mirror of
https://github.com/eugeny/tabby
synced 2026-05-03 07:50:45 +00:00
Windows signing fix (#11186)
Package-Build / Lint (push) Has been cancelled
CodeQL / Analyze (javascript) (push) Has been cancelled
Docs / build (push) Has been cancelled
Package-Build / macOS-Build (arm64, aarch64-apple-darwin) (push) Has been cancelled
Package-Build / macOS-Build (x86_64, x86_64-apple-darwin) (push) Has been cancelled
Package-Build / Linux-Build (amd64, x64, ubuntu-24.04, x86_64-unknown-linux-gnu) (push) Has been cancelled
Package-Build / Linux-Build (arm64, arm64, ubuntu-24.04-arm, aarch64-unknown-linux-gnu, aarch64-linux-gnu-) (push) Has been cancelled
Package-Build / Linux-Build (armhf, arm, ubuntu-24.04, arm-unknown-linux-gnueabihf, arm-linux-gnueabihf-) (push) Has been cancelled
Package-Build / Windows-Build (arm64, aarch64-pc-windows-msvc) (push) Has been cancelled
Package-Build / Windows-Build (x64, x86_64-pc-windows-msvc) (push) Has been cancelled
Package-Build / Lint (push) Has been cancelled
CodeQL / Analyze (javascript) (push) Has been cancelled
Docs / build (push) Has been cancelled
Package-Build / macOS-Build (arm64, aarch64-apple-darwin) (push) Has been cancelled
Package-Build / macOS-Build (x86_64, x86_64-apple-darwin) (push) Has been cancelled
Package-Build / Linux-Build (amd64, x64, ubuntu-24.04, x86_64-unknown-linux-gnu) (push) Has been cancelled
Package-Build / Linux-Build (arm64, arm64, ubuntu-24.04-arm, aarch64-unknown-linux-gnu, aarch64-linux-gnu-) (push) Has been cancelled
Package-Build / Linux-Build (armhf, arm, ubuntu-24.04, arm-unknown-linux-gnueabihf, arm-linux-gnueabihf-) (push) Has been cancelled
Package-Build / Windows-Build (arm64, aarch64-pc-windows-msvc) (push) Has been cancelled
Package-Build / Windows-Build (x64, x86_64-pc-windows-msvc) (push) Has been cancelled
Co-authored-by: Eugeny <161476+Eugeny@users.noreply.github.com> Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
This commit is contained in:
Eugene
+66
-31
@@ -96,7 +96,7 @@ jobs:
|
||||
|
||||
- name: Build packages without signing
|
||||
run: scripts/build-macos.mjs
|
||||
if: "! (github.event_name == 'push' && (github.ref_protected || startsWith(github.ref, 'refs/tags')))"
|
||||
if: "! (github.event_name == 'push' && startsWith(github.ref, 'refs/tags'))"
|
||||
env:
|
||||
ARCH: ${{matrix.arch}}
|
||||
# DEBUG: electron-builder,electron-builder:*
|
||||
@@ -250,7 +250,7 @@ jobs:
|
||||
SENTRY_PROJECT: ${{ secrets.SENTRY_PROJECT }}
|
||||
|
||||
- name: Upload packages to packagecloud.io
|
||||
uses: TykTechnologies/packagecloud-action@main
|
||||
uses: TykTechnologies/packagecloud-action@7add92bc6a06914be404cf7fa00a6ccb302e6ac5
|
||||
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')
|
||||
env:
|
||||
PACKAGECLOUD_TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }}
|
||||
@@ -258,7 +258,7 @@ jobs:
|
||||
repo: 'eugeny/tabby'
|
||||
dir: 'dist'
|
||||
rpmvers: 'el/9 el/8 ol/6 ol/7'
|
||||
debvers: 'ubuntu/bionic ubuntu/focal ubuntu/hirsute ubuntu/impish ubuntu/jammy ubuntu/kinetic ubuntu/noble ubuntu/oracular debian/jessie debian/stretch debian/buster debian/bullseye debian/bookworm debian/trixie debian/forky debian/duke debian/testing debian/unstable debian/sid'
|
||||
debvers: 'ubuntu/bionic ubuntu/focal ubuntu/hirsute ubuntu/impish ubuntu/jammy ubuntu/kinetic ubuntu/noble ubuntu/oracular debian/jessie debian/stretch debian/buster debian/bullseye debian/bookworm debian/trixie debian/forky debian/duke debian/forky debian/sid'
|
||||
|
||||
- uses: actions/upload-artifact@master
|
||||
name: Upload AppImage (${{matrix.arch}})
|
||||
@@ -312,6 +312,9 @@ jobs:
|
||||
env:
|
||||
RUST_TARGET_TRIPLE: ${{matrix.rust_triple}}
|
||||
ARCH: ${{matrix.arch}}
|
||||
# Branch name that enables DigiCert signing in PR builds for debugging.
|
||||
# Change this value to match the feature branch you want to test signing on.
|
||||
SIGN_ON_BRANCH: signing-debug
|
||||
|
||||
steps:
|
||||
- name: Checkout
|
||||
@@ -319,12 +322,68 @@ jobs:
|
||||
with:
|
||||
fetch-depth: 0
|
||||
|
||||
- name: Add Windows SDK signtool to PATH
|
||||
shell: powershell
|
||||
run: |
|
||||
$x64 = 'C:\Program Files (x86)\Windows Kits\10\bin\10.0.26100.0\x64'
|
||||
$arm64 = 'C:\Program Files (x86)\Windows Kits\10\bin\10.0.26100.0\arm64'
|
||||
$newPath = "$x64;$arm64;$env:PATH"
|
||||
echo "PATH=$newPath" >> $env:GITHUB_ENV
|
||||
|
||||
- name: Decode certificate
|
||||
if: (github.event_name == 'push' && startsWith(github.ref, 'refs/tags'))
|
||||
env:
|
||||
SM_CLIENT_CERT_FILE_B64: ${{ secrets.SM_CLIENT_CERT_FILE_B64 }}
|
||||
run: |
|
||||
SM_CLIENT_CERT_FILE=$RUNNER_TEMP/certificate.p12
|
||||
echo "$SM_CLIENT_CERT_FILE_B64" | base64 --decode > $SM_CLIENT_CERT_FILE
|
||||
echo "SM_CLIENT_CERT_FILE=$SM_CLIENT_CERT_FILE" >> "$GITHUB_ENV"
|
||||
shell: bash
|
||||
|
||||
- name: Setup Software Trust Manager
|
||||
if: (github.event_name == 'push' && startsWith(github.ref, 'refs/tags'))
|
||||
uses: digicert/code-signing-software-trust-action@v1.0.0
|
||||
env:
|
||||
SM_HOST: ${{ vars.SM_HOST }}
|
||||
SM_API_KEY: ${{ secrets.SM_API_KEY }}
|
||||
SM_CLIENT_CERT_FILE: ${{ env.SM_CLIENT_CERT_FILE }}
|
||||
SM_CLIENT_CERT_PASSWORD: ${{ secrets.SM_CLIENT_CERT_PASSWORD }}
|
||||
|
||||
- name: smctl diagnostics
|
||||
if: (github.event_name == 'push' && startsWith(github.ref, 'refs/tags'))
|
||||
shell: powershell
|
||||
env:
|
||||
SM_LOG_LEVEL: TRACE
|
||||
SM_API_KEY: ${{ secrets.SM_API_KEY }}
|
||||
SM_HOST: ${{ vars.SM_HOST }}
|
||||
SM_KEYPAIR_ALIAS: ${{ vars.SM_KEYPAIR_ALIAS }}
|
||||
SM_CODE_SIGNING_CERT_SHA1_HASH: ${{ vars.SM_CODE_SIGNING_CERT_SHA1_HASH }}
|
||||
SM_CLIENT_CERT_FILE: ${{ env.SM_CLIENT_CERT_FILE }}
|
||||
SM_CLIENT_CERT_PASSWORD: ${{ secrets.SM_CLIENT_CERT_PASSWORD }}
|
||||
run: |
|
||||
Write-Host "=== smctl version ==="
|
||||
smctl.exe --version
|
||||
|
||||
Write-Host "=== smctl healthcheck ==="
|
||||
smctl.exe healthcheck
|
||||
|
||||
Write-Host "=== smctl healthcheck --tools ==="
|
||||
smctl.exe healthcheck --tools
|
||||
|
||||
Write-Host "=== smctl keypair ls ==="
|
||||
smctl.exe keypair ls
|
||||
|
||||
Write-Host "=== smctl certificate ls ==="
|
||||
smctl.exe certificate ls
|
||||
|
||||
Write-Host "=== Windows SDK signtool path(s) ==="
|
||||
Get-ChildItem -Path "C:\Program Files (x86)\Windows Kits" -Filter "signtool.exe" -Recurse -ErrorAction SilentlyContinue | Select-Object -ExpandProperty FullName
|
||||
|
||||
- name: Installing Node
|
||||
uses: actions/setup-node@v4.4.0
|
||||
with:
|
||||
node-version: 22
|
||||
|
||||
- run: npm i -g npx
|
||||
- run: rustup target add ${{matrix.rust_triple}}
|
||||
|
||||
- name: Update node-gyp
|
||||
@@ -335,34 +394,15 @@ jobs:
|
||||
- name: Build
|
||||
shell: powershell
|
||||
run: |
|
||||
npm i -g yar node-gyp
|
||||
npm i -g yarn node-gyp
|
||||
yarn --network-timeout 1000000
|
||||
yarn run build
|
||||
node scripts/prepackage-plugins.mjs
|
||||
env:
|
||||
ARCH: ${{matrix.arch}}
|
||||
|
||||
- name: Decode certificate
|
||||
if: github.event_name == 'push' && (startsWith(github.ref, 'refs/tags'))
|
||||
env:
|
||||
SM_CLIENT_CERT_FILE_B64: ${{ secrets.SM_CLIENT_CERT_FILE_B64 }}
|
||||
run: |
|
||||
SM_CLIENT_CERT_FILE=$RUNNER_TEMP/certificate.p12
|
||||
echo "$SM_CLIENT_CERT_FILE_B64" | base64 --decode > $SM_CLIENT_CERT_FILE
|
||||
echo "SM_CLIENT_CERT_FILE=$SM_CLIENT_CERT_FILE" >> "$GITHUB_ENV"
|
||||
shell: bash
|
||||
|
||||
- name: Setup Software Trust Manager
|
||||
uses: digicert/code-signing-software-trust-action@v1.0.0
|
||||
if: github.event_name == 'push' && (startsWith(github.ref, 'refs/tags'))
|
||||
env:
|
||||
SM_HOST: ${{ vars.SM_HOST }}
|
||||
SM_API_KEY: ${{ secrets.SM_API_KEY }}
|
||||
SM_CLIENT_CERT_FILE: ${{ env.SM_CLIENT_CERT_FILE }}
|
||||
SM_CLIENT_CERT_PASSWORD: ${{ secrets.SM_CLIENT_CERT_PASSWORD }}
|
||||
|
||||
- name: Build and sign packages
|
||||
if: github.event_name == 'push' && (startsWith(github.ref, 'refs/tags'))
|
||||
if: (github.event_name == 'push' && startsWith(github.ref, 'refs/tags'))
|
||||
shell: powershell
|
||||
run: |
|
||||
Get-FileHash $env:SM_CLIENT_CERT_FILE -Algorithm MD5
|
||||
@@ -389,14 +429,9 @@ jobs:
|
||||
SM_HOST: ${{ vars.SM_HOST }}
|
||||
SM_CODE_SIGNING_CERT_SHA1_HASH: ${{ vars.SM_CODE_SIGNING_CERT_SHA1_HASH }}
|
||||
SM_KEYPAIR_ALIAS: ${{ vars.SM_KEYPAIR_ALIAS }}
|
||||
SM_LOG_LEVEL: TRACE
|
||||
# DEBUG: electron-builder,electron-builder:*
|
||||
|
||||
- name: Build packages without signing
|
||||
run: node scripts/build-windows.mjs
|
||||
if: "! (github.event_name == 'push' && (startsWith(github.ref, 'refs/tags')))"
|
||||
env:
|
||||
ARCH: ${{matrix.arch}}
|
||||
|
||||
- name: Upload symbols
|
||||
run: |
|
||||
npm install @sentry/cli
|
||||
|
||||
Reference in New Issue
Block a user