diff options
author | Jan Holthuis <jan.holthuis@ruhr-uni-bochum.de> | 2020-11-27 21:02:52 +0100 |
---|---|---|
committer | Jan Holthuis <jan.holthuis@ruhr-uni-bochum.de> | 2020-11-28 13:14:23 +0100 |
commit | 3cd029b3a699f67d931dc42fb0aae20bddbc39ad (patch) | |
tree | 0a95bff26dd5c00fe1f14885c4a18ac5e6038ac7 /.github/workflows/build.yml | |
parent | 19ec4a6d0d6e699f85e88f853562923b38ecb244 (diff) |
GitHub Actions: Add support for codesigning on Windows
Diffstat (limited to '.github/workflows/build.yml')
-rw-r--r-- | .github/workflows/build.yml | 23 |
1 files changed, 20 insertions, 3 deletions
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index fc9c92f113..48fe73ae2d 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -142,9 +142,21 @@ jobs: security list-keychains -s Mixxx.keychain # Prevent keychain access from timing out security set-keychain-settings Mixxx.keychain + echo "CMAKE_ARGS_EXTRA=${CMAKE_ARGS_EXTRA} -DAPPLE_CODESIGN_IDENTITY=${APPLE_CODESIGN_IDENTITY}" >> "${GITHUB_ENV}" - CMAKE_ARGS="-DAPPLE_CODESIGN_IDENTITY=${APPLE_CODESIGN_IDENTITY}" - echo "::set-output name=cmake_args::${CMAKE_ARGS}" + - name: "[Windows] Set up Windows code signing" + env: + WINDOWS_CODESIGN_CERTIFICATE_PATH: ${{ github.workspace }}\build\certificates\windows_sectigo_codesign_certificate.pfx + WINDOWS_CODESIGN_CERTIFICATE_PASSWORD: ${{ secrets.WINDOWS_CODESIGN_CERTIFICATE_PASSWORD }} + WINDOWS_CODESIGN_SECURE_FILE_SALT: ${{ secrets.WINDOWS_CODESIGN_SECURE_FILE_SALT }} + WINDOWS_CODESIGN_SECURE_FILE_SECRET: ${{ secrets.WINDOWS_CODESIGN_SECURE_FILE_SECRET }} + if: runner.os == 'Windows' && env.WINDOWS_CODESIGN_SECURE_FILE_SALT != null && env.WINDOWS_CODESIGN_SECURE_FILE_SECRET != null + run: | + iex ((New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/appveyor/secure-file/master/install.ps1')) + appveyor-tools/secure-file -decrypt "$Env:WINDOWS_CODESIGN_CERTIFICATE_PATH.enc" -secret "$Env:WINDOWS_CODESIGN_SECURE_FILE_SECRET" -salt "$Env:WINDOWS_CODESIGN_SECURE_FILE_SALT" + Add-Content -Path "$Env:GITHUB_ENV" -Value "WINDOWS_CODESIGN_CERTIFICATE_PATH=$Env:WINDOWS_CODESIGN_CERTIFICATE_PATH" + Add-Content -Path "$Env:GITHUB_ENV" -Value "WINDOWS_CODESIGN_CERTIFICATE_PASSWORD=$Env:WINDOWS_CODESIGN_CERTIFICATE_PASSWORD" + Add-Content -Path "$Env:GITHUB_ENV" -Value "CMAKE_ARGS_EXTRA=-DWINDOWS_CODESIGN=ON" - name: "Set up build environment" id: buildenv @@ -181,7 +193,7 @@ jobs: -DCMAKE_BUILD_TYPE=Release "-DCMAKE_PREFIX_PATH=${{ env.CMAKE_PREFIX_PATH }}" -DDEBUG_ASSERTIONS_FATAL=ON - -DQt5_DIR=${{ env.QT_PATH }} ${{ matrix.cmake_args }} ${{ steps.apple_codesign.outputs.cmake_args }} + -DQt5_DIR=${{ env.QT_PATH }} ${{ matrix.cmake_args }} ${{ env.CMAKE_ARGS_EXTRA }} -DBATTERY=ON -DBROADCAST=ON -DBULK=ON @@ -245,6 +257,11 @@ jobs: run: codesign --verbose=4 --options runtime --sign "${APPLE_CODESIGN_IDENTITY}" --entitlements ../build/osx/entitlements.plist *.dmg working-directory: cmake_build + - name: "[Windows] Sign Package" + if: runner.os == 'Windows' && env.WINDOWS_CODESIGN_CERTIFICATE_PATH != null && env.WINDOWS_CODESIGN_CERTIFICATE_PASSWORD != null + run: signtool sign /f $Env:WINDOWS_CODESIGN_CERTIFICATE_PATH /p $Env:WINDOWS_CODESIGN_CERTIFICATE_PASSWORD *.msi + working-directory: cmake_build + - name: "[macOS] Upload build to downloads.mixxx.org" # skip deploying Ubuntu builds to downloads.mixxx.org because these are deployed to the PPA if: runner.os == 'macOS' && env.DOWNLOADS_HOSTGATOR_DOT_MIXXX_DOT_ORG_KEY_PASSWORD != null |