102 lines
3.3 KiB
YAML
102 lines
3.3 KiB
YAML
name: CI
|
|
|
|
on:
|
|
push:
|
|
schedule:
|
|
- cron: '0 1 * * *'
|
|
|
|
jobs:
|
|
Windows:
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
config:
|
|
- native_mixed
|
|
runs-on: windows-2022
|
|
env:
|
|
OS_NAME: windows
|
|
COMPILE_CONFIG: ${{matrix.config}}
|
|
HOME: 'C:\\Users\\runneradmin'
|
|
steps:
|
|
- name: Checkout code
|
|
uses: actions/checkout@v3
|
|
- name: Setup python 3.12
|
|
uses: actions/setup-python@v3
|
|
with:
|
|
python-version: '3.12'
|
|
- name: Install packages
|
|
run: |
|
|
choco.exe install pkgconfiglite ninja
|
|
- name: Install python modules
|
|
shell: bash
|
|
run: |
|
|
pip3 install meson pytest requests distro paramiko
|
|
pip3 install --no-deps $GITHUB_WORKSPACE
|
|
- name: Setup MSVC compiler
|
|
uses: bus1/cabuild/action/msdevshell@v1
|
|
with:
|
|
architecture: x64
|
|
- name: secret
|
|
shell: bash
|
|
run: |
|
|
echo "${{secrets.ssh_key}}" > $SSH_KEY
|
|
env:
|
|
SSH_KEY: ${{ runner.temp }}/id_rsa
|
|
- name: Install and configure eSigner CKA and Windows SDK
|
|
if: github.event_name == 'push'
|
|
env:
|
|
ESIGNER_URL: https://github.com/SSLcom/eSignerCKA/releases/download/v1.0.7/SSL.COM-eSigner-CKA_1.0.7.zip
|
|
run: |
|
|
Set-StrictMode -Version 'Latest'
|
|
|
|
# Download and Unzip eSignerCKA Setup
|
|
Invoke-WebRequest -OutFile eSigner_CKA_Setup.zip "$env:ESIGNER_URL"
|
|
Expand-Archive -Force eSigner_CKA_Setup.zip
|
|
Remove-Item eSigner_CKA_Setup.zip
|
|
Move-Item -Destination “eSigner_CKA_Installer.exe” -Path “eSigner_CKA_*\*.exe”
|
|
|
|
# Install eSignerCKA
|
|
New-Item -ItemType Directory -Force -Path "C:\esigner"
|
|
./eSigner_CKA_Installer.exe /CURRENTUSER /VERYSILENT /SUPPRESSMSGBOXES /DIR=”C:\esigner” /TYPE=automatic | Out-Null
|
|
Remove-Item "eSigner_CKA_Installer.exe"
|
|
|
|
# Configure the CKA with SSL.com credentials
|
|
C:\esigner\eSignerCKATool.exe config -mode product -user "${{ secrets.ESIGNER_USERNAME }}" -pass "${{ secrets.ESIGNER_PASSWORD }}" -totp "${{ secrets.ESIGNER_TOTP_SECRET }}" -key "C:\esigner\master.key" -r
|
|
C:\esigner\eSignerCKATool.exe unload
|
|
C:\esigner\eSignerCKATool.exe load
|
|
|
|
# Find certificate
|
|
$CodeSigningCert = Get-ChildItem Cert:\CurrentUser\My -CodeSigningCert | Select-Object -First 1
|
|
echo Certificate: $CodeSigningCert
|
|
|
|
# Extract thumbprint and subject name
|
|
$Thumbprint = $CodeSigningCert.Thumbprint
|
|
echo "SIGNTOOL_THUMBPRINT=$Thumbprint" >> $env:GITHUB_ENV
|
|
|
|
- name: download sample exe
|
|
run: |
|
|
Invoke-WebRequest -OutFile kiwix-tools.zip "https://mirror.download.kiwix.org/nightly/2024-08-29/kiwix-tools_win-i686-2024-08-29.zip"
|
|
Expand-Archive -Force kiwix-tools.zip
|
|
|
|
- name: test signing exe
|
|
shell: python
|
|
env:
|
|
SIGNTOOL_PATH: "C:/Program Files (x86)/Windows Kits/10/bin/10.0.22621.0/x86/signtool.exe"
|
|
run: |
|
|
import os
|
|
import subprocess
|
|
command = [
|
|
os.environ["SIGNTOOL_PATH"],
|
|
"sign",
|
|
"/fd",
|
|
"sha256",
|
|
"/tr",
|
|
"http://ts.ssl.com",
|
|
"/td",
|
|
"sha256",
|
|
"/sha1",
|
|
os.environ["SIGNTOOL_THUMBPRINT"],
|
|
"kiwix-tools\\kiwix-serve.exe",
|
|
]
|
|
subprocess.run(command, check=True)
|