Skip to content

feat: reimplement windows signing (#174) #460

feat: reimplement windows signing (#174)

feat: reimplement windows signing (#174) #460

Workflow file for this run

name: Build/release
on:
workflow_dispatch:
push:
permissions: {}
jobs:
lint:
runs-on: ubuntu-latest
steps:
- name: Check out Git repository
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Install dependencies
run: |
sudo apt-get update
sudo apt-get install -y yasm libudev-dev libusb-1.0-0-dev
- name: Use Node.js
uses: actions/setup-node@v4
with:
node-version-file: '.node-version'
- name: Prepare
run: |
corepack enable
# try and avoid timeout errors
yarn config set httpTimeout 100000
yarn
- name: Lint
run: |
yarn lint
Linux-x64:
runs-on: ubuntu-latest
steps:
- name: Check out Git repository
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Install dependencies
run: |
sudo apt-get update
sudo apt-get install -y yasm libudev-dev libusb-1.0-0-dev
- name: Use Node.js
uses: actions/setup-node@v4
with:
node-version-file: '.node-version'
- name: Run build
run: |
corepack enable
# try and avoid timeout errors
yarn config set httpTimeout 100000
yarn
yarn --cwd webui install
yarn dist
- name: Determine files to upload
id: filenames
shell: bash
run: |
HASH=$(git rev-parse --short HEAD)
COUNT=$(git rev-list --count HEAD)
VERSION=$(node -e "console.log(require('./package.json').version)")
echo "sourcename=electron-output/companion-satellite-x64.tar.gz" >> $GITHUB_OUTPUT
echo "targetname=companion-satellite-x64-${COUNT}-${HASH}.tar.gz" >> $GITHUB_OUTPUT
echo "longversion=${VERSION}+${COUNT}-${HASH}" >> $GITHUB_OUTPUT
- name: Upload build
uses: bitfocus/actions/upload-and-notify@main
with:
long-version: ${{ steps.filenames.outputs.longversion }}
beta-branch: main
source-filename: ${{ steps.filenames.outputs.sourcename }}
destination-filename: ${{ steps.filenames.outputs.targetname }}
s3-host: ${{ secrets.S3_HOST }}
s3-bucket: ${{ secrets.S3_BUCKET }}/companion-satellite
s3-access-key: ${{ secrets.S3_KEY }}
s3-secret-key: ${{ secrets.S3_SECRET }}
api-product: companion-satellite
api-target: 'linux-tgz'
api-secret: ${{ secrets.BITFOCUS_API_PROJECT_SECRET }}
- name: Upload as artifact
uses: actions/upload-artifact@v4
with:
name: linux-x64
path: ${{ steps.filenames.outputs.sourcename }}
retention-days: 1
Linux-arm64:
runs-on: ubuntu-latest
steps:
- name: Check out Git repository
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Install dependencies
run: |
sudo apt-get update
sudo apt-get install -y yasm libudev-dev libusb-1.0-0-dev
- name: Use Node.js
uses: actions/setup-node@v4
with:
node-version-file: '.node-version'
- name: Run build
run: |
corepack enable
# try and avoid timeout errors
yarn config set httpTimeout 100000
yarn
yarn --cwd webui install
yarn dist linux-arm64
- name: Determine files to upload
id: filenames
shell: bash
run: |
HASH=$(git rev-parse --short HEAD)
COUNT=$(git rev-list --count HEAD)
VERSION=$(node -e "console.log(require('./package.json').version)")
echo "sourcename=electron-output/companion-satellite-arm64.tar.gz" >> $GITHUB_OUTPUT
echo "targetname=companion-satellite-arm64-${COUNT}-${HASH}.tar.gz" >> $GITHUB_OUTPUT
echo "longversion=${VERSION}+${COUNT}-${HASH}" >> $GITHUB_OUTPUT
- name: Upload build
uses: bitfocus/actions/upload-and-notify@main
with:
long-version: ${{ steps.filenames.outputs.longversion }}
beta-branch: main
source-filename: ${{ steps.filenames.outputs.sourcename }}
destination-filename: ${{ steps.filenames.outputs.targetname }}
s3-host: ${{ secrets.S3_HOST }}
s3-bucket: ${{ secrets.S3_BUCKET }}/companion-satellite
s3-access-key: ${{ secrets.S3_KEY }}
s3-secret-key: ${{ secrets.S3_SECRET }}
api-product: companion-satellite
api-target: 'linux-arm64-tgz'
api-secret: ${{ secrets.BITFOCUS_API_PROJECT_SECRET }}
- name: Upload as artifact
uses: actions/upload-artifact@v4
with:
name: linux-arm64
path: ${{ steps.filenames.outputs.sourcename }}
retention-days: 1
Windows-x64:
runs-on: ${{ startsWith(github.ref, 'refs/tags/') && fromJSON('["self-hosted", "Windows", "codecert", "X64"]') || 'windows-latest'}}
steps:
- name: Check out Git repository
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Use Node.js
uses: actions/setup-node@v4
with:
node-version-file: '.node-version'
- name: Run build
run: |
corepack enable
# try and avoid timeout errors
yarn config set httpTimeout 100000
yarn
yarn --cwd webui install
- name: build & package (unsigned)
if: ${{ runner.environment != 'self-hosted' }}
run: |
yarn dist win32-x64
env:
CI: 1
- name: build & package (signed)
if: ${{ runner.environment == 'self-hosted' }}
run: |
yarn dist win32-x64
env:
CI: 1
CSC_LINK: c:\\actions-runner-bitfocusas\\codesign.cer
BF_CODECERT_KEY: ${{ secrets.BF_CODECERT_KEY }}
- name: Determine files to upload
id: filenames
shell: bash
run: |
HASH=$(git rev-parse --short HEAD)
COUNT=$(git rev-list --count HEAD)
VERSION=$(node -e "console.log(require('./package.json').version)")
echo "sourcename=electron-output/companion-satellite-x64.exe" >> $GITHUB_OUTPUT
echo "targetname=companion-satellite-x64-${COUNT}-${HASH}.exe" >> $GITHUB_OUTPUT
echo "longversion=${VERSION}+${COUNT}-${HASH}" >> $GITHUB_OUTPUT
- name: Upload build
uses: bitfocus/actions/upload-and-notify@main
with:
long-version: ${{ steps.filenames.outputs.longversion }}
beta-branch: main
source-filename: ${{ steps.filenames.outputs.sourcename }}
destination-filename: ${{ steps.filenames.outputs.targetname }}
s3-host: ${{ secrets.S3_HOST }}
s3-bucket: ${{ secrets.S3_BUCKET }}/companion-satellite
s3-access-key: ${{ secrets.S3_KEY }}
s3-secret-key: ${{ secrets.S3_SECRET }}
api-product: companion-satellite
api-target: 'win-x64'
api-secret: ${{ secrets.BITFOCUS_API_PROJECT_SECRET }}
- name: Upload as artifact
uses: actions/upload-artifact@v4
with:
name: windows-x64
path: ${{ steps.filenames.outputs.sourcename }}
retention-days: 1
Mac-x64:
runs-on: macos-latest
steps:
- name: Check out Git repository
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Use Node.js
uses: actions/setup-node@v4
with:
node-version-file: '.node-version'
- name: Run build
run: |
corepack enable
# try and avoid timeout errors
yarn config set httpTimeout 100000
yarn
yarn --cwd webui install
yarn dist mac-x64
env:
CSC_LINK: ${{ secrets.OSX_CSC_LINK }}
CSC_KEY_PASSWORD: ${{ secrets.OSX_CSC_KEY_PASSWORD }}
APPLEID: ${{ secrets.APPLEID }}
APPLETEAMID: ${{ secrets.APPLETEAMID }}
APPLEIDPASS: ${{ secrets.APPLEIDPASS }}
- name: Determine files to upload
id: filenames
shell: bash
run: |
HASH=$(git rev-parse --short HEAD)
COUNT=$(git rev-list --count HEAD)
VERSION=$(node -e "console.log(require('./package.json').version)")
echo "sourcename=electron-output/companion-satellite-x64.dmg" >> $GITHUB_OUTPUT
echo "targetname=companion-satellite-x64-${COUNT}-${HASH}.dmg" >> $GITHUB_OUTPUT
echo "longversion=${VERSION}+${COUNT}-${HASH}" >> $GITHUB_OUTPUT
- name: Upload build
uses: bitfocus/actions/upload-and-notify@main
with:
long-version: ${{ steps.filenames.outputs.longversion }}
beta-branch: main
source-filename: ${{ steps.filenames.outputs.sourcename }}
destination-filename: ${{ steps.filenames.outputs.targetname }}
s3-host: ${{ secrets.S3_HOST }}
s3-bucket: ${{ secrets.S3_BUCKET }}/companion-satellite
s3-access-key: ${{ secrets.S3_KEY }}
s3-secret-key: ${{ secrets.S3_SECRET }}
api-product: companion-satellite
api-target: 'mac-intel'
api-secret: ${{ secrets.BITFOCUS_API_PROJECT_SECRET }}
- name: Upload as artifact
uses: actions/upload-artifact@v4
with:
name: mac-intel
path: ${{ steps.filenames.outputs.sourcename }}
retention-days: 1
Mac-arm64:
runs-on: macos-latest
steps:
- name: Check out Git repository
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Use Node.js
uses: actions/setup-node@v4
with:
node-version-file: '.node-version'
- name: Run build
run: |
corepack enable
# try and avoid timeout errors
yarn config set httpTimeout 100000
yarn
yarn --cwd webui install
yarn dist mac-arm64
env:
CSC_LINK: ${{ secrets.OSX_CSC_LINK }}
CSC_KEY_PASSWORD: ${{ secrets.OSX_CSC_KEY_PASSWORD }}
APPLEID: ${{ secrets.APPLEID }}
APPLETEAMID: ${{ secrets.APPLETEAMID }}
APPLEIDPASS: ${{ secrets.APPLEIDPASS }}
- name: Determine files to upload
id: filenames
shell: bash
run: |
HASH=$(git rev-parse --short HEAD)
COUNT=$(git rev-list --count HEAD)
VERSION=$(node -e "console.log(require('./package.json').version)")
echo "sourcename=electron-output/companion-satellite-arm64.dmg" >> $GITHUB_OUTPUT
echo "targetname=companion-satellite-arm64-${COUNT}-${HASH}.dmg" >> $GITHUB_OUTPUT
echo "longversion=${VERSION}+${COUNT}-${HASH}" >> $GITHUB_OUTPUT
- name: Upload build
uses: bitfocus/actions/upload-and-notify@main
with:
long-version: ${{ steps.filenames.outputs.longversion }}
beta-branch: main
source-filename: ${{ steps.filenames.outputs.sourcename }}
destination-filename: ${{ steps.filenames.outputs.targetname }}
s3-host: ${{ secrets.S3_HOST }}
s3-bucket: ${{ secrets.S3_BUCKET }}/companion-satellite
s3-access-key: ${{ secrets.S3_KEY }}
s3-secret-key: ${{ secrets.S3_SECRET }}
api-product: companion-satellite
api-target: 'mac-arm'
api-secret: ${{ secrets.BITFOCUS_API_PROJECT_SECRET }}
- name: Upload as artifact
uses: actions/upload-artifact@v4
with:
name: mac-arm
path: ${{ steps.filenames.outputs.sourcename }}
retention-days: 1
pi-img:
runs-on: ubuntu-latest
name: build image
# only run for main
if: ${{ github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/v') }}
needs:
- Linux-arm64
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: false
steps:
- name: Checkout Repository
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Determine files to upload
id: filenames
shell: bash
run: |
HASH=$(git rev-parse --short HEAD)
COUNT=$(git rev-list --count HEAD)
VERSION=$(node -e "console.log(require('./package.json').version)")
echo "sourcename=pi-image/output-satellitepi/image.gz" >> $GITHUB_OUTPUT
echo "targetname=companion-satellite-pi-${COUNT}-${HASH}.img.gz" >> $GITHUB_OUTPUT
echo "longversion=${VERSION}+${COUNT}-${HASH}" >> $GITHUB_OUTPUT
echo "shortversion=v${VERSION}" >> $GITHUB_OUTPUT
- name: install packer
id: install-packer
run: |
curl -fsSL https://apt.releases.hashicorp.com/gpg | sudo apt-key add -
sudo apt-add-repository "deb [arch=amd64] https://apt.releases.hashicorp.com $(lsb_release -cs) main"
sudo apt-get update && sudo apt-get install -y packer
CACHE_KEY=$(grep iso_checksum pi-image/satellitepi.pkr.hcl)
echo "CACHE_KEY=${CACHE_KEY}" >> "$GITHUB_OUTPUT"
- name: Restore image cache
uses: actions/cache@v4
with:
path: /tmp/packer_cache
key: ${{ steps.install-packer.outputs.CACHE_KEY }}
- name: build image
run: |
echo "BUILD_IS_TAG=${BUILD_IS_TAG}"
if [[ "$BUILD_IS_TAG" == "true" ]]; then
export BUILD_BRANCH=stable
export BUILD_VERSION="${{ steps.filenames.outputs.shortversion }}"
else
export BUILD_BRANCH=${GITHUB_REF_NAME}
export BUILD_VERSION="${{ steps.filenames.outputs.longversion }}"
fi
cd pi-image
sudo packer init satellitepi.pkr.hcl
sudo packer build --var branch=${BUILD_BRANCH} --var "build=$BUILD_VERSION" satellitepi.pkr.hcl
env:
PACKER_GITHUB_API_TOKEN: ${{ secrets.GITHUB_TOKEN }}
PACKER_CACHE_DIR: /tmp/packer_cache
BUILD_IS_TAG: ${{ startsWith(github.ref, 'refs/tags/v') }}
- name: compress image
shell: bash
run: |
cd pi-image/output-satellitepi
sudo apt-get install -y zerofree
device="$(sudo losetup --partscan --show --find image)"
sudo zerofree "${device}p2"
sudo losetup --detach "$device"
sudo gzip -n image
- name: Upload build
uses: bitfocus/actions/upload-and-notify@main
with:
long-version: ${{ steps.filenames.outputs.longversion }}
beta-branch: main
source-filename: ${{ steps.filenames.outputs.sourcename }}
destination-filename: ${{ steps.filenames.outputs.targetname }}
s3-host: ${{ secrets.S3_HOST }}
s3-bucket: ${{ secrets.S3_BUCKET }}/companion-satellite
s3-access-key: ${{ secrets.S3_KEY }}
s3-secret-key: ${{ secrets.S3_SECRET }}
api-product: companion-satellite
api-target: 'linux-img'
api-secret: ${{ secrets.BITFOCUS_API_PROJECT_SECRET }}