-
Notifications
You must be signed in to change notification settings - Fork 2
119 lines (105 loc) · 4.01 KB
/
release.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
name: Release
on:
push:
tags:
- '*'
workflow_dispatch:
inputs:
version:
description: 'Version number (e.g. v1.2.3)'
required: true
permissions:
contents: write
# Necessary for GCP authentication (https://github.com/google-github-actions/setup-gcloud#usage)
id-token: write
jobs:
release:
runs-on: ${{ github.repository_owner == 'coder' && 'windows-latest-16-cores' || 'windows-latest' }}
timeout-minutes: 15
steps:
- uses: actions/checkout@v4
- name: Setup .NET
uses: actions/setup-dotnet@v4
with:
dotnet-version: '8.0.x'
# Necessary for signing Windows binaries.
- name: Setup Java
uses: actions/setup-java@3a4f6e1af504cf6a31855fa899c6aa5355ba6c12 # v4.7.0
with:
distribution: "zulu"
java-version: "11.0"
- name: Get version from tag
id: version
shell: pwsh
run: |
$ErrorActionPreference = "Stop"
if ($env:INPUT_VERSION) {
$tag = $env:INPUT_VERSION
} else {
$tag = $env:GITHUB_REF -replace 'refs/tags/',''
}
if ($tag -notmatch '^v\d+\.\d+\.\d+$') {
throw "Version must be in format v1.2.3, got $tag"
}
$version = $tag -replace '^v',''
$assemblyVersion = "$($version).0"
Add-Content -Path $env:GITHUB_OUTPUT -Value "VERSION=$version"
Add-Content -Path $env:GITHUB_OUTPUT -Value "ASSEMBLY_VERSION=$assemblyVersion"
Write-Host "Version: $version"
Write-Host "Assembly version: $assemblyVersion"
env:
INPUT_VERSION: ${{ inputs.version }}
# Setup GCloud for signing Windows binaries.
- name: Authenticate to Google Cloud
id: gcloud_auth
uses: google-github-actions/auth@71f986410dfbc7added4569d411d040a91dc6935 # v2.1.8
with:
workload_identity_provider: ${{ secrets.GCP_WORKLOAD_ID_PROVIDER }}
service_account: ${{ secrets.GCP_SERVICE_ACCOUNT }}
token_format: "access_token"
- name: Install wix
shell: pwsh
run: |
$ErrorActionPreference = "Stop"
& dotnet.exe tool install --global wix --version 5.0.2
if ($LASTEXITCODE -ne 0) { throw "Failed to install wix" }
foreach ($ext in @("WixToolset.Bal.wixext/5.0.2", "WixToolset.Netfx.wixext/5.0.2", "WixToolset.UI.wixext/5.0.2", "WixToolset.Util.wixext/5.0.2")) {
& wix.exe extension add -g $ext
if ($LASTEXITCODE -ne 0) { throw "Failed to add wix extension $ext" }
}
- name: scripts/Release.ps1
id: release
shell: pwsh
run: |
$ErrorActionPreference = "Stop"
$env:EV_CERTIFICATE_PATH = Join-Path $env:TEMP "ev_cert.pem"
Set-Content -Path $env:EV_CERTIFICATE_PATH -Value $env:EV_SIGNING_CERT
$env:JSIGN_PATH = Join-Path $env:TEMP "jsign-6.0.jar"
Invoke-WebRequest -Uri "https://github.com/ebourg/jsign/releases/download/6.0/jsign-6.0.jar" -OutFile $env:JSIGN_PATH
& ./scripts/Release.ps1 `
-version ${{ steps.version.outputs.VERSION }} `
-assemblyVersion ${{ steps.version.outputs.ASSEMBLY_VERSION }}
if ($LASTEXITCODE -ne 0) { throw "Failed to publish" }
env:
EV_SIGNING_CERT: ${{ secrets.EV_SIGNING_CERT }}
EV_KEYSTORE: ${{ secrets.EV_KEYSTORE }}
EV_KEY: ${{ secrets.EV_KEY }}
EV_TSA_URL: ${{ secrets.EV_TSA_URL }}
GCLOUD_ACCESS_TOKEN: ${{ steps.gcloud_auth.outputs.access_token }}
- name: Upload artifact
uses: actions/upload-artifact@v4
with:
name: publish
path: .\publish\
- name: Create release
uses: softprops/action-gh-release@v2
if: startsWith(github.ref, 'refs/tags/')
with:
name: Release ${{ steps.version.outputs.VERSION }}
generate_release_notes: true
# We currently only release the bootstrappers, not the MSIs.
files: |
${{ steps.release.outputs.X64_OUTPUT_PATH }}
${{ steps.release.outputs.ARM64_OUTPUT_PATH }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}