name: Pre-Release WinUtil permissions: contents: write actions: read on: workflow_dispatch: # Manual trigger added jobs: build-runspace: runs-on: windows-latest env: CERTIFICATE_BASE64: ${{ secrets.CERTIFICATE_BASE64 }} steps: - name: Checkout Repository uses: actions/checkout@v4 - name: Compile project shell: pwsh run: | Set-ExecutionPolicy Bypass -Scope Process -Force; ./Compile.ps1 continue-on-error: false # Directly fail the job on error, removing the need for a separate check - name: Set Version to Todays Date id: extract_version run: | $version = (Get-Date -Format "yy.MM.dd") echo "VERSION=$version" >> $env:GITHUB_ENV shell: pwsh - name: Create Tag id: create_tag run: | $tagExists = git tag -l $env:VERSION if ($tagExists -eq "") { git tag $env:VERSION if ($LASTEXITCODE -ne 0) { Write-Error "Failed to create tag $env:VERSION" exit 1 } git push origin $env:VERSION if ($LASTEXITCODE -ne 0) { Write-Error "Failed to push tag $env:VERSION" exit 1 } } else { Write-Host "Tag $env:VERSION already exists, skipping tag creation" } shell: pwsh - name: Create and import code signing certificate shell: pwsh run: | [System.IO.File]::WriteAllBytes("$env:USERPROFILE\code-signing-cert.pfx", [System.Convert]::FromBase64String("$env:CERTIFICATE_BASE64")) Import-PfxCertificate -FilePath "$env:USERPROFILE\code-signing-cert.pfx" -CertStoreLocation Cert:\CurrentUser\My - name: Code sign winutil.ps1 shell: pwsh run: | $cert = Get-ChildItem -Path Cert:\CurrentUser\My -CodeSigningCert | Select-Object -First 1 if ($null -eq $cert) { throw "Code signing certificate not found" } Set-AuthenticodeSignature -FilePath ./winutil.ps1 -Certificate $cert -TimeStampServer "http://timestamp.digicert.com" - name: Verify code signature shell: pwsh run: | $signature = Get-AuthenticodeSignature -FilePath ./winutil.ps1 if ($signature.Status -ne 'Valid') { throw "Code signing failed" } - name: Upload winutil.ps1 as artifact uses: actions/upload-artifact@v4 with: name: winutil path: ./winutil.ps1 - name: Generate Release Notes id: generate_notes uses: release-drafter/release-drafter@v6 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: config-name: release-drafter.yml version: ${{ env.VERSION }} # Pass the version variable - name: Create and Upload Release id: create_release uses: softprops/action-gh-release@v2 with: tag_name: ${{ env.VERSION }} name: Pre-Release ${{ env.VERSION }} body: | ${{ steps.generate_notes.outputs.body }} ![GitHub Downloads (specific asset, specific tag)](https://img.shields.io/github/downloads/ChrisTitusTech/winutil/${{ env.VERSION }}/winutil.ps1) append_body: false files: ./winutil.ps1 prerelease: true env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}