Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Build & EV Sign Windows builds (#517 #517

Merged
merged 123 commits into from
Feb 22, 2023
Merged

Build & EV Sign Windows builds (#517 #517

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
123 commits
Select commit Hold shift + click to select a range
8c0f883
Add way to provide apple ID and app password to notarise script
t3chguy Dec 13, 2022
ea41482
Add utility to generate electron-builder.json for release & nightly b…
t3chguy Dec 13, 2022
d07379d
Run Build & Test on staging too
t3chguy Dec 13, 2022
6d4415f
First attempt at build & deploy for macOS with signing and notarisation
t3chguy Dec 13, 2022
f289b94
Fix quote mismatch
t3chguy Dec 13, 2022
605783c
use correct quotes
t3chguy Dec 13, 2022
7ff97cf
add runs-on
t3chguy Dec 13, 2022
c83f6cb
Fix inputs.mode usage
t3chguy Dec 13, 2022
45b6c33
remove quotes
t3chguy Dec 13, 2022
d4bbd0c
chmod +x
t3chguy Dec 13, 2022
e75ca8a
Merge branch 'develop' of github.com:vector-im/element-desktop into t…
t3chguy Dec 13, 2022
84b8cd6
Fix artifact paths
t3chguy Dec 13, 2022
68070c8
Fix deploy condition
t3chguy Dec 13, 2022
f6ff5ed
Fix deploy condition
t3chguy Dec 14, 2022
fcc0988
Fix artifact path
t3chguy Dec 14, 2022
eb3ea81
Merge branch 'develop' of github.com:vector-im/element-desktop into t…
t3chguy Dec 14, 2022
d407cba
Iterate
t3chguy Dec 14, 2022
813dfdd
Fix workflow
t3chguy Dec 14, 2022
542bac0
Fix env
t3chguy Dec 14, 2022
4f57fb8
Iterate
t3chguy Dec 14, 2022
d361590
Fix missing env
t3chguy Dec 14, 2022
05993ab
Fix version calculation
t3chguy Dec 14, 2022
6a2c8e0
Iterate
t3chguy Dec 14, 2022
3f2acab
Fix config not taking effect
t3chguy Dec 14, 2022
858e616
Merge branch 'develop' of github.com:vector-im/element-desktop into t…
t3chguy Dec 14, 2022
1b70e49
Update build_and_deploy.yaml
t3chguy Jan 16, 2023
c6f5e9a
Merge branch 'develop' of github.com:vector-im/element-desktop into t…
t3chguy Jan 16, 2023
36b403b
Fix alignments
t3chguy Jan 16, 2023
324bafb
delint
t3chguy Jan 16, 2023
5ff69a0
Fix alignment
t3chguy Jan 16, 2023
e3b9695
Update build_macos.yaml
t3chguy Jan 16, 2023
5de626c
Add ability to EV sign using eSigner CKA
t3chguy Jan 16, 2023
76d2439
Initial work to build & sign Windows nightlies in CI
t3chguy Jan 16, 2023
2be653c
Format
t3chguy Jan 16, 2023
0360cb1
Format
t3chguy Jan 16, 2023
2eacef3
Fix gha
t3chguy Jan 16, 2023
e70b5c8
fix winSign
t3chguy Jan 16, 2023
d600eb0
Fix install command
t3chguy Jan 16, 2023
5c49f6e
Add signtool to path
t3chguy Jan 16, 2023
250502a
Update build_and_deploy.yaml
t3chguy Jan 17, 2023
1c5b26e
Merge branch 't3chguy/notarize1' into t3chguy/ci-sign-windows
t3chguy Jan 17, 2023
19de2e2
Fix quotes
t3chguy Jan 17, 2023
6652574
Merge branch 't3chguy/ci-sign-windows' of github.com:vector-im/elemen…
t3chguy Jan 17, 2023
90d385f
Test
t3chguy Jan 17, 2023
5b6090b
Fix comments
t3chguy Jan 17, 2023
e32c734
Fix cmd
t3chguy Jan 17, 2023
54a712e
Try again
t3chguy Jan 17, 2023
39d10f9
arg slashes
t3chguy Jan 17, 2023
1551fe0
Fix exe path
t3chguy Jan 17, 2023
ed6a6b8
Fix matrix strategy
t3chguy Jan 17, 2023
a0c2351
Use ampersand-call
t3chguy Jan 17, 2023
ba453e1
fwd slash ftw?
t3chguy Jan 17, 2023
93bf438
ls *
t3chguy Jan 17, 2023
0c840d9
🌲
t3chguy Jan 17, 2023
1cbcdc2
tree dist
t3chguy Jan 17, 2023
a62be83
prepend path
t3chguy Jan 18, 2023
b830b90
Specify /fd and /td to modern signtool
t3chguy Jan 18, 2023
70b1ddd
/tr not /t for CKA
t3chguy Jan 18, 2023
007ab46
Test signing
t3chguy Jan 18, 2023
2c55356
missing comma
t3chguy Jan 18, 2023
6b226f2
🤦‍♂️
t3chguy Jan 18, 2023
f95d450
Fix wrong mv
t3chguy Jan 18, 2023
8aed4a8
Lets sign
t3chguy Jan 19, 2023
5bd6c54
Fix config gen
t3chguy Jan 19, 2023
9029df9
Debug
t3chguy Jan 19, 2023
80d73e1
Fix typo
t3chguy Jan 19, 2023
3f24c1a
Multiple drives why
t3chguy Jan 19, 2023
d958ac1
Try NVL sandbox creds
t3chguy Jan 19, 2023
fcce3ff
Update
t3chguy Jan 20, 2023
8ffc74a
Attempt to disable logger
t3chguy Jan 20, 2023
fc0b5dc
Try again
t3chguy Jan 20, 2023
c8adf8e
Iterate
t3chguy Jan 20, 2023
6098866
Update build_macos.yaml
t3chguy Jan 30, 2023
1386159
Update build_and_deploy.yaml
t3chguy Jan 30, 2023
b90d665
Update build_macos.yaml
t3chguy Jan 30, 2023
f880b7b
Update build_and_deploy.yaml
t3chguy Jan 30, 2023
14d0761
Update build_and_deploy.yaml
t3chguy Jan 31, 2023
f2bf266
Merge branch 't3chguy/notarize1' into t3chguy/ci-sign-windows
t3chguy Jan 31, 2023
f98829a
Merge branch 'develop' of github.com:vector-im/element-desktop into t…
t3chguy Feb 1, 2023
b18982b
Try custom build of eSigner CKA
t3chguy Feb 3, 2023
b21d38b
Fix typos
t3chguy Feb 3, 2023
04af053
Update build_windows.yaml
t3chguy Feb 7, 2023
b3852fd
Update build_and_deploy.yaml
t3chguy Feb 8, 2023
ef2625e
Update build_windows.yaml
t3chguy Feb 8, 2023
789428f
Update build_and_deploy.yaml
t3chguy Feb 8, 2023
00f6251
Merge branch 'develop' into t3chguy/ci-sign-windows
t3chguy Feb 10, 2023
85d39bc
Fix symlinking
t3chguy Feb 10, 2023
2af95cf
Merge remote-tracking branch 'origin/t3chguy/ci-sign-windows' into t3…
t3chguy Feb 10, 2023
6a7949d
Fix working-directory incantation
t3chguy Feb 10, 2023
ff07dae
exe
t3chguy Feb 10, 2023
0ea0be0
remove debug
t3chguy Feb 10, 2023
151b955
Prettier
t3chguy Feb 20, 2023
fe63ed6
Merge branch 'develop' of github.com:vector-im/element-desktop into t…
t3chguy Feb 20, 2023
c4fa105
Vendor check in SSL.com executable
t3chguy Feb 20, 2023
fb24d37
Download CKA from packages.element.io instead
t3chguy Feb 20, 2023
594557a
Use demo creds
t3chguy Feb 20, 2023
f7479a7
StrictMode
t3chguy Feb 20, 2023
ffe3052
Switch back to 0207 (unsigned)
t3chguy Feb 20, 2023
4c19ed7
Fix call syntax
t3chguy Feb 20, 2023
b307e2f
Revert env inc
t3chguy Feb 20, 2023
2b10f87
Partial rollback
t3chguy Feb 20, 2023
e48587d
Trace
t3chguy Feb 20, 2023
799da65
Trace less
t3chguy Feb 20, 2023
b316709
Fix CN being passed wrong
t3chguy Feb 20, 2023
e52fc78
DEBUG
t3chguy Feb 20, 2023
4c4732a
Debug 2
t3chguy Feb 20, 2023
daa8f53
Fix ConvertFrom-StringData
t3chguy Feb 20, 2023
da9ab4c
0214
t3chguy Feb 20, 2023
8fca28a
Test
t3chguy Feb 20, 2023
fc75e9c
Test
t3chguy Feb 20, 2023
8b4da57
Untested
t3chguy Feb 20, 2023
4057632
Revert to 0207
t3chguy Feb 20, 2023
3934450
stash
t3chguy Feb 20, 2023
2e7a895
Try with 20230221
t3chguy Feb 21, 2023
f353b0b
Restore scripts/electron_winSign.js
t3chguy Feb 21, 2023
38ba26c
Prepare for merge
t3chguy Feb 21, 2023
1990d48
Merge remote-tracking branch 'origin/t3chguy/ci-sign-windows' into t3…
t3chguy Feb 21, 2023
09a5ddc
Update build_windows.yaml
t3chguy Feb 21, 2023
f966005
Update build_and_deploy.yaml
t3chguy Feb 21, 2023
3b0c532
Restore .github/workflows/build_and_deploy.yaml
t3chguy Feb 21, 2023
c0af8f5
Restore .github/workflows/build_and_deploy.yaml
t3chguy Feb 21, 2023
0d1dc41
Fix bad restore
t3chguy Feb 21, 2023
e488316
Merge branch 'develop' into t3chguy/ci-sign-windows
t3chguy Feb 21, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
222 changes: 129 additions & 93 deletions .github/workflows/build_and_deploy.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,105 +1,141 @@
name: Build and Deploy
on:
# Nightly build
schedule:
- cron: '0 9 * * *'
# Manual nightly & release
workflow_dispatch:
inputs:
mode:
description: What type of build to trigger. Release builds should be ran from the `master` branch.
required: true
default: nightly
type: choice
options:
- nightly
- release
macos:
description: Whether to build macOS
required: true
type: boolean
default: true
linux:
description: Whether to build Linux
required: true
type: boolean
default: true
deploy:
description: Whether to deploy artifacts
required: true
type: boolean
default: true
# Nightly build
schedule:
- cron: "0 9 * * *"
# Manual nightly & release
workflow_dispatch:
inputs:
mode:
description: What type of build to trigger. Release builds should be ran from the `master` branch.
required: true
default: nightly
type: choice
options:
- nightly
- release
macos:
description: Whether to build macOS
required: true
type: boolean
default: true
windows_32bit:
description: Whether to build Windows 32-bit
required: true
type: boolean
default: true
windows_64bit:
description: Whether to build Windows 64-bit
required: true
type: boolean
default: true
linux:
description: Whether to build Linux
required: true
type: boolean
default: true
deploy:
description: Whether to deploy artifacts
required: true
type: boolean
default: true
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
env:
# XXX: UPDATE THIS BEFORE WHEN GOING LIVE
R2_BUCKET: 'packages-element-io-test'
# XXX: UPDATE THIS BEFORE WHEN GOING LIVE
R2_BUCKET: "packages-element-io-test"
jobs:
prepare:
uses: ./.github/workflows/build_prepare.yaml
with:
config: element.io/${{ inputs.mode || 'nightly' }}
version: ${{ inputs.mode == 'release' && '' || 'develop' }}
calculate-nightly-versions: ${{ inputs.mode != 'release' }}
secrets:
CF_R2_ACCESS_KEY_ID: ${{ secrets.CF_R2_ACCESS_KEY_ID }}
CF_R2_TOKEN: ${{ secrets.CF_R2_TOKEN }}
CF_R2_S3_API: ${{ secrets.CF_R2_S3_API }}
prepare:
uses: ./.github/workflows/build_prepare.yaml
with:
config: element.io/${{ inputs.mode || 'nightly' }}
version: ${{ inputs.mode == 'release' && '' || 'develop' }}
calculate-nightly-versions: ${{ inputs.mode != 'release' }}
secrets:
CF_R2_ACCESS_KEY_ID: ${{ secrets.CF_R2_ACCESS_KEY_ID }}
CF_R2_TOKEN: ${{ secrets.CF_R2_TOKEN }}
CF_R2_S3_API: ${{ secrets.CF_R2_S3_API }}

macos:
if: github.event_name != 'workflow_dispatch' || inputs.macos
needs: prepare
name: macOS
uses: ./.github/workflows/build_macos.yaml
secrets: inherit
with:
sign: true
deploy-mode: true
base-url: https://packages.element.io/${{ inputs.mode == 'release' && 'desktop' || 'nightly' }}
version: ${{ needs.prepare.outputs.macos-version }}
windows_32bit:
if: github.event_name != 'workflow_dispatch' || inputs.windows_32bit
needs: prepare
name: Windows 32-bit
uses: ./.github/workflows/build_windows.yaml
secrets: inherit
with:
sign: true
deploy-mode: true
arch: x86
version: ${{ needs.prepare.outputs.win32-x86-version }}

linux:
if: github.event_name != 'workflow_dispatch' || inputs.linux
needs: prepare
name: Linux
uses: ./.github/workflows/build_linux.yaml
secrets: inherit
with:
sqlcipher: system
deploy-mode: true
version: ${{ needs.prepare.outputs.linux-version }}
windows_64bit:
if: github.event_name != 'workflow_dispatch' || inputs.windows_64bit
needs: prepare
name: Windows 64-bit
uses: ./.github/workflows/build_windows.yaml
secrets: inherit
with:
sign: true
deploy-mode: true
arch: x64
version: ${{ needs.prepare.outputs.win32-x64-version }}

deploy:
needs:
- macos
runs-on: ubuntu-latest
name: Deploy
if: always() && (github.event != 'workflow_dispatch' || inputs.deploy)
environment: packages.element.io
steps:
- name: Download artifacts
uses: actions/download-artifact@v3
macos:
if: github.event_name != 'workflow_dispatch' || inputs.macos
needs: prepare
name: macOS
uses: ./.github/workflows/build_macos.yaml
secrets: inherit
with:
name: packages.element.io
path: packages.element.io
sign: true
deploy-mode: true
base-url: https://packages.element.io/${{ inputs.mode == 'release' && 'desktop' || 'nightly' }}
version: ${{ needs.prepare.outputs.macos-version }}

- name: Deploy debian repo
linux:
if: github.event_name != 'workflow_dispatch' || inputs.linux
run: |
mv packages.element.io/debian .
aws s3 cp --recursive debian/ s3://$R2_BUCKET/debian --endpoint-url $R2_URL --region auto
env:
AWS_ACCESS_KEY_ID: ${{ secrets.CF_R2_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.CF_R2_TOKEN }}
R2_URL: ${{ secrets.CF_R2_S3_API }}
needs: prepare
name: Linux
uses: ./.github/workflows/build_linux.yaml
secrets: inherit
with:
sqlcipher: system
deploy-mode: true
version: ${{ needs.prepare.outputs.linux-version }}

- name: Deploy artifacts
if: github.event_name != 'workflow_dispatch' || inputs.macos
run: |
aws s3 cp --recursive packages.element.io/ s3://$R2_BUCKET/$DEPLOYMENT_DIR --endpoint-url $R2_URL --region auto
env:
AWS_ACCESS_KEY_ID: ${{ secrets.CF_R2_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.CF_R2_TOKEN }}
R2_URL: ${{ secrets.CF_R2_S3_API }}
DEPLOYMENT_DIR: ${{ inputs.mode == 'release' && 'desktop' || 'nightly' }}
deploy:
needs:
- macos
- windows_32bit
- windows_64bit
runs-on: ubuntu-latest
name: Deploy
if: always() && (github.event != 'workflow_dispatch' || inputs.deploy)
environment: packages.element.io
steps:
- name: Download artifacts
uses: actions/download-artifact@v3
with:
name: packages.element.io
path: packages.element.io

- name: Deploy debian repo
if: github.event_name != 'workflow_dispatch' || inputs.linux
run: |
mv packages.element.io/debian .
aws s3 cp --recursive debian/ s3://$R2_BUCKET/debian --endpoint-url $R2_URL --region auto
env:
AWS_ACCESS_KEY_ID: ${{ secrets.CF_R2_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.CF_R2_TOKEN }}
R2_URL: ${{ secrets.CF_R2_S3_API }}

- name: Deploy artifacts
if: github.event_name != 'workflow_dispatch' || inputs.macos
run: |
aws s3 cp --recursive packages.element.io/ s3://$R2_BUCKET/$DEPLOYMENT_DIR --endpoint-url $R2_URL --region auto
env:
AWS_ACCESS_KEY_ID: ${{ secrets.CF_R2_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.CF_R2_TOKEN }}
R2_URL: ${{ secrets.CF_R2_S3_API }}
DEPLOYMENT_DIR: ${{ inputs.mode == 'release' && 'desktop' || 'nightly' }}
Loading