From d2c910fca60438eb3c94ca756c50537cfcea5b4d Mon Sep 17 00:00:00 2001 From: creeper-0910 <56744841+creeper-0910@users.noreply.github.com> Date: Fri, 10 Jan 2025 01:12:31 +0900 Subject: [PATCH] [FB] workflow | Merge workflow --- .github/workflows/windows-build.yml | 84 ++++++++++++++++++++- .github/workflows/wrapper_windows-build.yml | 10 --- 2 files changed, 81 insertions(+), 13 deletions(-) diff --git a/.github/workflows/windows-build.yml b/.github/workflows/windows-build.yml index 76a1681abf1d..d783b049b1a7 100644 --- a/.github/workflows/windows-build.yml +++ b/.github/workflows/windows-build.yml @@ -63,6 +63,9 @@ on: PAT: description: "Personal Access Token" required: true + SIGNPATH_API_TOKEN: + description: "SignPath API Token" + required: true jobs: win-build: @@ -335,9 +338,84 @@ jobs: GHA_out_artifact_name : ${{inputs.out_artifact_name}} GHA_default_name: floorp-windows-${{fromJson('["x86","aarch"]')[inputs.aarch64]}}_64-${{fromJson('["package","build-with-profgen"]')[inputs.profgen]}}${{fromJson('["","-zstd"]')[inputs.zstd]}} - - name: Publish Package🎁 + - name: install 7z for extract + run: | + sudo apt install -y p7zip-full + + - name: extract + run: | + mkdir -p unsigned/bin + mkdir -p unsigned/stub + 7z x ~/output/floorp-win*installer.exe -ounsigned/bin + 7z x ~/output/floorp-stub.installer.exe -ounsigned/stub + + # rename stub installer + mv unsigned/stub/setup-stub.exe unsigned/stub/floorp-stub.installer.exe + + - name: Create Environment for Repackaging + run: | + unzip -d Floorp-Repackage ./.github/windows-code-sign.zip + + - name: Publish Unsigned Package + id: publish-unsigned-package + uses: actions/upload-artifact@v4 + with: + name: floorp-windows-${{fromJson('["x86","aarch"]')[inputs.arch]}}_64-package-unsigned + path: unsigned/bin + + - name: Sign 🖊️ + id: Sign + uses: signpath/github-action-submit-signing-request@v1.1 + with: + api-token: '${{ secrets.SIGNPATH_API_TOKEN }}' + organization-id: '3b13ba3b-8062-4df7-a4a6-217a5ec352c4' + project-slug: 'Floorp' + signing-policy-slug: 'test-signing' + artifact-configuration-slug: 'core-signing' + github-artifact-id: '${{ steps.publish-unsigned-package.outputs.artifact-id }}' + wait-for-completion: true + output-artifact-directory: signed_output + + - name: Copy Signed Artifact to Floorp-Repackage And unpack + run: | + cp -r signed_output/* Floorp-Repackage/Floorp-work + + - name: Create Repackaged Artifact + run: | + cd Floorp-Repackage/Floorp-work + 7z a -r -t7z app.7z -mx -m0=BCJ2 -m1=LZMA:d24 -m2=LZMA:d19 -m3=LZMA:d19 -mb0:1 -mb0s1:2 -mb0s2:3 + cd ../ + cat 7zSD.sfx app.tag Floorp-work\app.7z > ~/unsigned/stub/floorp-win64.installer.exe + + - name: Publish Unsigned Installer + id: publish-unsigned-installer + uses: actions/upload-artifact@v4 + with: + name: floorp-windows-${{fromJson('["x86","aarch"]')[inputs.arch]}}_64-package-unsigned-installer + path: unsigned/stub + + - name: Sign Installers 🖊️ + id: Sign-Installers + uses: signpath/github-action-submit-signing-request@v1.1 + with: + api-token: '${{ secrets.SIGNPATH_API_TOKEN }}' + organization-id: '3b13ba3b-8062-4df7-a4a6-217a5ec352c4' + project-slug: 'Floorp' + signing-policy-slug: 'test-signing' + artifact-configuration-slug: 'stub-signing' + github-artifact-id: '${{ steps.publish-unsigned-installer.outputs.artifact-id }}' + wait-for-completion: true + output-artifact-directory: signed_installers + + - name: Publish Signed Package + uses: actions/upload-artifact@v4 + with: + name: floorp-windows-${{fromJson('["x86","aarch"]')[inputs.arch]}}_64-package-signed + path: signed_output + + - name: Publish Signed Installer uses: actions/upload-artifact@v4 with: - name: ${{env.ARTIFACT_NAME}} - path: ~/output + name: floorp-windows-${{fromJson('["x86","aarch"]')[inputs.arch]}}_64-package-signed-installer + path: signed_installers # Publish END diff --git a/.github/workflows/wrapper_windows-build.yml b/.github/workflows/wrapper_windows-build.yml index 2ebb04595d34..14f2b28bbbd7 100644 --- a/.github/workflows/wrapper_windows-build.yml +++ b/.github/workflows/wrapper_windows-build.yml @@ -29,14 +29,4 @@ jobs: aarch64: ${{inputs.aarch64}} secrets: PAT: ${{ secrets.PAT }} - - windows-codesign: - needs: windows-build - name: win-${{fromJson('["no_pgo","pgo"]')[inputs.profgen]}}-${{fromJson('["AMD","AARCH"]')[inputs.aarch64]}}-64bit - uses: ./.github/workflows/windows-codesign.yml - with: - package-artifact-name: floorp-windows-${{fromJSON('["x86_64","aarch64"]')[inputs.aarch64]}}-package - arch: ${{ inputs.aarch64 }} - secrets: SIGNPATH_API_TOKEN: ${{ secrets.SIGNPATH_API_TOKEN }} - PAT: ${{ secrets.PAT }}