winutil/.github/workflows/compile.yaml
2024-08-06 15:50:36 -05:00

49 lines
1.7 KiB
YAML

name: Compile
on:
push:
branches:
- main
- test*
workflow_dispatch: # Manual trigger added
jobs:
build-runspace:
runs-on: windows-latest
env:
CERTIFICATE_BASE64: ${{ secrets.CERTIFICATE_BASE64 }}
steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.head_ref }}
- name: Compile project
shell: pwsh
run: |
Set-ExecutionPolicy Bypass -Scope Process -Force; ./Compile.ps1
continue-on-error: false # Directly fail the job on error, removing the need for a separate check
- name: Create and import code signing certificate
shell: pwsh
run: |
[System.IO.File]::WriteAllBytes("$env:USERPROFILE\code-signing-cert.pfx", [System.Convert]::FromBase64String("$env:CERTIFICATE_BASE64"))
Import-PfxCertificate -FilePath "$env:USERPROFILE\code-signing-cert.pfx" -CertStoreLocation Cert:\CurrentUser\My
- name: Code sign winutil.ps1
shell: pwsh
run: |
$cert = Get-ChildItem -Path Cert:\CurrentUser\My -CodeSigningCert | Select-Object -First 1
if ($null -eq $cert) { throw "Code signing certificate not found" }
Set-AuthenticodeSignature -FilePath ./winutil.ps1 -Certificate $cert
- name: Verify code signature
shell: pwsh
run: |
$signature = Get-AuthenticodeSignature -FilePath ./winutil.ps1
if ($signature.Status -ne 'Valid') { throw "Code signing failed" }
- name: Upload winutil.ps1 as artifact
uses: actions/upload-artifact@v2
with:
name: winutil
path: ./winutil.ps1
- uses: stefanzweifel/git-auto-commit-action@v5
with:
commit_message: Compile Winutil
if: success()