From dbcdfe99e606818658a460ba9d1db4160c61597c Mon Sep 17 00:00:00 2001 From: Chris Hirt Date: Fri, 19 Apr 2024 13:38:53 +0700 Subject: [PATCH] rework GHA for installer signing --- ...d.yml => build-test-installer-release.yml} | 68 +++++++++++-------- 1 file changed, 41 insertions(+), 27 deletions(-) rename .github/workflows/{msbuild.yml => build-test-installer-release.yml} (61%) diff --git a/.github/workflows/msbuild.yml b/.github/workflows/build-test-installer-release.yml similarity index 61% rename from .github/workflows/msbuild.yml rename to .github/workflows/build-test-installer-release.yml index 99b92985..3f86bea7 100644 --- a/.github/workflows/msbuild.yml +++ b/.github/workflows/build-test-installer-release.yml @@ -1,17 +1,7 @@ -name: Build and Run Tests. Compile and Upload Installer for Releases +name: Build and Run Tests. Build installer and create release on v tag on: - workflow_dispatch: push: - branches: - - master - pull_request: - branches: - - master - release: - types: - # Doesn't trigger for draft releases - - published env: # Path to the solution file relative to the root of the project. @@ -28,11 +18,12 @@ jobs: runs-on: windows-2022 steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Add MSBuild to PATH - uses: microsoft/setup-msbuild@v1.1 + uses: microsoft/setup-msbuild@v2 + # TODO cache NuGet packages - name: NuGet Restore run: nuget restore ${{env.SOLUTION_FILE_PATH}} @@ -43,7 +34,7 @@ jobs: run: msbuild /m /p:Configuration="${{env.BUILD_CONFIGURATION}}" ${{env.SOLUTION_FILE_PATH}} - name: Setup VSTest and add to PATH - uses: darenm/Setup-VSTest@v1 + uses: darenm/Setup-VSTest@v1.2 - name: Run Unit Tests working-directory: .\${{env.BUILD_CONFIGURATION}} @@ -55,23 +46,23 @@ jobs: # run: vstest.console.exe SAScriptingTest.dll - name: Upload Release/ for installer job - if: github.event_name == 'release' - uses: actions/upload-artifact@v3 + if: startsWith(github.ref, 'refs/tags/v') + uses: actions/upload-artifact@v4 with: name: Release path: Release/ retention-days: 3 - installer: - name: Compile installer and upload asset to release - if: github.event_name == 'release' + build-installer: + name: Build installer needs: build + if: startsWith(github.ref, 'refs/tags/v') runs-on: windows-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Download Release/ - uses: actions/download-artifact@v3 + uses: actions/download-artifact@v4 with: name: Release path: Release/ @@ -85,14 +76,37 @@ jobs: working-directory: Install/ run: iscc SpeechAnalyzer.iss - - name: Upload the Artifact - uses: actions/upload-artifact@v3 + - name: Upload installer + uses: actions/upload-artifact@v4 with: name: SpeechAnalyzerInstaller path: Install/Output/ - # Upload installer to release tag which triggered this build - - uses: softprops/action-gh-release@v1 + sign-installer: + name: Sign installer + needs: build-installer + if: startsWith(github.ref, 'refs/tags/v') + uses: sillsdev/codesign/.github/workflows/sign.yml@v1 + with: + target: SpeechAnalyzerInstaller.exe + secrets: + certificate: ${{ secrets.CODESIGN_LSDEVSECTIGOEV }} + + create-release: + name: Create Release + needs: sign-installer + if: startsWith(github.ref, 'refs/tags/v') + runs-on: ubuntu-latest + + steps: + - uses: actions/download-artifact@v4 + with: + name: SpeechAnalyzerInstaller.exe + + - name: Create Release + uses: softprops/action-gh-release@v2 with: - files: Install/Output/SpeechAnalyzer.exe - tag_name: ${{ github.event.release.tag_name }} + files: SpeechAnalyzerInstaller.exe + body: | + Release for version ${{ github.ref }} + draft: true