diff --git a/.github/workflows/BUILD_ON_DEMAND.yml b/.github/workflows/BUILD_ON_DEMAND.yml index 3076bf7e27..555794b73c 100644 --- a/.github/workflows/BUILD_ON_DEMAND.yml +++ b/.github/workflows/BUILD_ON_DEMAND.yml @@ -59,6 +59,18 @@ jobs: CSC_KEY_PASSWORD: "${{ secrets.CSC_KEY_PASSWORD }}" run: npm run build -- --mac --publish --on-demand + - name: Import Secrets (Windows) + id: windows-secrets + uses: hashicorp/vault-action@v3.0.0 + if: ${{ runner.os == 'Windows' }} + with: + url: ${{ secrets.VAULT_ADDR }} + method: approle + roleId: ${{ secrets.VAULT_ROLE_ID }} + secretId: ${{ secrets.VAULT_SECRET_ID }} + exportEnv: false + secrets: | + secret/data/products/desktop-modeler/ci/certificates CSC_CERT_WIN; - name: Build distro (Windows) if: ${{ runner.os == 'Windows' }} env: @@ -67,6 +79,6 @@ jobs: AWS_SECRET_ACCESS_KEY: "${{ secrets.AWS_ON_DEMAND_SECRET_ACCESS_KEY }}" AWS_REGION: "${{ secrets.AWS_ON_DEMAND_REGION }}" AWS_BUCKET: "${{ secrets.AWS_ON_DEMAND_BUCKET }}" - CSC_LINK: "${{ secrets.WIN_CSC_LINK }}" + CSC_LINK: "${{ steps.windows-secrets.outputs.CSC_CERT_WIN }}" CSC_KEY_PASSWORD: "${{ secrets.WIN_CSC_KEY_PASSWORD }}" run: npm run build -- --win --publish --on-demand diff --git a/.github/workflows/NIGHTLY.yml b/.github/workflows/NIGHTLY.yml index 34161d05b1..85dccffefe 100644 --- a/.github/workflows/NIGHTLY.yml +++ b/.github/workflows/NIGHTLY.yml @@ -66,10 +66,22 @@ jobs: UPDATES_SERVER_PRODUCT_NAME: "${{ secrets.UPDATES_SERVER_PRODUCT_NAME }}" run: npm run build -- --mac + - name: Import Secrets (Windows) + id: windows-secrets + uses: hashicorp/vault-action@v3.0.0 + if: ${{ runner.os == 'Windows' }} + with: + url: ${{ secrets.VAULT_ADDR }} + method: approle + roleId: ${{ secrets.VAULT_ROLE_ID }} + secretId: ${{ secrets.VAULT_SECRET_ID }} + exportEnv: false + secrets: | + secret/data/products/desktop-modeler/ci/certificates CSC_CERT_WIN; - name: Build nightly (Windows) if: ${{ runner.os == 'Windows' }} env: - CSC_LINK: "${{ secrets.WIN_CSC_LINK }}" + CSC_LINK: "${{ steps.windows-secrets.outputs.CSC_CERT_WIN }}" CSC_KEY_PASSWORD: "${{ secrets.WIN_CSC_KEY_PASSWORD }}" MIXPANEL_TOKEN: "${{ secrets.MIXPANEL_PROJECT_TOKEN }}" MIXPANEL_STAGE: "int" diff --git a/.github/workflows/RELEASE.yml b/.github/workflows/RELEASE.yml index b6956a4326..aba3d24c61 100644 --- a/.github/workflows/RELEASE.yml +++ b/.github/workflows/RELEASE.yml @@ -56,6 +56,7 @@ jobs: GH_TOKEN: "${{ secrets.GITHUB_TOKEN }}" NODE_ENV: "production" run: npm run build -- --linux --publish + - name: Build release (MacOS) if: ${{ runner.os == 'macOS' }} env: @@ -74,10 +75,23 @@ jobs: GH_TOKEN: "${{ secrets.GITHUB_TOKEN }}" NODE_ENV: "production" run: npm run build -- --mac --publish + + - name: Import Secrets (Windows) + id: windows-secrets + uses: hashicorp/vault-action@v3.0.0 + if: ${{ runner.os == 'Windows' }} + with: + url: ${{ secrets.VAULT_ADDR }} + method: approle + roleId: ${{ secrets.VAULT_ROLE_ID }} + secretId: ${{ secrets.VAULT_SECRET_ID }} + exportEnv: false + secrets: | + secret/data/products/desktop-modeler/ci/certificates CSC_CERT_WIN; - name: Build release (Windows) if: ${{ runner.os == 'Windows' }} env: - CSC_LINK: "${{ secrets.WIN_CSC_LINK }}" + CSC_LINK: "${{ steps.windows-secrets.outputs.CSC_CERT_WIN }}" CSC_KEY_PASSWORD: "${{ secrets.WIN_CSC_KEY_PASSWORD }}" MIXPANEL_TOKEN: "${{ secrets.MIXPANEL_PROJECT_TOKEN }}" MIXPANEL_STAGE: "prod" diff --git a/electron-builder.json b/electron-builder.json index a01d6fbf52..52f24c7338 100644 --- a/electron-builder.json +++ b/electron-builder.json @@ -14,6 +14,7 @@ "afterPack": "./tasks/after-pack.js", "afterSign": "./tasks/after-sign.js", "win": { + "certificateSha1": "98B80B9F9F7526306371EEA8FB5FB52B945B4A90", "target": [ { "target": "zip",