Skip to content
FlexBridge CI/CD

Signing CD Action #119

Sign in to view logs

Signing CD Action

Signing CD Action #119

Workflow file for this run

.github/workflows/ci-cd.yml at 571c525
name: FlexBridge CI/CD
on:
push:
branches: ["develop", "master"]
pull_request:
branches: ["develop", "master"]
workflow_dispatch:
inputs:
releaseType:
description: 'Alpha, Beta, Stable used to stamp release artifacts'
required: true
default: 'Alpha'
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
jobs:
build_and_test:
env:
CROWDIN_API_KEY: ${{ secrets.CROWDIN_API_KEY }}
FILESTOSIGNLATER: "${{ github.workspace }}\\filesToSign"
teamcity_build_checkoutDir: ${{ github.workspace }}
name: Build Debug and run Tests
runs-on: windows-latest
outputs:
job-info: ${{ steps.msi-digest.outputs.job }}
steps:
- name: Checkout Files
uses: actions/checkout@v4
id: checkout
with:
fetch-depth: 0
submodules: true
- name: Download 461 targeting pack
uses: suisei-cn/actions-download-file@818d6b7dc8fe73f2f924b6241f2b1134ca1377d9 # 1.6.0
id: downloadfile # Remember to give an ID if you need the output filename
with:
url: "https://download.microsoft.com/download/F/1/D/F1DEB8DB-D277-4EF9-9F48-3A65D4D8F965/NDP461-DevPack-KB3105179-ENU.exe"
target: public/
- name: Install targeting pack
shell: cmd
working-directory: public
run: NDP461-DevPack-KB3105179-ENU.exe /q
- name: Add msbuild to PATH
uses: microsoft/setup-msbuild@v2
# We need the dotnet runtime to execute overcrowdin
- name: Setup dotnet
uses: actions/setup-dotnet@v3
with:
dotnet-version:
8.0.x
if: github.event_name != 'pull_request'
# If we are just doing a CI build we don't need real localizations, but the location must exist
- name: Add Fake Localizations for CI
shell: bash
run: echo > DistFiles/localizations/empty.xlf
if: github.event_name == 'pull_request'
- name: Install Latest Overcrowdin
shell: cmd
run: dotnet tool install -g overcrowdin
if: github.event_name != 'pull_request'
- name: Restore L10n Packages
shell: cmd
run: |
cd l10n
msbuild l10n.proj /t:restore
if: github.event_name != 'pull_request'
- name: Get Latest L10ns
shell: cmd
run: |
cd l10n
msbuild l10n.proj /t:GetLatestL10ns;CopyL10nsToDistFiles
if: github.event_name != 'pull_request'
- name: Restore Build Tasks & Packages
id: package_restore
shell: cmd
run: msbuild build\FLExBridge.proj /t:RestoreBuildTasks;RestorePackages
- name: Build & Test
id: build_and_test_step
shell: cmd
run: msbuild build\FLExBridge.proj /t:Test /p:Configuration=Release
# All the following are used only when building an installer after a merge
- name: Build Msi
id: build_msi
shell: cmd
run: |
msbuild build/FLExBridge.proj /t:CleanMasterOutputDir;PreparePublishingArtifactsInternal;BuildProductBaseMsi /p:UploadFolder=${{ inputs.environment || 'Alpha' }}
if: github.event_name != 'pull_request'
- name: Prepare for msi signing
shell: bash
run: |
echo "FILES_TO_SIGN=$(cat $FILESTOSIGNLATER)" >> $GITHUB_OUTPUT
id: gathered_files
if: github.event_name != 'pull_request'
- name: Create Msi Digest
id: msi-digest
uses: sillsdev/codesign/[email protected]
with:
path: ${{ steps.gathered_files.outputs.FILES_TO_SIGN }}
public-cert: ${{ secrets.CODESIGN_LSDEVSECTIGOEV }}
if: github.event_name != 'pull_request'
- name: upload-msi
id: upload
uses: actions/upload-artifact@v4
with:
name: unsigned-msi
path: ${{ steps.gathered_files.outputs.FILES_TO_SIGN }}
if-no-files-found: error
overwrite: true
if: github.event_name != 'pull_request'
- name: launch-sign-msi-and-wait
uses: aurelien-baudet/workflow-dispatch@v2
with:
token: ${{ secrets.JOB_LAUNCHER }}
workflow: sign-digest.yml
repo: sillsdev/codesign
ref: refs/heads/main
inputs: '{ "job": "fugly"}'
id: launch-sign-msi
if: github.event_name != 'pull_request'
- name: show-sign-msi-results
if: always()
shell: bash
run: |
echo "signing-results = ${{ steps.launch-sign-msi.outputs.workflow-conclusion }}"
# sign-msi:
# needs: build_and_test
# uses: sillsdev/codesign/.github/workflows/sign-digest.yml@v2
# with:
# job: ${{ needs.build_and_test.job-info }}
# if: github.event_name != 'pull_request'
# build-installer-bundles:
# needs: [build_and_test, sign-msi]
# runs-on: windows-latest
# outputs:
# job-info: ${{ steps.bundle-digest.outputs.job }}
# steps:
- name: Apply signing to msi
uses: sillsdev/codesign/[email protected]
with:
path: ${{ needs.build_and_test.steps.find_file.outputs.fb_msi_path }}
job: ${{ needs.sign-msi.outputs.signed-job }}
if: github.event_name != 'pull_request'
- name: Build Online\Offline bundles
shell: cmd
run: |
msbuild MSBuild FLExBridge.proj /target:BuildProductBaseBundles /p:Configuration=Release /p:Platform="Any CPU" /p:UploadFolder=${{ inputs.environment || 'Alpha' }}
echo "FILES_TO_SIGN<<EOF" >> $GITHUB_ENV
type %FILESTOSIGNLATER% >> $GITHUB_ENV
echo "EOF" >> $GITHUB_ENV
if: github.event_name != 'pull_request'
- name: Create Bundle Digest
id: bundle-digest
uses: sillsdev/codesign/generate-digest@v2
with:
path: ${{ env.FILES_TO_SIGN }}
public-cert: ${{ secrets.CODESIGN_LSDEVSECTIGOEV }}
if: github.event_name != 'pull_request'
# sign-bundles:
# needs: build-installer-bundles
# uses: sillsdev/codesign/.github/workflows/sign-digest.yml@v2
# with:
# job: ${{ needs.build-installer-bundles.job-info }}
# if: github.event_name != 'pull_request'