Skip to content

Commit

Permalink
WIP - Signing CD Action
Browse files Browse the repository at this point in the history
  • Loading branch information
jasonleenaylor committed May 7, 2024
1 parent fd0ea8a commit b8a1fc2
Show file tree
Hide file tree
Showing 5 changed files with 154 additions and 28 deletions.
135 changes: 116 additions & 19 deletions .github/workflows/ci-cd.yml
Original file line number Diff line number Diff line change
Expand Up @@ -5,17 +5,26 @@ on:
pull_request:
branches: ["develop", "master"]
workflow_dispatch:
inputs:
releaseType:
description: 'Alpha, Beta, Stable used to stamp release artifacts'
required: true
default: 'Alpha'

concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true

jobs:
windows_debug_build_and_test:
build_and_test:
env:
CROWDIN_API_KEY: ${{ secrets.CROWDIN_API_KEY }}
FILESTOSIGNLATER: "${{ github.workspace }}\\filesToSign"
teamcity_build_checkoutDir: ${{ github.workspace }}
name: Build Debug and run Tests
runs-on: windows-latest
outputs:
job-info: ${{ steps.msi-digest.outputs.job }}
steps:
- name: Checkout Files
uses: actions/checkout@v4
Expand All @@ -38,35 +47,26 @@ jobs:
- name: Add msbuild to PATH
uses: microsoft/setup-msbuild@v2

# We need the dotnet runtime to execute overcrowdin
- name: Setup dotnet
uses: actions/setup-dotnet@v3
with:
dotnet-version: |
2.1.x
3.1.x
5.0.x
dotnet-version:
8.0.x
if: github.event_name != 'pull_request'

# If we are just doing a CI build we don't need real localizations, but the location must exist
- name: Add Fake Localizations for CI
shell: bash
run: echo > DistFiles/localizations/empty.xlf
if: github.event_name == 'pull_request'

- name: Restore Build Tasks & Packages
id: package_restore
shell: cmd
run: msbuild build\FLExBridge.proj /t:RestoreBuildTasks;RestorePackages

- name: Build & Test
id: build_and_test
shell: cmd
run: msbuild build\FLExBridge.proj /t:Test


- name: Install Latest Overcrowdin
shell: cmd
run: dotnet tool install -g overcrowdin
if: github.event_name != 'pull_request'


- name: Restore L10n Packages
shell: cmd
run: |
Expand All @@ -79,9 +79,106 @@ jobs:
run: |
cd l10n
msbuild l10n.proj /t:GetLatestL10ns;CopyL10nsToDistFiles
if: github.event_name != 'pull_request'

- name: Restore Build Tasks & Packages
id: package_restore
shell: cmd
run: msbuild build\FLExBridge.proj /t:RestoreBuildTasks;RestorePackages

- name: Build & Test
id: build_and_test_step
shell: cmd
run: msbuild build\FLExBridge.proj /t:Test /p:Configuration=Release

# All the following are used only when building an installer after a merge
- name: Build Msi
id: build_msi
shell: cmd
run: |
msbuild build/FLExBridge.proj /t:CleanMasterOutputDir;PreparePublishingArtifactsInternal;BuildProductBaseMsi /p:UploadFolder=${{ inputs.environment || 'Alpha' }}
echo "FILES_TO_SIGN<<EOF" >> $GITHUB_ENV
type "%FILESTOSIGNLATER%" >> $GITHUB_ENV
echo "typejustdontwork.log" >> $GITHUB_ENV
echo "EOF" >> $GITHUB_ENV
if: github.event_name != 'pull_request'

- name: Debug filestosign env
shell: cmd
run: |
echo "Debugging info for env variables"
echo "${{ env.FILES_TO_SIGN }}"
echo ${{ env.FILES_TO_SIGN }}
echo "^^^ should look like vvv"
type %FILESTOSIGNLATER%
- name: Create Msi Digest
id: msi-digest
uses: sillsdev/codesign/[email protected]
with:
path: "${{ env.FILES_TO_SIGN }}"
public-cert: ${{ secrets.CODESIGN_LSDEVSECTIGOEV }}
if: github.event_name != 'pull_request'

- name: upload-msi
id: upload
uses: actions/upload-artifact@v4
with:
name: signed-files-for-msi
path: ${{ env.FILES_TO_SIGN }}
if-no-files-found: error
overwrite: true
if: github.event_name != 'pull_request'

- name: launch-sign-msi-and-wait
uses: aurelien-baudet/workflow-dispatch@v2
with:
workflow: [email protected]
owner: sillsdev
repo: codesign
ref: main
inputs: "{ 'job': '${{ steps.msi-digest.outputs.job }}' }"
id: launch-sign-msi
if: github.event_name != 'pull_request'

# sign-msi:
# needs: build_and_test
# uses: sillsdev/codesign/.github/workflows/sign-digest.yml@v2
# with:
# job: ${{ needs.build_and_test.job-info }}
# if: github.event_name != 'pull_request'

# build-installer-bundles:
# needs: [build_and_test, sign-msi]
# runs-on: windows-latest
# outputs:
# job-info: ${{ steps.bundle-digest.outputs.job }}
# steps:
- name: Apply signing to msi
uses: sillsdev/codesign/[email protected]
with:
path: ${{ needs.build_and_test.steps.find_file.outputs.fb_msi_path }}
job: ${{ needs.sign-msi.outputs.signed-job }}
if: github.event_name != 'pull_request'

- name: Build Installer
- name: Build Online\Offline bundles
shell: cmd
run: msbuild build/FLExBridge.proj /t:Installer /p:UploadFolder=Alpha
run: |
msbuild MSBuild FLExBridge.proj /target:BuildProductBaseBundles /p:Configuration=Release /p:Platform="Any CPU" /p:UploadFolder=${{ inputs.environment || 'Alpha' }}
echo "FILES_TO_SIGN<<EOF" >> $GITHUB_ENV
type %FILESTOSIGNLATER% >> $GITHUB_ENV
echo "EOF" >> $GITHUB_ENV
if: github.event_name != 'pull_request'
- name: Create Bundle Digest
id: bundle-digest
uses: sillsdev/codesign/generate-digest@v2
with:
path: ${{ env.FILES_TO_SIGN }}
public-cert: ${{ secrets.CODESIGN_LSDEVSECTIGOEV }}
if: github.event_name != 'pull_request'

# sign-bundles:
# needs: build-installer-bundles
# uses: sillsdev/codesign/.github/workflows/sign-digest.yml@v2
# with:
# job: ${{ needs.build-installer-bundles.job-info }}
# if: github.event_name != 'pull_request'
41 changes: 35 additions & 6 deletions build/WixPatchableInstaller.targets
Original file line number Diff line number Diff line change
Expand Up @@ -50,11 +50,14 @@
<AppBuildMasterDir>$(InstallersBaseDir)/$(SafeApplicationName)_Build_Master</AppBuildMasterDir>
<BinDirSuffix>objects/$(SafeApplicationName)</BinDirSuffix>
<DataDirSuffix>$(BinDirSuffix)_Data</DataDirSuffix>
<MsiFile>$(SafeApplicationName)_$(BuildVersion).msi</MsiFile>
<BaseBuildDir>$(RootDir)/src/WiXInstaller/BaseInstallerBuild</BaseBuildDir>
<BaseBuildArgs>"$(ApplicationName)" $(SafeApplicationName) $(BuildVersion) $(ProductIdGuid) $(UpgradeCodeGuid) "$(AppBuildDir)/$(BinDirSuffix)" "$(AppBuildDir)/$(DataDirSuffix)" $(CopyrightYear) "$(Manufacturer)" $(SafeManufacturer)</BaseBuildArgs>
</PropertyGroup>

<!-- Top Level Targets -->
<!-- called only once, at the first release of a major version -->
<Target Name="BuildRelease" DependsOnTargets="CleanMasterOutputDir;BuildProductMain;BuildProductBaseMsi;CopyBuildToMaster"/>
<Target Name="BuildRelease" DependsOnTargets="CleanMasterOutputDir;BuildProductMain;BuildProductBase;CopyBuildToMaster"/>

<!-- called at each minor release to build a patch installer -->
<Target Name="BuildPatch" DependsOnTargets="BuildProductMain;BuildProductPatchMsp" />
Expand Down Expand Up @@ -131,6 +134,7 @@
<PropertyGroup>
<WixLibsDir>$(RootDir)/src/WiXInstaller/libs</WixLibsDir>
</PropertyGroup>
<Message Text="Executing buildMsi.bat from $(BaseBuildDir)"/>
<DownloadFileOnce Address="http://go.microsoft.com/fwlink/?LinkId=322115"
LocalFilename="$(WixLibsDir)/NDP451-KB2858728-x86-x64-AllOS-ENU.exe"/> <!-- .net 4.5.1 -->
<DownloadFileOnce Address="https://download.microsoft.com/download/1/6/5/165255E7-1014-4D0A-B094-B6A430A6BFFC/vcredist_x86.exe"
Expand Down Expand Up @@ -184,14 +188,39 @@
</UsingTask>

<!-- Build Wix Product Targets -->
<Target Name="BuildProductBaseMsi" DependsOnTargets="GetDotNetFiles; InstallerVersionNumbers">

<!-- Attempt to build and sign the full installation package. Both the msi, and the Online and Offline bundles -->
<Target Name="BuildProductBase" DependsOnTargets="GetDotNetFiles; InstallerVersionNumbers">
<PropertyGroup>
<BuildArgsJIT>"$(ApplicationName)" $(SafeApplicationName) $(BuildVersion) $(ProductIdGuid) $(UpgradeCodeGuid) "$(AppBuildDir)/$(BinDirSuffix)" "$(AppBuildDir)/$(DataDirSuffix)" $(CopyrightYear) "$(Manufacturer)" $(SafeManufacturer)</BuildArgsJIT>
</PropertyGroup>
<Exec WorkingDirectory="$(BaseBuildDir)" Command="buildBaseInstaller.bat $(BuildArgsJIT)" />

<ItemGroup>
<InstallerFiles Include="$(BaseBuildDir)/**/$(SafeApplicationName)_*.exe"/>
<InstallerFiles Include="$(BaseBuildDir)/**/$(SafeApplicationName)_*.msi"/>
</ItemGroup>
<Move SourceFiles="@(InstallerFiles)" DestinationFolder="$(InstallersBaseDir)"/>
<!-- The FieldWorks installer wants a stable installer name -->
<Move SourceFiles="$(InstallersBaseDir)/$(SafeApplicationName)_$(BuildVersion)_Offline.exe" DestinationFiles="$(InstallersBaseDir)/$(SafeApplicationName)_Offline.exe"/>
<Move SourceFiles="$(InstallersBaseDir)/$(SafeApplicationName)_$(BuildVersion)_Online.exe" DestinationFiles="$(InstallersBaseDir)/$(SafeApplicationName)_Online.exe"/>
<Move SourceFiles="$(InstallersBaseDir)/$(SafeApplicationName)_$(BuildVersion).msi" DestinationFiles="$(InstallersBaseDir)/$(SafeApplicationName).msi"/>
</Target>

<!-- Build the msi, useful for separating the signing step -->
<Target Name="BuildProductBaseMsi" DependsOnTargets="GetDotNetFiles;InstallerVersionNumbers;BuildProductMain">
<PropertyGroup>
<MsiFile>$(SafeApplicationName)_$(BuildVersion).msi</MsiFile>
<BaseBuildDir>$(RootDir)/src/WiXInstaller/BaseInstallerBuild</BaseBuildDir>
<BaseBuildArgs>"$(ApplicationName)" $(SafeApplicationName) $(BuildVersion) $(ProductIdGuid) $(UpgradeCodeGuid) "$(AppBuildDir)/$(BinDirSuffix)" "$(AppBuildDir)/$(DataDirSuffix)" $(CopyrightYear) "$(Manufacturer)" $(SafeManufacturer)</BaseBuildArgs>
<BuildArgsJIT>"$(ApplicationName)" $(SafeApplicationName) $(BuildVersion) $(ProductIdGuid) $(UpgradeCodeGuid) "$(AppBuildDir)/$(BinDirSuffix)" "$(AppBuildDir)/$(DataDirSuffix)" $(CopyrightYear) "$(Manufacturer)" $(SafeManufacturer)</BuildArgsJIT>
</PropertyGroup>
<Exec WorkingDirectory="$(BaseBuildDir)" Command="buildBaseInstaller.bat $(BaseBuildArgs)" />
<Message Text="Executing buildMsi.bat from $(BaseBuildDir)"/>
<Exec WorkingDirectory="$(BaseBuildDir)" Command="buildMsi.bat $(BuildArgsJIT)" />
</Target>

<Target Name="BuildProductBaseBundles" DependsOnTargets="GetDotNetFiles; InstallerVersionNumbers">
<PropertyGroup>
<BuildArgsJIT>"$(ApplicationName)" $(SafeApplicationName) $(BuildVersion) $(ProductIdGuid) $(UpgradeCodeGuid) "$(AppBuildDir)/$(BinDirSuffix)" "$(AppBuildDir)/$(DataDirSuffix)" $(CopyrightYear) "$(Manufacturer)" $(SafeManufacturer)</BuildArgsJIT>
</PropertyGroup>
<Exec WorkingDirectory="$(BaseBuildDir)" Command="buildexe.bat $(BuildArgsJIT) x86 1" />
<ItemGroup>
<InstallerFiles Include="$(BaseBuildDir)/**/$(SafeApplicationName)_*.exe"/>
<InstallerFiles Include="$(BaseBuildDir)/**/$(SafeApplicationName)_*.msi"/>
Expand Down
2 changes: 1 addition & 1 deletion l10n/l10n.proj
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@
</Target>

<Target Name="FetchLatestL10ns" DependsOnTargets="restore">
<Exec Command="overcrowdin download -e -f $(FwL10nsZip)" />
<Exec Command="overcrowdin download -f $(FwL10nsZip)" />
</Target>

<Target Name="ProcessL10ns" DependsOnTargets="restore">
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@
<PackageReference Include="GitVersion.MsBuild" Version="5.10.3" PrivateAssets="all" />
<PackageReference Include="NUnit" Version="3.13.3" />
<PackageReference Include="SIL.Chorus.LibChorus.TestUtilities" Version="$(ChorusVersion)" />
<PackageReference Include="SIL.Chorus.Mercurial" Version="6.5.1.25" IncludeAssets="build" />
<PackageReference Include="SIL.Chorus.Mercurial" Version="6.*" IncludeAssets="build" />
</ItemGroup>

<ItemGroup>
Expand Down
2 changes: 1 addition & 1 deletion src/WiXInstaller

0 comments on commit b8a1fc2

Please sign in to comment.