Skip to content

Sign using external action #24

Sign using external action

Sign using external action #24

Workflow file for this run

name: SUB - Build on Windows
on:
workflow_dispatch:
inputs:
env:
description: "An Environment"
required: true
type: choice
options:
- development
- production
version:
description: "A Version"
required: true
type: string
caching:
description: "Use caching"
required: true
type: boolean
default: false
workflow_call:
inputs:
env:
description: "An Environment"
required: true
type: string
version:
description: "A Version"
required: true
type: string
caching:
description: "Use caching"
required: true
type: boolean
default: false
jobs:
build:
runs-on: "windows-latest"
steps:
- uses: actions/checkout@v4
- uses: actions/setup-java@v3
with:
distribution: 'temurin'
java-version: '11'
- uses: krdlab/setup-haxe@v1
with:
haxe-version: 4.2.5
- uses: joshtynjala/setup-apache-flex-action@v2
with:
flex-version: "4.16.1"
air-version: "33.1"
accept-air-license: true
- name: Install NSIS plugin nsProcess
working-directory: MoonshineSDKInstaller/build
run: |
Invoke-RestMethod -Uri "https://nsis.sourceforge.io/mediawiki/images/2/2f/ExecCmd.zip" -OutFile ExecCmd.zip
7z x ExecCmd.zip -o'ExecCmd' -y
mv ExecCmd\ExecCmd.dll "C:\Program Files (x86)\NSIS\Plugins\x86-unicode\ExecCmd.dll"
# - name: Put signing certificate in environment variables
# run: |
# echo "${{ secrets.SM_CLIENT_CERT_FILE_B64 }}" | base64 --decode --ignore-garbage > Certificate_pkcs12.p12
# echo "SM_HOST=${{ secrets.SM_HOST }}" >> "$GITHUB_ENV"
# echo "SM_API_KEY=${{ secrets.SM_API_KEY }}" >> "$GITHUB_ENV"
# echo "SM_CLIENT_CERT_FILE=Certificate_pkcs12.p12" >> "$GITHUB_ENV"
# echo "SM_CLIENT_CERT_PASSWORD=${{ secrets.SM_CLIENT_CERT_PASSWORD }}" >> "$GITHUB_ENV"
# echo "SM_THUMBPRINT=${{ secrets.SM_THUMBPRINT }}" >> "$GITHUB_ENV"
# - name: Download smtools
# shell: cmd
# run: |
# curl ^
# -X GET https://one.digicert.com/signingmanager/api-ui/v1/releases/smtools-windows-x64.msi/download ^
# -H "x-api-key:${{ secrets.SM_API_KEY }}" ^
# -o smtools-windows-x64.msi
# - name: Setup SSM KSP for signing
# shell: cmd
# run: |
# msiexec /i smtools-windows-x64.msi /quiet /qn
# smksp_registrar.exe list
# smctl.exe keypair ls
# C:\Windows\System32\certutil.exe -csp "DigiCert Signing Manager KSP" -key -user
# smksp_cert_sync.exe
# - name: Show signtool
# shell: cmd
# run: where signtool
- name: Build with Ant
shell: cmd
run: >
ant
-buildfile MoonshineSDKInstaller/build/build.xml all
-DHAXEPATH="C:\hostedtoolcache\windows\haxe\4.2.5\x64"
-DHAXE_HOME="C:\hostedtoolcache\windows\haxe\4.2.5\x64\lib"
-DNSIS_HOME="C:\Program Files (x86)\NSIS"
-Dapp.version=${{ inputs.version }}
-Dbuild.is.signed=false
-Dbuild.is.development=${{ inputs.env != 'production' }}
- name: Sign using action
uses: Moonshine-IDE/digicert-sign-action
with:
bin-path: MoonshineSDKInstaller/build/bin/MoonshineSDKInstaller-1.2.3.exe
sm-host: ${{ secrets.SM_HOST }}
sm-api-key: ${{ secrets.SM_API_KEY }}
sm-client-cert-file-b64: ${{ secrets.SM_CLIENT_CERT_FILE_B64 }}
sm-client-cert-password: ${{ secrets.SM_CLIENT_CERT_PASSWORD }}
sm-code-signing-cert-sha1-hash: ${{ secrets.SM_THUMBPRINT }}
- name: Upload Artifact
uses: actions/upload-artifact@v4
with:
name: MoonshineSDKInstaller
path: MoonshineSDKInstaller/build/bin/MoonshineSDKInstaller-1.2.3.exe