Skip to content

Commit b02967e

Browse files
MatteoPologrutoMatteoPologruto
authored
Add step to delete the signed exe on the self-hosted runner (#965)
1 parent 6220828 commit b02967e

File tree

1 file changed

+11
-7
lines changed

1 file changed

+11
-7
lines changed

.github/workflows/release.yml

+11-7
Original file line numberDiff line numberDiff line change
@@ -132,7 +132,7 @@ jobs:
132132
- name: Create autoupdate files for win32
133133
run: go-selfupdate -platform windows-${{ matrix.arch }} ${{ env.PROJECT_NAME }}${{ matrix.ext }} ${TAG_VERSION}
134134
if: matrix.arch == '386' && matrix.os == 'windows-2019' && steps.prerelease.outputs.IS_PRE != 'true'
135-
135+
136136
- name: configure aws credentials
137137
uses: aws-actions/configure-aws-credentials@v4
138138
with:
@@ -311,7 +311,7 @@ jobs:
311311
run: |
312312
wget -q https://github.com/Bearer/gon/releases/download/v0.0.27/gon_macos.zip
313313
unzip gon_macos.zip -d /usr/local/bin
314-
314+
315315
- name: Write gon config to file
316316
run: |
317317
cat > "${{ env.GON_CONFIG_PATH }}" <<EOF
@@ -323,7 +323,7 @@ jobs:
323323
}
324324
325325
EOF
326-
326+
327327
- name: Notarize app bundle
328328
run: |
329329
gon -log-level=debug -log-json "${{ env.GON_CONFIG_PATH }}"
@@ -449,17 +449,17 @@ jobs:
449449
# We are hardcoding the path for signtool because is not present on the windows PATH env var by default.
450450
# Keep in mind that this path could change when upgrading to a new runner version
451451
SIGNTOOL_PATH: "C:/Program Files (x86)/Windows Kits/10/bin/10.0.19041.0/x86/signtool.exe"
452-
452+
453453
strategy:
454454
matrix:
455455
arch: [amd64, 386]
456-
456+
457457
steps:
458458
- name: Download artifact
459459
uses: actions/download-artifact@v4
460460
with:
461461
name: ArduinoCreateAgent-windows-${{ matrix.arch }}
462-
462+
463463
- name: Save Win signing certificate to file
464464
run: echo "${{ secrets.INSTALLER_CERT_WINDOWS_CER }}" | base64 --decode > ${{ env.INSTALLER_CERT_WINDOWS_CER}}
465465

@@ -468,7 +468,7 @@ jobs:
468468
CERT_PASSWORD: ${{ secrets.INSTALLER_CERT_WINDOWS_PASSWORD }}
469469
CONTAINER_NAME: ${{ secrets.INSTALLER_CERT_WINDOWS_CONTAINER }}
470470
# https://stackoverflow.com/questions/17927895/automate-extended-validation-ev-code-signing-with-safenet-etoken
471-
run: |
471+
run: |
472472
"${{ env.SIGNTOOL_PATH }}" sign -d "Arduino Create Agent" -f ${{ env.INSTALLER_CERT_WINDOWS_CER}} -csp "eToken Base Cryptographic Provider" -k "[{{${{ env.CERT_PASSWORD }}}}]=${{ env.CONTAINER_NAME }}" -fd sha256 -tr http://timestamp.digicert.com -td SHA256 -v "ArduinoCreateAgent-${GITHUB_REF##*/}-windows-${{ matrix.arch }}-installer.exe"
473473
474474
- name: Upload artifacts
@@ -478,6 +478,10 @@ jobs:
478478
name: ArduinoCreateAgent-windows-${{ matrix.arch }}-signed
479479
path: ArduinoCreateAgent-*-windows-${{ matrix.arch }}-installer.exe
480480

481+
# This step is needed because the self hosted runner does not delete files automatically
482+
- name: Clean up EXE
483+
run: rm ArduinoCreateAgent-*-windows-${{ matrix.arch }}-installer.exe
484+
481485
# This job will generate a dmg mac installer, sign/notarize it.
482486
generate-sign-dmg:
483487
needs: notarize-macos

0 commit comments

Comments
 (0)