From 8d0165c67c28b2f0fb9146750b85de54a4db07ad Mon Sep 17 00:00:00 2001 From: "C.Lee Taylor" Date: Tue, 10 Sep 2024 14:44:00 +0200 Subject: [PATCH] ci(feature): windows signed packages --- .github/workflows/release.yml | 27 ++++++++++++++++++++++----- 1 file changed, 22 insertions(+), 5 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index af53ace36..a46d48008 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -40,8 +40,8 @@ jobs: - name: Checkout repository uses: actions/checkout@v4 - - name: Set environment variables - if: ${{ ! startsWith(github.ref, 'refs/heads/build-') }} + - name: Set environment variables for release + if: ${{ startsWith(github.ref, 'refs/heads/release') }} shell: bash run: | echo "tagName=v__VERSION__" >> $GITHUB_ENV @@ -99,18 +99,32 @@ jobs: rustup toolchain install stable-x86_64-apple-darwin --force-non-host rustup toolchain install stable-aarch64-apple-darwin --force-non-host - - name: Install dependencies (Windows) + - name: Install dependencies (windows) if: startsWith(runner.os,'Windows') run: | vcpkg.exe install sqlite3:x64-windows zlib:x64-windows choco upgrade protoc -y - - name: Set environment variables (Windows) + - name: Set environment variables (windows) if: startsWith(runner.os,'Windows') shell: bash run: | echo "SQLITE3_LIB_DIR=C:\vcpkg\installed\x64-windows\lib" >> $GITHUB_ENV + - name: Azure code-signing setup (windows only) + if: ${{ ( startsWith(runner.os,'Windows') ) && ( env.AZURE_TENANT_ID != '' ) }} + shell: bash + env: + AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} + WINDOWS_SIGN_COMMAND: trusted-signing-cli -e https://eus.codesigning.azure.net/ -a Tari -c Tarilabs %1 + run: | + cd "$GITHUB_WORKSPACE/src-tauri" + echo "{}" | \ + jq '.tauri .bundle .windows += {"signCommand": "${{ env.WINDOWS_SIGN_COMMAND }}"}' > \ + ./tauri.windows.conf.json + cat ./tauri.windows.conf.json + cargo install trusted-signing-cli + - name: Install dependencies (node) run: | npm --version @@ -121,13 +135,16 @@ jobs: uses: tauri-apps/tauri-action@v0 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - ENABLE_CODE_SIGNING: ${{ secrets.APPLE_CERTIFICATE }} + ENABLE_CODE_SIGNING: ${{ secrets.APPLE_CERTIFICATE || secrets.AZURE_TENANT_ID }} APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }} APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }} APPLE_SIGNING_IDENTITY: ${{ secrets.APPLE_SIGNING_IDENTITY }} APPLE_ID: ${{ secrets.APPLE_ID }} APPLE_PASSWORD: ${{ secrets.APPLE_PASSWORD }} APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} + AZURE_TENANT_ID: ${{ startsWith(runner.os,'Windows') && secrets.AZURE_TENANT_ID }} + AZURE_CLIENT_ID: ${{ startsWith(runner.os,'Windows') && secrets.AZURE_CLIENT_ID }} + AZURE_CLIENT_SECRET: ${{ startsWith(runner.os,'Windows') && secrets.AZURE_CLIENT_SECRET }} TAURI_KEY_PASSWORD: ${{ secrets.TAURI_KEY_PASSWORD }} TAURI_PRIVATE_KEY: ${{ secrets.TAURI_PRIVATE_KEY }} with: