|
|
@ -746,6 +746,21 @@ jobs:
|
|
|
|
with:
|
|
|
|
with:
|
|
|
|
arch: ${{ matrix.host }}
|
|
|
|
arch: ${{ matrix.host }}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
- name: Import code signing certificate
|
|
|
|
|
|
|
|
shell: powershell
|
|
|
|
|
|
|
|
# If this is run on a fork, there may not be a certificate set up - continue in this case
|
|
|
|
|
|
|
|
continue-on-error: true
|
|
|
|
|
|
|
|
run: |
|
|
|
|
|
|
|
|
$tempFile = [System.IO.Path]::GetTempFileName()
|
|
|
|
|
|
|
|
$bytes = [System.Convert]::FromBase64String($env:WINDOWS_CERTIFICATE_P12)
|
|
|
|
|
|
|
|
[IO.File]::WriteAllBytes($tempFile, $bytes)
|
|
|
|
|
|
|
|
$pwd = ConvertTo-SecureString $env:WINDOWS_CERTIFICATE_PASSWORD -AsPlainText -Force
|
|
|
|
|
|
|
|
Import-PfxCertificate -FilePath $tempFile -CertStoreLocation Cert:\CurrentUser\My -Password $pwd
|
|
|
|
|
|
|
|
Remove-Item $tempFile
|
|
|
|
|
|
|
|
env:
|
|
|
|
|
|
|
|
WINDOWS_CERTIFICATE_P12: ${{ secrets.WINDOWS_CERTIFICATE_P12 }}
|
|
|
|
|
|
|
|
WINDOWS_CERTIFICATE_PASSWORD: ${{ secrets.WINDOWS_CERTIFICATE_PASSWORD }}
|
|
|
|
|
|
|
|
|
|
|
|
- name: Build (with installer)
|
|
|
|
- name: Build (with installer)
|
|
|
|
if: needs.source.outputs.is_tag == 'true'
|
|
|
|
if: needs.source.outputs.is_tag == 'true'
|
|
|
|
shell: bash
|
|
|
|
shell: bash
|
|
|
@ -761,12 +776,15 @@ jobs:
|
|
|
|
-DOPTION_USE_NSIS=ON \
|
|
|
|
-DOPTION_USE_NSIS=ON \
|
|
|
|
-DHOST_BINARY_DIR=${GITHUB_WORKSPACE}/build-host \
|
|
|
|
-DHOST_BINARY_DIR=${GITHUB_WORKSPACE}/build-host \
|
|
|
|
-DCMAKE_BUILD_TYPE=RelWithDebInfo \
|
|
|
|
-DCMAKE_BUILD_TYPE=RelWithDebInfo \
|
|
|
|
|
|
|
|
-DWINDOWS_CERTIFICATE_COMMON_NAME="${WINDOWS_CERTIFICATE_COMMON_NAME}" \
|
|
|
|
# EOF
|
|
|
|
# EOF
|
|
|
|
echo "::endgroup::"
|
|
|
|
echo "::endgroup::"
|
|
|
|
|
|
|
|
|
|
|
|
echo "::group::Build"
|
|
|
|
echo "::group::Build"
|
|
|
|
cmake --build .
|
|
|
|
cmake --build .
|
|
|
|
echo "::endgroup::"
|
|
|
|
echo "::endgroup::"
|
|
|
|
|
|
|
|
env:
|
|
|
|
|
|
|
|
WINDOWS_CERTIFICATE_COMMON_NAME: ${{ secrets.WINDOWS_CERTIFICATE_COMMON_NAME }}
|
|
|
|
|
|
|
|
|
|
|
|
- name: Build (without installer)
|
|
|
|
- name: Build (without installer)
|
|
|
|
if: needs.source.outputs.is_tag != 'true'
|
|
|
|
if: needs.source.outputs.is_tag != 'true'
|
|
|
@ -782,12 +800,15 @@ jobs:
|
|
|
|
-DCMAKE_TOOLCHAIN_FILE="c:\vcpkg\scripts\buildsystems\vcpkg.cmake" \
|
|
|
|
-DCMAKE_TOOLCHAIN_FILE="c:\vcpkg\scripts\buildsystems\vcpkg.cmake" \
|
|
|
|
-DHOST_BINARY_DIR=${GITHUB_WORKSPACE}/build-host \
|
|
|
|
-DHOST_BINARY_DIR=${GITHUB_WORKSPACE}/build-host \
|
|
|
|
-DCMAKE_BUILD_TYPE=RelWithDebInfo \
|
|
|
|
-DCMAKE_BUILD_TYPE=RelWithDebInfo \
|
|
|
|
|
|
|
|
-DWINDOWS_CERTIFICATE_COMMON_NAME="${WINDOWS_CERTIFICATE_COMMON_NAME}" \
|
|
|
|
# EOF
|
|
|
|
# EOF
|
|
|
|
echo "::endgroup::"
|
|
|
|
echo "::endgroup::"
|
|
|
|
|
|
|
|
|
|
|
|
echo "::group::Build"
|
|
|
|
echo "::group::Build"
|
|
|
|
cmake --build .
|
|
|
|
cmake --build .
|
|
|
|
echo "::endgroup::"
|
|
|
|
echo "::endgroup::"
|
|
|
|
|
|
|
|
env:
|
|
|
|
|
|
|
|
WINDOWS_CERTIFICATE_COMMON_NAME: ${{ secrets.WINDOWS_CERTIFICATE_COMMON_NAME }}
|
|
|
|
|
|
|
|
|
|
|
|
- name: Create bundles
|
|
|
|
- name: Create bundles
|
|
|
|
shell: bash
|
|
|
|
shell: bash
|
|
|
@ -809,6 +830,17 @@ jobs:
|
|
|
|
rm -f bundles/*.sha256
|
|
|
|
rm -f bundles/*.sha256
|
|
|
|
echo "::endgroup::"
|
|
|
|
echo "::endgroup::"
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
- name: Sign installer
|
|
|
|
|
|
|
|
if: needs.source.outputs.is_tag == 'true'
|
|
|
|
|
|
|
|
shell: bash
|
|
|
|
|
|
|
|
# If this is run on a fork, there may not be a certificate set up - continue in this case
|
|
|
|
|
|
|
|
continue-on-error: true
|
|
|
|
|
|
|
|
run: |
|
|
|
|
|
|
|
|
cd ${GITHUB_WORKSPACE}/build/bundles
|
|
|
|
|
|
|
|
../../os/windows/sign.bat *.exe "${WINDOWS_CERTIFICATE_COMMON_NAME}"
|
|
|
|
|
|
|
|
env:
|
|
|
|
|
|
|
|
WINDOWS_CERTIFICATE_COMMON_NAME: ${{ secrets.WINDOWS_CERTIFICATE_COMMON_NAME }}
|
|
|
|
|
|
|
|
|
|
|
|
- name: Store bundles
|
|
|
|
- name: Store bundles
|
|
|
|
uses: actions/upload-artifact@v2
|
|
|
|
uses: actions/upload-artifact@v2
|
|
|
|
with:
|
|
|
|
with:
|
|
|
|