Sign using external action #24
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: SUB - Build on Windows | |
on: | |
workflow_dispatch: | |
inputs: | |
env: | |
description: "An Environment" | |
required: true | |
type: choice | |
options: | |
- development | |
- production | |
version: | |
description: "A Version" | |
required: true | |
type: string | |
caching: | |
description: "Use caching" | |
required: true | |
type: boolean | |
default: false | |
workflow_call: | |
inputs: | |
env: | |
description: "An Environment" | |
required: true | |
type: string | |
version: | |
description: "A Version" | |
required: true | |
type: string | |
caching: | |
description: "Use caching" | |
required: true | |
type: boolean | |
default: false | |
jobs: | |
build: | |
runs-on: "windows-latest" | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-java@v3 | |
with: | |
distribution: 'temurin' | |
java-version: '11' | |
- uses: krdlab/setup-haxe@v1 | |
with: | |
haxe-version: 4.2.5 | |
- uses: joshtynjala/setup-apache-flex-action@v2 | |
with: | |
flex-version: "4.16.1" | |
air-version: "33.1" | |
accept-air-license: true | |
- name: Install NSIS plugin nsProcess | |
working-directory: MoonshineSDKInstaller/build | |
run: | | |
Invoke-RestMethod -Uri "https://nsis.sourceforge.io/mediawiki/images/2/2f/ExecCmd.zip" -OutFile ExecCmd.zip | |
7z x ExecCmd.zip -o'ExecCmd' -y | |
mv ExecCmd\ExecCmd.dll "C:\Program Files (x86)\NSIS\Plugins\x86-unicode\ExecCmd.dll" | |
# - name: Put signing certificate in environment variables | |
# run: | | |
# echo "${{ secrets.SM_CLIENT_CERT_FILE_B64 }}" | base64 --decode --ignore-garbage > Certificate_pkcs12.p12 | |
# echo "SM_HOST=${{ secrets.SM_HOST }}" >> "$GITHUB_ENV" | |
# echo "SM_API_KEY=${{ secrets.SM_API_KEY }}" >> "$GITHUB_ENV" | |
# echo "SM_CLIENT_CERT_FILE=Certificate_pkcs12.p12" >> "$GITHUB_ENV" | |
# echo "SM_CLIENT_CERT_PASSWORD=${{ secrets.SM_CLIENT_CERT_PASSWORD }}" >> "$GITHUB_ENV" | |
# echo "SM_THUMBPRINT=${{ secrets.SM_THUMBPRINT }}" >> "$GITHUB_ENV" | |
# - name: Download smtools | |
# shell: cmd | |
# run: | | |
# curl ^ | |
# -X GET https://one.digicert.com/signingmanager/api-ui/v1/releases/smtools-windows-x64.msi/download ^ | |
# -H "x-api-key:${{ secrets.SM_API_KEY }}" ^ | |
# -o smtools-windows-x64.msi | |
# - name: Setup SSM KSP for signing | |
# shell: cmd | |
# run: | | |
# msiexec /i smtools-windows-x64.msi /quiet /qn | |
# smksp_registrar.exe list | |
# smctl.exe keypair ls | |
# C:\Windows\System32\certutil.exe -csp "DigiCert Signing Manager KSP" -key -user | |
# smksp_cert_sync.exe | |
# - name: Show signtool | |
# shell: cmd | |
# run: where signtool | |
- name: Build with Ant | |
shell: cmd | |
run: > | |
ant | |
-buildfile MoonshineSDKInstaller/build/build.xml all | |
-DHAXEPATH="C:\hostedtoolcache\windows\haxe\4.2.5\x64" | |
-DHAXE_HOME="C:\hostedtoolcache\windows\haxe\4.2.5\x64\lib" | |
-DNSIS_HOME="C:\Program Files (x86)\NSIS" | |
-Dapp.version=${{ inputs.version }} | |
-Dbuild.is.signed=false | |
-Dbuild.is.development=${{ inputs.env != 'production' }} | |
- name: Sign using action | |
uses: Moonshine-IDE/digicert-sign-action | |
with: | |
bin-path: MoonshineSDKInstaller/build/bin/MoonshineSDKInstaller-1.2.3.exe | |
sm-host: ${{ secrets.SM_HOST }} | |
sm-api-key: ${{ secrets.SM_API_KEY }} | |
sm-client-cert-file-b64: ${{ secrets.SM_CLIENT_CERT_FILE_B64 }} | |
sm-client-cert-password: ${{ secrets.SM_CLIENT_CERT_PASSWORD }} | |
sm-code-signing-cert-sha1-hash: ${{ secrets.SM_THUMBPRINT }} | |
- name: Upload Artifact | |
uses: actions/upload-artifact@v4 | |
with: | |
name: MoonshineSDKInstaller | |
path: MoonshineSDKInstaller/build/bin/MoonshineSDKInstaller-1.2.3.exe |