-
Notifications
You must be signed in to change notification settings - Fork 25
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* Add windows signing for all msi builds and check for secrets
- Loading branch information
Showing
1 changed file
with
71 additions
and
31 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -57,6 +57,20 @@ jobs: | |
| - name: Enable Developer Command Prompt | ||
| uses: ilammy/[email protected] | ||
|
|
||
| - name: Check Secrets exists | ||
| id: set-signing-state | ||
| env: | ||
| super_secret: ${{ secrets.AZURE_ENDPOINT }} | ||
| run: | | ||
| if [[ '${{ env.super_secret }}' == '' ]] | ||
| then | ||
| SIGN_VAL=$(echo "false") | ||
| else | ||
| SIGN_VAL=$(echo "true") | ||
| fi | ||
| echo "BINSIGN=$SIGN_VAL" >> $GITHUB_OUTPUT | ||
| shell: bash | ||
|
|
||
| - name: Set file base name (Windows) | ||
| id: set-file-base | ||
| run: | | ||
|
|
@@ -109,20 +123,17 @@ jobs: | |
| trusted-signing-account-name: ${{ secrets.AZURE_CODE_SIGNING_NAME }} | ||
| certificate-profile-name: ${{ secrets.AZURE_CERT_PROFILE_NAME }} | ||
| files-folder: ${{ runner.workspace }}/hdf4/build/${{ inputs.preset_name }}-MSVC | ||
| files-folder-filter: zip,msi | ||
| files-folder-filter: msi | ||
| file-digest: SHA256 | ||
| timestamp-rfc3161: http://timestamp.acs.microsoft.com | ||
| timestamp-digest: SHA256 | ||
|
|
||
| - name: Create build folders (Windows) | ||
| run: | | ||
| mkdir "${{ runner.workspace }}/build" | ||
| mkdir "${{ runner.workspace }}/build/hdf4" | ||
| shell: bash | ||
| if: ${{ steps.set-signing-state.BINSIGN == 'true' }} | ||
|
|
||
| - name: Publish binary (Windows) | ||
| id: publish-ctest-binary | ||
| run: | | ||
| mkdir "${{ runner.workspace }}/build" | ||
| mkdir "${{ runner.workspace }}/build/hdf4" | ||
| Copy-Item -Path ${{ runner.workspace }}/hdf4/${{ steps.set-file-base.outputs.SOURCE_BASE }}/COPYING -Destination ${{ runner.workspace }}/build/hdf4/ | ||
| Copy-Item -Path ${{ runner.workspace }}/hdf4/build/${{ inputs.preset_name }}-MSVC/README.txt -Destination ${{ runner.workspace }}/build/hdf4/ | ||
| Copy-Item -Path ${{ runner.workspace }}/hdf4/build/${{ inputs.preset_name }}-MSVC/* -Destination ${{ runner.workspace }}/build/hdf4/ -Include *.zip | ||
|
|
@@ -133,10 +144,12 @@ jobs: | |
| - name: Publish msi binary (Windows) | ||
| id: publish-ctest-msi-binary | ||
| run: | | ||
| Copy-Item -Path ${{ runner.workspace }}/hdf4/${{ steps.set-file-base.outputs.SOURCE_BASE }}/COPYING -Destination ${{ runner.workspace }}/build/hdf4/ | ||
| Copy-Item -Path ${{ runner.workspace }}/hdf4/build/${{ inputs.preset_name }}-MSVC/README.txt -Destination ${{ runner.workspace }}/build/hdf4/ | ||
| Copy-Item -Path ${{ runner.workspace }}/hdf4/build/${{ inputs.preset_name }}-MSVC/* -Destination ${{ runner.workspace }}/build/hdf4/ -Include *.msi | ||
| cd "${{ runner.workspace }}/build" | ||
| mkdir "${{ runner.workspace }}/buildmsi" | ||
| mkdir "${{ runner.workspace }}/buildmsi/hdf4" | ||
| Copy-Item -Path ${{ runner.workspace }}/hdf4/${{ steps.set-file-base.outputs.SOURCE_BASE }}/COPYING -Destination ${{ runner.workspace }}/buildmsi/hdf4/ | ||
| Copy-Item -Path ${{ runner.workspace }}/hdf4/build/${{ inputs.preset_name }}-MSVC/README.txt -Destination ${{ runner.workspace }}/buildmsi/hdf4/ | ||
| Copy-Item -Path ${{ runner.workspace }}/hdf4/build/${{ inputs.preset_name }}-MSVC/* -Destination ${{ runner.workspace }}/buildmsi/hdf4/ -Include *.msi | ||
| cd "${{ runner.workspace }}/buildmsi" | ||
| 7z a -tzip ${{ steps.set-file-base.outputs.FILE_BASE }}-win-vs2022_cl.msi.zip hdf4 | ||
| shell: pwsh | ||
|
|
||
|
|
@@ -158,7 +171,7 @@ jobs: | |
| uses: actions/upload-artifact@v4 | ||
| with: | ||
| name: msi-vs2022_cl-binary | ||
| path: ${{ runner.workspace }}/build/${{ steps.set-file-base.outputs.FILE_BASE }}-win-vs2022_cl.msi.zip | ||
| path: ${{ runner.workspace }}/buildmsi/${{ steps.set-file-base.outputs.FILE_BASE }}-win-vs2022_cl.msi.zip | ||
| if-no-files-found: error # 'warn' or 'ignore' are also available, defaults to `warn` | ||
|
|
||
| build_and_test_linux: | ||
|
|
@@ -260,15 +273,13 @@ jobs: | |
| path: ${{ runner.workspace }}/build/${{ steps.set-file-base.outputs.FILE_BASE }}-ubuntu-2204_gcc.tar.gz | ||
| if-no-files-found: error # 'warn' or 'ignore' are also available, defaults to `warn` | ||
|
|
||
| # Save files created by ctest script | ||
| - name: Save published binary deb (Linux) | ||
| uses: actions/upload-artifact@v4 | ||
| with: | ||
| name: deb-ubuntu-2204_gcc-binary | ||
| path: ${{ runner.workspace }}/builddeb/${{ steps.set-file-base.outputs.FILE_BASE }}-ubuntu-2204_gcc.deb.tar.gz | ||
| if-no-files-found: error # 'warn' or 'ignore' are also available, defaults to `warn` | ||
|
|
||
| # Save files created by ctest script | ||
| - name: Save published binary rpm (Linux) | ||
| uses: actions/upload-artifact@v4 | ||
| with: | ||
|
|
@@ -362,12 +373,13 @@ jobs: | |
| - name: Publish dmg binary (MacOS_latest) | ||
| id: publish-ctest-dmg-binary | ||
| run: | | ||
| mkdir "${{ runner.workspace }}/build/hdf4dmg" | ||
| cp ${{ runner.workspace }}/hdf4/${{ steps.set-file-base.outputs.SOURCE_BASE }}/COPYING ${{ runner.workspace }}/build/hdf4dmg | ||
| cp ${{ runner.workspace }}/hdf4/build/${{ inputs.preset_name }}-Clang/README.txt ${{ runner.workspace }}/build/hdf4dmg | ||
| cp ${{ runner.workspace }}/hdf4/build/${{ inputs.preset_name }}-Clang/*.tar.gz ${{ runner.workspace }}/build/hdf4dmg | ||
| cd "${{ runner.workspace }}/build" | ||
| tar -zcvf ${{ steps.set-file-base.outputs.FILE_BASE }}-osx.tar.gz hdf4dmg | ||
| mkdir "${{ runner.workspace }}/builddmg" | ||
| mkdir "${{ runner.workspace }}/builddmg/hdf4" | ||
| cp ${{ runner.workspace }}/hdf4/${{ steps.set-file-base.outputs.SOURCE_BASE }}/COPYING ${{ runner.workspace }}/builddmg/hdf4 | ||
| cp ${{ runner.workspace }}/hdf4/build/${{ inputs.preset_name }}-Clang/README.txt ${{ runner.workspace }}/builddmg/hdf4 | ||
| cp ${{ runner.workspace }}/hdf4/build/${{ inputs.preset_name }}-Clang/*.dmg ${{ runner.workspace }}/builddmg/hdf4 | ||
| cd "${{ runner.workspace }}/builddmg" | ||
| tar -zcvf ${{ steps.set-file-base.outputs.FILE_BASE }}-osx.dmg.tar.gz hdf4 | ||
| shell: bash | ||
|
|
||
| - name: List files in the space (MacOS_latest) | ||
|
|
@@ -387,7 +399,7 @@ jobs: | |
| uses: actions/upload-artifact@v4 | ||
| with: | ||
| name: tgz-osx-dmg-binary | ||
| path: ${{ runner.workspace }}/build/${{ steps.set-file-base.outputs.FILE_BASE }}-osx.dmg.tar.gz | ||
| path: ${{ runner.workspace }}/builddmg/${{ steps.set-file-base.outputs.FILE_BASE }}-osx.dmg.tar.gz | ||
| if-no-files-found: error # 'warn' or 'ignore' are also available, defaults to `warn` | ||
|
|
||
| ####### intel builds | ||
|
|
@@ -400,6 +412,20 @@ jobs: | |
| - name: Install Dependencies (Windows_intel) | ||
| run: choco install ninja | ||
|
|
||
| - name: Check Secrets exists | ||
| id: set-signing-state | ||
| env: | ||
| super_secret: ${{ secrets.AZURE_ENDPOINT }} | ||
| run: | | ||
| if [[ '${{ env.super_secret }}' == '' ]] | ||
| then | ||
| SIGN_VAL=$(echo "false") | ||
| else | ||
| SIGN_VAL=$(echo "true") | ||
| fi | ||
| echo "BINSIGN=$SIGN_VAL" >> $GITHUB_OUTPUT | ||
| shell: bash | ||
|
|
||
| - name: add oneAPI to env | ||
| uses: fortran-lang/setup-fortran@v1 | ||
| id: setup-fortran | ||
|
|
@@ -453,15 +479,27 @@ jobs: | |
| cmake --workflow --preset=${{ inputs.preset_name }}-win-Intel --fresh | ||
| shell: pwsh | ||
|
|
||
| - name: Create build folders (Windows_intel) | ||
| run: | | ||
| mkdir "${{ runner.workspace }}/build" | ||
| mkdir "${{ runner.workspace }}/build/hdf4" | ||
| shell: bash | ||
| - name: Sign files with Trusted Signing (Windows_intel) | ||
| uses: azure/[email protected] | ||
| with: | ||
| azure-tenant-id: ${{ secrets.AZURE_TENANT_ID }} | ||
| azure-client-id: ${{ secrets.AZURE_CLIENT_ID }} | ||
| azure-client-secret: ${{ secrets.AZURE_CLIENT_SECRET }} | ||
| endpoint: ${{ secrets.AZURE_ENDPOINT }} | ||
| trusted-signing-account-name: ${{ secrets.AZURE_CODE_SIGNING_NAME }} | ||
| certificate-profile-name: ${{ secrets.AZURE_CERT_PROFILE_NAME }} | ||
| files-folder: ${{ runner.workspace }}/hdf4/build/${{ inputs.preset_name }}-MSVC | ||
| files-folder-filter: msi | ||
| file-digest: SHA256 | ||
| timestamp-rfc3161: http://timestamp.acs.microsoft.com | ||
| timestamp-digest: SHA256 | ||
| if: ${{ steps.set-signing-state.BINSIGN == 'true' }} | ||
|
|
||
| - name: Publish binary (Windows_intel) | ||
| id: publish-ctest-binary | ||
| run: | | ||
| mkdir "${{ runner.workspace }}/build" | ||
| mkdir "${{ runner.workspace }}/build/hdf4" | ||
| Copy-Item -Path ${{ runner.workspace }}/hdf4/${{ steps.set-file-base.outputs.SOURCE_BASE }}/COPYING -Destination ${{ runner.workspace }}/build/hdf4/ | ||
| Copy-Item -Path ${{ runner.workspace }}/hdf4/build/${{ inputs.preset_name }}-Intel/README.txt -Destination ${{ runner.workspace }}/build/hdf4/ | ||
| Copy-Item -Path ${{ runner.workspace }}/hdf4/build/${{ inputs.preset_name }}-Intel/* -Destination ${{ runner.workspace }}/build/hdf4/ -Include *.zip | ||
|
|
@@ -472,10 +510,12 @@ jobs: | |
| - name: Publish msi binary (Windows_intel) | ||
| id: publish-ctest-msi-binary | ||
| run: | | ||
| Copy-Item -Path ${{ runner.workspace }}/hdf4/${{ steps.set-file-base.outputs.SOURCE_BASE }}/COPYING -Destination ${{ runner.workspace }}/build/hdf4/ | ||
| Copy-Item -Path ${{ runner.workspace }}/hdf4/build/${{ inputs.preset_name }}-Intel/README.txt -Destination ${{ runner.workspace }}/build/hdf4/ | ||
| Copy-Item -Path ${{ runner.workspace }}/hdf4/build/${{ inputs.preset_name }}-Intel/* -Destination ${{ runner.workspace }}/build/hdf4/ -Include *.msi | ||
| cd "${{ runner.workspace }}/build" | ||
| mkdir "${{ runner.workspace }}/buildmsi" | ||
| mkdir "${{ runner.workspace }}/buildmsi/hdf4" | ||
| Copy-Item -Path ${{ runner.workspace }}/hdf4/${{ steps.set-file-base.outputs.SOURCE_BASE }}/COPYING -Destination ${{ runner.workspace }}/buildmsi/hdf4/ | ||
| Copy-Item -Path ${{ runner.workspace }}/hdf4/build/${{ inputs.preset_name }}-Intel/README.txt -Destination ${{ runner.workspace }}/buildmsi/hdf4/ | ||
| Copy-Item -Path ${{ runner.workspace }}/hdf4/build/${{ inputs.preset_name }}-Intel/* -Destination ${{ runner.workspace }}/buildmsi/hdf4/ -Include *.msi | ||
| cd "${{ runner.workspace }}/buildmsi" | ||
| 7z a -tzip ${{ steps.set-file-base.outputs.FILE_BASE }}-win-vs2022_intel.msi.zip hdf4 | ||
| shell: pwsh | ||
|
|
||
|
|
@@ -497,7 +537,7 @@ jobs: | |
| uses: actions/upload-artifact@v4 | ||
| with: | ||
| name: msi-vs2022_intel-binary | ||
| path: ${{ runner.workspace }}/build/${{ steps.set-file-base.outputs.FILE_BASE }}-win-vs2022_intel.msi.zip | ||
| path: ${{ runner.workspace }}/buildmsi/${{ steps.set-file-base.outputs.FILE_BASE }}-win-vs2022_intel.msi.zip | ||
| if-no-files-found: error # 'warn' or 'ignore' are also available, defaults to `warn` | ||
|
|
||
| build_and_test_linux_intel: | ||
|
|
||