Skip to content

Commit

Permalink
inline sign
Browse files Browse the repository at this point in the history
  • Loading branch information
@qhy040404
qhy040404 committed Jun 4, 2024
1 parent 6b23ae5 commit 34ea240
Show file tree
Hide file tree
Showing 2 changed files with 104 additions and 19 deletions.
58 changes: 46 additions & 12 deletions .github/workflows/alpha.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,15 +29,7 @@ on:

jobs:
build:
runs-on: ${{ matrix.runner }}

strategy:
fail-fast: false
matrix:
runner:
- self-hosted
- windows-latest

runs-on: self-hosted
steps:
- name: Checkout
uses: actions/checkout@v4
Expand All @@ -53,13 +45,55 @@ jobs:
run: dotnet tool restore && dotnet cake
env:
VERSION_API_TOKEN: ${{ secrets.VERSION_API_TOKEN }}
CERTIFICATE: ${{ secrets.CERTIFICATE }}
PW: ${{ secrets.PW }}

- name: Upload signed msix
if: success() && github.event_name != 'pull_request'
uses: actions/upload-artifact@v4
with:
name: Snap.Hutao.Alpha-${{ steps.cake.outputs.version }}
path: ${{ github.workspace }}/src/output/Snap.Hutao.Alpha-${{ steps.cake.outputs.version }}.msix

- name: Sign Msix
- name: Add summary
if: success() && github.event_name != 'pull_request'
shell: pwsh
run: |
[System.Convert]::FromBase64String("${{ secrets.CERTIFICATE }}") | Set-Content -AsByteStream temp.pfx
signtool.exe sign /debug /v /a /fd SHA256 /f temp.pfx /p ${{ secrets.PW }} ${{ github.workspace }}\src\output\Snap.Hutao.Alpha-${{ steps.cake.outputs.version }}.msix
$summary = "
> [!WARNING]
> 该版本是由 CI 程序自动打包生成的 `Alpha` 测试版本,**仅供开发者测试使用**
> [!TIP]
> 普通用户请[点击这里](https://github.com/DGP-Studio/Snap.Hutao/releases/latest/)下载最新的稳定版本
> [!IMPORTANT]
> 请注意,从 Snap Hutao Alpha 2023.12.21.3 开始,我们将使用全新的 CI 证书,原有的 Snap.Hutao.CI.cer 将在几天后过期停止使用。
>
> 请安装 [DGP_Studio_CA.crt](https://github.com/DGP-Automation/Hutao-Auto-Release/releases/download/certificate-ca/DGP_Studio_CA.crt) 到 `受信任的根证书颁发机构` 以安装测试版安装包
"
echo $summary >> $Env:GITHUB_STEP_SUMMARY
fallback_build:
runs-on: windows-latest
needs: build
if: failure()
steps:
- name: Checkout
uses: actions/checkout@v4

- name: Setup .NET
uses: actions/setup-dotnet@v4
with:
dotnet-version: 8.0

- name: Cake
id: cake
shell: pwsh
run: dotnet tool restore && dotnet cake
env:
VERSION_API_TOKEN: ${{ secrets.VERSION_API_TOKEN }}
CERTIFICATE: ${{ secrets.CERTIFICATE }}
PW: ${{ secrets.PW }}

- name: Upload signed msix
if: success() && github.event_name != 'pull_request'
Expand Down
65 changes: 58 additions & 7 deletions build.cake
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,8 @@ var version = "version";
var repoDir = "repoDir";
var outputPath = "outputPath";

var pw = "pw";

// Extension

static ProcessArgumentBuilder AppendIf(this ProcessArgumentBuilder builder, string text, bool condition)
Expand Down Expand Up @@ -62,6 +64,10 @@ if (GitHubActions.IsRunningOnGitHubActions)
}
);

var certificateBase64 = HasEnvironmentVariable("CERTIFICATE") ? EnvironmentVariable("CERTIFICATE") : throw new Exception("Cannot find CERTIFICATE");
pw = HasEnvironmentVariable("PW") ? EnvironmentVariable("PW") : throw new Exception("Cannot find PW");
System.IO.File.WriteAllBytes(System.IO.Path.Combine(outputPath, "temp.pfx"), System.Convert.FromBase64String(certificateBase64));

Information($"Version: {version}");
}

Expand All @@ -88,10 +94,19 @@ else // Local
Information($"Version: {version}");
}

// Windows SDK
var registry = new WindowsRegistry();
var winsdkRegistry = registry.LocalMachine.OpenKey(@"SOFTWARE\Microsoft\Windows Kits\Installed Roots");
var winsdkVersion = winsdkRegistry.GetSubKeyNames().MaxBy(key => int.Parse(key.Split(".")[2]));
var winsdkPath = (string)winsdkRegistry.GetValue("KitsRoot10");
var winsdkBinPath = System.IO.Path.Combine(winsdkPath, "bin", winsdkVersion, "x64");
Information($"Windows SDK: {winsdkPath}");

Task("Build")
.IsDependentOn("Build binary package")
.IsDependentOn("Copy files")
.IsDependentOn("Build MSIX");
.IsDependentOn("Build MSIX")
.IsDependentOn("Sign");

Task("NuGet Restore")
.Does(() =>
Expand Down Expand Up @@ -208,11 +223,7 @@ Task("Build MSIX")
arguments = "pack /d " + binPath + " /p " + System.IO.Path.Combine(outputPath, $"Snap.Hutao.Local-{version}.msix");
}
var registry = new WindowsRegistry();
var winsdkRegistry = registry.LocalMachine.OpenKey(@"SOFTWARE\Microsoft\Windows Kits\Installed Roots");
var winsdkVersion = winsdkRegistry.GetSubKeyNames().MaxBy(key => int.Parse(key.Split(".")[2]));
var winsdkPath = (string)winsdkRegistry.GetValue("KitsRoot10");
var makeappxPath = System.IO.Path.Combine(winsdkPath, "bin", winsdkVersion, "x64", "makeappx.exe");
var makeappxPath = System.IO.Path.Combine(winsdkBinPath, "makeappx.exe");
var p = StartProcess(
makeappxPath,
Expand All @@ -223,7 +234,47 @@ Task("Build MSIX")
);
if (p != 0)
{
throw new InvalidOperationException("Build failed with exit code " + p);
throw new InvalidOperationException("Build MSIX failed with exit code " + p);
}
});

Task("Sign")
.IsDependentOn("Build MSIX")
.Does(() =>
{
if (AppVeyor.IsRunningOnAppVeyor)
{
Information("Move to SignPath. Skip signing.");
return;
}
else if (GitHubActions.IsRunningOnGitHubActions)
{
if (GitHubActions.Environment.PullRequest.IsPullRequest)
{
Information("Is Pull Request. Skip signing.");
return;
}
var signPath = System.IO.Path.Combine(winsdkBinPath, "signtool.exe");
var pfxPath = System.IO.Path.Combine(outputPath, "temp.pfx");
var arguments = $"sign /debug /v /a /fd SHA256 /f {pfxPath} /p {pw} {System.IO.Path.Combine(outputPath, $"Snap.Hutao.Alpha-{version}.msix")}";
var p = StartProcess(
signPath,
new ProcessSettings
{
Arguments = arguments
}
);
if (p != 0)
{
throw new InvalidOperationException("Sign failed with exit code " + p);
}
}
else
{
Information("Local configuration. Skip signing.");
return;
}
});

Expand Down

0 comments on commit 34ea240

Please sign in to comment.