mirror of
https://github.com/feather-wallet/feather.git
synced 2025-04-24 05:08:12 +00:00
ci: add signpath
This commit is contained in:
tobtoht
parent
f3eabe3245
commit
2b347c3ef2
3 changed files with 102 additions and 28 deletions
58
.github/workflows/guix.yml
vendored
58
.github/workflows/guix.yml
vendored
|
|
@ -37,6 +37,9 @@ jobs:
|
|||
- target: "x86_64-apple-darwin"
|
||||
- target: "arm64-apple-darwin"
|
||||
|
||||
outputs:
|
||||
WIN_INSTALLER_ARTIFACT_ID: ${{ steps.win-installer.outputs.WIN_INSTALLER_ARTIFACT_ID }}
|
||||
WIN_EXECUTABLE_ARTIFACT_ID: ${{ steps.win-executable.outputs.WIN_EXECUTABLE_ARTIFACT_ID }}
|
||||
name: ${{ matrix.toolchain.target }}
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
|
|
@ -55,7 +58,7 @@ jobs:
|
|||
path: contrib/depends/sources
|
||||
key: sources-${{ hashFiles('contrib/depends/packages/*') }}
|
||||
- name: install dependencies
|
||||
run: sudo apt update; sudo apt -y install guix git ca-certificates apparmor-utils
|
||||
run: sudo apt update; sudo apt -y install guix git ca-certificates apparmor-utils osslsigncode
|
||||
- name: apparmor workaround
|
||||
# https://bugs.launchpad.net/ubuntu/+source/guix/+bug/2064115
|
||||
run: |
|
||||
|
|
@ -82,11 +85,18 @@ jobs:
|
|||
files: |
|
||||
guix/guix-build-*/build/distsrc-*/build/bin/feather.exe
|
||||
- uses: actions/upload-artifact@v4
|
||||
id: upload-artifact
|
||||
with:
|
||||
name: ${{ matrix.toolchain.target }}
|
||||
path: |
|
||||
guix/guix-build-*/output/${{ matrix.toolchain.target }}/*
|
||||
guix/guix-build-*/logs/${{ matrix.toolchain.target }}/*
|
||||
- if: ${{ matrix.toolchain.target == 'x86_64-w64-mingw32.installer' }}
|
||||
id: win-installer
|
||||
run: echo "WIN_INSTALLER_ARTIFACT_ID=${{ steps.upload-artifact.outputs.artifact-id }}" >> "$GITHUB_OUTPUT"
|
||||
- if: ${{ matrix.toolchain.target == 'x86_64-w64-mingw32' }}
|
||||
id: win-executable
|
||||
run: echo "WIN_EXECUTABLE_ARTIFACT_ID=${{ steps.upload-artifact.outputs.artifact-id }}" >> "$GITHUB_OUTPUT"
|
||||
|
||||
bundle-logs:
|
||||
runs-on: ubuntu-24.04
|
||||
|
|
@ -104,9 +114,45 @@ jobs:
|
|||
with:
|
||||
name: "logs"
|
||||
path: '**/logs/**'
|
||||
- uses: ncipollo/release-action@v1
|
||||
if: startsWith(github.ref, 'refs/tags/')
|
||||
|
||||
codesigning:
|
||||
runs-on: ubuntu-24.04
|
||||
needs: [build-guix, bundle-logs]
|
||||
if: startsWith(github.ref, 'refs/tags/') && contains(github.ref, '-rc')
|
||||
strategy:
|
||||
fail-fast: false
|
||||
matrix:
|
||||
toolchain:
|
||||
- target: "x86_64-w64-mingw32"
|
||||
- target: "x86_64-w64-mingw32.installer"
|
||||
steps:
|
||||
- name: install dependencies
|
||||
run: sudo apt update; sudo apt -y install osslsigncode
|
||||
- name: "set artifact id"
|
||||
run: |
|
||||
if [ "${{ matrix.toolchain.target }}" == "x86_64-w64-mingw32" ]; then
|
||||
echo "ARTIFACT_ID=${{ needs.build-guix.outputs.WIN_EXECUTABLE_ARTIFACT_ID }}" >> $GITHUB_ENV
|
||||
echo "ARTIFACT_SLUG=executable" >> $GITHUB_ENV
|
||||
elif [ "${{ matrix.toolchain.target }}" == "x86_64-w64-mingw32.installer" ]; then
|
||||
echo "ARTIFACT_ID=${{ needs.build-guix.outputs.WIN_INSTALLER_ARTIFACT_ID }}" >> $GITHUB_ENV
|
||||
echo "ARTIFACT_SLUG=installer" >> $GITHUB_ENV
|
||||
fi
|
||||
- uses: signpath/github-action-submit-signing-request@v1
|
||||
name: "request signature"
|
||||
with:
|
||||
artifacts: "**/*.AppImage,**/*-linux-arm.zip,**/*-linux-arm64.zip,**/*-linux-riscv64.zip,**/*-linux.zip,**/*-mac-arm64.zip,**/*-mac.zip,**/*-win.zip,**/FeatherWalletSetup-*.exe,**/feather-${{github.ref_name}}.tar.gz"
|
||||
draft: true
|
||||
name: v${{github.ref_name}}
|
||||
api-token: '${{ secrets.SIGNPATH_API_KEY }}'
|
||||
organization-id: 'd3e94749-9c69-44e9-82de-c65cb3832869'
|
||||
project-slug: 'feather'
|
||||
signing-policy-slug: 'release-signing'
|
||||
artifact-configuration-slug: ${{ env.ARTIFACT_SLUG }}
|
||||
github-artifact-id: ${{ env.ARTIFACT_ID }}
|
||||
wait-for-completion: true
|
||||
output-artifact-directory: codesigning/
|
||||
- name: "extract signature"
|
||||
run: osslsigncode extract-signature -in codesigning/guix-build-*/output/${{ matrix.toolchain.target }}/*.exe -out codesigning/${{ matrix.toolchain.target }}.pem
|
||||
- uses: actions/upload-artifact@v4
|
||||
name: "upload signature"
|
||||
with:
|
||||
name: ${{ matrix.toolchain.target }}.pem
|
||||
path: |
|
||||
codesigning/${{ matrix.toolchain.target }}.pem
|
||||
|
|
|
|||
|
|
@ -377,8 +377,8 @@ export PATH="${BASEPREFIX}/${HOST}/native/bin:${PATH}"
|
|||
case "$OPTIONS" in
|
||||
installer)
|
||||
makensis -DCUR_PATH=$PWD -V2 contrib/installers/windows/setup.nsi
|
||||
cp contrib/installers/windows/FeatherWalletSetup-*.exe "${INSTALLPATH}/"
|
||||
mv contrib/installers/windows/FeatherWalletSetup-*.exe "${OUTDIR}/"
|
||||
cp contrib/installers/windows/FeatherWalletSetup.exe "${INSTALLPATH}/"
|
||||
mv contrib/installers/windows/FeatherWalletSetup.exe "${OUTDIR}/"
|
||||
;;
|
||||
esac
|
||||
;;
|
||||
|
|
@ -423,6 +423,28 @@ export PATH="${BASEPREFIX}/${HOST}/native/bin:${PATH}"
|
|||
*darwin*)
|
||||
signapple apply Feather.app "/distsrc/external/feather-codesigning/signatures/${HOST}/Feather.app"
|
||||
;;
|
||||
*mingw*)
|
||||
case "$OPTIONS" in
|
||||
installer)
|
||||
osslsigncode attach-signature \
|
||||
-in "FeatherWalletSetup.exe" \
|
||||
-out "FeatherWalletSetup.exe.tmp" \
|
||||
-CAfile "$GUIX_ENVIRONMENT/etc/ssl/certs/ca-certificates.crt" \
|
||||
-sigin "/distsrc/external/feather-codesigning/signatures/${HOST}/feather.installer.pem" || true
|
||||
cp FeatherWalletSetup.exe.tmp "${OUTDIR}/FeatherWalletSetup-${TAG}.exe"
|
||||
mv FeatherWalletSetup.exe.tmp "FeatherWalletSetup-${TAG}.exe"
|
||||
rm "${OUTDIR}/FeatherWalletSetup.exe"
|
||||
;;
|
||||
"")
|
||||
osslsigncode attach-signature \
|
||||
-in "feather.exe" \
|
||||
-out "feather.exe.tmp" \
|
||||
-CAfile "$GUIX_ENVIRONMENT/etc/ssl/certs/ca-certificates.crt" \
|
||||
-sigin "/distsrc/external/feather-codesigning/signatures/${HOST}/feather.pem" || true
|
||||
mv feather.exe.tmp feather.exe
|
||||
;;
|
||||
esac
|
||||
;;
|
||||
esac
|
||||
fi
|
||||
fi
|
||||
|
|
@ -431,25 +453,31 @@ export PATH="${BASEPREFIX}/${HOST}/native/bin:${PATH}"
|
|||
# for release
|
||||
case "$HOST" in
|
||||
*mingw*)
|
||||
case "$OPTIONS" in
|
||||
installer)
|
||||
find . -print0 \
|
||||
| xargs -0r touch --no-dereference --date="@${SOURCE_DATE_EPOCH}"
|
||||
find . \
|
||||
| sort \
|
||||
| zip -X@ "${OUTDIR}/${DISTNAME}-win-installer.zip" \
|
||||
|| ( rm -f "${OUTDIR}/${DISTNAME}-win-installer.zip" && exit 1 )
|
||||
;;
|
||||
"")
|
||||
mv feather.exe ${DISTNAME}.exe && \
|
||||
find . -print0 \
|
||||
| xargs -0r touch --no-dereference --date="@${SOURCE_DATE_EPOCH}"
|
||||
find . \
|
||||
| sort \
|
||||
| zip -X@ "${OUTDIR}/${DISTNAME}-win.zip" \
|
||||
|| ( rm -f "${OUTDIR}/${DISTNAME}-win.zip" && exit 1 )
|
||||
;;
|
||||
esac
|
||||
if [[ "${TAG}" == *"-rc"* ]]; then
|
||||
if [ -z "$OPTIONS" ]; then
|
||||
mv feather.exe "${OUTDIR}/${DISTNAME}.exe"
|
||||
fi
|
||||
else
|
||||
case "$OPTIONS" in
|
||||
installer)
|
||||
find . -print0 \
|
||||
| xargs -0r touch --no-dereference --date="@${SOURCE_DATE_EPOCH}"
|
||||
find . \
|
||||
| sort \
|
||||
| zip -X@ "${OUTDIR}/${DISTNAME}-win-installer.zip" \
|
||||
|| ( rm -f "${OUTDIR}/${DISTNAME}-win-installer.zip" && exit 1 )
|
||||
;;
|
||||
"")
|
||||
mv feather.exe ${DISTNAME}.exe && \
|
||||
find . -print0 \
|
||||
| xargs -0r touch --no-dereference --date="@${SOURCE_DATE_EPOCH}"
|
||||
find . \
|
||||
| sort \
|
||||
| zip -X@ "${OUTDIR}/${DISTNAME}-win.zip" \
|
||||
|| ( rm -f "${OUTDIR}/${DISTNAME}-win.zip" && exit 1 )
|
||||
;;
|
||||
esac
|
||||
fi
|
||||
;;
|
||||
*linux*)
|
||||
if [ "$OPTIONS" != "pack" ]; then
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
Name "Feather Wallet"
|
||||
|
||||
OutFile "${CUR_PATH}\contrib\installers\windows\FeatherWalletSetup-@PROJECT_VERSION@.exe"
|
||||
OutFile "${CUR_PATH}\contrib\installers\windows\FeatherWalletSetup.exe"
|
||||
RequestExecutionLevel highest
|
||||
SetCompressor /SOLID lzma
|
||||
SetDateSave off
|
||||
|
|
|
|||
Loading…
Reference in a new issue