diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 5d6a4053..280d93ff 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -3,6 +3,10 @@ name: Build nRF Connect for Desktop on: workflow_dispatch: inputs: + sign: + type: boolean + default: false + required: true pull_request: branches: - main diff --git a/.github/workflows/build_win.yml b/.github/workflows/build_win.yml index 20178d3d..4991e793 100644 --- a/.github/workflows/build_win.yml +++ b/.github/workflows/build_win.yml @@ -3,6 +3,10 @@ name: Build nRF Connect for Desktop for Windows x64 on: workflow_dispatch: inputs: + sign: + type: boolean + default: false + required: true workflow_call: jobs: @@ -19,7 +23,7 @@ jobs: run: | echo "$SM_CLIENT_CERT_FILE_B64" | base64 --decode > /d/Certificate_pkcs12.p12 cat /d/Certificate_pkcs12.p12 - if: github.event_name != 'pull_request' + if: ${{ github.event_name != 'pull_request' && inputs.sign}} - name: Set variables shell: bash @@ -33,28 +37,11 @@ jobs: echo "C:\\Program Files (x86)\\Windows Kits\\10\\App Certification Kit" >> $GITHUB_PATH echo "C:\\Program Files (x86)\\Microsoft SDKs\\Windows\\v10.0A\\bin\\NETFX 4.8 Tools" >> $GITHUB_PATH echo "C:\\Program Files\\DigiCert\\DigiCert One Signing Manager Tools" >> $GITHUB_PATH - if: github.event_name != 'pull_request' + if: ${{ github.event_name != 'pull_request' && inputs.sign}} - name: Build uses: ./.github/actions/build-action - # - name: Code signing with Software Trust Manager - # uses: digicert/ssm-code-signing@v0.0.2 - # env: - # SM_HOST: ${{ env.SM_HOST }} - # SM_API_KEY: ${{ env.SM_API_KEY }} - # SM_KEYPAIR_ALIAS: ${{ env.SM_KEYPAIR_ALIAS }} - # SM_CLIENT_CERT_FILE: ${{ env.SM_CLIENT_CERT_FILE }} - # SM_CLIENT_CERT_PASSWORD: ${{ env.SM_CLIENT_CERT_PASSWORD }} - # SM_CODE_SIGNING_CERT_SHA1_HASH: - # ${{ env.SM_CODE_SIGNING_CERT_SHA1_HASH }} - # if: github.event_name != 'pull_request' - - # - name: Initiate the client tools setup - # run: - # echo “The config file path ${{ - # steps.SSMClientToolSetup.outputs.PKCS11_CONFIG }}” - - name: Setup signing tools run: | curl -X GET https://one.digicert.com/signingmanager/api-ui/v1/releases/smtools-windows-x64.msi/download -H "x-api-key:%SM_API_KEY%" -o smtools-windows-x64.msi @@ -64,24 +51,24 @@ jobs: C:\Windows\System32\certutil.exe -csp "DigiCert Signing Manager KSP" -key -user smksp_cert_sync.exe shell: cmd - if: github.event_name != 'pull_request' + if: ${{ github.event_name != 'pull_request' && inputs.sign}} - name: Certificates Sync run: | smctl windows certsync shell: cmd - if: github.event_name != 'pull_request' + if: ${{ github.event_name != 'pull_request' && inputs.sign}} - name: Run Electron Builder run: | export DEBUG=electron-builder export SM_LOG_LEVEL=TRACE npx electron-builder -p never --windows nsis:x64 - cd ~/.signingmanager/logs - ls - cat smctl.log - cat smksp.log - cat smksp_cert_sync.log + # Keep the lines for debugging + # cd ~/.signingmanager/logs + # cat smctl.log + # cat smksp.log + # cat smksp_cert_sync.log shell: bash if: github.event_name != 'pull_request' diff --git a/build/winSign.js b/build/winSign.js index 1b145f81..bf9ee27e 100644 --- a/build/winSign.js +++ b/build/winSign.js @@ -6,7 +6,7 @@ const { execSync } = require('child_process'); -exports.default = async configuration => { +exports.default = configuration => { if (!process.env.SM_API_KEY) { console.info(`Skip signing because SM_API_KEY is not configured`); return; @@ -21,17 +21,15 @@ exports.default = async configuration => { if (configuration.path) { try { - const output = await execSync( + const output = execSync( `smctl sign --keypair-alias="${keypairAlias}" --input "${String( configuration.path )}" --verbose`, { stdio: 'inherit', } - ) - .toString() - .trim(); - console.log(`Signing succeeded???: ${output}`); + ); + console.log(`Signing succeeded: ${output}`); } catch (e) { console.log(`Signing failed with error: ${e}`); }