diff options
author | Be <be@mixxx.org> | 2020-11-28 06:44:42 -0800 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-11-28 06:44:42 -0800 |
commit | 41733b904a9364d774dc1f383a9d9c7e85cae5c3 (patch) | |
tree | 3ccb0abbd21eafeeed2210475dcc48bd40ef899c /.github | |
parent | b7d07ba085f1f5eddfd6ea200ab12d66adef56e2 (diff) | |
parent | 3cd029b3a699f67d931dc42fb0aae20bddbc39ad (diff) |
Merge pull request #3369 from mixxxdj/windows-codesign
Windows codesign
Diffstat (limited to '.github')
-rw-r--r-- | .github/workflows/build.yml | 23 |
1 files changed, 20 insertions, 3 deletions
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 70e09380dc..3e996b06ee 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -146,9 +146,21 @@ jobs: security list-keychains -s Mixxx.keychain # Prevent keychain access from timing out security set-keychain-settings Mixxx.keychain + echo "CMAKE_ARGS_EXTRA=${CMAKE_ARGS_EXTRA} -DAPPLE_CODESIGN_IDENTITY=${APPLE_CODESIGN_IDENTITY}" >> "${GITHUB_ENV}" - CMAKE_ARGS="-DAPPLE_CODESIGN_IDENTITY=${APPLE_CODESIGN_IDENTITY}" - echo "::set-output name=cmake_args::${CMAKE_ARGS}" + - name: "[Windows] Set up Windows code signing" + env: + WINDOWS_CODESIGN_CERTIFICATE_PATH: ${{ github.workspace }}\build\certificates\windows_sectigo_codesign_certificate.pfx + WINDOWS_CODESIGN_CERTIFICATE_PASSWORD: ${{ secrets.WINDOWS_CODESIGN_CERTIFICATE_PASSWORD }} + WINDOWS_CODESIGN_SECURE_FILE_SALT: ${{ secrets.WINDOWS_CODESIGN_SECURE_FILE_SALT }} + WINDOWS_CODESIGN_SECURE_FILE_SECRET: ${{ secrets.WINDOWS_CODESIGN_SECURE_FILE_SECRET }} + if: runner.os == 'Windows' && env.WINDOWS_CODESIGN_SECURE_FILE_SALT != null && env.WINDOWS_CODESIGN_SECURE_FILE_SECRET != null + run: | + iex ((New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/appveyor/secure-file/master/install.ps1')) + appveyor-tools/secure-file -decrypt "$Env:WINDOWS_CODESIGN_CERTIFICATE_PATH.enc" -secret "$Env:WINDOWS_CODESIGN_SECURE_FILE_SECRET" -salt "$Env:WINDOWS_CODESIGN_SECURE_FILE_SALT" + Add-Content -Path "$Env:GITHUB_ENV" -Value "WINDOWS_CODESIGN_CERTIFICATE_PATH=$Env:WINDOWS_CODESIGN_CERTIFICATE_PATH" + Add-Content -Path "$Env:GITHUB_ENV" -Value "WINDOWS_CODESIGN_CERTIFICATE_PASSWORD=$Env:WINDOWS_CODESIGN_CERTIFICATE_PASSWORD" + Add-Content -Path "$Env:GITHUB_ENV" -Value "CMAKE_ARGS_EXTRA=-DWINDOWS_CODESIGN=ON" - name: "Set up build environment" id: buildenv @@ -179,7 +191,7 @@ jobs: -DCMAKE_BUILD_TYPE=Release "-DCMAKE_PREFIX_PATH=${{ env.CMAKE_PREFIX_PATH }}" -DDEBUG_ASSERTIONS_FATAL=ON - -DQt5_DIR=${{ env.QT_PATH }} ${{ matrix.cmake_args }} ${{ steps.apple_codesign.outputs.cmake_args }} + -DQt5_DIR=${{ env.QT_PATH }} ${{ matrix.cmake_args }} ${{ env.CMAKE_ARGS_EXTRA }} -DBATTERY=ON -DBROADCAST=ON -DBULK=ON @@ -243,6 +255,11 @@ jobs: run: codesign --verbose=4 --options runtime --sign "${APPLE_CODESIGN_IDENTITY}" --entitlements ../build/osx/entitlements.plist *.dmg working-directory: cmake_build + - name: "[Windows] Sign Package" + if: runner.os == 'Windows' && env.WINDOWS_CODESIGN_CERTIFICATE_PATH != null && env.WINDOWS_CODESIGN_CERTIFICATE_PASSWORD != null + run: signtool sign /f $Env:WINDOWS_CODESIGN_CERTIFICATE_PATH /p $Env:WINDOWS_CODESIGN_CERTIFICATE_PASSWORD *.msi + working-directory: cmake_build + - name: "[macOS] Upload build to downloads.mixxx.org" # skip deploying Ubuntu builds to downloads.mixxx.org because these are deployed to the PPA if: runner.os == 'macOS' && env.DOWNLOADS_HOSTGATOR_DOT_MIXXX_DOT_ORG_KEY_PASSWORD != null |