timamsk/Open-Shell-Menu
1
0
Fork 0
mirror of https://github.com/Open-Shell/Open-Shell-Menu.git synced 2026-06-14 03:16:38 +10:00
Code Issues Packages Projects Releases Wiki Activity

Sign with SignPath

Browse Source
This commit is contained in:
ge0rdi
2026-05-31 17:47:06 +02:00
parent 4cdb1f47c8
commit a2ce585447
1 changed files with 92 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.github/workflows/build.yml
+92 -7
View File
@@ -60,6 +60,8 @@ jobs:
run: Src\Setup\BuildBinaries.bat run: Src\Setup\BuildBinaries.bat
- name: Upload binaries - name: Upload binaries
if: github.event_name == 'workflow_dispatch' && github.ref == 'refs/heads/master' # Only manual master builds
id: upload-binaries
uses: actions/upload-artifact@v7 uses: actions/upload-artifact@v7
with: with:
name: Binaries name: Binaries
@@ -68,6 +70,20 @@ jobs:
!Src/Setup/Output/*.skin !Src/Setup/Output/*.skin
!Src/Setup/Output/*.skin7 !Src/Setup/Output/*.skin7
!Src/Setup/Output/*.zip !Src/Setup/Output/*.zip
retention-days: 1
- name: Sign binaries with SignPath
if: github.event_name == 'workflow_dispatch' && github.ref == 'refs/heads/master' # Only manual master builds
uses: signpath/github-action-submit-signing-request@v2
with:
api-token: '${{ secrets.SIGNPATH_API_TOKEN }}'
organization-id: 'b34b60e3-e5bf-4a6e-a13c-dcf641b4362c'
project-slug: 'Open-Shell-Menu'
signing-policy-slug: 'test-signing'
artifact-configuration-slug: 'Binaries'
github-artifact-id: '${{ steps.upload-binaries.outputs.artifact-id }}'
wait-for-completion: true
output-artifact-directory: 'Src/Setup/Output/'
- name: Build installers - name: Build installers
shell: cmd shell: cmd
@@ -76,25 +92,86 @@ jobs:
run: Src\Setup\_BuildEnglish.bat run: Src\Setup\_BuildEnglish.bat
- name: Upload installers - name: Upload installers
if: github.event_name == 'workflow_dispatch' && github.ref == 'refs/heads/master' # Only manual master builds
id: upload-installers
uses: actions/upload-artifact@v7 uses: actions/upload-artifact@v7
with: with:
name: MSI name: MSI
path: | path: |
Src/Setup/Temp/*.msi Src/Setup/Temp/*.msi
retention-days: 1
- name: Build final - name: Sign installers with SignPath
if: github.event_name == 'workflow_dispatch' && github.ref == 'refs/heads/master' # Only manual master builds
uses: signpath/github-action-submit-signing-request@v2
with:
api-token: '${{ secrets.SIGNPATH_API_TOKEN }}'
organization-id: 'b34b60e3-e5bf-4a6e-a13c-dcf641b4362c'
project-slug: 'Open-Shell-Menu'
signing-policy-slug: 'test-signing'
artifact-configuration-slug: 'Installers'
github-artifact-id: '${{ steps.upload-installers.outputs.artifact-id }}'
wait-for-completion: true
output-artifact-directory: 'Src/Setup/Temp/'
- name: Build setup and symbols
shell: cmd shell: cmd
env: env:
CS_VERSION: ${{ steps.versioning.outputs.NEW_VERSION }} CS_VERSION: ${{ steps.versioning.outputs.NEW_VERSION }}
run: Src\Setup\BuildArchives.bat run: Src\Setup\BuildArchives.bat
- name: Upload final - name: Upload symbols
uses: actions/upload-artifact@v7 uses: actions/upload-artifact@v7
with: with:
name: Final
path: | path: |
Src/Setup/Final/ Src/Setup/Final/OpenShellSymbols*.7z
!Src/Setup/Final/OpenShellLoc.zip archive: false
- name: Upload utility
uses: actions/upload-artifact@v7
with:
path: |
Src/Setup/Final/Utility.exe
archive: false
- name: Upload setup
id: upload-setup
uses: actions/upload-artifact@v7
with:
path: |
Src/Setup/Final/OpenShellSetup*.exe
archive: false
- name: Sign setup with SignPath
if: github.event_name == 'workflow_dispatch' && github.ref == 'refs/heads/master' # Only manual master builds
uses: signpath/github-action-submit-signing-request@v2
with:
api-token: '${{ secrets.SIGNPATH_API_TOKEN }}'
organization-id: 'b34b60e3-e5bf-4a6e-a13c-dcf641b4362c'
project-slug: 'Open-Shell-Menu'
signing-policy-slug: 'test-signing'
github-artifact-id: '${{ steps.upload-setup.outputs.artifact-id }}'
wait-for-completion: true
skip-decompress: true
output-artifact-directory: 'Src/Setup/Final/'
# `overwrite: true` doesn't work with `archive: false`, so we have to delete the original first
# https://github.com/actions/upload-artifact/issues/769
# https://github.com/actions/upload-artifact/issues/785
- name: Delete setup
if: github.event_name == 'workflow_dispatch' && github.ref == 'refs/heads/master' # Only manual master builds
uses: geekyeggo/delete-artifact@v6
with:
name: OpenShellSetup*.exe
- name: Upload setup (signed)
if: github.event_name == 'workflow_dispatch' && github.ref == 'refs/heads/master' # Only manual master builds
uses: actions/upload-artifact@v7
with:
path: |
Src/Setup/Final/OpenShellSetup*.exe
archive: false
overwrite: true
release: release:
if: github.event_name == 'workflow_dispatch' && github.ref == 'refs/heads/master' # Only manual master builds if: github.event_name == 'workflow_dispatch' && github.ref == 'refs/heads/master' # Only manual master builds
@@ -103,10 +180,18 @@ jobs:
permissions: permissions:
contents: write # Elevate permissions ONLY for this job contents: write # Elevate permissions ONLY for this job
steps: steps:
- name: Download artifacts - name: Download setup
uses: actions/download-artifact@v8 uses: actions/download-artifact@v8
with: with:
name: OpenShell pattern: OpenShellSetup*.exe
- name: Download symbols
uses: actions/download-artifact@v8
with:
pattern: OpenShellSymbols*.7z
- name: Download utility
uses: actions/download-artifact@v8
with:
pattern: Utility.exe
- name: Create GitHub Release - name: Create GitHub Release
uses: softprops/action-gh-release@v3 uses: softprops/action-gh-release@v3