-
-
Notifications
You must be signed in to change notification settings - Fork 69
141 lines (123 loc) · 5.4 KB
/
release-signed.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
# Credits to @Scighost from Starward for his contributions!
name: Publish Signed Builds
#run-name: Canary Build for ${{ github.ref }}
on:
workflow_dispatch:
env:
BRANCH_NAME: ${{ github.head_ref || github.ref_name }}
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
DOTNET_INSTALL_DIR: '.\.dotnet'
DOTNET_VERSION: '9.x'
DOTNET_QUALITY: 'ga'
NUGET_PACKAGES: ${{ github.workspace }}/.nuget/packages
SIGNPATH_ARTIFACT_SLUG: 'initial' # change this to 'aot-release' when releasing with AOT
# schedule:
# - cron: '0 0 * * 0' # At 00:00 on Sunday
jobs:
build:
runs-on: windows-latest
strategy:
matrix:
platform: [x64]
framework: [net9.0-windows10.0.22621.0]
env:
CONFIGURATION_STRATEGY: ""
PUBLISH_PROFILE: ""
SIGNING_POLICY_SLUG: ""
VERSION: ""
Platform: ${{ matrix.platform }}
steps:
- name: Set Configuration and Environment Variables
id: set_env
run: |
$branch = $env:GITHUB_REF_NAME
if ($branch -eq "preview") {
echo "CONFIGURATION_STRATEGY=Release" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append
echo "PUBLISH_PROFILE=Publish-PreviewRelease" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append
echo "SIGNING_POLICY_SLUG=release-signing" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append
} elseif ($branch -eq "stable") {
echo "CONFIGURATION_STRATEGY=Publish" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append
echo "PUBLISH_PROFILE=Publish-StableRelease" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append
echo "SIGNING_POLICY_SLUG=release-signing" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append
} elseif ($branch -eq "github-signpath-test") {
echo "CONFIGURATION_STRATEGY=Debug" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append
echo "PUBLISH_PROFILE=Publish-DebugCIRelease" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append
echo "SIGNING_POLICY_SLUG=test-signing-ci" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append
} else {
Write-Error "Unknown branch or input: $branch"
exit 1
}
- name: Print env
run: |
echo Configuration Strategy: $env:CONFIGURATION_STRATEGY
echo Publish Profile: $env:PUBLISH_PROFILE
echo Signing Policy: $env:SIGNING_POLICY_SLUG
- name: Checkout
uses: actions/checkout@v4
with:
submodules: recursive
- name: Install .NET
uses: actions/setup-dotnet@v4
with:
dotnet-version: ${{ env.DOTNET_VERSION }}
dotnet-quality: ${{ env.DOTNET_QUALITY }}
cache: true
cache-dependency-path: CollapseLauncher/packages.lock.json
- name: Build
run: |
dotnet workload update
dotnet publish CollapseLauncher -c ${{ env.CONFIGURATION_STRATEGY }} -p:PublishProfile=${{ env.PUBLISH_PROFILE }} -p:PublishDir=".\build\"
- name: Prepare publish artifacts
run: |
cd CollapseLauncher
.\build\CollapseLauncher.exe generatevelopackmetadata
$version = ((Get-Item .\build\CollapseLauncher.exe).VersionInfo.FileVersion).TrimEnd(".0")
echo Build version: $version
echo "VERSION=$version" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append
mkdir SignArtifact
mkdir SignArtifact\BuildArtifact-$version
xcopy .\build\ "SignArtifact\BuildArtifact-$version\" /E /K /Y /I
- name: Upload Artifact (unsigned)
id: upload-unsigned-artifact
uses: actions/upload-artifact@v4
with:
name: collapse_${{ env.SIGNING_POLICY_SLUG }}-${{ env.CONFIGURATION_STRATEGY }}_${{ env.PUBLISH_PROFILE }}
path: ./CollapseLauncher/SignArtifact
compression-level: 9
- name: Sign Build Artifact with SignPath
uses: signpath/[email protected]
with:
api-token: '${{ secrets.SIGNPATH_API_TOKEN }}'
organization-id: ${{ secrets.SIGNPATH_ORG_ID }}
project-slug: 'Collapse'
signing-policy-slug: ${{ env.SIGNING_POLICY_SLUG }}
github-artifact-id: '${{ steps.upload-unsigned-artifact.outputs.artifact-id }}'
wait-for-completion: true
output-artifact-directory: '/SignedArtifact/'
- name: Process Signed Build
run: |
$buildDir = '.\SignedArtifact\BuildArtifact-${{ env.VERSION }}'
echo Re-checking build version
echo ((Get-Item $buildDir\CollapseLauncher.exe).VersionInfo.FileVersion).TrimEnd(".0")
- name: Re-upload Signed Artifact to GitHub
uses: actions/upload-artifact@v4
with:
name: (SIGNED)collapse_${{ env.SIGNING_POLICY_SLUG }}-${{ env.CONFIGURATION_STRATEGY }}_${{ env.PUBLISH_PROFILE }}
path: /SignedArtifact
compression-level: 9
# notify-discord:
# runs-on: ubuntu-latest
# if: always()
# needs: [build]
# steps:
# - name: Notify Discord
# uses: sarisia/[email protected]
# if: always()
# continue-on-error: true
# with:
# webhook: ${{ secrets.DISCORD_WEBHOOK_NIGHTLY }}
# title: Collapse Launcher CI build is complete!
# status: ${{ job.status }}
# description: |
# Commit `${{ github.sha }}` by ${{ github.actor }}
# Click [here](https://nightly.link/CollapseLauncher/Collapse/actions/runs/${{ github.run_id }}) to download!