Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ci: update certificate for signing MSI #6000

Merged
merged 12 commits into from
Oct 30, 2024
Merged

ci: update certificate for signing MSI #6000

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
12 commits
Select commit Hold shift + click to select a range
967f6d5
update cert
ypoplavs Oct 30, 2024
c8598ec
update CI
ypoplavs Oct 30, 2024
8a01e5a
update path
ypoplavs Oct 30, 2024
9c8f684
update paths
ypoplavs Oct 30, 2024
81cb5e6
update paths
ypoplavs Oct 30, 2024
1dbb480
update paths
ypoplavs Oct 30, 2024
d2c4576
update paths
ypoplavs Oct 30, 2024
a568390
update paths
ypoplavs Oct 30, 2024
086a07b
update insaller
ypoplavs Oct 30, 2024
1ec61b6
uncomment flow
ypoplavs Oct 30, 2024
002ba1a
fix actions
ypoplavs Oct 30, 2024
ede70f5
revert missing actions
ypoplavs Oct 30, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
32 changes: 17 additions & 15 deletions .github/workflows/release-dev.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -255,14 +255,6 @@ jobs:
name: testkube_windows
path: windows

- name: Get MSFT Cert
id: write_file
uses: timheuer/base64-to-file@v1.2
with:
fileName: "kubeshop_msft.p12"
fileDir: "./temp/"
encodedString: ${{ secrets.CERT_MSFT_KUBESHOP_P12_B64 }}

- name: Create and Sign MSI
run: |
Copy-Item 'windows\testkube_windows_386\kubectl-testkube.exe' '.\kubectl-testkube.exe'
Expand All @@ -271,10 +263,17 @@ jobs:
Copy-Item 'build\installer\windows\testkube.bat' '.\testkube.bat'
& "$env:WIX\bin\candle.exe" *.wxs
& "$env:WIX\bin\light.exe" *.wixobj
& "C:\Program Files (x86)\Microsoft SDKs\ClickOnce\SignTool\signtool.exe" sign /f "$env:P12_CERT" /p "$env:P12_PASSWORD" /d "Kubetest by Kubeshop" /tr http://timestamp.digicert.com testkube.msi
env:
P12_CERT: ${{ steps.write_file.outputs.filePath }}
P12_PASSWORD: ${{ secrets.CERT_MSFT_KUBESHOP_P12_PASSWORD }}

- name: Sign Artifact with CodeSignTool
uses: sslcom/esigner-codesign@develop
with:
command: sign
username: ${{ secrets.ES_USERNAME }}
password: ${{ secrets.ES_PASSWORD }}
totp_secret: ${{ secrets.ES_TOTP_SECRET }}
file_path: testkube.msi
output_path: ${GITHUB_WORKSPACE}\artifacts
malware_block: false

- name: Get tag
id: tag
Expand All @@ -293,26 +292,29 @@ jobs:
id: checksum
run: |
$installer_name = $env:MSI_NAME
$hash=Get-FileHash testkube.msi
$installer_path = $env:MSI_PATH
$hash=Get-FileHash $installer_path
$hash.Hash + " " + $installer_name + ".msi" >> msi_checksum.txt
echo "::set-output name=INSTALLER_NAME::${installer_name}"
echo "::set-output name=INSTALLER_PATH::${installer_path}"

#export MSI hash to environment
$hashsum = $hash.Hash
echo "::set-output name=CHECKSUM::${hashsum}"

#copy MSI to choco directory to build a nuget package
Copy-Item -Path "testkube.msi" -Destination ".\choco\tools\$env:MSI_NAME.msi"
Copy-Item -Path "$installer_path" -Destination ".\choco\tools\$env:MSI_NAME.msi"
env:
MSI_NAME: testkube_${{steps.tag.outputs.tag}}_Windows_i386
MSI_PATH: D:\a\testkube\testkube\artifacts\testkube.msi

- name: Upload release binary
uses: actions/upload-release-asset@v1.0.2
env:
GITHUB_TOKEN: ${{ github.token }}
with:
upload_url: ${{ steps.get_release.outputs.upload_url }}
asset_path: testkube.msi
asset_path: ${{steps.checksum.outputs.INSTALLER_PATH}}
asset_name: ${{steps.checksum.outputs.INSTALLER_NAME}}.msi
asset_content_type: application/octet-stream

Expand Down
32 changes: 17 additions & 15 deletions .github/workflows/release.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -247,14 +247,6 @@ jobs:
name: testkube_windows
path: windows

- name: Get MSFT Cert
id: write_file
uses: timheuer/base64-to-file@v1.2
with:
fileName: "kubeshop_msft.p12"
fileDir: "./temp/"
encodedString: ${{ secrets.CERT_MSFT_KUBESHOP_P12_B64 }}

- name: Create and Sign MSI
run: |
Copy-Item 'windows\testkube_windows_386\kubectl-testkube.exe' '.\kubectl-testkube.exe'
Expand All @@ -263,10 +255,17 @@ jobs:
Copy-Item 'build\installer\windows\testkube.bat' '.\testkube.bat'
& "$env:WIX\bin\candle.exe" *.wxs
& "$env:WIX\bin\light.exe" *.wixobj
& "C:\Program Files (x86)\Microsoft SDKs\ClickOnce\SignTool\signtool.exe" sign /f "$env:P12_CERT" /p "$env:P12_PASSWORD" /d "Kubetest by Kubeshop" /tr http://timestamp.digicert.com testkube.msi
env:
P12_CERT: ${{ steps.write_file.outputs.filePath }}
P12_PASSWORD: ${{ secrets.CERT_MSFT_KUBESHOP_P12_PASSWORD }}

- name: Sign Artifact with CodeSignTool
uses: sslcom/esigner-codesign@develop
with:
command: sign
username: ${{ secrets.ES_USERNAME }}
password: ${{ secrets.ES_PASSWORD }}
totp_secret: ${{ secrets.ES_TOTP_SECRET }}
file_path: testkube.msi
output_path: ${GITHUB_WORKSPACE}\artifacts
malware_block: false

- name: Get tag
id: tag
Expand All @@ -285,26 +284,29 @@ jobs:
id: checksum
run: |
$installer_name = $env:MSI_NAME
$hash=Get-FileHash testkube.msi
$installer_path = $env:MSI_PATH
$hash=Get-FileHash $installer_path
$hash.Hash + " " + $installer_name + ".msi" >> msi_checksum.txt
echo "::set-output name=INSTALLER_NAME::${installer_name}"
echo "::set-output name=INSTALLER_PATH::${installer_path}"

#export MSI hash to environment
$hashsum = $hash.Hash
echo "::set-output name=CHECKSUM::${hashsum}"

#copy MSI to choco directory to build a nuget package
Copy-Item -Path "testkube.msi" -Destination ".\choco\tools\$env:MSI_NAME.msi"
Copy-Item -Path "$installer_path" -Destination ".\choco\tools\$env:MSI_NAME.msi"
env:
MSI_NAME: testkube_${{steps.tag.outputs.tag}}_Windows_i386
MSI_PATH: D:\a\testkube\testkube\artifacts\testkube.msi

- name: Upload release binary
uses: actions/upload-release-asset@v1.0.2
env:
GITHUB_TOKEN: ${{ github.token }}
with:
upload_url: ${{ steps.get_release.outputs.upload_url }}
asset_path: testkube.msi
asset_path: ${{steps.checksum.outputs.INSTALLER_PATH}}
asset_name: ${{steps.checksum.outputs.INSTALLER_NAME}}.msi
asset_content_type: application/octet-stream

Expand Down
Loading