-
Notifications
You must be signed in to change notification settings - Fork 0
116 lines (96 loc) · 3.53 KB
/
build-sign-and-release.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
name: Build, Sign, and Release ForceBindIP GUI
on:
push:
branches: [ main ]
jobs:
build:
runs-on: [ubuntu-latest]
if: ${{ !contains(github.event.head_commit.message, '[skip-ci]') }}
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: '3.9'
- name: Get short SHA
id: get_short_sha
if: ${{ !contains(github.event.head_commit.message, '[release]') }}
run: echo "short_sha=$(echo ${{ github.sha }} | cut -c1-10)" >> $GITHUB_ENV
- name: Get current date and time in UTC
id: get_date
if: ${{ !contains(github.event.head_commit.message, '[release]') }}
run: |
utc_date=$(TZ='UTC' date +'%Y-%m-%d @ %H:%M:%S')
echo "date=$utc_date" >> $GITHUB_ENV
- name: Write build details to file
if: ${{ !contains(github.event.head_commit.message, '[release]') }}
run: |
printf "%s\n%s" "${{ env.date }}" "${{ env.short_sha }}" > build_details.txt
- name: Package Application
uses: JackMcKew/pyinstaller-action-windows@main
with:
path: .
- name: Upload artifact
uses: actions/upload-artifact@v4
with:
name: ForceBindIPGUI_unsigned
path: dist/windows/ForceBindIP-GUI.exe
sign:
runs-on: [windows-latest]
needs: build
steps:
- name: Download artifact
uses: actions/download-artifact@v4
with:
name: ForceBindIPGUI
path: ./dist
# https://melatonin.dev/blog/code-signing-on-windows-with-azure-trusted-signing/#step-9-trusted-signing-in-ci-github
- name: Azure Trusted Signing
uses: azure/trusted-signing-action@v0.5.0
with:
azure-tenant-id: ${{ secrets.AZURE_TENANT_ID }}
azure-client-id: ${{ secrets.AZURE_CLIENT_ID }}
azure-client-secret: ${{ secrets.AZURE_CLIENT_SECRET }}
endpoint: ${{ secrets.AZURE_ENDPOINT }}
trusted-signing-account-name: ${{ secrets.AZURE_CODE_SIGNING_NAME }}
certificate-profile-name: ${{ secrets.AZURE_CERT_PROFILE_NAME }}
file-digest: SHA256
timestamp-rfc3161: http://timestamp.acs.microsoft.com
timestamp-digest: SHA256
# Sign all exes inside the folder
files-folder: ./dist
files-folder-filter: exe
- name: Upload artifact
uses: actions/upload-artifact@v4
with:
name: ForceBindIPGUI
path: ./dist/ForceBindIP-GUI.exe
release:
runs-on: [ubuntu-latest]
needs: sign
permissions:
contents: write
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Get short SHA
id: get_short_sha
run: echo "short_sha=$(echo ${{ github.sha }} | cut -c1-10)" >> $GITHUB_ENV
- name: Download artifact
uses: actions/download-artifact@v4
with:
name: ForceBindIPGUI
path: ./dist
- name: Create Release
id: create_release
uses: softprops/action-gh-release@v2
with:
tag_name: cicd-${{ github.run_number }}
name: cicd-${{ env.short_sha }}
body: |
Release triggered by commit [${{ env.short_sha }}](https://github.com/${{ github.repository }}/commit/${{ github.sha }}): ${{ github.event.head_commit.message }}
files: ./dist/ForceBindIP-GUI.exe
make_latest: true
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}