winutil/.github/workflows/pre-release.yaml
maxi322 1dd0367417
Add timestamp server to code signature (#3139)
Co-authored-by: maxi322 <maxi322@users.noreply.github.com>
2025-01-10 13:41:54 -06:00

101 lines
3.3 KiB
YAML

name: Pre-Release WinUtil
permissions:
contents: write
actions: read
on:
workflow_dispatch: # Manual trigger added
jobs:
build-runspace:
runs-on: windows-latest
env:
CERTIFICATE_BASE64: ${{ secrets.CERTIFICATE_BASE64 }}
steps:
- name: Checkout Repository
uses: actions/checkout@v4
- name: Compile project
shell: pwsh
run: |
Set-ExecutionPolicy Bypass -Scope Process -Force; ./Compile.ps1
continue-on-error: false # Directly fail the job on error, removing the need for a separate check
- name: Set Version to Todays Date
id: extract_version
run: |
$version = (Get-Date -Format "yy.MM.dd")
echo "VERSION=$version" >> $env:GITHUB_ENV
shell: pwsh
- name: Create Tag
id: create_tag
run: |
$tagExists = git tag -l $env:VERSION
if ($tagExists -eq "") {
git tag $env:VERSION
if ($LASTEXITCODE -ne 0) {
Write-Error "Failed to create tag $env:VERSION"
exit 1
}
git push origin $env:VERSION
if ($LASTEXITCODE -ne 0) {
Write-Error "Failed to push tag $env:VERSION"
exit 1
}
} else {
Write-Host "Tag $env:VERSION already exists, skipping tag creation"
}
shell: pwsh
- name: Create and import code signing certificate
shell: pwsh
run: |
[System.IO.File]::WriteAllBytes("$env:USERPROFILE\code-signing-cert.pfx", [System.Convert]::FromBase64String("$env:CERTIFICATE_BASE64"))
Import-PfxCertificate -FilePath "$env:USERPROFILE\code-signing-cert.pfx" -CertStoreLocation Cert:\CurrentUser\My
- name: Code sign winutil.ps1
shell: pwsh
run: |
$cert = Get-ChildItem -Path Cert:\CurrentUser\My -CodeSigningCert | Select-Object -First 1
if ($null -eq $cert) { throw "Code signing certificate not found" }
Set-AuthenticodeSignature -FilePath ./winutil.ps1 -Certificate $cert -TimeStampServer "http://timestamp.digicert.com"
- name: Verify code signature
shell: pwsh
run: |
$signature = Get-AuthenticodeSignature -FilePath ./winutil.ps1
if ($signature.Status -ne 'Valid') { throw "Code signing failed" }
- name: Upload winutil.ps1 as artifact
uses: actions/upload-artifact@v4
with:
name: winutil
path: ./winutil.ps1
- name: Generate Release Notes
id: generate_notes
uses: release-drafter/release-drafter@v6
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
config-name: release-drafter.yml
version: ${{ env.VERSION }} # Pass the version variable
- name: Create and Upload Release
id: create_release
uses: softprops/action-gh-release@v2
with:
tag_name: ${{ env.VERSION }}
name: Pre-Release ${{ env.VERSION }}
body: |
${{ steps.generate_notes.outputs.body }}
![GitHub Downloads (specific asset, specific tag)](https://img.shields.io/github/downloads/ChrisTitusTech/winutil/${{ env.VERSION }}/winutil.ps1)
append_body: false
files: ./winutil.ps1
prerelease: true
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}