Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commite1d9774

Browse files
authored
chore: fix release process (#35)
1 parent1c5e4d9 commite1d9774

File tree

6 files changed

+107
-46
lines changed

6 files changed

+107
-46
lines changed

‎.github/workflows/release.yaml

Lines changed: 14 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -9,14 +9,15 @@ on:
99
version:
1010
description:'Version number (e.g. v1.2.3)'
1111
required:true
12-
default:'v1.2.3'
1312

1413
permissions:
1514
contents:write
15+
# Necessary for GCP authentication (https://github.com/google-github-actions/setup-gcloud#usage)
16+
id-token:write
1617

1718
jobs:
1819
release:
19-
runs-on:windows-latest
20+
runs-on:${{ github.repository_owner == 'coder' && 'windows-latest-16-cores' || 'windows-latest' }}
2021

2122
steps:
2223
-uses:actions/checkout@v4
@@ -64,8 +65,16 @@ jobs:
6465
service_account:${{ secrets.GCP_CODE_SIGNING_SERVICE_ACCOUNT }}
6566
token_format:"access_token"
6667

67-
-name:Setup GCloud SDK
68-
uses:google-github-actions/setup-gcloud@77e7a554d41e2ee56fc945c52dfd3f33d12def9a# v2.1.4
68+
-name:Install wix
69+
shell:pwsh
70+
run:|
71+
$ErrorActionPreference = "Stop"
72+
& dotnet.exe tool install --global wix --version 5.0.2
73+
if ($LASTEXITCODE -ne 0) { throw "Failed to install wix" }
74+
foreach ($ext in @("WixToolset.Bal.wixext/5.0.2", "WixToolset.Netfx.wixext/5.0.2", "WixToolset.UI.wixext/5.0.2", "WixToolset.Util.wixext/5.0.2")) {
75+
& wix.exe extension add -g $ext
76+
if ($LASTEXITCODE -ne 0) { throw "Failed to add wix extension $ext" }
77+
}
6978
7079
-name:scripts/Release.ps1
7180
id:release
@@ -74,6 +83,7 @@ jobs:
7483
$ErrorActionPreference = "Stop"
7584
7685
$env:EV_CERTIFICATE_PATH = Join-Path $env:TEMP "ev_cert.pem"
86+
Set-Content -Path $env:EV_CERTIFICATE_PATH -Value $env:EV_SIGNING_CERT
7787
$env:JSIGN_PATH = Join-Path $env:TEMP "jsign-6.0.jar"
7888
Invoke-WebRequest -Uri "https://github.com/ebourg/jsign/releases/download/6.0/jsign-6.0.jar" -OutFile $env:JSIGN_PATH
7989

‎.gitignore

Lines changed: 8 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -403,7 +403,11 @@ FodyWeavers.xsd
403403
.idea/**/shelf
404404

405405
publish
406-
WindowsAppRuntimeInstall-*.exe
407-
windowsdesktop-runtime-*.exe
408-
wintun.dll
409-
wintun-*.dll
406+
407+
*.wxs
408+
*.wixobj
409+
*.wixpdb
410+
*.wixlib
411+
*.wixmdb
412+
*.wixprj
413+
*.wixproj

‎scripts/Publish.ps1

Lines changed: 52 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
# Usage: Publish.ps1 -arch <x64|arm64> -version <version> [-buildPath <path>] [-outputPath <path>]
1+
# Usage: Publish.ps1 -arch <x64|arm64> -version <version> [-msiOutputPath <path>] [-outputPath <path>] [-sign]
22
param (
33
[ValidateSet("x64","arm64")]
44
[Parameter(Mandatory=$true)]
@@ -50,6 +50,8 @@ function Find-EnvironmentVariables([string[]] $variables) {
5050
}
5151
}
5252

53+
Find-Dependencies@("dotnet.exe","wix.exe")
54+
5355
if ($sign) {
5456
Write-Host"Signing is enabled"
5557
Find-Dependencies java
@@ -73,6 +75,12 @@ function Add-CoderSignature([string] $path) {
7375
--tsaurl$env:EV_TSA_URL`
7476
$path
7577
if ($LASTEXITCODE-ne0) {throw"Failed to sign$path" }
78+
79+
# Verify that the output exe is authenticode signed
80+
$sig=Get-AuthenticodeSignature$path
81+
if ($sig.Status-ne"Valid") {
82+
throw"File$path is not authenticode signed"
83+
}
7684
}
7785

7886
# CD to the root of the repo
@@ -97,13 +105,16 @@ if (Test-Path $outputPath.Replace(".exe", ".wixpdb")) {
97105
}
98106

99107
# Create a publish directory
100-
$buildPath=Join-Path$repoRoot"publish\buildtemp-$($version)-$($arch)"
108+
$publishDir=Join-Path$repoRoot"publish"
109+
$buildPath=Join-Path$publishDir"buildtemp-$($version)-$($arch)"
101110
if (Test-Path$buildPath) {
102111
Remove-Item-Recurse-Force$buildPath
103112
}
104113
New-Item-ItemType Directory-Path$buildPath-Force
105114

106115
# Build in release mode
116+
&dotnet.exe restore
117+
if ($LASTEXITCODE-ne0) {throw"Failed to dotnet restore" }
107118
$servicePublishDir=Join-Path$buildPath"service"
108119
&dotnet.exe publish .\Vpn.Service\Vpn.Service.csproj-c Release-a$arch-o$servicePublishDir
109120
if ($LASTEXITCODE-ne0) {throw"Failed to build Vpn.Service" }
@@ -126,8 +137,12 @@ Copy-Item "scripts\files\License.txt" $buildPath
126137
$vpnFilesPath=Join-Path$buildPath"vpn"
127138
New-Item-ItemType Directory-Path$vpnFilesPath-Force
128139
Copy-Item"scripts\files\LICENSE.WINTUN.txt"$vpnFilesPath
129-
$wintunDllPath=Join-Path$vpnFilesPath"wintun.dll"
130-
Copy-Item"scripts\files\wintun-*-$($arch).dll"$wintunDllPath
140+
$wintunDllSrc=Get-Item"scripts\files\wintun-*-$($arch).dll"
141+
if ($null-eq$wintunDllSrc) {
142+
throw"Failed to find wintun DLL"
143+
}
144+
$wintunDllDest=Join-Path$vpnFilesPath"wintun.dll"
145+
Copy-Item$wintunDllSrc$wintunDllDest
131146

132147
# Build the MSI installer
133148
&dotnet.exe run--project .\Installer\Installer.csproj-c Release--`
@@ -158,7 +173,39 @@ Add-CoderSignature $msiOutputPath
158173
--msi-path$msiOutputPath`
159174
--logo-png"scripts\files\logo.png"
160175
if ($LASTEXITCODE-ne0) {throw"Failed to build bootstrapper" }
161-
Add-CoderSignature$outputPath
176+
177+
# Sign the bootstrapper, which is not as simple as just signing the exe.
178+
if ($sign) {
179+
$burnIntermediate=Join-Path$publishDir"burn-intermediate-$($version)-$($arch)"
180+
New-Item-ItemType Directory-Path$burnIntermediate-Force
181+
$burnEngine=Join-Path$publishDir"burn-engine-$($version)-$($arch).exe"
182+
183+
# Move the current output path
184+
$unsignedOutputPath=Join-Path (Split-Path$outputPath-Parent) ("UNSIGNED-"+ (Split-Path$outputPath-Leaf))
185+
Move-Item$outputPath$unsignedOutputPath
186+
187+
# Extract the engine from the bootstrapper
188+
&wix.exe burn detach$unsignedOutputPath-intermediateFolder$burnIntermediate-engine$burnEngine
189+
if ($LASTEXITCODE-ne0) {throw"Failed to extract engine from bootstrapper" }
190+
191+
# Sign the engine
192+
Add-CoderSignature$burnEngine
193+
194+
# Re-attach the signed engine to the bootstrapper
195+
&wix.exe burn reattach$unsignedOutputPath-intermediateFolder$burnIntermediate-engine$burnEngine-out$outputPath
196+
if ($LASTEXITCODE-ne0) {throw"Failed to re-attach signed engine to bootstrapper" }
197+
if (!(Test-Path$outputPath)) {throw"Failed to create reattached bootstrapper at$outputPath" }
198+
199+
# Now sign the output path
200+
Add-CoderSignature$outputPath
201+
202+
# Clean up the intermediate files
203+
if (!$keepBuildTemp) {
204+
Remove-Item-Force$unsignedOutputPath
205+
Remove-Item-Recurse-Force$burnIntermediate
206+
Remove-Item-Force$burnEngine
207+
}
208+
}
162209

163210
if (!$keepBuildTemp) {
164211
Remove-Item-Recurse-Force$buildPath

‎scripts/Release.ps1

Lines changed: 33 additions & 33 deletions
Original file line numberDiff line numberDiff line change
@@ -1,48 +1,48 @@
11
# Usage: Release.ps1 -version <version>
22
param (
3-
[Parameter(Mandatory=$true)]
4-
[ValidatePattern("^\d+\.\d+\.\d+\.\d+$")]
5-
[string]$version,
3+
[Parameter(Mandatory=$true)]
4+
[ValidatePattern("^\d+\.\d+\.\d+$")]
5+
[string]$version,
66

7-
[Parameter(Mandatory=$true)]
8-
[ValidatePattern("^\d+\.\d+\.\d+\.\d+$")]
9-
[string]$assemblyVersion
7+
[Parameter(Mandatory=$true)]
8+
[ValidatePattern("^\d+\.\d+\.\d+\.\d+$")]
9+
[string]$assemblyVersion
1010
)
1111

1212
$ErrorActionPreference="Stop"
1313

1414
foreach ($archin@("x64","arm64")) {
15-
Write-Host"::group::Publishing$arch"
16-
try {
17-
$archUpper=$arch.ToUpper()
15+
Write-Host"::group::Publishing$arch"
16+
try {
17+
$archUpper=$arch.ToUpper()
1818

19-
$msiOutputPath="publish/CoderDesktopCore-$version-$arch.msi"
20-
Add-Content-Path$env:GITHUB_OUTPUT-Value"$($archUpper)_MSI_OUTPUT_PATH=$msiOutputPath"
21-
Write-Host"MSI_OUTPUT_PATH=$msiOutputPath"
19+
$msiOutputPath="publish/CoderDesktopCore-$version-$arch.msi"
20+
Add-Content-Path$env:GITHUB_OUTPUT-Value"$($archUpper)_MSI_OUTPUT_PATH=$msiOutputPath"
21+
Write-Host"MSI_OUTPUT_PATH=$msiOutputPath"
2222

23-
$outputPath="publish/CoderDesktop-$version-$arch.exe"
24-
Add-Content-Path$env:GITHUB_OUTPUT-Value"$($archUpper)_OUTPUT_PATH=$outputPath"
25-
Write-Host"OUTPUT_PATH=$outputPath"
23+
$outputPath="publish/CoderDesktop-$version-$arch.exe"
24+
Add-Content-Path$env:GITHUB_OUTPUT-Value"$($archUpper)_OUTPUT_PATH=$outputPath"
25+
Write-Host"OUTPUT_PATH=$outputPath"
2626

27-
$publishScript=Join-Path$PSScriptRoot"Publish.ps1"
28-
&$publishScript`
29-
-version$assemblyVersion`
30-
-arch$arch`
31-
-msiOutputPath$msiOutputPath`
32-
-outputPath$outputPath`
33-
-sign
34-
if ($LASTEXITCODE-ne0) {throw"Failed to publish" }
27+
$publishScript=Join-Path$PSScriptRoot"Publish.ps1"
28+
&$publishScript`
29+
-version$assemblyVersion`
30+
-arch$arch`
31+
-msiOutputPath$msiOutputPath`
32+
-outputPath$outputPath`
33+
-sign
34+
if ($LASTEXITCODE-ne0) {throw"Failed to publish" }
3535

36-
# Verify that the output exe is authenticode signed
37-
$sig=Get-AuthenticodeSignature$outputPath
38-
if ($sig.Status-ne"Valid") {
39-
throw"Output file is not authenticode signed"
36+
# Verify that the output exe is authenticode signed
37+
$sig=Get-AuthenticodeSignature$outputPath
38+
if ($sig.Status-ne"Valid") {
39+
throw"Output file is not authenticode signed"
40+
}
41+
else {
42+
Write-Host"Output file is authenticode signed"
43+
}
4044
}
41-
else {
42-
Write-Host"Output file is authenticode signed"
45+
finally {
46+
Write-Host"::endgroup::"
4347
}
44-
}
45-
finally {
46-
Write-Host"::endgroup::"
47-
}
4848
}

‎scripts/files/wintun-0.14.1-arm64.dll

217 KB
Binary file not shown.

‎scripts/files/wintun-0.14.1-x64.dll

418 KB
Binary file not shown.

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp