From a93ef5488e75020ddd49be6ed73679d49a54b0f6 Mon Sep 17 00:00:00 2001 From: Florian Loitsch Date: Wed, 26 Feb 2025 21:21:58 +0100 Subject: [PATCH 1/7] Sign Windows with new action. --- .github/workflows/ci.yml | 36 +++++++++++++++++------------------- 1 file changed, 17 insertions(+), 19 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 9db3a24ec..b214a4d5f 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -38,6 +38,11 @@ on: required: false type: boolean default: false + sign-windows: + description: "Sign Windows executables" + required: false + type: boolean + default: false build-arm-macos: description: "Build ARM macOS executables" required: false @@ -907,7 +912,9 @@ jobs: sign_windows: runs-on: windows-latest needs: [combine] - if: (github.event_name == 'release' || startsWith(github.event.inputs.do-release, 'v')) + if: (github.event_name == 'release' || + startsWith(github.event.inputs.do-release, 'v') || + github.event.inputs.sign-windows == 'true') steps: - uses: actions/checkout@v4 @@ -920,23 +927,17 @@ jobs: & "C:\Program Files\Git\bin\bash.exe" --noprofile --norc -e -o pipefail -c "tar -xzf toit-windows.tar.gz" - name: Sign Windows binary - uses: toitlang/action-code-sign@5da128f4fb4f719c1b667867815f6c31e743b111 # v1.1.0 + uses: toitlang/action-code-sign@ee38ce5a2d7493d2acee24cacd6722dce3a17e53 # v1.0.2 with: - certificate: ${{ secrets.DIGICERT_CERTIFICATE }} - api-key: ${{ secrets.DIGICERT_API_KEY }} - certificate-password: ${{ secrets.DIGICERT_PASSWORD }} - certificate-fingerprint: ${{ secrets.DIGICERT_FINGERPRINT }} - keypair-alias: ${{ vars.DIGICERT_KEYPAIR_ALIAS }} + uri: ${{ vars.CERTUM_URI }} + password: ${{ secrets.CERTUM_PWD }} path: toit/bin - name: Sign Windows tools - uses: toitlang/action-code-sign@5da128f4fb4f719c1b667867815f6c31e743b111 # v1.1.0 + uses: toitlang/action-code-sign@ee38ce5a2d7493d2acee24cacd6722dce3a17e53 # v1.0.2 with: - certificate: ${{ secrets.DIGICERT_CERTIFICATE }} - api-key: ${{ secrets.DIGICERT_API_KEY }} - certificate-password: ${{ secrets.DIGICERT_PASSWORD }} - certificate-fingerprint: ${{ secrets.DIGICERT_FINGERPRINT }} - keypair-alias: ${{ vars.DIGICERT_KEYPAIR_ALIAS }} + uri: ${{ vars.CERTUM_URI }} + password: ${{ secrets.CERTUM_PWD }} path: toit/tools - name: Compress @@ -956,13 +957,10 @@ jobs: & tools\windows_installer\build.bat ${{ steps.version.outputs.version }} $PWD\toit $PWD\toit-windows-x64-installer.exe - name: Sign Windows installer - uses: toitlang/action-code-sign@5da128f4fb4f719c1b667867815f6c31e743b111 # v1.1.0 + uses: toitlang/action-code-sign@ee38ce5a2d7493d2acee24cacd6722dce3a17e53 # v1.0.2 with: - certificate: ${{ secrets.DIGICERT_CERTIFICATE }} - api-key: ${{ secrets.DIGICERT_API_KEY }} - certificate-password: ${{ secrets.DIGICERT_PASSWORD }} - certificate-fingerprint: ${{ secrets.DIGICERT_FINGERPRINT }} - keypair-alias: ${{ vars.DIGICERT_KEYPAIR_ALIAS }} + uri: ${{ vars.CERTUM_URI }} + password: ${{ secrets.CERTUM_PWD }} path: toit-windows-x64-installer.exe - name: Upload artifacts From 05aadf1e9ea7541ae642915bfcce7ddd04ac1b71 Mon Sep 17 00:00:00 2001 From: Florian Loitsch Date: Wed, 26 Feb 2025 21:27:18 +0100 Subject: [PATCH 2/7] Fix action-path. --- .github/workflows/ci.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index b214a4d5f..be44539a6 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -927,14 +927,14 @@ jobs: & "C:\Program Files\Git\bin\bash.exe" --noprofile --norc -e -o pipefail -c "tar -xzf toit-windows.tar.gz" - name: Sign Windows binary - uses: toitlang/action-code-sign@ee38ce5a2d7493d2acee24cacd6722dce3a17e53 # v1.0.2 + uses: toitlang/action-sign-server@ee38ce5a2d7493d2acee24cacd6722dce3a17e53 # v1.0.2 with: uri: ${{ vars.CERTUM_URI }} password: ${{ secrets.CERTUM_PWD }} path: toit/bin - name: Sign Windows tools - uses: toitlang/action-code-sign@ee38ce5a2d7493d2acee24cacd6722dce3a17e53 # v1.0.2 + uses: toitlang/action-sign-server@ee38ce5a2d7493d2acee24cacd6722dce3a17e53 # v1.0.2 with: uri: ${{ vars.CERTUM_URI }} password: ${{ secrets.CERTUM_PWD }} @@ -957,7 +957,7 @@ jobs: & tools\windows_installer\build.bat ${{ steps.version.outputs.version }} $PWD\toit $PWD\toit-windows-x64-installer.exe - name: Sign Windows installer - uses: toitlang/action-code-sign@ee38ce5a2d7493d2acee24cacd6722dce3a17e53 # v1.0.2 + uses: toitlang/action-sign-server@ee38ce5a2d7493d2acee24cacd6722dce3a17e53 # v1.0.2 with: uri: ${{ vars.CERTUM_URI }} password: ${{ secrets.CERTUM_PWD }} From 369b453be45680ddc95365b49a272d18f6599f34 Mon Sep 17 00:00:00 2001 From: Florian Loitsch Date: Wed, 26 Feb 2025 21:42:50 +0100 Subject: [PATCH 3/7] Use latest version. --- .github/workflows/ci.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index be44539a6..dfbb94833 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -927,14 +927,14 @@ jobs: & "C:\Program Files\Git\bin\bash.exe" --noprofile --norc -e -o pipefail -c "tar -xzf toit-windows.tar.gz" - name: Sign Windows binary - uses: toitlang/action-sign-server@ee38ce5a2d7493d2acee24cacd6722dce3a17e53 # v1.0.2 + uses: toitlang/action-sign-server@51cf79bedcdbf065d9e5f334b594f91a675a1bed # v1.0.3 with: uri: ${{ vars.CERTUM_URI }} password: ${{ secrets.CERTUM_PWD }} path: toit/bin - name: Sign Windows tools - uses: toitlang/action-sign-server@ee38ce5a2d7493d2acee24cacd6722dce3a17e53 # v1.0.2 + uses: toitlang/action-sign-server@51cf79bedcdbf065d9e5f334b594f91a675a1bed # v1.0.3 with: uri: ${{ vars.CERTUM_URI }} password: ${{ secrets.CERTUM_PWD }} @@ -957,7 +957,7 @@ jobs: & tools\windows_installer\build.bat ${{ steps.version.outputs.version }} $PWD\toit $PWD\toit-windows-x64-installer.exe - name: Sign Windows installer - uses: toitlang/action-sign-server@ee38ce5a2d7493d2acee24cacd6722dce3a17e53 # v1.0.2 + uses: toitlang/action-sign-server@51cf79bedcdbf065d9e5f334b594f91a675a1bed # v1.0.3 with: uri: ${{ vars.CERTUM_URI }} password: ${{ secrets.CERTUM_PWD }} From f73202b76b74da539611ad71e6ab09374a224f4d Mon Sep 17 00:00:00 2001 From: Florian Loitsch Date: Wed, 26 Feb 2025 21:45:15 +0100 Subject: [PATCH 4/7] Set missing version. --- .github/workflows/ci.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index dfbb94833..87fb2a238 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -948,6 +948,10 @@ jobs: id: version shell: powershell run: | + # If the version is empty, use 'v0.0.0' instead. + if (${{ env.TOIT_VERSION }} -eq '') { + echo "TOIT_VERSION=v0.0.0" >> $env:GITHUB_ENV + } $versionV = "${{ env.TOIT_VERSION }}" $version = $versionV.Substring(1) echo "version=$version" >> $env:GITHUB_OUTPUT From c7723cf2ae455ac23d0b91ef6520d9aa53c65699 Mon Sep 17 00:00:00 2001 From: Florian Loitsch Date: Wed, 26 Feb 2025 22:05:23 +0100 Subject: [PATCH 5/7] Use latest version. --- .github/workflows/ci.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 87fb2a238..7873c2960 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -927,14 +927,14 @@ jobs: & "C:\Program Files\Git\bin\bash.exe" --noprofile --norc -e -o pipefail -c "tar -xzf toit-windows.tar.gz" - name: Sign Windows binary - uses: toitlang/action-sign-server@51cf79bedcdbf065d9e5f334b594f91a675a1bed # v1.0.3 + uses: toitlang/action-sign-server@c0ddf849f5d30d53189381ea35daec08b1457e0d # v1.0.4 with: uri: ${{ vars.CERTUM_URI }} password: ${{ secrets.CERTUM_PWD }} path: toit/bin - name: Sign Windows tools - uses: toitlang/action-sign-server@51cf79bedcdbf065d9e5f334b594f91a675a1bed # v1.0.3 + uses: toitlang/action-sign-server@c0ddf849f5d30d53189381ea35daec08b1457e0d # v1.0.4 with: uri: ${{ vars.CERTUM_URI }} password: ${{ secrets.CERTUM_PWD }} @@ -961,7 +961,7 @@ jobs: & tools\windows_installer\build.bat ${{ steps.version.outputs.version }} $PWD\toit $PWD\toit-windows-x64-installer.exe - name: Sign Windows installer - uses: toitlang/action-sign-server@51cf79bedcdbf065d9e5f334b594f91a675a1bed # v1.0.3 + uses: toitlang/action-sign-server@c0ddf849f5d30d53189381ea35daec08b1457e0d # v1.0.4 with: uri: ${{ vars.CERTUM_URI }} password: ${{ secrets.CERTUM_PWD }} From d83d96a0917b7de1bf7b40e058720e898753a0c6 Mon Sep 17 00:00:00 2001 From: Florian Loitsch Date: Wed, 26 Feb 2025 22:43:12 +0100 Subject: [PATCH 6/7] Use latest version. --- .github/workflows/ci.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 7873c2960..fa6136a51 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -927,14 +927,14 @@ jobs: & "C:\Program Files\Git\bin\bash.exe" --noprofile --norc -e -o pipefail -c "tar -xzf toit-windows.tar.gz" - name: Sign Windows binary - uses: toitlang/action-sign-server@c0ddf849f5d30d53189381ea35daec08b1457e0d # v1.0.4 + uses: toitlang/action-sign-server@bb64e1973f5492ace732c9a08c76d2777b102dc1 # v1.0.6 with: uri: ${{ vars.CERTUM_URI }} password: ${{ secrets.CERTUM_PWD }} path: toit/bin - name: Sign Windows tools - uses: toitlang/action-sign-server@c0ddf849f5d30d53189381ea35daec08b1457e0d # v1.0.4 + uses: toitlang/action-sign-server@bb64e1973f5492ace732c9a08c76d2777b102dc1 # v1.0.6 with: uri: ${{ vars.CERTUM_URI }} password: ${{ secrets.CERTUM_PWD }} @@ -961,7 +961,7 @@ jobs: & tools\windows_installer\build.bat ${{ steps.version.outputs.version }} $PWD\toit $PWD\toit-windows-x64-installer.exe - name: Sign Windows installer - uses: toitlang/action-sign-server@c0ddf849f5d30d53189381ea35daec08b1457e0d # v1.0.4 + uses: toitlang/action-sign-server@bb64e1973f5492ace732c9a08c76d2777b102dc1 # v1.0.6 with: uri: ${{ vars.CERTUM_URI }} password: ${{ secrets.CERTUM_PWD }} From 5b4e57f16fb29b1e354ffc4d9f0fc2642d2b70f8 Mon Sep 17 00:00:00 2001 From: Florian Loitsch Date: Wed, 26 Feb 2025 23:00:26 +0100 Subject: [PATCH 7/7] Fix missing version. --- .github/workflows/ci.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index fa6136a51..312b61b0a 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -949,10 +949,10 @@ jobs: shell: powershell run: | # If the version is empty, use 'v0.0.0' instead. - if (${{ env.TOIT_VERSION }} -eq '') { + if ([string]::IsNullOrEmpty($env:TOIT_VERSION)) { echo "TOIT_VERSION=v0.0.0" >> $env:GITHUB_ENV } - $versionV = "${{ env.TOIT_VERSION }}" + $versionV = $env:TOIT_VERSION $version = $versionV.Substring(1) echo "version=$version" >> $env:GITHUB_OUTPUT