From b045dc89d21f7be519c51dc8e45eb438cc04e8f6 Mon Sep 17 00:00:00 2001 From: Hien To Date: Mon, 4 Dec 2023 17:31:55 +0700 Subject: [PATCH 1/3] Add windows codesign for nitro --- .github/workflows/build.yml | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 17530ce7a..2989f4b4c 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -336,6 +336,8 @@ jobs: run: | robocopy build_deps\_install\bin .\build\Release zlib.dll robocopy build\bin\Release .\build\Release llama.dll + dotnet tool install --global AzureSignTool + azuresigntool.exe sign -kvu "${{ secrets.AZURE_KEY_VAULT_URI }}" -kvi "${{ secrets.AZURE_CLIENT_ID }}" -kvt "${{ secrets.AZURE_TENANT_ID }}" -kvs "${{ secrets.AZURE_CLIENT_SECRET }}" -kvc ${{ secrets.AZURE_CERT_NAME }} -tr http://timestamp.globalsign.com/tsa/r6advanced1 -v ".\build\Release\nitro.exe" 7z a -ttar temp.tar .\build\Release\* 7z a -tgzip nitro.tar.gz temp.tar @@ -400,13 +402,22 @@ jobs: cmake .. -DLLAMA_NATIVE=OFF -DLLAMA_BUILD_SERVER=ON -DLLAMA_CUBLAS=ON cmake --build . --config Release -j "%NUMBER_OF_PROCESSORS%" - - name: Pack artifacts - id: pack_artifacts + - name: Copy dependencies shell: cmd run: | set PATH=%PATH%;C:\Program Files\7-Zip\ robocopy build_deps\_install\bin .\build\Release zlib.dll robocopy build\bin\Release .\build\Release llama.dll + + - name: Windows Code Sign with AzureSignTool + run: | + dotnet tool install --global AzureSignTool + cd ./build/Release + azuresigntool.exe sign -kvu "${{ secrets.AZURE_KEY_VAULT_URI }}" -kvi "${{ secrets.AZURE_CLIENT_ID }}" -kvt "${{ secrets.AZURE_TENANT_ID }}" -kvs "${{ secrets.AZURE_CLIENT_SECRET }}" -kvc ${{ secrets.AZURE_CERT_NAME }} -tr http://timestamp.globalsign.com/tsa/r6advanced1 -v "nitro.exe" + + - name: Pack artifacts + shell: cmd + run: | 7z a -ttar temp.tar .\build\Release\* 7z a -tgzip nitro.tar.gz temp.tar From 50abfe6210e2f730f87f238d41a6230a1ba5daa3 Mon Sep 17 00:00:00 2001 From: Hien To Date: Mon, 4 Dec 2023 18:24:20 +0700 Subject: [PATCH 2/3] Add step install dotnet --- .github/workflows/build.yml | 17 +++++++---------- 1 file changed, 7 insertions(+), 10 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 2989f4b4c..a6c2e28d0 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -391,6 +391,10 @@ jobs: env: ACTIONS_ALLOW_UNSECURE_COMMANDS: true + - uses: actions/setup-dotnet@v3 + with: + dotnet-version: '6.0.x' + - name: Build id: cmake_build shell: cmd @@ -402,22 +406,15 @@ jobs: cmake .. -DLLAMA_NATIVE=OFF -DLLAMA_BUILD_SERVER=ON -DLLAMA_CUBLAS=ON cmake --build . --config Release -j "%NUMBER_OF_PROCESSORS%" - - name: Copy dependencies + - name: Pack artifacts + id: pack_artifacts shell: cmd run: | set PATH=%PATH%;C:\Program Files\7-Zip\ robocopy build_deps\_install\bin .\build\Release zlib.dll robocopy build\bin\Release .\build\Release llama.dll - - - name: Windows Code Sign with AzureSignTool - run: | dotnet tool install --global AzureSignTool - cd ./build/Release - azuresigntool.exe sign -kvu "${{ secrets.AZURE_KEY_VAULT_URI }}" -kvi "${{ secrets.AZURE_CLIENT_ID }}" -kvt "${{ secrets.AZURE_TENANT_ID }}" -kvs "${{ secrets.AZURE_CLIENT_SECRET }}" -kvc ${{ secrets.AZURE_CERT_NAME }} -tr http://timestamp.globalsign.com/tsa/r6advanced1 -v "nitro.exe" - - - name: Pack artifacts - shell: cmd - run: | + azuresigntool.exe sign -kvu "${{ secrets.AZURE_KEY_VAULT_URI }}" -kvi "${{ secrets.AZURE_CLIENT_ID }}" -kvt "${{ secrets.AZURE_TENANT_ID }}" -kvs "${{ secrets.AZURE_CLIENT_SECRET }}" -kvc ${{ secrets.AZURE_CERT_NAME }} -tr http://timestamp.globalsign.com/tsa/r6advanced1 -v ".\build\Release\nitro.exe" 7z a -ttar temp.tar .\build\Release\* 7z a -tgzip nitro.tar.gz temp.tar From 21d391e92a5dd453de977b63c627292dc60374e2 Mon Sep 17 00:00:00 2001 From: Hien To Date: Mon, 4 Dec 2023 18:48:29 +0700 Subject: [PATCH 3/3] add absolute path for azuresigntool --- .github/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index a6c2e28d0..477df5f92 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -414,7 +414,7 @@ jobs: robocopy build_deps\_install\bin .\build\Release zlib.dll robocopy build\bin\Release .\build\Release llama.dll dotnet tool install --global AzureSignTool - azuresigntool.exe sign -kvu "${{ secrets.AZURE_KEY_VAULT_URI }}" -kvi "${{ secrets.AZURE_CLIENT_ID }}" -kvt "${{ secrets.AZURE_TENANT_ID }}" -kvs "${{ secrets.AZURE_CLIENT_SECRET }}" -kvc ${{ secrets.AZURE_CERT_NAME }} -tr http://timestamp.globalsign.com/tsa/r6advanced1 -v ".\build\Release\nitro.exe" + %USERPROFILE%\.dotnet\tools\azuresigntool.exe sign -kvu "${{ secrets.AZURE_KEY_VAULT_URI }}" -kvi "${{ secrets.AZURE_CLIENT_ID }}" -kvt "${{ secrets.AZURE_TENANT_ID }}" -kvs "${{ secrets.AZURE_CLIENT_SECRET }}" -kvc ${{ secrets.AZURE_CERT_NAME }} -tr http://timestamp.globalsign.com/tsa/r6advanced1 -v ".\build\Release\nitro.exe" 7z a -ttar temp.tar .\build\Release\* 7z a -tgzip nitro.tar.gz temp.tar