From d4f23f846914a2561b1696d94472a9d9367e9310 Mon Sep 17 00:00:00 2001 From: Pierre Jacquier Date: Thu, 10 Apr 2025 18:55:46 -0400 Subject: [PATCH] Trying to follow https://github.com/electron-userland/electron-builder/issues/7605#issuecomment-2257861622 --- .github/workflows/build-apps.yml | 23 ++++++++--------------- 1 file changed, 8 insertions(+), 15 deletions(-) diff --git a/.github/workflows/build-apps.yml b/.github/workflows/build-apps.yml index c92d1c9c5..2e84fb96c 100644 --- a/.github/workflows/build-apps.yml +++ b/.github/workflows/build-apps.yml @@ -62,7 +62,8 @@ jobs: set -euox pipefail # Build wasm if this is a push to main or tag, there are Rust changes, or # downloading from the wasm cache failed. - if [[ ${{github.event_name}} == 'push' || ${{steps.filter.outputs.rust}} == 'true' || ${{steps.download-wasm.outcome}} == 'failure' ]]; then + # if [[ ${{github.event_name}} == 'push' || ${{steps.filter.outputs.rust}} == 'true' || ${{steps.download-wasm.outcome}} == 'failure' ]]; then + if [[ ${{steps.filter.outputs.rust}} == 'true' || ${{steps.download-wasm.outcome}} == 'failure' ]]; then echo "should-build-wasm=true" >> $GITHUB_OUTPUT else echo "should-build-wasm=false" >> $GITHUB_OUTPUT @@ -187,20 +188,16 @@ jobs: max_attempts: 3 command: yarn install - # The next two steps are from the official Digicert docs, available at - # https://docs.digicert.com/en/digicert-keylocker/ci-cd-integrations/scripts/github/scripts-for-signing-using-ksp-library-on-github.html#ksp-signing-using-github-action-488726 - # EXCEPT the `smksp_registrar.exe register` line - # EXCEPT the `certutil.exe -csp "DigiCert Software Trust Manager KSP" -key -user` line - name: Prepare certificate and variables (Windows only) if: ${{ (env.IS_RELEASE == 'true' || env.IS_NIGHTLY == 'true') && matrix.os == 'windows-2022' }} + env: + SM_CLIENT_CERT_FILE_B64: ${{ secrets.SM_CLIENT_CERT_FILE_B64 }} run: | - echo "${{ secrets.SM_CLIENT_CERT_FILE_B64 }}" | base64 --decode > /d/Certificate_pkcs12.p12 - echo "version=${GITHUB_REF#refs/tags/v}" >> $GITHUB_OUTPUT - echo "KEYPAIR_NAME=gt-standard-keypair" >> $GITHUB_OUTPUT - echo "CERTIFICATE_NAME=gt-certificate" >> $GITHUB_OUTPUT + CERTIFICATE_PATH=$RUNNER_TEMP/certificate.p12 + echo "$SM_CLIENT_CERT_FILE_B64" | base64 --decode > $CERTIFICATE_PATH + echo "SM_CLIENT_CERT_FILE=$CERTIFICATE_PATH" >> "$GITHUB_ENV" echo "SM_HOST=${{ secrets.SM_HOST }}" >> "$GITHUB_ENV" echo "SM_API_KEY=${{ secrets.SM_API_KEY }}" >> "$GITHUB_ENV" - echo "SM_CLIENT_CERT_FILE=D:\\Certificate_pkcs12.p12" >> "$GITHUB_ENV" echo "SM_CLIENT_CERT_PASSWORD=${{ secrets.SM_CLIENT_CERT_PASSWORD }}" >> "$GITHUB_ENV" echo "C:\Program Files (x86)\Windows Kits\10\App Certification Kit" >> $GITHUB_PATH echo "C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools" >> $GITHUB_PATH @@ -210,12 +207,8 @@ jobs: - name: Setup certicate with SSM KSP (Windows only) if: ${{ (env.IS_RELEASE == 'true' || env.IS_NIGHTLY == 'true') && matrix.os == 'windows-2022' }} run: | - curl -X GET https://one.digicert.com/signingmanager/api-ui/v1/releases/Keylockertools-windows-x64.msi/download -H "x-api-key:%SM_API_KEY%" -o Keylockertools-windows-x64.msi + curl -X GET https://one.digicert.com/signingmanager/api-ui/v1/releases/Keylockertools-windows-x64.msi/download -H "x-api-key:%SM_API_KEY%" -o Keylockertools-windows-x64.msi msiexec /i Keylockertools-windows-x64.msi /quiet /qn - smksp_registrar.exe register - smksp_registrar.exe list - smctl.exe keypair ls - C:\Windows\System32\certutil.exe -csp "DigiCert Software Trust Manager KSP" -key -user smksp_cert_sync.exe shell: cmd