Skip to content

feat(ci): Introduce digital signing #540

feat(ci): Introduce digital signing

feat(ci): Introduce digital signing #540

Workflow file for this run

name: pr
on:
pull_request:
branches:
- master
paths-ignore:
- "docs/**"
env:
GO_VERSION: 1.23.x
WIX_VERSION: 5.0.0
jobs:
build:
runs-on: windows-latest
steps:
- name: Validate PR title
uses: amannn/action-semantic-pull-request@v5
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Install Go
uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION }}
- name: Checkout
uses: actions/checkout@v4
- name: Adjust pkg-config prefix
shell: bash
run: |
sed -i 's/C:\/Python37/C:\/hostedtoolcache\/windows\/Python\/3.7.9\/x64/' pkg-config/python-37.pc
- name: Setup msys2
uses: msys2/setup-msys2@v2
with:
release: false
install: >-
base-devel
mingw-w64-x86_64-gcc
mingw-w64-x86_64-openssl
mingw-w64-x86_64-pkg-config
git
automake
libtool
autoconf
- name: Cache yara
uses: actions/cache@v4
id: cache
with:
path: |
**/yara
key: ${{ runner.os }}-yara-${{ hashFiles('**/pkg/yara') }}
restore-keys: |
${{ runner.os }}-yara-${{ hashFiles('**/pkg/yara') }}
- name: Clone yara
if: steps.cache.outputs.cache-hit != 'true'
shell: bash
env:
VERSION: "4.2.x"
run: |
git clone --depth 1 --branch $VERSION https://github.com/VirusTotal/yara.git
- name: Configure yara
if: steps.cache.outputs.cache-hit != 'true'
shell: msys2 {0}
run: |
cd yara
autoreconf -fiv
./configure --host=x86_64-w64-mingw32
- name: Install yara
shell: msys2 {0}
run: |
cd yara
make install
- name: Build
shell: bash
run: |
export PATH=/c/msys64/mingw64/bin:$PATH
export PKG_CONFIG_PATH=$(pwd)/pkg-config
export COMMIT=$(echo $GITHUB_SHA | cut -c1-8)
export VERSION=0.0.0
./make.bat rsrc
./make.bat mc
./make.bat
env:
TAGS: kcap,filament,yara,yara_static
- uses: actions/upload-artifact@v4
with:
name: "fibratus-amd64.exe"
path: "./cmd/fibratus/fibratus.exe"
- name: Install Wix
shell: bash
run: |
dotnet tool install --global wix --version $WIX_VERSION
- name: Package
shell: bash
run: |
export VERSION=0.0.0
./make.bat pkg
- uses: actions/upload-artifact@v4
id: upload-msi
with:
name: "fibratus-amd64.msi"
path: "./build/msi/fibratus-0.0.0-amd64.msi"
- name: Sign MSI
uses: signpath/github-action-submit-signing-request@v1
with:
api-token: "${{ secrets.SIGNPATH_API_TOKEN }}"
organization-id: "${{ secrets.SIGNPATH_ORG_ID }}"
project-slug: "Fibratus"
signing-policy-slug: "test"
github-artifact-id: "${{steps.upload-msi.outputs.artifact-id}}"
wait-for-completion: true
output-artifact-directory: "./build/msi/fibratus-0.0.0-amd64-signed.msi"
- uses: actions/upload-artifact@v4
with:
name: "fibratus-amd64-signed.msi"
path: "./build/msi/fibratus-0.0.0-amd64-signed.msi"
test:
runs-on: windows-latest
needs:
- build
continue-on-error: true
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Adjust pkg-config prefix
shell: bash
run: |
sed -i 's/C:\/Python37/C:\/hostedtoolcache\/windows\/Python\/3.7.9\/x64/' pkg-config/python-37.pc
- name: Install Go
uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION }}
- name: Setup msys2
uses: msys2/setup-msys2@v2
with:
release: false
install: >-
base-devel
mingw-w64-x86_64-gcc
mingw-w64-x86_64-pkg-config
mingw-w64-x86_64-openssl
automake
libtool
autoconf
- name: Cache yara
uses: actions/cache@v4
id: cache
with:
path: |
**/yara
key: ${{ runner.os }}-yara-${{ hashFiles('**/pkg/yara') }}
restore-keys: |
${{ runner.os }}-yara-${{ hashFiles('**/pkg/yara') }}
- name: Install yara
shell: msys2 {0}
run: |
cd yara
make install
- name: Test
shell: bash
run: |
export PATH="/c/msys64/mingw64/bin:$PATH"
export PKG_CONFIG_PATH=$(pwd)/pkg-config
./make.bat test
env:
TAGS: kcap,yara,yara_static
lint:
runs-on: windows-latest
needs: test
continue-on-error: true
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Adjust pkg-config prefix
shell: bash
run: |
sed -i 's/C:\/Python37/C:\/hostedtoolcache\/windows\/Python\/3.7.9\/x64/' pkg-config/python-37.pc
- name: Install Go
uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION }}
- name: Setup msys2
uses: msys2/setup-msys2@v2
with:
release: false
install: >-
base-devel
mingw-w64-x86_64-gcc
mingw-w64-x86_64-pkg-config
mingw-w64-x86_64-openssl
automake
libtool
autoconf
- name: Cache yara
uses: actions/cache@v4
id: cache
with:
path: |
**/yara
key: ${{ runner.os }}-yara-${{ hashFiles('**/pkg/yara') }}
restore-keys: |
${{ runner.os }}-yara-${{ hashFiles('**/pkg/yara') }}
- name: Install yara
shell: msys2 {0}
run: |
cd yara
make install
- name: Install golangci-lint
shell: bash
run: |
curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin $GOLANGCI_LINT_VER
env:
GOLANGCI_LINT_VER: v1.61.0
- name: Lint
shell: bash
run: |
export PATH="/c/msys64/mingw64/bin:$PATH"
export PKG_CONFIG_PATH=$(pwd)/pkg-config
./make.bat lint