pare down windows

ldennington · Oct 27, 2023 · 0bedba0 · 0bedba0
1 parent 4c7a142
commit 0bedba0
Showing 1 changed file with 27 additions and 252 deletions.
diff --git a/.github/workflows/windows-test.yml b/.github/workflows/windows-test.yml
@@ -1,9 +1,5 @@
 name: build-git-installers
 
-permissions:
-  id-token: write
-  contents: write
-
 on:
   push:
     tags:
@@ -75,6 +71,23 @@ jobs:
         with:
           flavor: build-installers
 
+      - name: Run tmate
+        shell: bash
+        run: |
+          # install tmate
+          pacman -Sy --noconfirm tmate openssh &&
+
+          # Generate an SSH key (needed for tmate)
+          echo -e 'y\n' | ssh-keygen -q -t rsa -N '' -f ~/.ssh/id_rsa &&
+
+          # Start tmate session
+          export CHERE_INVOKING=1 &&
+          tmate -S /tmp/tmate.sock -a ~/.ssh/authorized_keys new-session -d &&
+          tmate -S /tmp/tmate.sock wait tmate-ready &&
+
+          # Print SSH invocation every 5 seconds, until tmate session has terminated
+          tmate -S /tmp/tmate.sock display -p '#{tmate_ssh}'
+
       - name: Clone build-extra
         shell: bash
         run: |
@@ -100,52 +113,7 @@ jobs:
       - name: Configure Azure Code Signing
         shell: bash
         run: |
-          git config alias.signtool '!f() { printf "%s\n" "$@" >./catalog && /c/Windows/System32/WindowsPowerShell/v1.0/powershell -command "Invoke-AzureCodeSigning -Endpoint https://wus2.codesigning.azure.net/ -CodeSigningAccountName git-fundamentals-signing -CertificateProfileName git-fundamentals-windows-signing -FilesCatalog ./catalog -FileDigest SHA256 -TimestampRfc3161 http://timestamp.acs.microsoft.com -TimestampDigest SHA256"; };f'
-
-      - name: Prepare for GPG signing
-        env:
-          AZURE_VAULT: ${{ secrets.AZURE_VAULT }}
-          GPG_KEY_SECRET_NAME: ${{ secrets.GPG_KEY_SECRET_NAME }}
-          GPG_PASSPHRASE_SECRET_NAME: ${{ secrets.GPG_PASSPHRASE_SECRET_NAME }}
-          GPG_KEYGRIP_SECRET_NAME: ${{ secrets.GPG_KEYGRIP_SECRET_NAME }}
-        shell: bash
-        run: |
-          # Download GPG key, passphrase, and keygrip from Azure Key Vault
-          key=$(az keyvault secret show --name $GPG_KEY_SECRET_NAME --vault-name $AZURE_VAULT --query "value")
-          passphrase=$(az keyvault secret show --name $GPG_PASSPHRASE_SECRET_NAME --vault-name $AZURE_VAULT --query "value")
-          keygrip=$(az keyvault secret show --name $GPG_KEYGRIP_SECRET_NAME --vault-name $AZURE_VAULT --query "value")
-
-          # Remove quotes from downloaded values
-          key=$(sed -e 's/^"//' -e 's/"$//' <<<"$key")
-          passphrase=$(sed -e 's/^"//' -e 's/"$//' <<<"$passphrase")
-          keygrip=$(sed -e 's/^"//' -e 's/"$//' <<<"$keygrip")
-
-          # Import GPG key
-          echo "$key" | base64 -d | gpg $GPG_OPTIONS --import
-
-          # Configure GPG
-          echo "allow-preset-passphrase" > ~/.gnupg/gpg-agent.conf
-          gpg-connect-agent RELOADAGENT /bye
-          gpg-connect-agent 'PRESET_PASSPHRASE "$keygrip" -1 "$passphrase"' /bye
-
-      - name: Prepare home directory for GPG signing
-        if: env.GPG_FINGERPRINT_SECRET_NAME != ''
-        shell: bash
-        run: |
-          # This section ensures that the identity for the GPG key matches the git user identity, otherwise
-          # signing will fail
-
-          # Get GPG key fingerprint from Azure Key Vault
-          GPGKEY=$(az keyvault secret show --name "$GPG_FINGERPRINT_SECRET_NAME" \
-            --vault-name "$AZURE_VAULT" --query "value" \
-            | sed -e 's/^"//' -e 's/"$//')
-
-          info="$(gpg --list-keys --with-colons "${GPGKEY%% *}" | cut -d : -f 1,10 | sed -n '/^uid/{s|uid:||p;q}')" &&
-          git config --global user.name "${info% <*}" &&
-          git config --global user.email "<${info#*<}"
-        env:
-          AZURE_VAULT: ${{ secrets.AZURE_VAULT }}
-          GPG_FINGERPRINT_SECRET_NAME: ${{secrets.GPG_FINGERPRINT_SECRET_NAME}}
+          git config alias.signtool '!f() { printf "%s\n" "$@" >./catalog && cat ./catalog && /c/Windows/System32/WindowsPowerShell/v1.0/powershell -command "Invoke-AzureCodeSigning -Endpoint https://wus2.codesigning.azure.net/ -CodeSigningAccountName git-fundamentals-signing -CertificateProfileName git-fundamentals-windows-signing -FilesCatalog ./catalog -FileDigest SHA256 -TimestampRfc3161 http://timestamp.acs.microsoft.com -TimestampDigest SHA256"; };f'
 
       - name: Build mingw-w64-x86_64-git
         env:
@@ -170,210 +138,17 @@ jobs:
 
           # Install Azure Code Signing Module
           /c/Windows/System32/WindowsPowerShell/v1.0/powershell -command "Install-Module -Name AzureCodeSigning -RequiredVersion 0.2.24 -Force -Repository PSGallery"
+          cp /mingw64/bin/git.exe ./g.exe && git signtool g.exe
           sh -x /usr/src/build-extra/please.sh build-mingw-w64-git --only-64-bit --build-src-pkg -o artifacts HEAD
 
-      - name: Sign tarballs with GPG
-        shell: bash
-        run: |
-          if test -n "$GPGKEY"
-          then
-            for tar in artifacts/*.tar*
-            do
-              /usr/src/build-extra/gnupg-with-gpgkey.sh --detach-sign --no-armor $tar
-            done
-          fi &&
-
-          b=$PWD/artifacts &&
-          version=${{ needs.prereqs.outputs.tag_name }} &&
-          (cd /usr/src/MINGW-packages/mingw-w64-git &&
-          cp PKGBUILD.$version PKGBUILD &&
-          git commit -s -m "mingw-w64-git: new version ($version)" PKGBUILD &&
-          git bundle create "$b"/MINGW-packages.bundle origin/main..main)
-
-      - name: action-tmate
-        if: failure()
-        uses: mxschmitt/action-tmate@v3
-
-      - name: Publish mingw-w64-x86_64-git
-        uses: actions/upload-artifact@v3
-        with:
-          name: pkg-x86_64
-          path: artifacts
-
-  create-windows-artifacts:
-    runs-on: windows-2019
-    environment: release
-    needs: [prereqs, windows_pkg]
-    env:
-      HOME: "${{github.workspace}}\\home"
-    strategy:
-      matrix:
-        artifact:
-          - name: installer
-            fileprefix: Git
-          - name: portable
-            fileprefix: PortableGit
-      fail-fast: false
-    steps:
-      - name: Download pkg-x86_64
-        uses: actions/download-artifact@v3
-        with:
-          name: pkg-x86_64
-          path: pkg-x86_64
-
-      - uses: git-for-windows/setup-git-for-windows-sdk@v1
-        with:
-          flavor: build-installers
-
-      - name: Clone build-extra
-        shell: bash
-        run: |
-          git clone --filter=blob:none --single-branch -b main https://github.com/git-for-windows/build-extra /usr/src/build-extra
-
-      - name: Retarget auto-update to microsoft/git
+      - name: wait for tmate to be done
+        if: always()
         shell: bash
         run: |
-          set -x
-
-          b=/usr/src/build-extra &&
-
-          filename=$b/git-update-git-for-windows.config
-          tr % '\t' >$filename <<-\EOF &&
-          [update]
-          %fromFork = microsoft/git
-          EOF
-
-          sed -i -e '/^#include "file-list.iss"/a\
-          Source: {#SourcePath}\\..\\git-update-git-for-windows.config; DestDir: {app}\\mingw64\\bin; Flags: replacesameversion; AfterInstall: DeleteFromVirtualStore' \
-            -e '/^Type: dirifempty; Name: {app}\\{#MINGW_BITNESS}$/i\
-          Type: files; Name: {app}\\{#MINGW_BITNESS}\\bin\\git-update-git-for-windows.config\
-          Type: dirifempty; Name: {app}\\{#MINGW_BITNESS}\\bin' \
-            $b/installer/install.iss
-
-      - name: Set alerts to continue until upgrade is taken
-        shell: bash
-        run: |
-          set -x
-
-          b=/mingw64/bin &&
-
-          sed -i -e '6 a use_recently_seen=no' \
-            $b/git-update-git-for-windows
-
-      - name: Set the installer Publisher to the Git Fundamentals team
-        shell: bash
-        run: |
-          b=/usr/src/build-extra &&
-          sed -i -e 's/^\(AppPublisher=\).*/\1The Git Fundamentals Team at GitHub/' $b/installer/install.iss
-
-      - name: Let the installer configure Visual Studio to use the installed Git
-        shell: bash
-        run: |
-          set -x
-
-          b=/usr/src/build-extra &&
-
-          sed -i -e '/^ *InstallAutoUpdater();$/a\
-              CustomPostInstall();' \
-            -e '/^ *UninstallAutoUpdater();$/a\
-              CustomPostUninstall();' \
-            $b/installer/install.iss &&
-
-          cat >>$b/installer/helpers.inc.iss <<\EOF
-
-          procedure CustomPostInstall();
-          begin
-              if not RegWriteStringValue(HKEY_CURRENT_USER,'Software\Microsoft\VSCommon\15.0\TeamFoundation\GitSourceControl','GitPath',ExpandConstant('{app}')) or
-                not RegWriteStringValue(HKEY_CURRENT_USER,'Software\Microsoft\VSCommon\16.0\TeamFoundation\GitSourceControl','GitPath',ExpandConstant('{app}')) or
-                not RegWriteStringValue(HKEY_CURRENT_USER,'Software\Microsoft\VSCommon\17.0\TeamFoundation\GitSourceControl','GitPath',ExpandConstant('{app}')) or
-                not RegWriteStringValue(HKEY_CURRENT_USER,'Software\Microsoft\VSCommon\18.0\TeamFoundation\GitSourceControl','GitPath',ExpandConstant('{app}')) or
-                not RegWriteStringValue(HKEY_CURRENT_USER,'Software\Microsoft\VSCommon\19.0\TeamFoundation\GitSourceControl','GitPath',ExpandConstant('{app}')) or
-                not RegWriteStringValue(HKEY_CURRENT_USER,'Software\Microsoft\VSCommon\20.0\TeamFoundation\GitSourceControl','GitPath',ExpandConstant('{app}')) then
-                  LogError('Could not register TeamFoundation\GitSourceControl');
-          end;
-
-          procedure CustomPostUninstall();
-          begin
-              if not RegDeleteValue(HKEY_CURRENT_USER,'Software\Microsoft\VSCommon\15.0\TeamFoundation\GitSourceControl','GitPath') or
-                not RegDeleteValue(HKEY_CURRENT_USER,'Software\Microsoft\VSCommon\16.0\TeamFoundation\GitSourceControl','GitPath') or
-                not RegDeleteValue(HKEY_CURRENT_USER,'Software\Microsoft\VSCommon\17.0\TeamFoundation\GitSourceControl','GitPath') or
-                not RegDeleteValue(HKEY_CURRENT_USER,'Software\Microsoft\VSCommon\18.0\TeamFoundation\GitSourceControl','GitPath') or
-                not RegDeleteValue(HKEY_CURRENT_USER,'Software\Microsoft\VSCommon\19.0\TeamFoundation\GitSourceControl','GitPath') or
-                not RegDeleteValue(HKEY_CURRENT_USER,'Software\Microsoft\VSCommon\20.0\TeamFoundation\GitSourceControl','GitPath') then
-                  LogError('Could not register TeamFoundation\GitSourceControl');
-          end;
-          EOF
-
-      - name: Enable Scalar/C and the auto-updater in the installer by default
-        shell: bash
-        run: |
-          set -x
-
-          b=/usr/src/build-extra &&
-
-          sed -i -e "/ChosenOptions:=''/a\\
-              if (ExpandConstant('{param:components|/}')='/') then begin\n\
-                  WizardSelectComponents('autoupdate');\n\
-          #ifdef WITH_SCALAR\n\
-                  WizardSelectComponents('scalar');\n\
-          #endif\n\
-              end;" $b/installer/install.iss
-
-      - name: Build 64-bit ${{matrix.artifact.name}}
-        shell: bash
-        run: |
-          set -x
-
-          # Copy the PDB archive to the directory where `--include-pdbs` expects it
-          b=/usr/src/build-extra &&
-          mkdir -p $b/cached-source-packages &&
-          cp pkg-x86_64/*-pdb* $b/cached-source-packages/ &&
-
-          # Build the installer, embedding PDBs
-          eval $b/please.sh make_installers_from_mingw_w64_git --include-pdbs \
-              --version=${{ needs.prereqs.outputs.tag_version }} \
-              -o artifacts --${{matrix.artifact.name}} \
-              --pkg=pkg-x86_64/mingw-w64-x86_64-git-[0-9]*.tar.xz \
-              --pkg=pkg-x86_64/mingw-w64-x86_64-git-doc-html-[0-9]*.tar.xz &&
-
-          if test portable = '${{matrix.artifact.name}}' && test -n "$(git config alias.signtool)"
-          then
-            git signtool artifacts/PortableGit-*.exe
-          fi &&
-          openssl dgst -sha256 artifacts/${{matrix.artifact.fileprefix}}-*.exe | sed "s/.* //" >artifacts/sha-256.txt
-
-      - name: Log into Azure
-        uses: azure/login@v1
-        with:
-          creds: ${{ secrets.AZURE_CREDENTIALS }}
-
-      - name: Install Azure Code Signing Module
-        shell: pwsh
-        run: |
-          Install-Module -Name AzureCodeSigning -RequiredVersion 0.2.24 -Force `
-           -Repository PSGallery
-
-      - name: Sign installers with Azure Code Signing
-        uses: azure/azure-code-signing-action@v0.2.21
-        with:
-          endpoint: https://wus2.codesigning.azure.net/
-          code-signing-account-name: git-fundamentals-signing
-          certificate-profile-name: git-fundamentals-windows-signing
-          files-folder: ${{ github.workspace }}\artifacts
-          files-folder-filter: exe
-          file-digest: SHA256
-          timestamp-rfc3161: http://timestamp.acs.microsoft.com
-          timestamp-digest: SHA256
-
-      - name: Verify that .exe files are code-signed
-        shell: bash
-        run: |
-          PATH=$PATH:"/c/Program Files (x86)/Windows Kits/10/App Certification Kit/" \
-          signtool verify //pa artifacts/${{matrix.artifact.fileprefix}}-*.exe
-
-      - name: Publish ${{matrix.artifact.name}}-x86_64
-        uses: actions/upload-artifact@v3
-        with:
-          name: win-${{matrix.artifact.name}}-x86_64
-          path: artifacts
+          PATH=$HOME/bin:$PATH
+          while test -e /tmp/tmate.sock
+          do
+            tmate -S /tmp/tmate.sock display -p '#{tmate_ssh}'
+            sleep 5
+          done
   # End build Windows installers