Skip to content

Add Azure code signing for the Windows release DLLs #831

Add Azure code signing for the Windows release DLLs

Add Azure code signing for the Windows release DLLs #831

Workflow file for this run

name: Build
on: [pull_request, push]
jobs:
build:
strategy:
fail-fast: false
matrix:
include:
- os: windows-2019
vcpkg_path: D:\mixxx-vcpkg
vcpkg_bootstrap: .\bootstrap-vcpkg.bat
vcpkg_triplet: x64-windows
vcpkg_host_triplet: x64-windows
vcpkg_overlay_ports: overlay/windows;overlay/ports
vcpkg_packages_extras: angle libid3tag libmad qt5-winextras
check_disk_space: Get-PSDrive
- os: macos-11
vcpkg_path: /Users/runner/mixxx-vcpkg
vcpkg_bootstrap: ./bootstrap-vcpkg.sh
vcpkg_triplet: x64-osx-min1012
vcpkg_host_triplet: x64-osx-min1012
vcpkg_overlay_ports: overlay/osx:overlay/ports
vcpkg_packages_extras: qt5-macextras
vcpkg_cache: /Users/runner/.cache/vcpkg/archives
check_disk_space: df -h
- os: macos-11
vcpkg_path: /Users/runner/mixxx-vcpkg
vcpkg_bootstrap: ./bootstrap-vcpkg.sh
vcpkg_triplet: arm64-osx-min1100
vcpkg_host_triplet: x64-osx-min1012
vcpkg_overlay_ports: overlay/osx:overlay/ports
vcpkg_packages_extras: qt5-macextras
vcpkg_cache: /Users/runner/.cache/vcpkg/archives
check_disk_space: df -h
env:
VCPKG_PACKAGES: >-
ableton-link
benchmark
chromaprint
fdk-aac
ffmpeg
fftw3
gtest
hidapi
hss1394
libdjinterop
libebur128
libflac
libkeyfinder
libmodplug
libogg
libopusenc
libsndfile[core]
libusb
libvorbis
lilv
mp3lame
ms-gsl
opus
opusfile
portaudio[asio]
portmidi
protobuf
pthreads
qt5-base
qt5-declarative
qt5-script
qt5-svg
qt5-translations
qtkeychain
rubberband
soundtouch
taglib
wavpack
${{ matrix.vcpkg_packages_extras }}
VCPKG_DEFAULT_TRIPLET: ${{ matrix.vcpkg_triplet }}
VCPKG_DEFAULT_HOST_TRIPLET: ${{ matrix.vcpkg_host_triplet }}
# Using the relative path overlay/triplets does not work (https://github.com/microsoft/vcpkg/issues/18764)
VCPKG_OVERLAY_TRIPLETS: ${{ matrix.vcpkg_path }}/overlay/triplets
VCPKG_OVERLAY_PORTS: ${{ matrix.vcpkg_overlay_ports }}
DEPS_BASE_NAME: mixxx-deps
DEVELOPER_DIR: /Applications/Xcode_12.4.app/Contents/Developer
MIXXX_VERSION: 2.4
name: ${{ matrix.vcpkg_triplet }}
runs-on: ${{ matrix.os }}
steps:
- name: Check out git repository
uses: actions/checkout@v3
with:
path: mixxx-vcpkg
# Workaround for issues https://github.com/microsoft/vcpkg/issues/8272
# and https://github.com/actions/checkout/issues/197
# to keep the build path short
- name: Move checkout
run: cmake -E rename ${{ github.workspace }}/mixxx-vcpkg ${{ matrix.vcpkg_path }}
- name: Read sha_short
id: vars
shell: bash
run: echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
working-directory: ${{ matrix.vcpkg_path }}
# python3-distutils is required for fontconfig but it has been removed in Python 3.12
- name: Setup Python 3.11
uses: actions/setup-python@v4
with:
python-version: '3.11'
- name: Bootstrap vcpkg
run: ${{ matrix.vcpkg_bootstrap }}
working-directory: ${{ matrix.vcpkg_path }}
# FFmpeg requires nasm
- name: "[macOS] Bootstrap vcpkg"
if: runner.os == 'macOS'
run: |
brew update && brew install nasm
/bin/bash -c "sudo xcode-select --switch /Applications/Xcode_12.4.app/Contents/Developer"
xcrun --show-sdk-version
- name: Set up cache
uses: actions/cache@v3
with:
path: ${{ matrix.vcpkg_path }}/installed
key: vcpkg-installed-${{ matrix.vcpkg_triplet }}-${{ github.ref }}-${{ github.run_number }}
restore-keys: |
vcpkg-installed-${{ matrix.vcpkg_triplet }}-${{ github.ref }}
vcpkg-installed-${{ matrix.vcpkg_triplet }}
- name: Check available disk space
run: ${{ matrix.check_disk_space }}
- name: Remove outdated packages from cache
run: ./vcpkg remove --vcpkg-root=${{ matrix.vcpkg_path }} --outdated --recurse
working-directory: ${{ matrix.vcpkg_path }}
- name: Build packages
run: ./vcpkg install --vcpkg-root=${{ matrix.vcpkg_path }} --clean-after-build --recurse ${{ env.VCPKG_PACKAGES }}
working-directory: ${{ matrix.vcpkg_path }}
- name: "[Windows] Sign release DLLs"
env:
AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
if: runner.os == 'Windows' && env.AZURE_TENANT_ID
uses: azure/azure-code-signing-action@v0.2.22
with:
azure-tenant-id: ${{ secrets.AZURE_TENANT_ID }}
azure-client-id: ${{ secrets.AZURE_CLIENT_ID }}
azure-client-secret: ${{ secrets.AZURE_CLIENT_SECRET }}
endpoint: https://weu.codesigning.azure.net/
code-signing-account-name: mixxx
certificate-profile-name: mixxx
files-folder: ${{ matrix.vcpkg_path }}/installed/${{ matrix.vcpkg_triplet }}/bin
files-folder-filter: dll
file-digest: SHA256
timestamp-rfc3161: http://timestamp.acs.microsoft.com
timestamp-digest: SHA256
timeout: 600
- name: Upload GitHub Actions artifacts of build logs
if: always()
uses: actions/upload-artifact@v3
with:
name: logs-${{ matrix.vcpkg_triplet }}
path: ${{ matrix.vcpkg_path }}/buildtrees/**/*.log
- name: Create buildenv archive
run: ./vcpkg export --vcpkg-root=${{ matrix.vcpkg_path }} --x-all-installed --zip --output=${{ env.DEPS_BASE_NAME }}-${{ env.MIXXX_VERSION }}-${{ matrix.vcpkg_triplet }}-${{ steps.vars.outputs.sha_short }}
working-directory: ${{ matrix.vcpkg_path }}
- name: "[Windows] Install additional tools"
if: runner.os == 'Windows' && env.SSH_PASSWORD != null
env:
SSH_PASSWORD: ${{ secrets.DOWNLOADS_HOSTGATOR_DOT_MIXXX_DOT_ORG_KEY_PASSWORD }}
run: |
$Env:PATH="C:\msys64\usr\bin;$Env:PATH"
pacman -S --noconfirm coreutils bash rsync openssh
Add-Content -Path "$Env:GITHUB_ENV" -Value "PATH=$Env:PATH"
- name: "Upload build to downloads.mixxx.org"
if: github.event_name == 'push' && env.SSH_PASSWORD != null
run: bash .github/deploy.sh ${{ env.DEPS_BASE_NAME }}-${{ env.MIXXX_VERSION }}-${{ matrix.vcpkg_triplet }}-${{ steps.vars.outputs.sha_short }}.zip
working-directory: ${{ matrix.vcpkg_path }}
env:
DESTDIR: public_html/downloads/dependencies
OS: ${{ runner.os }}
SSH_AUTH_SOCK: /tmp/ssh_agent.sock
SSH_HOST: downloads-hostgator.mixxx.org
SSH_KEY: ${{ secrets.DOWNLOADS_HOSTGATOR_DOT_MIXXX_DOT_ORG_KEY }}
SSH_PASSWORD: ${{ secrets.DOWNLOADS_HOSTGATOR_DOT_MIXXX_DOT_ORG_KEY_PASSWORD }}
SSH_USER: mixxx
UPLOAD_ID: ${{ github.run_id }}
- name: Upload GitHub Actions artifacts
uses: actions/upload-artifact@v3
with:
name: ${{ env.DEPS_BASE_NAME }}-${{ env.MIXXX_VERSION }}-${{ matrix.vcpkg_triplet }}-${{ steps.vars.outputs.sha_short }}
path: ${{ matrix.vcpkg_path }}/${{ env.DEPS_BASE_NAME }}-${{ env.MIXXX_VERSION }}-${{ matrix.vcpkg_triplet }}-${{ steps.vars.outputs.sha_short }}.zip
# Workaround for https://github.com/actions/cache/issues/531
- name: Use system tar & zstd from Chocolatey for caching
shell: bash
run: |
echo "C:/Windows/System32;C:/ProgramData/Chocolatey/bin" >> $GITHUB_PATH