|
|
|
|
@ -175,9 +175,82 @@ jobs: |
|
|
|
|
key: remixdesktop-windows-deps-{{ checksum "apps/remixdesktop/yarn.lock" }} |
|
|
|
|
paths: |
|
|
|
|
- apps/remixdesktop/node_modules |
|
|
|
|
- persist_to_workspace: |
|
|
|
|
root: apps/remixdesktop |
|
|
|
|
paths: |
|
|
|
|
- "release" |
|
|
|
|
# see https://docs.digicert.com/en/software-trust-manager/ci-cd-integrations/script-integrations/github-integration-ksp.html |
|
|
|
|
sign-remixdesktop-windows: |
|
|
|
|
executor: win/default # executor type |
|
|
|
|
working_directory: ~/remix-project |
|
|
|
|
steps: |
|
|
|
|
- checkout |
|
|
|
|
- attach_workspace: |
|
|
|
|
at: . |
|
|
|
|
- run: |
|
|
|
|
name: "Certificate-Setup" |
|
|
|
|
shell: powershell.exe |
|
|
|
|
command: | |
|
|
|
|
cd C:\ |
|
|
|
|
New-Item C:\CERT_FILE.p12.b64 |
|
|
|
|
Set-Content -Path C:\CERT_FILE.p12.b64 -Value $env:SM_CLIENT_CERT_FILE_B64 |
|
|
|
|
certutil -decode CERT_FILE.p12.b64 Certificate_pkcs12.p12 |
|
|
|
|
cat Certificate_pkcs12.p12 |
|
|
|
|
- restore_cache: |
|
|
|
|
name: Restore smtools-windows-x64.msi |
|
|
|
|
keys: |
|
|
|
|
- dl-smtools-windows-x64.msi |
|
|
|
|
- run: |
|
|
|
|
name: "Client-Tool-Download" |
|
|
|
|
shell: powershell.exe |
|
|
|
|
command: | |
|
|
|
|
cd C:\ |
|
|
|
|
if (Test-Path 'c:\smtools-windows-x64.msi') { |
|
|
|
|
echo 'File exists, skipping download...' |
|
|
|
|
} else { |
|
|
|
|
echo 'Downloading smtools-windows-x64.msi ...' |
|
|
|
|
curl.exe -X GET https://one.digicert.com/signingmanager/api-ui/v1/releases/smtools-windows-x64.msi/download -H "x-api-key:$env:SM_API_KEY" -o smtools-windows-x64.msi |
|
|
|
|
} |
|
|
|
|
- save_cache: |
|
|
|
|
key: dl-smtools-windows-x64.msi |
|
|
|
|
paths: |
|
|
|
|
- c:\smtools-windows-x64.msi |
|
|
|
|
- run: |
|
|
|
|
name: "Client-Tool-Setup" |
|
|
|
|
shell: powershell.exe |
|
|
|
|
command: | |
|
|
|
|
cd C:\ |
|
|
|
|
msiexec.exe /i smtools-windows-x64.msi /quiet /qn | Wait-Process |
|
|
|
|
& $env:SSM\smksp_cert_sync.exe |
|
|
|
|
& $env:SSM\smctl.exe healthcheck |
|
|
|
|
- run: |
|
|
|
|
name: "Find Signtool" |
|
|
|
|
shell: powershell.exe |
|
|
|
|
command: | |
|
|
|
|
Get-ChildItem -Path 'C:\Program Files (x86)\Windows Kits\10\App Certification Kit' -Filter signtool.exe -Recurse |
|
|
|
|
- run: |
|
|
|
|
name: "Signtool-Signing" |
|
|
|
|
shell: powershell.exe |
|
|
|
|
command: | |
|
|
|
|
& $env:Signtool sign /sha1 $env:SM_CODE_SIGNING_CERT_SHA1_HASH /tr http://timestamp.digicert.com /td SHA256 /fd SHA256 $env:RemixSetupExe |
|
|
|
|
- run: |
|
|
|
|
name: "Signtool-Verification" |
|
|
|
|
shell: powershell.exe |
|
|
|
|
command: | |
|
|
|
|
$verify_output = $(& $env:Signtool verify /v /pa $env:RemixSetupExe) |
|
|
|
|
echo ${verify_output} |
|
|
|
|
if (!$verify_output.Contains("Number of files successfully Verified: 1")) { |
|
|
|
|
echo 'Verification failed' |
|
|
|
|
exit 1 |
|
|
|
|
} |
|
|
|
|
- store_artifacts: |
|
|
|
|
path: apps/remixdesktop/release/ |
|
|
|
|
path: ~/remix-project/release/ |
|
|
|
|
destination: remixdesktop-windows |
|
|
|
|
environment: |
|
|
|
|
SM_CLIENT_CERT_FILE: 'C:\Certificate_pkcs12.p12' |
|
|
|
|
Signtool: 'C:\Program Files (x86)\Windows Kits\10\App Certification Kit\signtool.exe' |
|
|
|
|
SSM: 'C:\Program Files\DigiCert\DigiCert One Signing Manager Tools' |
|
|
|
|
RemixSetupExe: 'C:\Users\circleci\remix-project\release\Remix IDE.exe' |
|
|
|
|
|
|
|
|
|
build-remixdesktop-mac: |
|
|
|
|
macos: |
|
|
|
|
@ -452,6 +525,9 @@ workflows: |
|
|
|
|
- build-remixdesktop-windows: |
|
|
|
|
requires: |
|
|
|
|
- build-desktop |
|
|
|
|
- sign-remixdesktop-windows: |
|
|
|
|
requires: |
|
|
|
|
- build-remixdesktop-windows |
|
|
|
|
- build-remixdesktop-linux: |
|
|
|
|
requires: |
|
|
|
|
- build-desktop |
|
|
|
|
|
bunsenstraat
10 months ago
committed by
GitHub