Signing CD Action #199
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: FlexBridge CI/CD | |
on: | |
push: | |
branches: ["develop", "master"] | |
pull_request: | |
branches: ["develop", "master"] | |
workflow_dispatch: | |
inputs: | |
releaseType: | |
description: 'Alpha, Beta, Stable used to stamp release artifacts' | |
required: true | |
default: 'Alpha' | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} | |
cancel-in-progress: true | |
jobs: | |
build_and_test: | |
env: | |
CROWDIN_API_KEY: ${{ secrets.CROWDIN_API_KEY }} | |
FILESTOSIGNLATER: "${{ github.workspace }}\\filesToSign" | |
teamcity_build_checkoutDir: ${{ github.workspace }} | |
name: Build Debug and run Tests | |
runs-on: windows-latest | |
steps: | |
- name: Checkout Files | |
uses: actions/checkout@v4 | |
id: checkout | |
with: | |
fetch-depth: 0 | |
submodules: true | |
- name: Download 461 targeting pack | |
uses: suisei-cn/actions-download-file@818d6b7dc8fe73f2f924b6241f2b1134ca1377d9 # 1.6.0 | |
id: downloadfile # Remember to give an ID if you need the output filename | |
with: | |
url: "https://download.microsoft.com/download/F/1/D/F1DEB8DB-D277-4EF9-9F48-3A65D4D8F965/NDP461-DevPack-KB3105179-ENU.exe" | |
target: public/ | |
- name: Install targeting pack | |
shell: cmd | |
working-directory: public | |
run: NDP461-DevPack-KB3105179-ENU.exe /q | |
- name: Add msbuild to PATH | |
uses: microsoft/setup-msbuild@v2 | |
# We need the dotnet runtime to execute overcrowdin | |
- name: Setup dotnet | |
uses: actions/setup-dotnet@v4 | |
with: | |
dotnet-version: | |
8.0.x | |
if: github.event_name != 'pull_request' | |
- name: Downgrade Wix Toolset - remove when runner has 3.14.2 | |
run: | | |
choco uninstall wixtoolset | |
choco install wixtoolset --version 3.11.2 --allow-downgrade --force | |
echo "C:\Program Files (x86)\WiX Toolset v3.11\bin" | Out-File -FilePath $env:GITHUB_PATH -Encoding utf8 -Append | |
# If we are just doing a CI build we don't need real localizations, but the location must exist | |
- name: Add Fake Localizations for CI | |
shell: bash | |
run: echo > DistFiles/localizations/empty.xlf | |
if: github.event_name == 'pull_request' | |
- name: Install Latest Overcrowdin | |
shell: cmd | |
run: dotnet tool install -g overcrowdin | |
if: github.event_name != 'pull_request' | |
- name: Restore L10n Packages | |
shell: cmd | |
run: | | |
cd l10n | |
msbuild l10n.proj /t:restore | |
if: github.event_name != 'pull_request' | |
- name: Get Latest L10ns | |
shell: cmd | |
run: | | |
cd l10n | |
msbuild l10n.proj /t:GetLatestL10ns;CopyL10nsToDistFiles | |
if: github.event_name != 'pull_request' | |
- name: Restore Build Tasks & Packages | |
id: package_restore | |
shell: cmd | |
run: msbuild build\FLExBridge.proj /t:RestoreBuildTasks;RestorePackages | |
- name: Build & Test | |
id: build_and_test_step | |
shell: cmd | |
run: msbuild build\FLExBridge.proj /t:Test /p:Configuration=Release | |
# All the following are used only when building an installer after a merge | |
- name: Build Msi | |
id: build_msi | |
shell: cmd | |
run: | | |
msbuild build/FLExBridge.proj /t:CleanMasterOutputDir;PreparePublishingArtifactsInternal;BuildProductBaseMsi /p:UploadFolder=${{ inputs.environment || 'Alpha' }} | |
if: github.event_name != 'pull_request' | |
- name: Prepare for msi signing | |
shell: bash | |
run: | | |
echo "FILES_TO_SIGN=$(cat $FILESTOSIGNLATER)" >> $GITHUB_OUTPUT | |
id: gathered_files | |
if: github.event_name != 'pull_request' | |
- name: upload-msi | |
id: upload | |
uses: actions/upload-artifact@v4 | |
with: | |
name: FlexBridge.msi | |
path: ${{ steps.gathered_files.outputs.FILES_TO_SIGN }} | |
if-no-files-found: error | |
overwrite: true | |
if: github.event_name != 'pull_request' | |
sign-msi: | |
name: Sign FlexBridge Installer | |
needs: build_and_test | |
if: github.event_name != 'pull_request' | |
uses: sillsdev/codesign/.github/workflows/sign.yml@feature/enableDispatchCalls | |
with: | |
artifact: FlexBridge.msi | |
description: 'FLEx Bridge Installer' | |
secrets: | |
certificate: ${{ secrets.CODESIGN_LSDEVSECTIGOEV }} | |
build-offline-bundle: | |
name: Build offline bundle | |
needs: sign-msi | |
if: github.event_name != 'pull_request' | |
runs-on: windows-latest | |
env: | |
FILESTOSIGNLATER: "${{ github.workspace }}\\filesToSign" | |
steps: | |
- name: Checkout Files | |
uses: actions/checkout@v4 | |
id: checkout | |
with: | |
fetch-depth: 0 | |
submodules: true | |
- name: Downgrade Wix Toolset - remove when runner has 3.14.2 | |
run: | | |
choco uninstall wixtoolset | |
choco install wixtoolset --version 3.11.2 --allow-downgrade --force | |
echo "C:\Program Files (x86)\WiX Toolset v3.11\bin" | Out-File -FilePath $env:GITHUB_PATH -Encoding utf8 -Append | |
- name: Add msbuild to PATH | |
uses: microsoft/setup-msbuild@v2 | |
- name: Download FlexBridge artifact | |
uses: actions/download-artifact@v4 | |
with: | |
name: FlexBridge.msi | |
path: src/WiXInstaller/BaseInstallerBuild # Target directory for the downloaded artifact | |
# All the following are used only when building an installer after a merge | |
- name: Build Bundles | |
id: build_bundles | |
working-directory: build | |
shell: cmd | |
run: | | |
msbuild FLExBridge.proj /t:RestoreBuildTasks;RestorePackages;GetDotNetFiles;CopyWixOverrides | |
msbuild FLExBridge.proj /t:BuildProductBaseBundles /p:Configuration=Release /p:Platform="Any CPU" | |
- name: Extract burn engines | |
id: extract_engines | |
working-directory: BuildDir | |
shell: cmd | |
run: | | |
insignia -ib FlexBridge_Offline.exe -o offline-engine.exe | |
insignia -ib FlexBridge_Online.exe -o online-engine.exe | |
- name: Upload Offline Engine | |
id: upload-offline-engine | |
uses: actions/upload-artifact@v4 | |
with: | |
name: offline-engine | |
path: BuildDir/offline-engine.exe | |
if-no-files-found: error | |
overwrite: true | |
if: github.event_name != 'pull_request' | |
- name: Upload Offline Bundle(detatched) | |
id: upload-offline-bundle | |
uses: actions/upload-artifact@v4 | |
with: | |
name: offline-bundle | |
path: BuildDir/FlexBridge_Offline.exe | |
if-no-files-found: error | |
overwrite: true | |
if: github.event_name != 'pull_request' | |
- name: Upload Online Engine | |
id: upload-online-engine | |
uses: actions/upload-artifact@v4 | |
with: | |
name: online-engine | |
path: BuildDir/online-engine.exe | |
if-no-files-found: error | |
overwrite: true | |
if: github.event_name != 'pull_request' | |
- name: Upload Online Bundle(detached) | |
id: upload-online-bundle | |
uses: actions/upload-artifact@v4 | |
with: | |
name: online-bundle | |
path: BuildDir/FlexBridge_Online.exe | |
if-no-files-found: error | |
overwrite: true | |
if: github.event_name != 'pull_request' | |
sign-offline-engine: | |
name: Sign Offline Engine | |
needs: build-offline-bundle | |
if: github.event_name != 'pull_request' | |
uses: sillsdev/codesign/.github/workflows/sign.yml@feature/enableDispatchCalls | |
with: | |
artifact: offline-engine | |
description: 'FLEx Bridge Installer' | |
secrets: | |
certificate: ${{ secrets.CODESIGN_LSDEVSECTIGOEV }} | |
sign-online-engine: | |
name: Sign Online Engine | |
needs: build-offline-bundle | |
if: github.event_name != 'pull_request' | |
uses: sillsdev/codesign/.github/workflows/sign.yml@feature/enableDispatchCalls | |
with: | |
artifact: online-engine | |
description: 'FLEx Bridge Installer' | |
secrets: | |
certificate: ${{ secrets.CODESIGN_LSDEVSECTIGOEV }} | |
reattach-engines: | |
runs-on: windows-latest | |
needs: [sign-offline-engine, sign-online-engine] | |
steps: | |
- name: Downgrade Wix Toolset - remove when runner has 3.14.2 | |
run: | | |
choco uninstall wixtoolset | |
choco install wixtoolset --version 3.11.2 --allow-downgrade --force | |
echo "C:\Program Files (x86)\WiX Toolset v3.11\bin" | Out-File -FilePath $env:GITHUB_PATH -Encoding utf8 -Append | |
- name: Download signed online engine | |
uses: actions/download-artifact@v4 | |
with: | |
name: online-engine | |
- name: Download signed offline engine | |
uses: actions/download-artifact@v4 | |
with: | |
name: offline-engine | |
- name: Download Online Bundle | |
uses: actions/download-artifact@v4 | |
with: | |
name: online-bundle | |
- name: Download Offline Bundle | |
uses: actions/download-artifact@v4 | |
with: | |
name: offline-bundle | |
- name: Reattach Engines | |
shell: cmd | |
run: | | |
insignia -ab engine.exe FlexBridge_Online.exe -o online-engine.exe | |
insignia -ab engine.exe FlexBridge_Offline.exe -o offline-engine.exe | |
- name: Upload Online Bundle(attached) | |
id: upload-online-bundle | |
uses: actions/upload-artifact@v4 | |
with: | |
name: online-bundle | |
path: FlexBridge_Online.exe | |
if-no-files-found: error | |
overwrite: true | |
if: github.event_name != 'pull_request' | |
- name: Upload Offline Bundle(attached) | |
id: upload-offline-bundle | |
uses: actions/upload-artifact@v4 | |
with: | |
name: offline-bundle | |
path: FlexBridge_Offline.exe | |
if-no-files-found: error | |
overwrite: true | |
if: github.event_name != 'pull_request' | |
sign-offline-bundle: | |
name: Sign Offline Bundle | |
needs: reattach-engines | |
if: github.event_name != 'pull_request' | |
uses: sillsdev/codesign/.github/workflows/sign.yml@feature/enableDispatchCalls | |
with: | |
artifact: offline-bundle | |
description: 'FLEx Bridge Installer' | |
secrets: | |
certificate: ${{ secrets.CODESIGN_LSDEVSECTIGOEV }} | |
sign-online-bundle: | |
name: Sign Online Bundle | |
needs: reattach-engines | |
if: github.event_name != 'pull_request' | |
uses: sillsdev/codesign/.github/workflows/sign.yml@feature/enableDispatchCalls | |
with: | |
artifact: online-bundle | |
description: 'FLEx Bridge Installer' | |
secrets: | |
certificate: ${{ secrets.CODESIGN_LSDEVSECTIGOEV }} | |