Skip to content

add msix signing

add msix signing #199

Workflow file for this run

name: FieldWorks Lite
on:
workflow_dispatch:
push:
paths:
- 'backend/FwLite/**'
- 'backend/harmony/**'
- 'frontend/viewer/**'
- '.github/workflows/fw-lite.yaml'
branches:
- develop
pull_request:
paths:
- 'backend/FwLite/**'
- 'backend/harmony/**'
- 'frontend/viewer/**'
- '.github/workflows/fw-lite.yaml'
branches:
- develop
jobs:
build-and-test:
name: Build FW Lite and run tests
timeout-minutes: 20
runs-on: windows-latest
steps:
- name: Checkout
uses: actions/checkout@v4
with:
submodules: true
- uses: actions/setup-dotnet@v4
with:
dotnet-version: '8.x'
- uses: actions/setup-node@v4
with:
node-version-file: './frontend/package.json'
- name: Dotnet build
working-directory: backend/FwLite/FwLiteDesktop
run: |
dotnet build --configuration Release
- name: Dotnet test
run: dotnet test FwLiteOnly.slnf --configuration Release --logger GitHubActions
- name: Build viewer
working-directory: frontend/viewer
run: |
corepack enable
pnpm install
pnpm run build-app
- name: Upload viewer artifacts
uses: actions/upload-artifact@v4
with:
name: fw-lite-viewer-app
if-no-files-found: error
path: frontend/viewer/dist
publish-mac:
name: Publish FW Lite app for Mac
needs: build-and-test
timeout-minutes: 30
runs-on: macos-latest
steps:
- name: Checkout
uses: actions/checkout@v4
with:
submodules: true
- uses: actions/download-artifact@v4
with:
name: fw-lite-viewer-app
path: frontend/viewer/dist
- uses: actions/setup-dotnet@v4
with:
dotnet-version: '8.x'
- name: Dotnet build
working-directory: backend/FwLite/LocalWebApp
run: dotnet build --configuration Release
- name: Publish OSX
working-directory: backend/FwLite/LocalWebApp
run: dotnet publish -r osx-x64 --artifacts-path ../artifacts
- name: Publish OSX ARM
working-directory: backend/FwLite/LocalWebApp
run: dotnet publish -r osx-arm64 --artifacts-path ../artifacts
- name: Upload local web app artifacts
uses: actions/upload-artifact@v4
with:
name: fw-lite-local-web-app-mac
if-no-files-found: error
path: backend/FwLite/artifacts/publish/LocalWebApp/*
publish-linux:
name: Publish FW Lite app for Linux
needs: build-and-test
timeout-minutes: 30
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
with:
submodules: true
- uses: actions/download-artifact@v4
with:
name: fw-lite-viewer-app
path: frontend/viewer/dist
- uses: actions/setup-dotnet@v4
with:
dotnet-version: '8.x'
- name: Dotnet build
working-directory: backend/FwLite/LocalWebApp
run: dotnet build --configuration Release
- name: Publish Linux
working-directory: backend/FwLite/LocalWebApp
run: dotnet publish -r linux-x64 --artifacts-path ../artifacts
- name: Upload FWLite Desktop artifacts
uses: actions/upload-artifact@v4
with:
name: fw-lite-local-web-app-linux
if-no-files-found: error
path: backend/FwLite/artifacts/publish/LocalWebApp/*
publish-win:
name: Publish FW Lite app for Windows
# only publish if tag matches fwlite-v* pattern
# iif: startsWith(github.ref, 'refs/tags/fwlite-v')
needs: build-and-test
timeout-minutes: 30
runs-on: windows-latest
steps:
- name: Checkout
uses: actions/checkout@v4
with:
submodules: true
- uses: actions/download-artifact@v4
with:
name: fw-lite-viewer-app
path: frontend/viewer/dist
- uses: actions/setup-dotnet@v4
with:
dotnet-version: '8.x'
- name: Setup Maui
run: dotnet workload install maui-windows
- name: Dotnet build
working-directory: backend/FwLite/LocalWebApp
run: dotnet build --configuration Release
- name: Publish Windows MAUI portable app
working-directory: backend/FwLite/FwLiteDesktop
run: |
dotnet publish -r win-x64 --artifacts-path ../artifacts -p:WindowsPackageType=None
dotnet publish -r win-arm64 --artifacts-path ../artifacts -p:WindowsPackageType=None
mkdir -p ../artifacts/sign/portable
cp -r ../artifacts/publish/FwLiteDesktop/* ../artifacts/sign/portable/
- name: Publish Windows MAUI msix app
working-directory: backend/FwLite/FwLiteDesktop
run: |
dotnet publish -f net8.0-windows10.0.19041.0 -r win-x64 --artifacts-path ../artifacts -p:Platform=x64
dotnet publish -f net8.0-windows10.0.19041.0 -r win-arm64 --artifacts-path ../artifacts -p:Platform=arm64
mkdir -p ../artifacts/msix
cp ../artifacts/bin/FwLiteDesktop/*/AppPackages/*/*.msix ../artifacts/msix/
- name: Bundle MSIX
working-directory: backend/FwLite/artifacts/msix
shell: pwsh
run: |
$SdkVersion = '10.0.19041.0'
$Architecture = 'x86'
$sdkToolsPath = Join-Path -Path 'C:\Program Files (x86)\Windows Kits\10\bin' -ChildPath $SdkVersion -AdditionalChildPath $Architecture
$env:Path += ";$sdkToolsPath"
MakeAppx.exe bundle /v /bv 1.0.0.1 /d . /p ../sign/FwLiteDesktop.msixbundle
- name: Sign MSIX with Trusted Signing
uses: azure/trusted-signing-action@v0.4.0
with:
azure-tenant-id: ${{ secrets.AZURE_TENANT_ID }}
azure-client-id: ${{ secrets.AZURE_CLIENT_ID }}
azure-client-secret: ${{ secrets.AZURE_CLIENT_SECRET }}
endpoint: ${{ vars.TRUSTED_SIGNING_ENDPOINT }}
trusted-signing-account-name: ${{ vars.TRUSTED_SIGNING_ACCOUNT_NAME }}
certificate-profile-name: ${{ vars.CERTIFICATE_PROFILE_NAME }}
files-folder: ${{ github.workspace }}/backend/FwLite/artifacts/sign
files-folder-filter: msixbundle,exe
files-folder-recurse: true
files-folder-depth: 4
file-digest: SHA256
timestamp-rfc3161: http://timestamp.acs.microsoft.com
timestamp-digest: SHA256
trace: true
- name: Upload FWLite Portable
uses: actions/upload-artifact@v4
with:
name: fw-lite-portable
if-no-files-found: error
path: backend/FwLite/artifacts/sign/portable/*
- name: Upload FWLite MSIX
uses: actions/upload-artifact@v4
with:
name: fw-lite-msix
if-no-files-found: error
path: backend/FwLite/artifacts/sign/*.msixbundle
create-release:
#disabled since we don't have a release yet
if: false
name: Create Release
needs: publish-win
runs-on: windows-latest
steps:
- uses: actions/download-artifact@v4
with:
name: fw-lite
- name: Create Release
uses: softprops/action-gh-release@v2
with:
files: |
backend/FwLite/artifacts/bin/FwLiteDesktop/*/AppPackages/FwLiteDesktop_1.0.0.1_Test/*.msix
body: |
Release for version ${{ github.ref }}
draft: true