mirror of
https://github.com/feather-wallet/feather.git
synced 2024-12-22 11:39:25 +00:00
Revert "ci: integrate signpath"
This reverts commit c033718956
.
Revert until the SignPath GitHub app does not require admin
permissions.
This commit is contained in:
parent
5a5602e288
commit
03dbd9628c
3 changed files with 22 additions and 57 deletions
55
.github/workflows/guix.yml
vendored
55
.github/workflows/guix.yml
vendored
|
@ -36,9 +36,7 @@ jobs:
|
||||||
- target: "x86_64-w64-mingw32.installer"
|
- target: "x86_64-w64-mingw32.installer"
|
||||||
- target: "x86_64-apple-darwin"
|
- target: "x86_64-apple-darwin"
|
||||||
- target: "arm64-apple-darwin"
|
- target: "arm64-apple-darwin"
|
||||||
outputs:
|
|
||||||
WIN_INSTALLER_ARTIFACT_ID: ${{ steps.win-installer.outputs.WIN_INSTALLER_ARTIFACT_ID }}
|
|
||||||
WIN_EXECUTABLE_ARTIFACT_ID: ${{ steps.win-executable.outputs.WIN_EXECUTABLE_ARTIFACT_ID }}
|
|
||||||
name: ${{ matrix.toolchain.target }}
|
name: ${{ matrix.toolchain.target }}
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v4
|
- uses: actions/checkout@v4
|
||||||
|
@ -57,7 +55,7 @@ jobs:
|
||||||
path: contrib/depends/sources
|
path: contrib/depends/sources
|
||||||
key: sources-${{ hashFiles('contrib/depends/packages/*') }}
|
key: sources-${{ hashFiles('contrib/depends/packages/*') }}
|
||||||
- name: install dependencies
|
- name: install dependencies
|
||||||
run: sudo apt update; sudo apt -y install guix git ca-certificates apparmor-utils osslsigncode
|
run: sudo apt update; sudo apt -y install guix git ca-certificates apparmor-utils
|
||||||
- name: fix apparmor
|
- name: fix apparmor
|
||||||
run: sudo cp .github/workflows/guix /etc/apparmor.d/guix; sudo /etc/init.d/apparmor reload; sudo aa-enforce guix || echo "failed"
|
run: sudo cp .github/workflows/guix /etc/apparmor.d/guix; sudo /etc/init.d/apparmor reload; sudo aa-enforce guix || echo "failed"
|
||||||
- name: purge apparmor
|
- name: purge apparmor
|
||||||
|
@ -74,18 +72,11 @@ jobs:
|
||||||
files: |
|
files: |
|
||||||
guix/guix-build-*/build/distsrc-*/build/bin/feather.exe
|
guix/guix-build-*/build/distsrc-*/build/bin/feather.exe
|
||||||
- uses: actions/upload-artifact@v4
|
- uses: actions/upload-artifact@v4
|
||||||
id: upload-artifact
|
|
||||||
with:
|
with:
|
||||||
name: ${{ matrix.toolchain.target }}
|
name: ${{ matrix.toolchain.target }}
|
||||||
path: |
|
path: |
|
||||||
guix/guix-build-*/output/${{ matrix.toolchain.target }}/*
|
guix/guix-build-*/output/${{ matrix.toolchain.target }}/*
|
||||||
guix/guix-build-*/logs/${{ matrix.toolchain.target }}/*
|
guix/guix-build-*/logs/${{ matrix.toolchain.target }}/*
|
||||||
- if: ${{ matrix.toolchain.target == 'x86_64-w64-mingw32.installer' }}
|
|
||||||
id: win-installer
|
|
||||||
run: echo "WIN_INSTALLER_ARTIFACT_ID=${{ steps.upload-artifact.outputs.artifact-id }}" >> "$GITHUB_OUTPUT"
|
|
||||||
- if: ${{ matrix.toolchain.target == 'x86_64-w64-mingw32' }}
|
|
||||||
id: win-executable
|
|
||||||
run: echo "WIN_EXECUTABLE_ARTIFACT_ID=${{ steps.upload-artifact.outputs.artifact-id }}" >> "$GITHUB_OUTPUT"
|
|
||||||
|
|
||||||
bundle-logs:
|
bundle-logs:
|
||||||
runs-on: ubuntu-24.04
|
runs-on: ubuntu-24.04
|
||||||
|
@ -109,45 +100,3 @@ jobs:
|
||||||
artifacts: "**/*.AppImage,**/*-linux-arm.zip,**/*-linux-arm64.zip,**/*-linux-riscv64.zip,**/*-linux.zip,**/*-mac-arm64.zip,**/*-mac.zip,**/*-win.zip,**/FeatherWalletSetup-*.exe,**/feather-${{github.ref_name}}.tar.gz"
|
artifacts: "**/*.AppImage,**/*-linux-arm.zip,**/*-linux-arm64.zip,**/*-linux-riscv64.zip,**/*-linux.zip,**/*-mac-arm64.zip,**/*-mac.zip,**/*-win.zip,**/FeatherWalletSetup-*.exe,**/feather-${{github.ref_name}}.tar.gz"
|
||||||
draft: true
|
draft: true
|
||||||
name: v${{github.ref_name}}
|
name: v${{github.ref_name}}
|
||||||
|
|
||||||
codesigning:
|
|
||||||
runs-on: ubuntu-24.04
|
|
||||||
needs: [build-guix, bundle-logs]
|
|
||||||
if: startsWith(github.ref, 'refs/tags/')
|
|
||||||
strategy:
|
|
||||||
fail-fast: false
|
|
||||||
matrix:
|
|
||||||
toolchain:
|
|
||||||
- target: "x86_64-w64-mingw32"
|
|
||||||
- target: "x86_64-w64-mingw32.installer"
|
|
||||||
steps:
|
|
||||||
- name: install dependencies
|
|
||||||
run: sudo apt update; sudo apt -y install osslsigncode
|
|
||||||
- name: "set artifact id"
|
|
||||||
run: |
|
|
||||||
if [ "${{ matrix.toolchain.target }}" == "x86_64-w64-mingw32" ]; then
|
|
||||||
echo "ARTIFACT_ID=${{ needs.build-guix.outputs.WIN_EXECUTABLE_ARTIFACT_ID }}" >> $GITHUB_ENV
|
|
||||||
echo "ARTIFACT_SLUG=executable" >> $GITHUB_ENV
|
|
||||||
elif [ "${{ matrix.toolchain.target }}" == "x86_64-w64-mingw32.installer" ]; then
|
|
||||||
echo "ARTIFACT_ID=${{ needs.build-guix.outputs.WIN_INSTALLER_ARTIFACT_ID }}" >> $GITHUB_ENV
|
|
||||||
echo "ARTIFACT_SLUG=installer" >> $GITHUB_ENV
|
|
||||||
fi
|
|
||||||
- uses: signpath/github-action-submit-signing-request@v1
|
|
||||||
name: "request signature"
|
|
||||||
with:
|
|
||||||
api-token: '${{ secrets.SIGNPATH_API_KEY }}'
|
|
||||||
organization-id: 'd3e94749-9c69-44e9-82de-c65cb3832869'
|
|
||||||
project-slug: 'feather'
|
|
||||||
signing-policy-slug: 'release-signing'
|
|
||||||
artifact-configuration-slug: ${{ env.ARTIFACT_SLUG }}
|
|
||||||
github-artifact-id: ${{ env.ARTIFACT_ID }}
|
|
||||||
wait-for-completion: true
|
|
||||||
output-artifact-directory: codesigning/
|
|
||||||
- name: "extract signature"
|
|
||||||
run: osslsigncode extract-signature -in codesigning/guix-build-*/output/${{ matrix.toolchain.target }}/*-unsigned.exe -out codesigning/${{ matrix.toolchain.target }}-${{github.ref_name}}.pem
|
|
||||||
- uses: actions/upload-artifact@v4
|
|
||||||
name: "upload signature"
|
|
||||||
with:
|
|
||||||
name: ${{ matrix.toolchain.target }}.pem
|
|
||||||
path: |
|
|
||||||
codesigning/${{ matrix.toolchain.target }}-${{github.ref_name}}.pem
|
|
||||||
|
|
|
@ -415,9 +415,25 @@ mkdir -p "$DISTSRC"
|
||||||
# for release
|
# for release
|
||||||
case "$HOST" in
|
case "$HOST" in
|
||||||
*mingw*)
|
*mingw*)
|
||||||
if [ -z "$OPTIONS" ]; then
|
case "$OPTIONS" in
|
||||||
mv feather.exe "${OUTDIR}/${DISTNAME}-unsigned.exe"
|
installer)
|
||||||
fi
|
find . -print0 \
|
||||||
|
| xargs -0r touch --no-dereference --date="@${SOURCE_DATE_EPOCH}"
|
||||||
|
find . \
|
||||||
|
| sort \
|
||||||
|
| zip -X@ "${OUTDIR}/${DISTNAME}-win-installer.zip" \
|
||||||
|
|| ( rm -f "${OUTDIR}/${DISTNAME}-win-installer.zip" && exit 1 )
|
||||||
|
;;
|
||||||
|
"")
|
||||||
|
mv feather.exe ${DISTNAME}.exe && \
|
||||||
|
find . -print0 \
|
||||||
|
| xargs -0r touch --no-dereference --date="@${SOURCE_DATE_EPOCH}"
|
||||||
|
find . \
|
||||||
|
| sort \
|
||||||
|
| zip -X@ "${OUTDIR}/${DISTNAME}-win.zip" \
|
||||||
|
|| ( rm -f "${OUTDIR}/${DISTNAME}-win.zip" && exit 1 )
|
||||||
|
;;
|
||||||
|
esac
|
||||||
;;
|
;;
|
||||||
*linux*)
|
*linux*)
|
||||||
if [ "$OPTIONS" != "pack" ]; then
|
if [ "$OPTIONS" != "pack" ]; then
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
Name "Feather Wallet"
|
Name "Feather Wallet"
|
||||||
|
|
||||||
OutFile "${CUR_PATH}\contrib\installers\windows\FeatherWalletSetup-@PROJECT_VERSION@-unsigned.exe"
|
OutFile "${CUR_PATH}\contrib\installers\windows\FeatherWalletSetup-@PROJECT_VERSION@.exe"
|
||||||
RequestExecutionLevel highest
|
RequestExecutionLevel highest
|
||||||
SetCompressor /SOLID lzma
|
SetCompressor /SOLID lzma
|
||||||
SetDateSave off
|
SetDateSave off
|
||||||
|
|
Loading…
Reference in a new issue