tweak powershell cmd windows signing #118

Workflow file for this run

.github/workflows/release.yaml at a5e275a

	name: release-kchat

	on:
	push:
	tags:
	- "[0-9]+.[0-9]+.[0-9]+"
	- "[0-9]+.[0-9]+.[0-9]+-alpha.[0-9]+"
	- "[0-9]+.[0-9]+.[0-9]+-beta.[0-9]+"

	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

	jobs:
	begin-notification:
	runs-on: ubuntu-latest
	steps:
	- name: release/checkout-repo
	uses: actions/checkout@v3
	- name: release/notify-channel
	run: \|
	jq --null-input \
	--arg icon_url "https://infomaniak.kchat.infomaniak.com/static/emoji/kchat.png" \
	--arg username "DesktopReleaseBot" \
	--arg text "[$GITHUB_REF_NAME] Release for desktop app started from GitHub, it should take about 30 minutes to complete." \
	'{"username":$username,"icon_url": $icon_url, "text": $text }' > /tmp/webhook-data.json
	curl -i -H "Content-Type: application/json" -X POST -d @/tmp/webhook-data.json ${{ secrets.RELEASE_WEBHOOK_URL }} \|\| echo "NOFICATION FAILED! check logs as this will succeed intentionally"

	create-release:
	runs-on: ubuntu-latest
	permissions: write-all
	outputs:
	output_url: ${{ steps.create_release.outputs.upload_url }}
	steps:
	- name: release/checkout-repo
	uses: actions/checkout@v3
	- name: Set Prerelease Flag
	id: prerelease_check
	run: \|
	if [[ "${{ github.ref }}" == "-beta" ]] \|\| [[ "${{ github.ref }}" == "-alpha" ]]; then
	echo "PRERELEASE=true" >> $GITHUB_ENV
	else
	echo "PRERELEASE=false" >> $GITHUB_ENV
	fi
	- name: Create Release
	id: create_release
	uses: actions/create-release@v1
	with:
	tag_name: ${{ github.ref }}
	release_name: ${{ github.ref }}
	draft: false
	prerelease: ${{ env.PRERELEASE }}

	# build-mac:
	# runs-on: macos-12
	# env:
	# MAC_PROFILE: ${{ secrets.MAC_PROVISION_PROFILE }}
	# APPLE_ID: ${{ secrets.APPLEID }}
	# APPLE_APP_SPECIFIC_PASSWORD: ${{ secrets.APPLEIDPASS }}
	# APPLE_TEAM_ID: ${{ secrets.APPLETEAMID }}
	# CSC_FOR_PULL_REQUEST: true
	# CSC_KEY_PASSWORD: ${{ secrets.CSC_KEY_PASSWORD }}
	# CSC_LINK: ${{ secrets.CSC_LINK }}
	# SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
	# SENTRY_RELEASE: ${{ github.ref_name }}
	# needs:
	# - create-release
	# steps:
	# - name: release/checkout-repo
	# uses: actions/checkout@v3
	# - name: release/setup-node
	# uses: actions/setup-node@v3
	# with:
	# node-version-file: "package.json"
	# cache: "npm"
	# cache-dependency-path: package-lock.json
	# - name: release/install-dependencies
	# env:
	# NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
	# run: \|
	# brew install yq rename
	# sudo -H pip install setuptools
	# npm ci
	# - name: release/copy-provisioning-profile
	# run: echo $MAC_PROFILE \| base64 -D > ./mac.provisionprofile
	# - name: release/update-version
	# uses: ./.github/actions/version
	# # - name: release/test
	# # uses: ./.github/actions/test
	# - name: release/build
	# run: \|
	# npm run package:mac
	# mkdir -p ./artifacts
	# find ./release -type f $ -name "*.dmg" $ -exec cp {} ./artifacts/ \;
	# - name: release/upload-build
	# uses: actions/upload-artifact@v3
	# with:
	# name: artifacts
	# path: ./artifacts
	# retention-days: 1

	# build-linux:
	# runs-on: ubuntu-latest
	# needs:
	# - create-release
	# steps:
	# - name: release/checkout-repo
	# uses: actions/checkout@v3
	# - name: release/setup-node
	# uses: actions/setup-node@v3
	# with:
	# node-version-file: "package.json"
	# cache: "npm"
	# cache-dependency-path: package-lock.json
	# - name: release/install-dependencies
	# env:
	# NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
	# run: \|
	# wget -qO - https://download.opensuse.org/repositories/Emulators:/Wine:/Debian/xUbuntu_22.04/Release.key \| sudo apt-key add -
	# wget -qO /usr/local/bin/yq https://github.com/mikefarah/yq/releases/download/v4.20.1/yq_linux_amd64 && chmod a+x /usr/local/bin/yq
	# sudo apt-get update \|\| true && sudo apt-get install -y ca-certificates libxtst-dev libpng++-dev gcc-aarch64-linux-gnu g++-aarch64-linux-gnu jq icnsutils graphicsmagick tzdata
	# npm ci
	# - name: release/update-version
	# uses: ./.github/actions/version
	# # - name: release/test
	# # uses: ./.github/actions/test
	# - name: release/build
	# env:
	# SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
	# SENTRY_RELEASE: ${{ github.ref_name }}
	# AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
	# AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
	# run: \|
	# mkdir -p ./build/linux
	# npm run package:linux
	# mkdir -p ./artifacts
	# find ./release -type f $ -name ".rpm" -o -name ".deb" -o -name "*.AppImage" $ -exec cp {} ./artifacts/ \;
	# - name: release/upload-build
	# uses: actions/upload-artifact@v3
	# with:
	# name: artifacts
	# path: ./artifacts
	# retention-days: 1

	build-msi-installer:
	runs-on: windows-2022
	needs:
	- create-release
	steps:
	- name: release/checkout-repo
	uses: actions/checkout@v3
	- name: release/setup-node
	uses: actions/setup-node@v3
	with:
	node-version: "18.15.0"
	- name: release/optimize
	shell: powershell
	run: ./scripts/Makefile.ps1 optimize
	- name: release/install-deps
	env:
	NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
	shell: powershell
	run: \|
	./scripts/Makefile.ps1 install-deps
	choco install yq --version 4.15.1 -y
	npm i -g node-gyp
	node-gyp install
	node-gyp install --devdir="C:\Users\runneradmin\.electron-gyp" --target=$(jq -r .devDependencies.electron package.json) --dist-url="https://electronjs.org/headers"
	node-gyp install --devdir="C:\Users\runneradmin\.electron-gyp" --target=$(jq -r .devDependencies.electron package.json) --dist-url="https://electronjs.org/headers" --arch arm64
	node-gyp install --devdir="C:\Users\runneradmin\.electron-gyp" --target=$(jq -r .devDependencies.electron package.json) --dist-url="https://electronjs.org/headers" --arch ia32
	npm ci --openssl_fips=''
	- name: release/update-version
	uses: ./.github/actions/version
	# - name: release/test
	# uses: ./.github/actions/test
	- name: release/build
	shell: powershell
	env:
	MM_WIN_INSTALLERS: 1
	PFX_KEY: ${{ secrets.MM_DESKTOP_MSI_INSTALLER_PFX_KEY }}
	CSC_KEY_PASSWORD: ${{ secrets.MM_DESKTOP_MSI_INSTALLER_CSC_KEY_PASSWORD }}
	PFX: ${{ secrets.MM_DESKTOP_MSI_INSTALLER_PFX }}
	CSC_LINK: ${{ secrets.MM_DESKTOP_MSI_INSTALLER_CSC_LINK }}
	SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
	SENTRY_RELEASE: ${{ github.ref_name }}
	AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
	AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
	SM_API_KEY: ${{ secrets.SM_API_KEY }}
	SM_CLIENT_CERT_FILE_B64: ${{ secrets.SM_CLIENT_CERT_FILE_B64 }}
	SM_CLIENT_CERT_PASSWORD: ${{ secrets.SM_CLIENT_CERT_PASSWORD }}
	SM_HOST: ${{ secrets.SM_HOST }}
	SM_CODE_SIGNING_CERT_SHA1_HASH: ${{ secrets.SM_CODE_SIGNING_CERT_SHA1_HASH }}
	SM_KEYPAIR_ALIAS: ${{ secrets.SM_KEYPAIR_ALIAS }}
	SM_TOOLS_URI: ${{ secrets.SM_TOOLS_URI }}
	run: \|
	./scripts/setup-keylocker.ps1
	./scripts/Makefile.ps1 build
	- name: nightly/package
	run: \|
	mkdir -p ./artifacts
	bash -x ./scripts/cp_artifacts.sh release ./artifacts
	- name: release/upload-build
	uses: actions/upload-artifact@v3
	with:
	name: artifacts
	path: ./artifacts
	retention-days: 1

	upload-to-github:
	runs-on: ubuntu-latest
	needs:
	- create-release
	# - build-mac
	- build-msi-installer
	# - build-linux
	steps:
	- name: release/download-builds
	uses: actions/download-artifact@v3
	with:
	name: artifacts
	path: ./artifacts
	- name: upload artifact mac arm64
	continue-on-error: true
	uses: actions/upload-release-asset@v1
	with:
	upload_url: ${{ needs.create-release.outputs.output_url }}
	asset_path: "./artifacts/kchat-desktop-${{ github.ref_name }}-mac-arm64.dmg"
	asset_name: "kchat-desktop-${{ github.ref_name }}-mac-arm64.dmg"
	asset_content_type: application/octet-stream
	- name: upload artifact mac x64
	continue-on-error: true
	uses: actions/upload-release-asset@v1
	with:
	upload_url: ${{ needs.create-release.outputs.output_url }}
	asset_path: "./artifacts/kchat-desktop-${{ github.ref_name }}-mac-x64.dmg"
	asset_name: "kchat-desktop-${{ github.ref_name }}-mac-x64.dmg"
	asset_content_type: application/octet-stream
	- name: upload artifact win exe
	continue-on-error: true
	uses: actions/upload-release-asset@v1
	with:
	upload_url: ${{ needs.create-release.outputs.output_url }}
	asset_path: "./artifacts/kchat-desktop-setup-${{ github.ref_name }}-win.exe"
	asset_name: "kchat-desktop-setup-${{ github.ref_name }}-win.exe"
	asset_content_type: application/octet-stream
	- name: upload artifact win msi x64
	continue-on-error: true
	uses: actions/upload-release-asset@v1
	with:
	upload_url: ${{ needs.create-release.outputs.output_url }}
	asset_path: "./artifacts/kchat-desktop-${{ github.ref_name }}-x64.msi"
	asset_name: "kchat-desktop-${{ github.ref_name }}-x64.msi"
	asset_content_type: application/octet-stream
	- name: upload artifact win msi x86
	continue-on-error: true
	uses: actions/upload-release-asset@v1
	with:
	upload_url: ${{ needs.create-release.outputs.output_url }}
	asset_path: "./artifacts/kchat-desktop-${{ github.ref_name }}-x86.msi"
	asset_name: "kchat-desktop-${{ github.ref_name }}-x86.msi"
	asset_content_type: application/octet-stream
	- name: upload artifact linux x86_64 AppImage
	continue-on-error: true
	uses: actions/upload-release-asset@v1
	with:
	upload_url: ${{ needs.create-release.outputs.output_url }}
	asset_path: "./artifacts/kchat-desktop-${{ github.ref_name }}-linux-x86_64.AppImage"
	asset_name: "kchat-desktop-${{ github.ref_name }}-linux-x86_64.AppImage"
	asset_content_type: application/octet-stream
	- name: upload artifact linux arm64 AppImage
	continue-on-error: true
	uses: actions/upload-release-asset@v1
	with:
	upload_url: ${{ needs.create-release.outputs.output_url }}
	asset_path: "./artifacts/kchat-desktop-${{ github.ref_name }}-linux-arm64.AppImage"
	asset_name: "kchat-desktop-${{ github.ref_name }}-linux-arm64.AppImage"
	asset_content_type: application/octet-stream
	- name: upload artifact linux x86_64 rpm
	continue-on-error: true
	uses: actions/upload-release-asset@v1
	with:
	upload_url: ${{ needs.create-release.outputs.output_url }}
	asset_path: "./artifacts/kchat-desktop-${{ github.ref_name }}-linux-x86_64.rpm"
	asset_name: "kchat-desktop-${{ github.ref_name }}-linux-x86_64.rpm"
	asset_content_type: application/octet-stream
	- name: upload artifact linux aarch64 rpm
	continue-on-error: true
	uses: actions/upload-release-asset@v1
	with:
	upload_url: ${{ needs.create-release.outputs.output_url }}
	asset_path: "./artifacts/kchat-desktop-${{ github.ref_name }}-linux-aarch64.rpm"
	asset_name: "kchat-desktop-${{ github.ref_name }}-linux-aarch64.rpm"
	asset_content_type: application/octet-stream
	- name: upload artifact linux amd64 deb
	continue-on-error: true
	uses: actions/upload-release-asset@v1
	with:
	upload_url: ${{ needs.create-release.outputs.output_url }}
	asset_path: "./artifacts/kchat-desktop_${{ github.ref_name }}-1_amd64.deb"
	asset_name: "kchat-desktop_${{ github.ref_name }}-1_amd64.deb"
	asset_content_type: application/octet-stream
	- name: upload artifact linux arm64 deb
	continue-on-error: true
	uses: actions/upload-release-asset@v1
	with:
	upload_url: ${{ needs.create-release.outputs.output_url }}
	asset_path: "./artifacts/kchat-desktop_${{ github.ref_name }}-1_arm64.deb"
	asset_name: "kchat-desktop_${{ github.ref_name }}-1_arm64.deb"
	asset_content_type: application/octet-stream

	end-notification:
	runs-on: ubuntu-latest
	needs:
	- upload-to-github
	steps:
	- name: release/checkout-repo
	uses: actions/checkout@v3
	with:
	fetch-depth: 0
	- name: release/notify-channel
	run: \|
	jq --null-input \
	--arg icon_url "https://infomaniak.kchat.infomaniak.com/static/emoji/kchat.png" \
	--arg username "DesktopReleaseBot" \
	--arg text "$(bash -x scripts/generate_release_post.sh $GITHUB_REF_NAME)" \
	'{"username":$username,"icon_url": $icon_url, "text": $text }' > /tmp/webhook-data.json
	curl -i -H "Content-Type: application/json" -X POST -d @/tmp/webhook-data.json ${{ secrets.RELEASE_WEBHOOK_URL }} \|\| echo "NOFICATION FAILED! check logs as this will succeed intentionally"

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

tweak powershell cmd windows signing #118

Workflow file

tweak powershell cmd windows signing #118

Jobs

Run details

Workflow file for this run