add msix signing #207
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: FieldWorks Lite | |
| on: | |
| workflow_dispatch: | |
| push: | |
| paths: | |
| - 'backend/FwLite/**' | |
| - 'backend/harmony/**' | |
| - 'frontend/viewer/**' | |
| - '.github/workflows/fw-lite.yaml' | |
| branches: | |
| - develop | |
| - main | |
| pull_request: | |
| paths: | |
| - 'backend/FwLite/**' | |
| - 'backend/harmony/**' | |
| - 'frontend/viewer/**' | |
| - '.github/workflows/fw-lite.yaml' | |
| branches: | |
| - develop | |
| - main | |
| jobs: | |
| build-and-test: | |
| name: Build FW Lite and run tests | |
| timeout-minutes: 20 | |
| runs-on: windows-latest | |
| outputs: | |
| version: ${{ steps.setVersion.outputs.VERSION }} | |
| semver-version: ${{ steps.setVersion.outputs.SEMVER_VERSION }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| submodules: true | |
| - uses: actions/setup-dotnet@v4 | |
| with: | |
| dotnet-version: '8.x' | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version-file: './frontend/package.json' | |
| - name: Set Version | |
| id: setVersion | |
| shell: bash | |
| # set version to date in vYYYY-MM-DD-commitSha format, and semver version to YYYY.MM.DD | |
| run: | | |
| shortSha=$(echo ${{ github.sha }} | cut -c1-8) | |
| echo "VERSION=v$(date --rfc-3339=date)-$shortSha" >> ${GITHUB_OUTPUT} | |
| echo "SEMVER_VERSION=$(date +%Y.%-m.%-d).0" >> ${GITHUB_OUTPUT} | |
| - name: Dotnet build | |
| working-directory: backend/FwLite/FwLiteDesktop | |
| run: | | |
| dotnet build --configuration Release | |
| - name: Dotnet test | |
| run: dotnet test FwLiteOnly.slnf --configuration Release --logger GitHubActions | |
| - name: Build viewer | |
| working-directory: frontend/viewer | |
| run: | | |
| corepack enable | |
| pnpm install | |
| pnpm run build-app | |
| - name: Upload viewer artifacts | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: fw-lite-viewer-app | |
| if-no-files-found: error | |
| path: frontend/viewer/dist | |
| publish-mac: | |
| name: Publish FW Lite app for Mac | |
| needs: build-and-test | |
| timeout-minutes: 30 | |
| runs-on: macos-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| submodules: true | |
| - uses: actions/download-artifact@v4 | |
| with: | |
| name: fw-lite-viewer-app | |
| path: frontend/viewer/dist | |
| - uses: actions/setup-dotnet@v4 | |
| with: | |
| dotnet-version: '8.x' | |
| - name: Dotnet build | |
| working-directory: backend/FwLite/LocalWebApp | |
| run: dotnet build --configuration Release | |
| - name: Publish OSX | |
| working-directory: backend/FwLite/LocalWebApp | |
| run: dotnet publish -r osx-x64 --artifacts-path ../artifacts -p:Version=${{ needs.build-and-test.outputs.semver-version }} | |
| - name: Publish OSX ARM | |
| working-directory: backend/FwLite/LocalWebApp | |
| run: dotnet publish -r osx-arm64 --artifacts-path ../artifacts -p:Version=${{ needs.build-and-test.outputs.semver-version }} | |
| #todo sign the app | |
| - name: Upload local web app artifacts | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: fw-lite-local-web-app-mac | |
| if-no-files-found: error | |
| path: backend/FwLite/artifacts/publish/LocalWebApp/* | |
| publish-linux: | |
| name: Publish FW Lite app for Linux | |
| needs: build-and-test | |
| timeout-minutes: 30 | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| submodules: true | |
| - uses: actions/download-artifact@v4 | |
| with: | |
| name: fw-lite-viewer-app | |
| path: frontend/viewer/dist | |
| - uses: actions/setup-dotnet@v4 | |
| with: | |
| dotnet-version: '8.x' | |
| - name: Dotnet build | |
| working-directory: backend/FwLite/LocalWebApp | |
| run: dotnet build --configuration Release | |
| - name: Publish Linux | |
| working-directory: backend/FwLite/LocalWebApp | |
| run: dotnet publish -r linux-x64 --artifacts-path ../artifacts -p:PublishSingleFile=true -p:Version=${{ needs.build-and-test.outputs.semver-version }} | |
| - name: Upload FWLite Desktop artifacts | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: fw-lite-local-web-app-linux | |
| if-no-files-found: error | |
| path: backend/FwLite/artifacts/publish/LocalWebApp/* | |
| publish-win: | |
| name: Publish FW Lite app for Windows | |
| needs: build-and-test | |
| timeout-minutes: 30 | |
| runs-on: windows-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| submodules: true | |
| - uses: actions/download-artifact@v4 | |
| with: | |
| name: fw-lite-viewer-app | |
| path: frontend/viewer/dist | |
| - uses: actions/setup-dotnet@v4 | |
| with: | |
| dotnet-version: '8.x' | |
| - name: Setup Maui | |
| run: dotnet workload install maui-windows | |
| - name: Dotnet build | |
| working-directory: backend/FwLite/LocalWebApp | |
| run: dotnet build --configuration Release | |
| - name: Publish Windows MAUI portable app | |
| working-directory: backend/FwLite/FwLiteDesktop | |
| run: | | |
| dotnet publish -r win-x64 --artifacts-path ../artifacts -p:WindowsPackageType=None -p:ApplicationDisplayVersion=${{ needs.build-and-test.outputs.semver-version }} | |
| dotnet publish -r win-arm64 --artifacts-path ../artifacts -p:WindowsPackageType=None -p:ApplicationDisplayVersion=${{ needs.build-and-test.outputs.semver-version }} | |
| mkdir -p ../artifacts/sign/portable | |
| cp -r ../artifacts/publish/FwLiteDesktop/* ../artifacts/sign/portable/ | |
| - name: Publish Windows MAUI msix app | |
| working-directory: backend/FwLite/FwLiteDesktop | |
| run: | | |
| dotnet publish -r win-x64 --artifacts-path ../artifacts -p:ApplicationDisplayVersion=${{ needs.build-and-test.outputs.semver-version }} | |
| dotnet publish -r win-arm64 --artifacts-path ../artifacts -p:ApplicationDisplayVersion=${{ needs.build-and-test.outputs.semver-version }} | |
| mkdir -p ../artifacts/msix | |
| cp ../artifacts/bin/FwLiteDesktop/*/AppPackages/*/*.msix ../artifacts/msix/ | |
| - name: Bundle MSIX | |
| working-directory: backend/FwLite/artifacts/msix | |
| shell: pwsh | |
| run: | | |
| $SdkVersion = '10.0.19041.0' | |
| $Architecture = 'x86' | |
| $sdkToolsPath = Join-Path -Path 'C:\Program Files (x86)\Windows Kits\10\bin' -ChildPath $SdkVersion -AdditionalChildPath $Architecture | |
| $env:Path += ";$sdkToolsPath" | |
| MakeAppx.exe bundle /v /bv ${{ needs.build-and-test.outputs.semver-version }} /d . /p ../sign/FwLiteDesktop.msixbundle | |
| - name: Sign with Trusted Signing | |
| if: ${{ github.ref_name == 'develop' || github.ref_name == 'main' }} | |
| uses: azure/trusted-signing-action@v0.4.0 | |
| with: | |
| azure-tenant-id: ${{ secrets.AZURE_TENANT_ID }} | |
| azure-client-id: ${{ secrets.AZURE_CLIENT_ID }} | |
| azure-client-secret: ${{ secrets.AZURE_CLIENT_SECRET }} | |
| endpoint: ${{ vars.TRUSTED_SIGNING_ENDPOINT }} | |
| trusted-signing-account-name: ${{ vars.TRUSTED_SIGNING_ACCOUNT_NAME }} | |
| certificate-profile-name: ${{ vars.CERTIFICATE_PROFILE_NAME }} | |
| files-folder: ${{ github.workspace }}/backend/FwLite/artifacts/sign | |
| files-folder-filter: msixbundle,exe | |
| files-folder-recurse: true | |
| files-folder-depth: 4 | |
| file-digest: SHA256 | |
| timestamp-rfc3161: http://timestamp.acs.microsoft.com | |
| timestamp-digest: SHA256 | |
| trace: ${{ runner.debug == '1' }} | |
| exclude-workload-identity-credential: true | |
| exclude-managed-identity-credential: true | |
| exclude-shared-token-cache-credential: true | |
| exclude-visual-studio-credential: true | |
| exclude-visual-studio-code-credential: true | |
| exclude-azure-cli-credential: true | |
| exclude-azure-powershell-credential: true | |
| exclude-azure-developer-cli-credential: true | |
| exclude-interactive-browser-credential: true | |
| - name: Upload FWLite Portable | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: fw-lite-portable | |
| if-no-files-found: error | |
| path: backend/FwLite/artifacts/sign/portable/* | |
| - name: Upload FWLite MSIX | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: fw-lite-msix | |
| if-no-files-found: error | |
| path: backend/FwLite/artifacts/sign/*.msixbundle | |
| create-release: | |
| if: ${{ github.ref_name == 'main' }} | |
| name: Create Release | |
| needs: [ build-and-test, publish-win, publish-linux, publish-mac] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/download-artifact@v4 | |
| with: | |
| name: fw-lite-msix | |
| - uses: actions/download-artifact@v4 | |
| with: | |
| name: fw-lite-portable | |
| - uses: actions/download-artifact@v4 | |
| with: | |
| name: fw-lite-local-web-app-linux | |
| - name: Zip artifacts | |
| run: | | |
| zip -r fw-lite-portable.zip fw-lite-portable | |
| zip -r fw-lite-local-web-app-linux.zip fw-lite-local-web-app-linux | |
| - name: Create Release | |
| uses: softprops/action-gh-release@v2 | |
| with: | |
| tag_name: ${{ needs.build-and-test.outputs.version }} | |
| target_commitish: ${{ github.sha }} | |
| generate_release_notes: true | |
| files: | | |
| fw-lite-msix/* | |
| fw-lite-portable.zip | |
| fw-lite-local-web-app-linux.zip | |