GuanM/tabby
1
0
Fork 0
mirror of https://github.com/Eugeny/tabby.git synced 2025-06-26 14:29:53 +00:00
Code Issues Packages Projects Releases Wiki Activity

.

Browse Source
This commit is contained in:
Eugene 2024-12-18 21:22:46 +01:00
parent e1e6e1cdab
commit 5889f69b71
No known key found for this signature in database
GPG Key ID: 5896FCBBDD1CF4F4
2 changed files with 32 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
.github/workflows/build.yml vendored
View File

@ -312,6 +312,10 @@ jobs:
with:
fetch-depth: 0
- name: Code signing with Software Trust Manager
uses: digicert/ssm-code-signing@v1.0.0
if: github.repository == 'Eugeny/tabby' && github.event_name == 'push' && (github.ref == 'refs/heads/signingtest' || startsWith(github.ref, 'refs/tags'))
- name: Installing Node
uses: actions/setup-node@v3.7.0
with:
@ -336,8 +340,23 @@ jobs:
ARCH: ${{matrix.arch}}
- name: Build and sign packages
run: node scripts/build-windows.mjs
if: github.repository == 'Eugeny/tabby' && github.event_name == 'push' && (github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/tags'))
run: |
echo "${{ secrets.SM_CLIENT_CERT_FILE_B64 }}" | base64 --decode > Certificate_pkcs12.p12
$env:SM_HOST="${{ secrets.SM_HOST }}"
$env:SM_API_KEY="${{ secrets.SM_API_KEY }}"
$env:SM_HOST=https://one.nl.digicert.com
$env:SM_CLIENT_CERT_FILE=Certificate_pkcs12.p12
$env:SM_CLIENT_CERT_PASSWORD=${{ secrets.SM_CLIENT_CERT_PASSWORD }}
$env:SM_KEYPAIR_ALIAS=${{ secrets.SM_KEYPAIR_ALIAS }}
curl -X GET https://one.digicert.com/signingmanager/api-ui/v1/releases/Keylockertools-windows-x64.msi/download -H "x-api-key:${{ secrets.SM_API_KEY }}" -o Keylockertools-windows-x64.msi
msiexec /i Keylockertools-windows-x64.msi /quiet /qn
smksp_registrar.exe list
smctl.exe keypair ls
smctl windows certsync
C:\Windows\System32\certutil.exe -csp "DigiCert Signing Manager KSP" -key -user
node scripts/build-windows.mjs
if: github.repository == 'Eugeny/tabby' && github.event_name == 'push' && (github.ref == 'refs/heads/signingtest' || startsWith(github.ref, 'refs/tags'))
env:
ARCH: ${{matrix.arch}}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

11
scripts/build-windows.mjs
View File

@ -2,6 +2,7 @@
/* eslint-disable @typescript-eslint/prefer-nullish-coalescing */
import { build as builder } from 'electron-builder'
import * as vars from './vars.mjs'
import { execSync } from 'child_process'
const isTag = (process.env.GITHUB_REF || process.env.BUILD_SOURCEBRANCH || '').startsWith('refs/tags/')
@ -22,7 +23,17 @@ builder({
channel: `latest-${process.env.ARCH}`,
},
] : undefined,
win: {
sign: async function (configuration) {
if (configuration.path) {
execSync(
`smctl sign --keypair-alias=${process.env.SM_KEYPAIR_ALIAS} --input "${String(configuration.path)}"`
)
}
}
},
},
publish: process.env.KEYGEN_TOKEN ? isTag ? 'always' : 'onTagOrDraft' : 'never',
}).catch(e => {
console.error(e)