact@v4 | ||
| - name: Build runtime dependent binaries | ||
| uses: "./.github/template/build-signed" | ||
| with: | ||
| name: Bundle-${{ steps.version.outputs.version }}-${{ matrix.configuration }} | ||
| path: src/BrowserPicker.App/bin/${{ matrix.configuration }}/net8.0-windows/publish | ||
|
|
||
| base64_encoded_pfx: ${{ secrets.Base64_Encoded_Pfx }} | ||
| pfx_key: ${{ secrets.Pfx_Key }} | ||
| configuration: ${{ matrix.configuration }} | ||
| dotnet_args: "-p VersionPrefix=${{ needs.prepare.outputs.version }} -p VersionSuffix=${{ needs.prepare.outputs.version_suffix }}" | ||
| package_project: dist/Dependent/Dependent.wixproj | ||
| package_version: ${{ needs.prepare.outputs.package_version }} | ||
| package: dist\Dependent\bin\${{ matrix.configuration }}\BrowserPicker.msi | ||
| package_name: DependentSetup-${{ needs.prepare.outputs.version }}-${{ matrix.configuration }} | ||
| package_path: dist/Dependent/bin/${{ matrix.configuration }} | ||
| binaries: | | ||
| src\BrowserPicker.App\bin\${{ matrix.configuration }}\net8.0-windows\publish\BrowserPicker*.dll src\BrowserPicker.App\bin\${{ matrix.configuration }}\net8.0-windows\publish\BrowserPicker*.exe | ||
| bundle_name: Dependent-${{ needs.prepare.outputs.version }}-${{ matrix.configuration }} | ||
| bundle_path: src/BrowserPicker.App/bin/${{ matrix.configuration }}/net8.0-windows/publish | ||
|
|
||
| portable: | ||
|
|
||
| strategy: | ||
| matrix: | ||
| configuration: [Debug, Release] | ||
|
|
||
| runs-on: windows-latest | ||
|
|
||
| env: | ||
| Solution_Name: BrowserPicker.sln | ||
| App_Project_Path: src/BrowserPicker.App/BrowserPicker.App.csproj | ||
| Wix_Project_Directory: dist/Setup | ||
| Wix_Project_Path: dist/Setup/Setup.wixproj | ||
| signtool: "C:\\Program Files (x86)\\Microsoft SDKs\\ClickOnce\\SignTool\\signtool.exe" | ||
| needs: prepare | ||
|
|
||
| steps: | ||
| - name: Checkout | ||
| uses: actions/checkout@v4 | ||
| with: | ||
| fetch-depth: 0 | ||
|
|
||
| # Install the .NET Core workload | ||
| - name: Install .NET Core | ||
| uses: actions/setup-dotnet@v4 | ||
| with: | ||
| dotnet-version: 8.0.x | ||
|
|
||
| - name: Determine version | ||
| id: version | ||
| uses: paulhatch/[email protected] | ||
| with: | ||
| version_format: "${major}.${minor}.${patch}-beta${increment}" | ||
|
|
||
| # Execute all unit tests in the solution | ||
| #- name: Execute unit tests | ||
| # run: dotnet test | ||
|
|
||
| # Restore dotnet tools | ||
| - name: Restore tools | ||
| run: dotnet tool restore | ||
|
|
||
| # Restore the application to populate the obj folder with RuntimeIdentifiers | ||
| - name: Restore the application | ||
| run: dotnet restore $env:Solution_Name -p VersionPrefix=${env:major}.${env:minor}.${env:patch} -p VersionSuffix=beta${env:increment} -r win-x64 -p:PublishSingleFile=true | ||
| env: | ||
| major: ${{ steps.version.outputs.major }} | ||
| minor: ${{ steps.version.outputs.minor }} | ||
| patch: ${{ steps.version.outputs.patch }} | ||
| increment: ${{ steps.version.outputs.increment }} | ||
|
|
||
| # Build and publish the application | ||
| - name: Build application | ||
| run: dotnet publish --no-restore -c $env:Configuration $env:App_Project_Path -p VersionPrefix=${env:major}.${env:minor}.${env:patch} -p VersionSuffix=beta${env:increment} -r win-x64 -p:PublishSingleFile=true | ||
| env: | ||
| Configuration: ${{ matrix.configuration }} | ||
| major: ${{ steps.version.outputs.major }} | ||
| minor: ${{ steps.version.outputs.minor }} | ||
| patch: ${{ steps.version.outputs.patch }} | ||
| increment: ${{ steps.version.outputs.increment }} | ||
|
|
||
| # Decode the base 64 encoded pfx and save the Signing_Certificate | ||
| - name: Decode the pfx | ||
| run: | | ||
| $pfx_cert_byte = [System.Convert]::FromBase64String("${{ secrets.Base64_Encoded_Pfx }}") | ||
| [IO.File]::WriteAllBytes("GitHubActionsWorkflow.pfx", $pfx_cert_byte) | ||
| - name: Sign the executable | ||
| run: | | ||
| & $env:signtool sign /debug /tr http://timestamp.digicert.com /td sha256 /fd sha256 /f GitHubActionsWorkflow.pfx /p '${{ secrets.Pfx_Key }}' src\BrowserPicker.App\bin\${env:Configuration}\net8.0-windows\win-x64\publish\BrowserPicker.exe | ||
| env: | ||
| Configuration: ${{ matrix.configuration }} | ||
|
|
||
| # Remove the pfx | ||
| - name: Remove the pfx | ||
| run: Remove-Item -path GitHubActionsWorkflow.pfx | ||
|
|
||
| - name: Upload portable | ||
| uses: actions/upload-artifact@v4 | ||
| - name: Build runtime portable binaries | ||
| uses: "./.github/template/build-signed" | ||
| with: | ||
| name: Portable-${{ steps.version.outputs.version }}-${{ matrix.configuration }} | ||
| path: src/BrowserPicker.App/bin/${{ matrix.configuration }}/net8.0-windows/win-x64/publish | ||
| base64_encoded_pfx: ${{ secrets.Base64_Encoded_Pfx }} | ||
| pfx_key: ${{ secrets.Pfx_Key }} | ||
| configuration: ${{ matrix.configuration }} | ||
| dotnet_args: "-p VersionPrefix=${{ needs.prepare.outputs.version }} -p VersionSuffix=${{ needs.prepare.outputs.version_suffix }} -r win-x64 -p:PublishSingleFile=true" | ||
| package_project: dist/Portable/Portable.wixproj | ||
| package_version: ${{ needs.prepare.outputs.package_version }} | ||
| package: dist\Portable\bin\${{ matrix.configuration }}\BrowserPicker.msi | ||
| package_name: PortableSetup-${{ needs.prepare.outputs.version }}-${{ matrix.configuration }} | ||
| package_path: dist/Portable/bin/${{ matrix.configuration }} | ||
| binaries: src\BrowserPicker.App\bin\${{ matrix.configuration }}\net8.0-windows\win-x64\publish\BrowserPicker.exe | ||
| bundle_name: Portable-${{ needs.prepare.outputs.version }}-${{ matrix.configuration }} | ||
| bundle_path: src/BrowserPicker.App/bin/${{ matrix.configuration }}/net8.0-windows/win-x64/publish | ||
Oops, something went wrong.