From b8e7d078e2eea6e19b3f348f83888ba84a63c546 Mon Sep 17 00:00:00 2001 From: Jason Naylor Date: Wed, 17 Apr 2024 13:37:43 -0700 Subject: [PATCH] WIP - Signing CD Action --- .github/workflows/ci-cd.yml | 129 +++++++++++++++--- build/FLExBridge.proj | 8 +- build/WixPatchableInstaller.targets | 41 +++++- l10n/l10n.proj | 2 +- .../LibFLExBridge-ChorusPluginTests.csproj | 2 +- src/WiXInstaller | 2 +- 6 files changed, 149 insertions(+), 35 deletions(-) diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml index e240e658..1f0bfb34 100644 --- a/.github/workflows/ci-cd.yml +++ b/.github/workflows/ci-cd.yml @@ -5,17 +5,26 @@ on: pull_request: branches: ["develop", "master"] workflow_dispatch: + inputs: + releaseType: + description: 'Alpha, Beta, Stable used to stamp release artifacts' + required: true + default: 'Alpha' concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true jobs: - windows_debug_build_and_test: + build_and_test: env: CROWDIN_API_KEY: ${{ secrets.CROWDIN_API_KEY }} + FILESTOSIGNLATER: "${{ github.workspace }}\\filesToSign" + teamcity_build_checkoutDir: ${{ github.workspace }} name: Build Debug and run Tests runs-on: windows-latest + outputs: + job-info: ${{ steps.msi-digest.outputs.job }} steps: - name: Checkout Files uses: actions/checkout@v4 @@ -38,35 +47,26 @@ jobs: - name: Add msbuild to PATH uses: microsoft/setup-msbuild@v2 + # We need the dotnet runtime to execute overcrowdin - name: Setup dotnet uses: actions/setup-dotnet@v3 with: - dotnet-version: | - 2.1.x - 3.1.x - 5.0.x + dotnet-version: + 8.0.x if: github.event_name != 'pull_request' + # If we are just doing a CI build we don't need real localizations, but the location must exist - name: Add Fake Localizations for CI shell: bash run: echo > DistFiles/localizations/empty.xlf if: github.event_name == 'pull_request' - - - name: Restore Build Tasks & Packages - id: package_restore - shell: cmd - run: msbuild build\FLExBridge.proj /t:RestoreBuildTasks;RestorePackages - - - name: Build & Test - id: build_and_test - shell: cmd - run: msbuild build\FLExBridge.proj /t:Test - + - name: Install Latest Overcrowdin shell: cmd run: dotnet tool install -g overcrowdin if: github.event_name != 'pull_request' + - name: Restore L10n Packages shell: cmd run: | @@ -79,9 +79,100 @@ jobs: run: | cd l10n msbuild l10n.proj /t:GetLatestL10ns;CopyL10nsToDistFiles + if: github.event_name != 'pull_request' + + - name: Restore Build Tasks & Packages + id: package_restore + shell: cmd + run: msbuild build\FLExBridge.proj /t:RestoreBuildTasks;RestorePackages + + - name: Build & Test + id: build_and_test_step + shell: cmd + run: msbuild build\FLExBridge.proj /t:Test /p:Configuration=Release + + # All the following are used only when building an installer after a merge + - name: Build Msi + id: build_msi + shell: cmd + run: | + msbuild build/FLExBridge.proj /t:CleanMasterOutputDir;PreparePublishingArtifactsInternal;BuildProductBaseMsi /p:UploadFolder=${{ inputs.environment || 'Alpha' }} + if: github.event_name != 'pull_request' + + - name: Prepare for msi signing + shell: bash + run: | + echo "FILES_TO_SIGN=$(cat $FILESTOSIGNLATER)" >> $GITHUB_OUTPUT + id: gathered_files + if: github.event_name != 'pull_request' + + - name: Create Msi Digest + id: msi-digest + uses: sillsdev/codesign/generate-digest@v2.0.3 + with: + path: ${{ steps.gathered_files.outputs.FILES_TO_SIGN }} + public-cert: ${{ secrets.CODESIGN_LSDEVSECTIGOEV }} + if: github.event_name != 'pull_request' + + - name: upload-msi + id: upload + uses: actions/upload-artifact@v4 + with: + name: signed-files-for-msi + path: ${{ steps.gathered_files.outputs.FILES_TO_SIGN }} + if-no-files-found: error + overwrite: true + if: github.event_name != 'pull_request' + + - name: launch-sign-msi-and-wait + uses: aurelien-baudet/workflow-dispatch@v2 + with: + token: ${{ secrets.JOB_LAUNCHER }} + workflow: sign-digest.yml + repo: sillsdev/codesign + ref: refs/heads/main + inputs: '{ "job": "${{ steps.msi-digest.outputs.job }}" }' + id: launch-sign-msi + if: github.event_name != 'pull_request' + +# sign-msi: +# needs: build_and_test +# uses: sillsdev/codesign/.github/workflows/sign-digest.yml@v2 +# with: +# job: ${{ needs.build_and_test.job-info }} +# if: github.event_name != 'pull_request' + + # build-installer-bundles: + # needs: [build_and_test, sign-msi] + # runs-on: windows-latest + # outputs: + # job-info: ${{ steps.bundle-digest.outputs.job }} + # steps: + - name: Apply signing to msi + uses: sillsdev/codesign/apply-signed-digest@v2.0.3 + with: + path: ${{ needs.build_and_test.steps.find_file.outputs.fb_msi_path }} + job: ${{ needs.sign-msi.outputs.signed-job }} if: github.event_name != 'pull_request' - - - name: Build Installer + - name: Build Online\Offline bundles shell: cmd - run: msbuild build/FLExBridge.proj /t:Installer /p:UploadFolder=Alpha + run: | + msbuild MSBuild FLExBridge.proj /target:BuildProductBaseBundles /p:Configuration=Release /p:Platform="Any CPU" /p:UploadFolder=${{ inputs.environment || 'Alpha' }} + echo "FILES_TO_SIGN<> $GITHUB_ENV + type %FILESTOSIGNLATER% >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + if: github.event_name != 'pull_request' + - name: Create Bundle Digest + id: bundle-digest + uses: sillsdev/codesign/generate-digest@v2 + with: + path: ${{ env.FILES_TO_SIGN }} + public-cert: ${{ secrets.CODESIGN_LSDEVSECTIGOEV }} if: github.event_name != 'pull_request' + +# sign-bundles: +# needs: build-installer-bundles +# uses: sillsdev/codesign/.github/workflows/sign-digest.yml@v2 +# with: +# job: ${{ needs.build-installer-bundles.job-info }} +# if: github.event_name != 'pull_request' \ No newline at end of file diff --git a/build/FLExBridge.proj b/build/FLExBridge.proj index 45a19196..ea381e73 100644 --- a/build/FLExBridge.proj +++ b/build/FLExBridge.proj @@ -45,7 +45,6 @@ - @@ -80,11 +79,6 @@ - - - - @@ -134,7 +128,7 @@ - + diff --git a/build/WixPatchableInstaller.targets b/build/WixPatchableInstaller.targets index 4742839f..93ff8d02 100644 --- a/build/WixPatchableInstaller.targets +++ b/build/WixPatchableInstaller.targets @@ -50,11 +50,14 @@ $(InstallersBaseDir)/$(SafeApplicationName)_Build_Master objects/$(SafeApplicationName) $(BinDirSuffix)_Data + $(SafeApplicationName)_$(BuildVersion).msi + $(RootDir)/src/WiXInstaller/BaseInstallerBuild + "$(ApplicationName)" $(SafeApplicationName) $(BuildVersion) $(ProductIdGuid) $(UpgradeCodeGuid) "$(AppBuildDir)/$(BinDirSuffix)" "$(AppBuildDir)/$(DataDirSuffix)" $(CopyrightYear) "$(Manufacturer)" $(SafeManufacturer) - + @@ -131,6 +134,7 @@ $(RootDir)/src/WiXInstaller/libs + - + + + + + "$(ApplicationName)" $(SafeApplicationName) $(BuildVersion) $(ProductIdGuid) $(UpgradeCodeGuid) "$(AppBuildDir)/$(BinDirSuffix)" "$(AppBuildDir)/$(DataDirSuffix)" $(CopyrightYear) "$(Manufacturer)" $(SafeManufacturer) + + + + + + + + + + + + + + + + - $(SafeApplicationName)_$(BuildVersion).msi - $(RootDir)/src/WiXInstaller/BaseInstallerBuild - "$(ApplicationName)" $(SafeApplicationName) $(BuildVersion) $(ProductIdGuid) $(UpgradeCodeGuid) "$(AppBuildDir)/$(BinDirSuffix)" "$(AppBuildDir)/$(DataDirSuffix)" $(CopyrightYear) "$(Manufacturer)" $(SafeManufacturer) + "$(ApplicationName)" $(SafeApplicationName) $(BuildVersion) $(ProductIdGuid) $(UpgradeCodeGuid) "$(AppBuildDir)/$(BinDirSuffix)" "$(AppBuildDir)/$(DataDirSuffix)" $(CopyrightYear) "$(Manufacturer)" $(SafeManufacturer) - + + + + + + "$(ApplicationName)" $(SafeApplicationName) $(BuildVersion) $(ProductIdGuid) $(UpgradeCodeGuid) "$(AppBuildDir)/$(BinDirSuffix)" "$(AppBuildDir)/$(DataDirSuffix)" $(CopyrightYear) "$(Manufacturer)" $(SafeManufacturer) + + diff --git a/l10n/l10n.proj b/l10n/l10n.proj index cf075088..47564186 100644 --- a/l10n/l10n.proj +++ b/l10n/l10n.proj @@ -37,7 +37,7 @@ - + diff --git a/src/LibFLExBridge-ChorusPluginTests/LibFLExBridge-ChorusPluginTests.csproj b/src/LibFLExBridge-ChorusPluginTests/LibFLExBridge-ChorusPluginTests.csproj index 6f639b0c..6730e1b1 100644 --- a/src/LibFLExBridge-ChorusPluginTests/LibFLExBridge-ChorusPluginTests.csproj +++ b/src/LibFLExBridge-ChorusPluginTests/LibFLExBridge-ChorusPluginTests.csproj @@ -12,7 +12,7 @@ - + diff --git a/src/WiXInstaller b/src/WiXInstaller index 4fed364c..133aa402 160000 --- a/src/WiXInstaller +++ b/src/WiXInstaller @@ -1 +1 @@ -Subproject commit 4fed364cd504097d0fd44f0c93f1954055e7e62e +Subproject commit 133aa402fe6016b841e93052c9f89d57d0bd015b