Skip to content

Build and upload Windows app artifact #128

Build and upload Windows app artifact

Build and upload Windows app artifact #128

name: Build and upload Windows app artifact
on:
workflow_dispatch:
inputs:
buildBranch:
description: 'Headlamp ref/branch/tag'
required: true
default: 'main'
signBinaries:
description: Sign the binaries
default: true
type: boolean
permissions:
contents: read
jobs:
build-windows:
permissions:
id-token: write # For fetching an OpenID Connect (OIDC) token
contents: read
actions: write # needed to upload artifacts
runs-on: windows-2022
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
path: build-helper
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
repository: headlamp-k8s/headlamp
ref: ${{ github.event.inputs.buildBranch }}
path: headlamp
- name: Setup nodejs
uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
with:
node-version: 20.x
cache: 'npm'
cache-dependency-path: |
headlamp/app/package-lock.json
headlamp/frontend/package-lock.json
- uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
with:
go-version: '1.22.*'
cache-dependency-path: |
headlamp/backend/go.sum
- name: Dependencies
uses: crazy-max/ghaction-chocolatey@e80bd39bb49cae70b67ea53d52d00833a7255c21 # v1.7.0
with:
args: install make
- name: Azure login
if: ${{ inputs.signBinaries }}
uses: azure/login@6c251865b4e6290e7b78be643ea2d005bc51f69a # v2.1.1
with:
client-id: ${{ secrets.WINDOWS_CLIENT_ID }}
tenant-id: ${{ secrets.AZ_TENANT_ID }}
subscription-id: ${{ secrets.AZ_SUBSCRIPTION_ID }}
- name: Fetch certificates
if: ${{ inputs.signBinaries }}
shell: pwsh
run: |
az keyvault secret download --subscription ${{ secrets.AZ_SUBSCRIPTION_ID }} --vault-name headlamp --name HeadlampAuthCert --file c:\HeadlampAuthCert.pfx --encoding base64
az keyvault secret download --subscription ${{ secrets.AZ_SUBSCRIPTION_ID }} --vault-name headlamp --name ESRPHeadlampReqCert --file c:\HeadlampReqCert.pfx --encoding base64
- name: Set up certificates
if: ${{ inputs.signBinaries }}
shell: pwsh
run: |
Import-PfxCertificate -FilePath c:\HeadlampAuthCert.pfx -CertStoreLocation Cert:\LocalMachine\My -Exportable
Import-PfxCertificate -FilePath c:\HeadlampReqCert.pfx -CertStoreLocation Cert:\LocalMachine\My -Exportable
- name: Download and Set up ESRPClient
if: ${{ inputs.signBinaries }}
shell: pwsh
run: |
nuget.exe sources add -name esrp -source ${{ secrets.ESRP_NUGET_INDEX_URL }} -username headlamp -password ${{ secrets.AZ_DEVOPS_TOKEN }}
nuget.exe install Microsoft.EsrpClient -Version 1.2.80 -source ${{ secrets.ESRP_NUGET_INDEX_URL }} | out-null
- name: App Windows
shell: pwsh
working-directory: headlamp
run: |
if ("${{ inputs.signBinaries }}" -eq "true") {
$env:ESRP_PATH="$(Get-Location)\..\Microsoft.EsrpClient.1.2.80\tools\EsrpClient.exe"
$env:HEADLAMP_WINDOWS_CLIENT_ID="${{ secrets.WINDOWS_CLIENT_ID }}"
$env:HEADLAMP_WINDOWS_SIGN_EMAIL="${{ secrets.WINDOWS_SIGN_EMAIL }}"
} else {
echo "Not signing binaries"
}
make app-win
- name: Upload artifact
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
with:
name: Win exes
path: ./headlamp/app/dist/Headlamp*.*
if-no-files-found: error
retention-days: 2