Skip to content

Commit

Permalink
Sign Workflow: Fix interactivity (#52)
Browse files Browse the repository at this point in the history
  • Loading branch information
@andreasgriffin
andreasgriffin authored Jan 10, 2025
1 parent 8315531 commit 4188538
Show file tree
Hide file tree
Showing 3 changed files with 232 additions and 27 deletions.
114 changes: 114 additions & 0 deletions .github/workflows/build-windows-release-signing.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,114 @@
name: Build Windows Signed
# this file needs to be manually synchronized with build-windows.yml

on:
push:
branches:
- main
tags:
- '*'

#####################
####### Below must be identical to build-windows.yml
#####################
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v3
with:
fetch-depth: 0 # Fetch all history for all branches and tags
ref: ${{ github.event.inputs.commitHash || github.sha }}


- name: Set up Python environment
uses: actions/setup-python@v4
with:
python-version: '3.10'

- name: Setup xvfb (Linux)
if: runner.os == 'Linux'
run: |
sudo apt-get update
sudo apt-get install -y xvfb \
libxkbcommon-x11-0 \
libxcb-icccm4 \
libxcb-image0 \
libxcb-keysyms1 \
libxcb-randr0 \
libxcb-render-util0 \
libxcb-xinerama0 \
libxcb-xinput0 \
libxcb-xfixes0 \
libxcb-shape0 \
libglib2.0-0 \
libgl1-mesa-dev \
'^libxcb.*-dev' \
libx11-xcb-dev \
libglu1-mesa-dev \
libxrender-dev \
libxi-dev \
libxkbcommon-dev \
libxkbcommon-x11-dev \
libsecp256k1-0
- name: Install Python dependencies
run: |
python -m pip install --upgrade pip
pip install poetry
poetry install
- name: Run build script
run: poetry run python tools/build.py --targets windows --commit None


- name: Check for portable EXE file
run: |
if [ -z "$(find dist -type f -name '*portable.exe')" ]; then
echo "Portable EXE file is missing"
exit 1
fi
- name: Check for setup EXE file
run: |
if [ -z "$(find dist -type f -name '*setup.exe')" ]; then
echo "Setup EXE file is missing"
exit 1
fi
- name: Upload EXE Files from dist/
id: upload-unsigned-artifact
uses: actions/upload-artifact@v4
with:
name: dist
path: dist/* # zip everything in the folder

#####################
####### End of build-windows.yml
#####################

- name: 'signing with ${{ github.event.inputs.signing-policy-slug }}'
id: signpath-io
if: ${{ github.event.inputs.signing-policy-slug != '' }}
uses: signpath/[email protected]
with:
api-token: '${{ .SIGNPATH_API_TOKEN }}'
organization-id: '0981059c-bbd4-461c-abcf-b99bd074a723'
project-slug: 'bitcoin-safe'
# 'signing-policy-slug ("test-signing", "release-signing" for valid signing)'
signing-policy-slug: 'release-signing'
github-artifact-id: '${{ steps.upload-unsigned-artifact.outputs.artifact-id }}'
artifact-configuration-slug: 'Win'
wait-for-completion: true
output-artifact-directory: 'signpath-signed'


- name: Upload Signed EXE Files from signpath-signed/
if: ${{ github.event.inputs.signing-policy-slug != '' }}
id: upload-signed-artifact
uses: actions/upload-artifact@v4
with:
name: signpath-signed
path: signpath-signed/* # zip everything in the folder

114 changes: 114 additions & 0 deletions .github/workflows/build-windows-test-sign.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,114 @@
name: Build Windows Signed
# this file needs to be manually synchronized with build-windows.yml

on:
push:
branches:
- main
tags:
- '*'

#####################
####### Below must be identical to build-windows.yml
#####################
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v3
with:
fetch-depth: 0 # Fetch all history for all branches and tags
ref: ${{ github.event.inputs.commitHash || github.sha }}


- name: Set up Python environment
uses: actions/setup-python@v4
with:
python-version: '3.10'

- name: Setup xvfb (Linux)
if: runner.os == 'Linux'
run: |
sudo apt-get update
sudo apt-get install -y xvfb \
libxkbcommon-x11-0 \
libxcb-icccm4 \
libxcb-image0 \
libxcb-keysyms1 \
libxcb-randr0 \
libxcb-render-util0 \
libxcb-xinerama0 \
libxcb-xinput0 \
libxcb-xfixes0 \
libxcb-shape0 \
libglib2.0-0 \
libgl1-mesa-dev \
'^libxcb.*-dev' \
libx11-xcb-dev \
libglu1-mesa-dev \
libxrender-dev \
libxi-dev \
libxkbcommon-dev \
libxkbcommon-x11-dev \
libsecp256k1-0
- name: Install Python dependencies
run: |
python -m pip install --upgrade pip
pip install poetry
poetry install
- name: Run build script
run: poetry run python tools/build.py --targets windows --commit None


- name: Check for portable EXE file
run: |
if [ -z "$(find dist -type f -name '*portable.exe')" ]; then
echo "Portable EXE file is missing"
exit 1
fi
- name: Check for setup EXE file
run: |
if [ -z "$(find dist -type f -name '*setup.exe')" ]; then
echo "Setup EXE file is missing"
exit 1
fi
- name: Upload EXE Files from dist/
id: upload-unsigned-artifact
uses: actions/upload-artifact@v4
with:
name: dist
path: dist/* # zip everything in the folder

#####################
####### End of build-windows.yml
#####################

- name: 'signing with ${{ github.event.inputs.signing-policy-slug }}'
id: signpath-io
if: ${{ github.event.inputs.signing-policy-slug != '' }}
uses: signpath/[email protected]
with:
api-token: '${{ .SIGNPATH_API_TOKEN }}'
organization-id: '0981059c-bbd4-461c-abcf-b99bd074a723'
project-slug: 'bitcoin-safe'
# 'signing-policy-slug ("test-signing", "release-signing" for valid signing)'
signing-policy-slug: 'test-signing'
github-artifact-id: '${{ steps.upload-unsigned-artifact.outputs.artifact-id }}'
artifact-configuration-slug: 'Win'
wait-for-completion: true
output-artifact-directory: 'signpath-signed'


- name: Upload Signed EXE Files from signpath-signed/
if: ${{ github.event.inputs.signing-policy-slug != '' }}
id: upload-signed-artifact
uses: actions/upload-artifact@v4
with:
name: signpath-signed
path: signpath-signed/* # zip everything in the folder

31 changes: 4 additions & 27 deletions .github/workflows/build-windows.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,11 +7,11 @@ on:
description: 'Enter the commit hash to build (empty = the main branch or the branch that triggered the workflow)'
required: false
type: string
signing-policy-slug:
description: 'signing-policy-slug ("" for no signing, "test-signing", "release-signing" for valid signing)'
required: false
default: 'test-signing'


#####################
####### Ensure changes here are copied to build-windows-signed.yml
#####################
jobs:
build:
runs-on: ubuntu-latest
Expand Down Expand Up @@ -85,26 +85,3 @@ jobs:
name: dist
path: dist/* # zip everything in the folder

- name: 'signing with ${{ github.event.inputs.signing-policy-slug }}'
id: signpath-io
if: ${{ github.event.inputs.signing-policy-slug != '' }}
uses: signpath/[email protected]
with:
api-token: '${{ secrets.SIGNPATH_API_TOKEN }}'
organization-id: '0981059c-bbd4-461c-abcf-b99bd074a723'
project-slug: 'bitcoin-safe'
signing-policy-slug: '${{ github.event.inputs.signing-policy-slug }}'
github-artifact-id: '${{ steps.upload-unsigned-artifact.outputs.artifact-id }}'
artifact-configuration-slug: 'Win'
wait-for-completion: true
output-artifact-directory: 'signpath-signed'


- name: Upload Signed EXE Files from signpath-signed/
if: ${{ github.event.inputs.signing-policy-slug != '' }}
id: upload-signed-artifact
uses: actions/upload-artifact@v4
with:
name: signpath-signed
path: signpath-signed/* # zip everything in the folder

0 comments on commit 4188538

Please sign in to comment.