Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

chore: installer CI#33

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.

Already on GitHub?Sign in to your account

Merged
deansheather merged 1 commit intodean/installerfromdean/installer-ci
Mar 1, 2025
Merged
Show file tree
Hide file tree
Changes fromall commits
Commits
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
89 changes: 68 additions & 21 deletions.github/workflows/release.yaml
View file
Open in desktop
Original file line numberDiff line numberDiff line change
Expand Up@@ -4,6 +4,12 @@ on:
push:
tags:
- '*'
workflow_dispatch:
inputs:
version:
description: 'Version number (e.g. 1.2.3)'
required: true
default: '1.2.3'

permissions:
contents: write
Expand All@@ -20,42 +26,83 @@ jobs:
with:
dotnet-version: '8.0.x'

# Necessary for signing Windows binaries.
- name: Setup Java
uses: actions/setup-java@3a4f6e1af504cf6a31855fa899c6aa5355ba6c12 # v4.7.0
with:
distribution: "zulu"
java-version: "11.0"

- name: Get version from tag
id: version
shell: pwsh
run: |
$tag = $env:GITHUB_REF -replace 'refs/tags/',''
$ErrorActionPreference = "Stop"
if ($env:INPUT_VERSION) {
$tag = $env:INPUT_VERSION
} else {
$tag = $env:GITHUB_REF -replace 'refs/tags/',''
}
if ($tag -notmatch '^v\d+\.\d+\.\d+$') {
throw "Tag must be in format v1.2.3"
throw "Version must be in format v1.2.3, got $tag"
}
$version = $tag -replace '^v',''
$assemblyVersion = "$version.0"
echo "VERSION=$version" >> $env:GITHUB_OUTPUT
echo "ASSEMBLY_VERSION=$assemblyVersion" >> $env:GITHUB_OUTPUT
$assemblyVersion = "$($version).0"
Add-Content -Path $env:GITHUB_OUTPUT -Value "VERSION=$version"
Add-Content -Path $env:GITHUB_OUTPUT -Value "ASSEMBLY_VERSION=$assemblyVersion"
Write-Host "Version: $version"
Write-Host "Assembly version: $assemblyVersion"
env:
INPUT_VERSION: ${{ inputs.version }}

- name: Build and publish x64
run: |
dotnet publish src/App/App.csproj -c Release -r win-x64 -p:Version=${{ steps.version.outputs.ASSEMBLY_VERSION }} -o publish/x64
dotnet publish src/Vpn.Service/Vpn.Service.csproj -c Release -r win-x64 -p:Version=${{ steps.version.outputs.ASSEMBLY_VERSION }} -o publish/x64
# Setup GCloud for signing Windows binaries.
- name: Authenticate to Google Cloud
id: gcloud_auth
uses: google-github-actions/auth@71f986410dfbc7added4569d411d040a91dc6935 # v2.1.8
with:
workload_identity_provider: ${{ secrets.GCP_CODE_SIGNING_WORKLOAD_ID_PROVIDER }}
service_account: ${{ secrets.GCP_CODE_SIGNING_SERVICE_ACCOUNT }}
token_format: "access_token"

- name: Build and publish arm64
run: |
dotnet publish src/App/App.csproj -c Release -r win-arm64 -p:Version=${{ steps.version.outputs.ASSEMBLY_VERSION }} -o publish/arm64
dotnet publish src/Vpn.Service/Vpn.Service.csproj -c Release -r win-arm64 -p:Version=${{ steps.version.outputs.ASSEMBLY_VERSION }} -o publish/arm64
- name: Setup GCloud SDK
uses: google-github-actions/setup-gcloud@77e7a554d41e2ee56fc945c52dfd3f33d12def9a # v2.1.4

- name: Create ZIP archives
- name: scripts/Release.ps1
id: release
shell: pwsh
run: |
Compress-Archive -Path "publish/x64/*" -DestinationPath "./publish/CoderDesktop-${{ steps.version.outputs.VERSION }}-x64.zip"
Compress-Archive -Path "publish/arm64/*" -DestinationPath "./publish/CoderDesktop-${{ steps.version.outputs.VERSION }}-arm64.zip"
$ErrorActionPreference = "Stop"

- name: Create Release
uses: softprops/action-gh-release@v1
$env:EV_CERTIFICATE_PATH = Join-Path $env:TEMP "ev_cert.pem"
$env:JSIGN_PATH = Join-Path $env:TEMP "jsign-6.0.jar"
Invoke-WebRequest -Uri "https://github.com/ebourg/jsign/releases/download/6.0/jsign-6.0.jar" -OutFile $env:JSIGN_PATH

& ./scripts/Release.ps1 `
-version ${{ steps.version.outputs.VERSION }} `
-assemblyVersion ${{ steps.version.outputs.ASSEMBLY_VERSION }}
if ($LASTEXITCODE -ne 0) { throw "Failed to publish" }
env:
EV_SIGNING_CERT: ${{ secrets.EV_SIGNING_CERT }}
EV_KEYSTORE: ${{ secrets.EV_KEYSTORE }}
EV_KEY: ${{ secrets.EV_KEY }}
EV_TSA_URL: ${{ secrets.EV_TSA_URL }}
GCLOUD_ACCESS_TOKEN: ${{ steps.gcloud_auth.outputs.access_token }}

- name: Upload artifact
uses: actions/upload-artifact@v4
with:
name: publish
path: .\publish\

- name: Create release
uses: softprops/action-gh-release@v2
if: startsWith(github.ref, 'refs/tags/')
with:
files: |
./publish/CoderDesktop-${{ steps.version.outputs.VERSION }}-x64.zip
./publish/CoderDesktop-${{ steps.version.outputs.VERSION }}-arm64.zip
name: Release ${{ steps.version.outputs.VERSION }}
generate_release_notes: true
# We currently only release the bootstrappers, not the MSIs.
files: |
${{ steps.release.outputs.X64_OUTPUT_PATH }}
${{ steps.release.outputs.ARM64_OUTPUT_PATH }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
85 changes: 76 additions & 9 deletionsscripts/Publish.ps1
View file
Open in desktop
Original file line numberDiff line numberDiff line change
Expand Up@@ -15,11 +15,68 @@ param (
[string] $outputPath = "", # defaults to "publish\CoderDesktop-$version-$arch.exe"

[Parameter(Mandatory = $false)]
[switch] $keepBuildTemp = $false
[switch] $keepBuildTemp = $false,

[Parameter(Mandatory = $false)]
[switch] $sign = $false
)

$ErrorActionPreference = "Stop"

$ourAssemblies = @(
"Coder Desktop.exe",
"Coder Desktop.dll",
"CoderVpnService.exe",
"CoderVpnService.dll",

"Coder.Desktop.CoderSdk.dll",
"Coder.Desktop.Vpn.dll",
"Coder.Desktop.Vpn.Proto.dll"
)

function Find-Dependencies([string[]] $dependencies) {
foreach ($dependency in $dependencies) {
if (!(Get-Command $dependency -ErrorAction SilentlyContinue)) {
throw "Missing dependency: $dependency"
}
}
}

function Find-EnvironmentVariables([string[]] $variables) {
foreach ($variable in $variables) {
if (!(Get-Item env:$variable -ErrorAction SilentlyContinue)) {
throw "Missing environment variable: $variable"
}
}
}

if ($sign) {
Write-Host "Signing is enabled"
Find-Dependencies java
Find-EnvironmentVariables @("JSIGN_PATH", "EV_KEYSTORE", "EV_KEY", "EV_CERTIFICATE_PATH", "EV_TSA_URL", "GCLOUD_ACCESS_TOKEN")
}

function Add-CoderSignature([string] $path) {
if (!$sign) {
Write-Host "Skipping signing $path"
return
}

Write-Host "Signing $path"
& java.exe -jar $env:JSIGN_PATH `
--storetype GOOGLECLOUD `
--storepass $env:GCLOUD_ACCESS_TOKEN `
--keystore $env:EV_KEYSTORE `
--alias $env:EV_KEY `
--certfile $env:EV_CERTIFICATE_PATH `
--tsmode RFC3161 `
--tsaurl $env:EV_TSA_URL `
$path
if ($LASTEXITCODE -ne 0) { throw "Failed to sign $path" }
}

# CD to the root of the repo
$repoRoot = Join-Path $PSScriptRoot ".."
$repoRoot =Resolve-Path (Join-Path $PSScriptRoot "..")
Push-Location $repoRoot

if ($msiOutputPath -eq "") {
Expand DownExpand Up@@ -48,11 +105,21 @@ New-Item -ItemType Directory -Path $buildPath -Force

# Build in release mode
$servicePublishDir = Join-Path $buildPath "service"
dotnet.exe publish .\Vpn.Service\Vpn.Service.csproj -c Release -a $arch -o $servicePublishDir
& dotnet.exe publish .\Vpn.Service\Vpn.Service.csproj -c Release -a $arch -o $servicePublishDir
if ($LASTEXITCODE -ne 0) { throw "Failed to build Vpn.Service" }
# App needs to be built with msbuild
$appPublishDir = Join-Path $buildPath "app"
$msbuildBinary = & "${env:ProgramFiles(x86)}\Microsoft Visual Studio\Installer\vswhere.exe" -latest -requires Microsoft.Component.MSBuild -find MSBuild\**\Bin\MSBuild.exe
if ($LASTEXITCODE -ne 0) { throw "Failed to find MSBuild" }
& $msbuildBinary .\App\App.csproj /p:Configuration=Release /p:Platform=$arch /p:OutputPath=$appPublishDir
if ($LASTEXITCODE -ne 0) { throw "Failed to build App" }

# Find any files in the publish directory recursively that match any of our
# assemblies and sign them.
$toSign = Get-ChildItem -Path $buildPath -Recurse | Where-Object { $ourAssemblies -contains $_.Name }
foreach ($file in $toSign) {
Add-CoderSignature $file.FullName
}

# Copy any additional files into the install directory
Copy-Item "scripts\files\License.txt" $buildPath
Expand All@@ -63,7 +130,7 @@ $wintunDllPath = Join-Path $vpnFilesPath "wintun.dll"
Copy-Item "scripts\files\wintun-*-$($arch).dll" $wintunDllPath

# Build the MSI installer
dotnet.exe run --project .\Installer\Installer.csproj -c Release -- `
&dotnet.exe run --project .\Installer\Installer.csproj -c Release -- `
build-msi `
--arch $arch `
--version $version `
Expand All@@ -77,11 +144,11 @@ dotnet.exe run --project .\Installer\Installer.csproj -c Release -- `
--vpn-dir "vpn" `
--banner-bmp "scripts\files\WixUIBannerBmp.bmp" `
--dialog-bmp "scripts\files\WixUIDialogBmp.bmp"

# TODO: sign the installer
if ($LASTEXITCODE -ne 0) { throw "Failed to build MSI" }
Add-CoderSignature $msiOutputPath

# Build the bootstrapper
dotnet.exe run --project .\Installer\Installer.csproj -c Release -- `
&dotnet.exe run --project .\Installer\Installer.csproj -c Release -- `
build-bootstrapper `
--arch $arch `
--version $version `
Expand All@@ -90,8 +157,8 @@ dotnet.exe run --project .\Installer\Installer.csproj -c Release -- `
--icon-file "App\coder.ico" `
--msi-path $msiOutputPath `
--logo-png "scripts\files\logo.png"

# TODO: sign the bootstrapper
if ($LASTEXITCODE -ne 0) { throw "Failed to build bootstrapper" }
Add-CoderSignature $outputPath

if (!$keepBuildTemp) {
Remove-Item -Recurse -Force $buildPath
Expand Down
48 changes: 48 additions & 0 deletionsscripts/Release.ps1
View file
Open in desktop
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,48 @@
# Usage: Release.ps1 -version <version>
param (
[Parameter(Mandatory = $true)]
[ValidatePattern("^\d+\.\d+\.\d+\.\d+$")]
[string] $version,

[Parameter(Mandatory = $true)]
[ValidatePattern("^\d+\.\d+\.\d+\.\d+$")]
[string] $assemblyVersion
)

$ErrorActionPreference = "Stop"

foreach ($arch in @("x64", "arm64")) {
Write-Host "::group::Publishing $arch"
try {
$archUpper = $arch.ToUpper()

$msiOutputPath = "publish/CoderDesktopCore-$version-$arch.msi"
Add-Content -Path $env:GITHUB_OUTPUT -Value "$($archUpper)_MSI_OUTPUT_PATH=$msiOutputPath"
Write-Host "MSI_OUTPUT_PATH=$msiOutputPath"

$outputPath = "publish/CoderDesktop-$version-$arch.exe"
Add-Content -Path $env:GITHUB_OUTPUT -Value "$($archUpper)_OUTPUT_PATH=$outputPath"
Write-Host "OUTPUT_PATH=$outputPath"

$publishScript = Join-Path $PSScriptRoot "Publish.ps1"
& $publishScript `
-version $assemblyVersion `
-arch $arch `
-msiOutputPath $msiOutputPath `
-outputPath $outputPath `
-sign
if ($LASTEXITCODE -ne 0) { throw "Failed to publish" }

# Verify that the output exe is authenticode signed
$sig = Get-AuthenticodeSignature $outputPath
if ($sig.Status -ne "Valid") {
throw "Output file is not authenticode signed"
}
else {
Write-Host "Output file is authenticode signed"
}
}
finally {
Write-Host "::endgroup::"
}
}
[8]ページ先頭
©2009-2025 Movatter.jp