winutil/.github/workflows/pre-release.yaml
dependabot[bot] c5f29df2b2
Bump actions/upload-artifact from 2 to 4 (#2521)
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 2 to 4.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v2...v4)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-07 15:57:26 -05:00

90 lines
3.0 KiB
YAML

name: Pre-Release WinUtil
permissions:
contents: write
actions: read
on:
workflow_dispatch: # Manual trigger added
jobs:
build-runspace:
runs-on: windows-latest
env:
CERTIFICATE_BASE64: ${{ secrets.CERTIFICATE_BASE64 }}
steps:
- name: Checkout Repository
uses: actions/checkout@v4
- name: Compile project
shell: pwsh
run: |
Set-ExecutionPolicy Bypass -Scope Process -Force; ./Compile.ps1
continue-on-error: false # Directly fail the job on error, removing the need for a separate check
- name: Set Version to Todays Date
id: extract_version
run: |
$version = (Get-Date -Format "yy.MM.dd")
echo "VERSION=$version" >> $env:GITHUB_ENV
shell: pwsh
- name: Create Tag
id: create_tag
run: |
$tagExists = git tag -l $env:VERSION
if ($tagExists -eq "") {
git tag $env:VERSION
if ($LASTEXITCODE -ne 0) {
Write-Error "Failed to create tag $env:VERSION"
exit 1
}
git push origin $env:VERSION
if ($LASTEXITCODE -ne 0) {
Write-Error "Failed to push tag $env:VERSION"
exit 1
}
} else {
Write-Host "Tag $env:VERSION already exists, skipping tag creation"
}
shell: pwsh
- name: Create and import code signing certificate
shell: pwsh
run: |
[System.IO.File]::WriteAllBytes("$env:USERPROFILE\code-signing-cert.pfx", [System.Convert]::FromBase64String("$env:CERTIFICATE_BASE64"))
Import-PfxCertificate -FilePath "$env:USERPROFILE\code-signing-cert.pfx" -CertStoreLocation Cert:\CurrentUser\My
- name: Code sign winutil.ps1
shell: pwsh
run: |
$cert = Get-ChildItem -Path Cert:\CurrentUser\My -CodeSigningCert | Select-Object -First 1
if ($null -eq $cert) { throw "Code signing certificate not found" }
Set-AuthenticodeSignature -FilePath ./winutil.ps1 -Certificate $cert
- name: Verify code signature
shell: pwsh
run: |
$signature = Get-AuthenticodeSignature -FilePath ./winutil.ps1
if ($signature.Status -ne 'Valid') { throw "Code signing failed" }
- name: Upload winutil.ps1 as artifact
uses: actions/upload-artifact@v4
with:
name: winutil
path: ./winutil.ps1
- name: Create and Upload Release
id: create_release
uses: softprops/action-gh-release@v2
with:
tag_name: ${{ env.VERSION }}
name: Pre-Release ${{ env.VERSION }}
body: "![GitHub Downloads (specific asset, specific tag)](https://img.shields.io/github/downloads/ChrisTitusTech/winutil/${{ env.VERSION }}/winutil.ps1)"
append_body: false
files: ./winutil.ps1
prerelease: true
generate_release_notes: true
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}