diff --git a/.github/workflows/reusable-build-2.yml b/.github/workflows/reusable-build-2.yml new file mode 100644 index 000000000..8ac850dca --- /dev/null +++ b/.github/workflows/reusable-build-2.yml @@ -0,0 +1,115 @@ +name: Build Package + +on: [workflow_call] +env: + E2E_DEVICE_ID: ${{ secrets.E2E_DEVICE_ID }} + E2E_DEVICE_NAME: ${{ secrets.E2E_DEVICE_NAME }} + E2E_DEVICE_PLATFORM_ID: ${{ secrets.E2E_DEVICE_PLATFORM_ID }} + E2E_DEVICE_PLATFORM_NAME: ${{ secrets.E2E_DEVICE_PLATFORM_NAME }} + E2E_FOREIGN_DEVICE_ID: ${{ secrets.E2E_FOREIGN_DEVICE_ID }} + E2E_FOREIGN_DEVICE_NAME: ${{ secrets.E2E_FOREIGN_DEVICE_NAME }} + E2E_FOREIGN_DEVICE_PLATFORM_ID: ${{ secrets.E2E_FOREIGN_DEVICE_PLATFORM_ID }} + E2E_FOREIGN_DEVICE_PLATFORM_NAME: ${{ secrets.E2E_FOREIGN_DEVICE_PLATFORM_NAME }} + E2E_FOREIGN_PASSWORD: ${{ secrets.E2E_FOREIGN_PASSWORD }} + E2E_FOREIGN_USERNAME: ${{ secrets.E2E_FOREIGN_USERNAME }} + E2E_PASSWORD: ${{ secrets.E2E_PASSWORD }} + E2E_PRODUCT_01_DEVICE_01_GROUP: ${{ secrets.E2E_PRODUCT_01_DEVICE_01_GROUP }} + E2E_PRODUCT_01_DEVICE_01_ID: ${{ secrets.E2E_PRODUCT_01_DEVICE_01_ID }} + E2E_PRODUCT_01_DEVICE_01_NAME: ${{ secrets.E2E_PRODUCT_01_DEVICE_01_NAME }} + E2E_PRODUCT_01_DEVICE_01_PLATFORM_ID: ${{ secrets.E2E_PRODUCT_01_DEVICE_01_PLATFORM_ID }} + E2E_PRODUCT_01_DEVICE_01_PLATFORM_NAME: ${{ secrets.E2E_PRODUCT_01_DEVICE_01_PLATFORM_NAME }} + E2E_PRODUCT_01_DEVICE_02_GROUP: ${{ secrets.E2E_PRODUCT_01_DEVICE_02_GROUP }} + E2E_PRODUCT_01_DEVICE_02_ID: ${{ secrets.E2E_PRODUCT_01_DEVICE_02_ID }} + E2E_PRODUCT_01_DEVICE_02_NAME: ${{ secrets.E2E_PRODUCT_01_DEVICE_02_NAME }} + E2E_PRODUCT_01_DEVICE_02_PLATFORM_ID: ${{ secrets.E2E_PRODUCT_01_DEVICE_02_PLATFORM_ID }} + E2E_PRODUCT_01_DEVICE_02_PLATFORM_NAME: ${{ secrets.E2E_PRODUCT_01_DEVICE_02_PLATFORM_NAME }} + E2E_PRODUCT_01_ID: ${{ secrets.E2E_PRODUCT_01_ID }} + E2E_PRODUCT_01_NAME: ${{ secrets.E2E_PRODUCT_01_NAME }} + E2E_USERNAME: ${{ secrets.E2E_USERNAME }} + PARTICLE_WINDOWS_SIGNING_CERT: ${{ secrets.PARTICLE_WINDOWS_SIGNING_CERT }} + PARTICLE_WINDOWS_SIGNING_PASS: ${{ secrets.PARTICLE_WINDOWS_SIGNING_PASS }} +jobs: + build: + runs-on: ubuntu-latest # Choose an appropriate runner + steps: + - uses: actions/checkout@v3 + + - name: Set up Node.js + uses: actions/setup-node@v3 + with: + node-version: '16' + + - name: Configure NPM Token + run: npm config set //registry.npmjs.org/:_authToken=${{ secrets.NPM_TOKEN }} + + - name: Install dependencies + run: npm install + + - name: Restore Cache + uses: actions/cache@v3 + with: + path: ~/.pkg-cache + key: node16-pkg-${{ github.run_id }} + restore-keys: node16-pkg- + + - name: Add pre-built Node for armv7 + run: | + mkdir -p ~/.pkg-cache/v3.4 + cp .prebuild/built-v16.16.0-linux-armv7 ~/.pkg-cache/v3.4 + + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + with: + platforms: arm,arm64 + + - name: Set up ldid + uses: MOZGIII/install-ldid-action@v1 + with: + tag: v2.1.5-procursus7 + + - name: Build Package + run: npm run build + + - name: Save Cache + uses: actions/cache@v3 + with: + path: ~/.pkg-cache + key: node16-pkg-${{ github.run_id }} + + - name: Upload Artifact + uses: actions/upload-artifact@v4 + with: + name: not_signed + path: build/ + windows-sign: + runs-on: windows-latest + needs: build + steps: + - name: Download Artifact + uses: actions/download-artifact@v4 + with: + name: not_signed + path: build/ + - name: Sign Windows Executable + uses: azure/trusted-signing-action@v0.5.0 + with: + azure-tenant-id: ${{ secrets.AZURE_TENANT_ID }} + azure-client-id: ${{ secrets.AZURE_CLIENT_ID }} + azure-client-secret: ${{ secrets.AZURE_CLIENT_SECRET }} + endpoint: ${{ secrets.AZURE_ENDPOINT }} + trusted-signing-account-name: ${{ secrets.AZURE_CODE_SIGNING_NAME }} + certificate-profile-name: ${{ secrets.AZURE_CERT_PROFILE_NAME }} + + # Sign all exes inside the folder + files-folder: build + files-folder-filter: exe + - name: Upload Artifact + uses: actions/upload-artifact@v4 + with: + name: signed + path: build/ + + + + + diff --git a/.github/workflows/test-sign.yml b/.github/workflows/test-sign.yml new file mode 100644 index 000000000..70f8d2933 --- /dev/null +++ b/.github/workflows/test-sign.yml @@ -0,0 +1,9 @@ +name: Deploy to staging - azure signature +on: + push: + branches: + - 'feature/sc-131477/sign-cli-windows-executable-and-installer' +jobs: + call-build: + uses: ./.github/workflows/reusable-build-2.yml + secrets: inherit