win build sign

pull/5370/head
yann300 11 months ago committed by bunsenstraat
parent 8954d950ac
commit e8142c13a5
  1. 78
      .circleci/config.yml

@ -175,9 +175,82 @@ jobs:
key: remixdesktop-windows-deps-{{ checksum "apps/remixdesktop/yarn.lock" }}
paths:
- apps/remixdesktop/node_modules
- persist_to_workspace:
root: apps/remixdesktop
paths:
- "release"
# see https://docs.digicert.com/en/software-trust-manager/ci-cd-integrations/script-integrations/github-integration-ksp.html
sign-remixdesktop-windows:
executor: win/default # executor type
working_directory: ~/remix-project
steps:
- checkout
- attach_workspace:
at: .
- run:
name: "Certificate-Setup"
shell: powershell.exe
command: |
cd C:\
New-Item C:\CERT_FILE.p12.b64
Set-Content -Path C:\CERT_FILE.p12.b64 -Value $env:SM_CLIENT_CERT_FILE_B64
certutil -decode CERT_FILE.p12.b64 Certificate_pkcs12.p12
cat Certificate_pkcs12.p12
- restore_cache:
name: Restore smtools-windows-x64.msi
keys:
- dl-smtools-windows-x64.msi
- run:
name: "Client-Tool-Download"
shell: powershell.exe
command: |
cd C:\
if (Test-Path 'c:\smtools-windows-x64.msi') {
echo 'File exists, skipping download...'
} else {
echo 'Downloading smtools-windows-x64.msi ...'
curl.exe -X GET https://one.digicert.com/signingmanager/api-ui/v1/releases/smtools-windows-x64.msi/download -H "x-api-key:$env:SM_API_KEY" -o smtools-windows-x64.msi
}
- save_cache:
key: dl-smtools-windows-x64.msi
paths:
- c:\smtools-windows-x64.msi
- run:
name: "Client-Tool-Setup"
shell: powershell.exe
command: |
cd C:\
msiexec.exe /i smtools-windows-x64.msi /quiet /qn | Wait-Process
& $env:SSM\smksp_cert_sync.exe
& $env:SSM\smctl.exe healthcheck
- run:
name: "Find Signtool"
shell: powershell.exe
command: |
Get-ChildItem -Path 'C:\Program Files (x86)\Windows Kits\10\App Certification Kit' -Filter signtool.exe -Recurse
- run:
name: "Signtool-Signing"
shell: powershell.exe
command: |
& $env:Signtool sign /sha1 $env:SM_CODE_SIGNING_CERT_SHA1_HASH /tr http://timestamp.digicert.com /td SHA256 /fd SHA256 $env:RemixSetupExe
- run:
name: "Signtool-Verification"
shell: powershell.exe
command: |
$verify_output = $(& $env:Signtool verify /v /pa $env:RemixSetupExe)
echo ${verify_output}
if (!$verify_output.Contains("Number of files successfully Verified: 1")) {
echo 'Verification failed'
exit 1
}
- store_artifacts:
path: apps/remixdesktop/release/
path: ~/remix-project/release/
destination: remixdesktop-windows
environment:
SM_CLIENT_CERT_FILE: 'C:\Certificate_pkcs12.p12'
Signtool: 'C:\Program Files (x86)\Windows Kits\10\App Certification Kit\signtool.exe'
SSM: 'C:\Program Files\DigiCert\DigiCert One Signing Manager Tools'
RemixSetupExe: 'C:\Users\circleci\remix-project\release\Remix IDE Setup 0.0.11-Alpha.exe'
build-remixdesktop-mac:
macos:
@ -452,6 +525,9 @@ workflows:
- build-remixdesktop-windows:
requires:
- build-desktop
- sign-remixdesktop-windows:
requires:
- build-remixdesktop-windows
- build-remixdesktop-linux:
requires:
- build-desktop

Loading…
Cancel
Save