Skip to content

feat: setup windows codesign #88

feat: setup windows codesign

feat: setup windows codesign #88

Workflow file for this run

name: distributions release
on:
push:
branches: [ master ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
pre-release:
strategy:
matrix:
os: [ macos-latest, ubuntu-latest, windows-latest ]
node-version: [ 20.x ]
runs-on: ${{ matrix.os }}
steps:
- name: Github checkout
uses: actions/checkout@v4
- name: Install rpm
run: sudo apt-get install -y rpm
if: matrix.os == 'ubuntu-latest'
- name: Use Node.js ${{ matrix.node-version }}
uses: actions/setup-node@v4
with:
node-version: ${{ matrix.node-version }}
cache: 'npm'
- uses: actions/setup-python@v4
with:
python-version: '3.10'
- name: Setup .NET Core SDK
if: matrix.os == 'windows-latest'
uses: actions/setup-dotnet@v2
with:
dotnet-version: 6.0.x
- run: npm ci
- run: npm run package
- name: Build app
shell: bash
run: ./scripts/make-distributions.sh
- name: Sign files with Trusted Signing
if: matrix.os == 'windows-latest'
uses: azure/trusted-signing-action@v0.3.19
with:
azure-tenant-id: ${{ secrets.AZURE_TENANT_ID }}
azure-client-id: ${{ secrets.AZURE_CLIENT_ID }}
azure-client-secret: ${{ secrets.AZURE_CLIENT_SECRET }}
endpoint: https://eus.codesigning.azure.net/
trusted-signing-account-name: vscx-codesigning
certificate-profile-name: vscx-certificate-profile
files-folder: ${{ github.workspace }}\out\make
files-folder-depth: 7
files-folder-filter: exe
file-digest: SHA256
timestamp-rfc3161: http://timestamp.acs.microsoft.com
timestamp-digest: SHA256
- name: Upload artifacts
uses: actions/upload-artifact@v4
with:
name: artifacts-${{ matrix.os }}
path: out/make/*
release:
needs: pre-release
runs-on: ubuntu-latest
steps:
- name: Github checkout
uses: actions/checkout@v4
- name: Use Node.js 20.x
uses: actions/setup-node@v4
with:
node-version: 20.x
cache: 'npm'
- name: Generate changelog
uses: jaywcjlove/changelog-generator@main
id: changelog
with:
token: ${{ secrets.GITHUB_TOKEN }}
- name: Download artifacts
uses: actions/download-artifact@v4
with:
path: out/make/
merge-multiple: true
- name: Build Release
uses: jaywcjlove/create-tag-action@main
id: tag_release
with:
prerelease: true
token: ${{ secrets.GITHUB_TOKEN }}
body: |
${{ steps.changelog.outputs.compareurl }}
${{ steps.changelog.outputs.changelog }}
- name: Release App
uses: "marvinpinto/action-automatic-releases@latest"
if: steps.tag_release.outputs.successful
with:
prerelease: false
automatic_release_tag: ${{ steps.tag_release.outputs.version }}
repo_token: "${{ secrets.GITHUB_TOKEN }}"
files: |
LICENSE
out/make/**/*.{dmg,rpm,deb,Setup.exe}