diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index bdc91cb20b..95817329a5 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -5,9 +5,6 @@ on: branches-ignore: - 'l10n_master' - 'gh-pages' - release: - types: - - published jobs: @@ -44,12 +41,8 @@ jobs: sudo apt-get -y install pkg-config libxss-dev libsecret-1-dev rpm - name: Set up snap - if: github.event_name == 'release' run: | sudo snap install snapcraft --classic - echo "$SNAP_TOKEN" | snapcraft login --with - - env: - SNAP_TOKEN: ${{ secrets.SNAP_TOKEN }} - name: Print environment run: | @@ -75,51 +68,49 @@ jobs: run: npm run dist:lin - name: Upload .deb artifact - if: github.ref == 'refs/heads/master' || github.event_name == 'release' + if: github.ref == 'refs/heads/master' uses: actions/upload-artifact@v2 with: name: Bitwarden-${{ env.PACKAGE_VERSION }}-amd64.deb path: ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-amd64.deb - name: Upload .rpm artifact - if: github.ref == 'refs/heads/master' || github.event_name == 'release' + if: github.ref == 'refs/heads/master' uses: actions/upload-artifact@v2 with: name: Bitwarden-${{ env.PACKAGE_VERSION }}-x86_64.rpm path: ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-x86_64.rpm - name: Upload .freebsd artifact - if: github.ref == 'refs/heads/master' || github.event_name == 'release' + if: github.ref == 'refs/heads/master' uses: actions/upload-artifact@v2 with: name: Bitwarden-${{ env.PACKAGE_VERSION }}-x64.freebsd path: ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-x64.freebsd - name: Upload .snap artifact - if: github.ref == 'refs/heads/master' || github.event_name == 'release' + if: github.ref == 'refs/heads/master' uses: actions/upload-artifact@v2 with: name: bitwarden_${{ env.PACKAGE_VERSION }}_amd64.snap path: ./dist/bitwarden_${{ env.PACKAGE_VERSION }}_amd64.snap - name: Upload .AppImage artifact - if: github.ref == 'refs/heads/master' || github.event_name == 'release' + if: github.ref == 'refs/heads/master' uses: actions/upload-artifact@v2 with: name: Bitwarden-${{ env.PACKAGE_VERSION }}-x86_64.AppImage path: ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-x86_64.AppImage - - name: Deploy to Snap Store - if: github.event_name == 'release' - run: | - ./scripts/snap-update.ps1 -version $env:PACKAGE_VERSION - snapcraft logout - shell: pwsh windows: runs-on: windows-latest - steps: + - name: Set up dotnet + uses: actions/setup-dotnet@v1 + with: + dotnet-version: "3.1.x" + - name: Set up Node uses: actions/setup-node@v1 with: @@ -129,14 +120,30 @@ jobs: run: echo "NODE_OPTIONS=--max_old_space_size=4096" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append shell: pwsh + - name: Install AST + shell: pwsh + run: | + cd $HOME + + git clone https://github.com/vcsjones/AzureSignTool.git + cd AzureSignTool + $latest_head = $(git rev-parse HEAD)[0..9] -join "" + $latest_version = "0.0.0-g$latest_head" + + Write-Host "--------" + Write-Host "git commit - $(git rev-parse HEAD)" + Write-Host "latest_head - $latest_head" + Write-Host "PACKAGE VERSION TO BUILD - $latest_version" + Write-Host "--------" + + dotnet restore + dotnet pack --output ./nupkg + dotnet tool install --global --ignore-failed-sources --add-source ./nupkg --version $latest_version azuresigntool + - name: Set up environment - if: github.event_name == 'release' shell: pwsh run: | choco install checksum --no-progress - choco apikey --key $env:CHOCO_API_KEY --source https://push.chocolatey.org/ - env: - CHOCO_API_KEY: ${{ secrets.CHOCO_API_KEY }} - name: Print environment run: | @@ -157,9 +164,17 @@ jobs: - name: Run linter run: npm run lint - - name: Build application - shell: pwsh - run: npm run dist:win:ci + - name: Build & Sign (dev) + run: | + npm run build + npm run pack:win + env: + ELECTRON_BUILDER_SIGN: 1 + SIGNING_VAULT_URL: ${{ secrets.SIGNING_VAULT_URL }} + SIGNING_CLIENT_ID: ${{ secrets.SIGNING_CLIENT_ID }} + SIGNING_TENANT_ID: ${{ secrets.SIGNING_TENANT_ID }} + SIGNING_CLIENT_SECRET: ${{ secrets.SIGNING_CLIENT_SECRET }} + SIGNING_CERT_NAME: ${{ secrets.SIGNING_CERT_NAME }} - name: Rename appx files for store shell: pwsh @@ -169,63 +184,54 @@ jobs: Copy-Item "./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-x64.appx" ` -Destination "./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-x64-store.appx" + - name: Deploy to Chocolatey + shell: pwsh + run: | + Copy-Item -Path ./stores/chocolatey -Destination ./dist/chocolatey -Recurse + Copy-Item -Path ./dist/nsis-web/Bitwarden-Installer-${{ env.PACKAGE_VERSION }}.exe -Destination ./dist/chocolatey + + $checksum = checksum -t sha256 ./dist/chocoloatey/Bitwarden-Installer-${{ env.PACKAGE_VERSION }}.exe + $chocoInstall = "./dist/chocolatey/tools/chocolateyinstall.ps1" + (Get-Content $chocoInstall).replace('__version__', "$env:PACKAGE_VERSION").replace('__checksum__', $checksum) | Set-Content $chocoInstall + choco pack ./dist/chocolatey/bitwarden.nuspec --version "$env:PACKAGE_VERSION" --out ./dist/chocolatey + - name: Upload portable exe artifact - if: github.ref == 'refs/heads/master' || github.event_name == 'release' + if: github.ref == 'refs/heads/master' uses: actions/upload-artifact@v2 with: name: Bitwarden-Portable-${{ env.PACKAGE_VERSION }}.exe path: ./dist/Bitwarden-Portable-${{ env.PACKAGE_VERSION }}.exe - name: Upload installer exe artifact - if: github.ref == 'refs/heads/master' || github.event_name == 'release' + if: github.ref == 'refs/heads/master' uses: actions/upload-artifact@v2 with: name: Bitwarden-Installer-${{ env.PACKAGE_VERSION }}.exe path: ./dist/nsis-web/Bitwarden-Installer-${{ env.PACKAGE_VERSION }}.exe - name: Upload store appx ia32 artifact - if: github.ref == 'refs/heads/master' || github.event_name == 'release' + if: github.ref == 'refs/heads/master' uses: actions/upload-artifact@v2 with: name: Bitwarden-${{ env.PACKAGE_VERSION }}-ia32-store.appx path: ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-ia32-store.appx - name: Upload store appx x64 artifact - if: github.ref == 'refs/heads/master' || github.event_name == 'release' + if: github.ref == 'refs/heads/master' uses: actions/upload-artifact@v2 with: name: Bitwarden-${{ env.PACKAGE_VERSION }}-x64-store.appx path: ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-x64-store.appx - - name: Deploy to Chocolatey - if: github.event_name == 'release' - run: ./scripts/choco-update.ps1 -version $env:PACKAGE_VERSION - shell: pwsh - - - name: Upload Chocolatey nupkg artifact - if: github.event_name == 'release' + - name: Upload nupkg artifact + if: github.ref == 'refs/heads/master' uses: actions/upload-artifact@v2 with: name: bitwarden.${{ env.PACKAGE_VERSION }}.nupkg path: ./dist/chocolatey/bitwarden.${{ env.PACKAGE_VERSION }}.nupkg - - name: Upload release assets - if: github.event_name == 'release' - run: | - hub release edit ` - -a ./dist/chocolatey/bitwarden.${{ env.PACKAGE_VERSION }}.nupkg ` - -a ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-ia32-store.appx ` - -a ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-x64-store.appx ` - -m "$($env:RELEASE_TAG_NAME.TrimStart('v'))" ` - $env:RELEASE_TAG_NAME - shell: pwsh - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - RELEASE_TAG_NAME: ${{ github.event.release.tag_name }} - macos: runs-on: macos-latest - steps: - name: Set up Node uses: actions/setup-node@v1 @@ -285,86 +291,67 @@ jobs: run: npm run lint - name: Create Safari directory - if: github.ref == 'refs/heads/master' || github.event_name == 'release' + if: github.ref == 'refs/heads/master' shell: pwsh run: New-Item ./dist-safari -ItemType Directory -ea 0 - name: Checkout browser extension - if: github.ref == 'refs/heads/master' || github.event_name == 'release' + if: github.ref == 'refs/heads/master' uses: actions/checkout@v2 with: repository: 'bitwarden/browser' path: 'dist-safari/browser' - name: Build Safari extension - if: github.ref == 'refs/heads/master' || github.event_name == 'release' + if: github.ref == 'refs/heads/master' shell: pwsh run: ./scripts/safari-build.ps1 -skipcheckout -skipoutcopy - name: Load Safari extension for .dmg - if: github.ref == 'refs/heads/master' || github.event_name == 'release' + if: github.ref == 'refs/heads/master' shell: pwsh run: ./scripts/safari-build.ps1 -copyonly - name: Build application (dev) - if: github.ref != 'refs/heads/master' && github.event_name != 'release' + if: github.ref != 'refs/heads/master' run: npm run build - name: Build application (dist) - if: github.ref == 'refs/heads/master' || github.event_name == 'release' + if: github.ref == 'refs/heads/master' run: npm run dist:mac env: APPLE_ID_USERNAME: ${{ secrets.APPLE_ID_USERNAME }} APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }} - name: Upload .zip artifact - if: github.ref == 'refs/heads/master' || github.event_name == 'release' + if: github.ref == 'refs/heads/master' uses: actions/upload-artifact@v2 with: name: Bitwarden-${{ env.PACKAGE_VERSION }}-mac.zip path: ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-mac.zip - name: Upload .dmg artifact - if: github.ref == 'refs/heads/master' || github.event_name == 'release' + if: github.ref == 'refs/heads/master' uses: actions/upload-artifact@v2 with: name: Bitwarden-${{ env.PACKAGE_VERSION }}.dmg path: ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}.dmg - name: Load Safari extension for App Store - if: github.ref == 'refs/heads/master' || github.event_name == 'release' + if: github.ref == 'refs/heads/master' shell: pwsh run: ./scripts/safari-build.ps1 -mas -copyonly - name: Build application for App Store - if: github.ref == 'refs/heads/master' || github.event_name == 'release' + if: github.ref == 'refs/heads/master' run: npm run dist:mac:mas env: APPLE_ID_USERNAME: ${{ secrets.APPLE_ID_USERNAME }} APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }} - name: Upload .pkg artifact - if: github.ref == 'refs/heads/master' || github.event_name == 'release' + if: github.ref == 'refs/heads/master' uses: actions/upload-artifact@v2 with: name: Bitwarden-${{ env.PACKAGE_VERSION }}.pkg path: ./dist/mas/Bitwarden-${{ env.PACKAGE_VERSION }}.pkg - - - name: Deploy to App Store - if: github.event_name == 'release' - run: npm run upload:mas - env: - APPLE_ID_USERNAME: ${{ secrets.APPLE_ID_USERNAME }} - APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }} - - - name: Upload release assets - if: github.event_name == 'release' - run: | - hub release edit ` - -a ./dist/mas/Bitwarden-${{ env.PACKAGE_VERSION }}.pkg ` - -m "$($env:RELEASE_TAG_NAME.TrimStart('v'))" ` - $env:RELEASE_TAG_NAME - shell: pwsh - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - RELEASE_TAG_NAME: ${{ github.event.release.tag_name }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000000..88cc58fe4c --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,348 @@ +name: Release + +on: + workflow_dispatch: + inputs: + release_tag_name: + description: 'Release Tag Name (vX.X.X)' + required: true + + +jobs: + cloc: + runs-on: ubuntu-latest + + steps: + - name: Checkout repo + uses: actions/checkout@v2 + + - name: Set up cloc + run: | + sudo apt-get update + sudo apt-get -y install cloc + + - name: Print lines of code + run: cloc --include-lang TypeScript,JavaScript,HTML,Sass,CSS --vcs git + + + setup: + runs-on: ubuntu-latest + outputs: + release_upload_url: ${{ steps.create_release.outputs.upload_url }} + steps: + - name: Checkout repo + uses: actions/checkout@v2 + + - name: Create Release Name + run: | + echo "RELEASE_NAME=${RELEASE_TAG_NAME:1}" >> $GITHUB_ENV + env: + RELEASE_TAG_NAME: ${{ github.event.inputs.release_tag_name }} + + - name: Create Draft Release + id: create_release + uses: actions/create-release@v1 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + tag_name: ${{ github.event.inputs.release_tag_name }} + release_name: ${{ env.RELEASE_NAME }} + draft: true + prerelease: false + + + linux: + runs-on: ubuntu-latest + needs: setup + steps: + - name: Set up Node + uses: actions/setup-node@v1 + with: + node-version: '10.x' + + - name: Set Node options + run: echo "NODE_OPTIONS=--max_old_space_size=4096" >> $GITHUB_ENV + + - name: Set up environment + run: | + sudo apt-get update + sudo apt-get -y install pkg-config libxss-dev libsecret-1-dev rpm + + - name: Set up snap + run: | + sudo snap install snapcraft --classic + echo "$SNAP_TOKEN" | snapcraft login --with - + env: + SNAP_TOKEN: ${{ secrets.SNAP_TOKEN }} + + - name: Print environment + run: | + node --version + npm --version + snap --version + snapcraft --version || echo 'snapcraft unavailable' + + - name: Checkout repo + uses: actions/checkout@v2 + + - name: Load package version + run: ./.github/scripts/load-version.ps1 + shell: pwsh + + - name: Install Node dependencies + run: npm install + + - name: Run linter + run: npm run lint + + - name: Build & Publish + run: npm run publish:lin + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: Deploy to Snap Store + run: | + ./scripts/snap-update.ps1 -version $env:PACKAGE_VERSION + snapcraft logout + shell: pwsh + + + windows: + runs-on: windows-latest + needs: setup + steps: + - name: Set up dotnet + uses: actions/setup-dotnet@v1 + with: + dotnet-version: "3.1.x" + + - name: Set up Node + uses: actions/setup-node@v1 + with: + node-version: '10.x' + + - name: Set Node options + run: echo "NODE_OPTIONS=--max_old_space_size=4096" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append + shell: pwsh + + - name: Install AST + shell: pwsh + run: | + cd $HOME + + git clone https://github.com/vcsjones/AzureSignTool.git + cd AzureSignTool + $latest_head = $(git rev-parse HEAD)[0..9] -join "" + $latest_version = "0.0.0-g$latest_head" + + Write-Host "--------" + Write-Host "git commit - $(git rev-parse HEAD)" + Write-Host "latest_head - $latest_head" + Write-Host "PACKAGE VERSION TO BUILD - $latest_version" + Write-Host "--------" + + dotnet restore + dotnet pack --output ./nupkg + dotnet tool install --global --ignore-failed-sources --add-source ./nupkg --version $latest_version azuresigntool + + - name: Set up environment + shell: pwsh + run: | + choco install checksum --no-progress + choco apikey --key $env:CHOCO_API_KEY --source https://push.chocolatey.org/ + env: + CHOCO_API_KEY: ${{ secrets.CHOCO_API_KEY }} + + - name: Print environment + run: | + node --version + npm --version + choco --version + + - name: Checkout repo + uses: actions/checkout@v2 + + - name: Load package version + run: ./.github/scripts/load-version.ps1 + shell: pwsh + + - name: Install Node dependencies + run: npm install + + - name: Run linter + run: npm run lint + + - name: Build, Sign & Release + run: npm run publish:win + env: + ELECTRON_BUILDER_SIGN: 1 + SIGNING_VAULT_URL: ${{ secrets.SIGNING_VAULT_URL }} + SIGNING_CLIENT_ID: ${{ secrets.SIGNING_CLIENT_ID }} + SIGNING_TENANT_ID: ${{ secrets.SIGNING_TENANT_ID }} + SIGNING_CLIENT_SECRET: ${{ secrets.SIGNING_CLIENT_SECRET }} + SIGNING_CERT_NAME: ${{ secrets.SIGNING_CERT_NAME }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: Rename appx files for store + shell: pwsh + run: | + Copy-Item "./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-ia32.appx" ` + -Destination "./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-ia32-store.appx" + Copy-Item "./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-x64.appx" ` + -Destination "./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-x64-store.appx" + + - name: Deploy to Chocolatey + shell: pwsh + run: | + Copy-Item -Path ./stores/chocolatey -Destination ./dist/chocolatey -Recurse + Copy-Item -Path ./dist/nsis-web/Bitwarden-Installer-${{ env.PACKAGE_VERSION }}.exe -Destination ./dist/chocolatey + + $checksum = checksum -t sha256 ./dist/chocoloatey/Bitwarden-Installer-${{ env.PACKAGE_VERSION }}.exe + $chocoInstall = "./dist/chocolatey/tools/chocolateyinstall.ps1" + (Get-Content $chocoInstall).replace('__version__', "$env:PACKAGE_VERSION").replace('__checksum__', $checksum) | Set-Content $chocoInstall + choco pack ./dist/chocolatey/bitwarden.nuspec --version "$env:PACKAGE_VERSION" --out ./dist/chocolatey + cd ./dist/chocolatey + choco push + + - name: Upload Chocolatey nupkg release asset + id: upload-macos-checksum + uses: actions/upload-release-asset@v1 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + upload_url: ${{ needs.setup.outputs.release_upload_url }} + asset_name: bitwarden.${{ env.PACKAGE_VERSION }}.nupkg + asset_path: ./dist/chocolatey/bitwarden.${{ env.PACKAGE_VERSION }}.nupkg + asset_content_type: application + + + macos: + runs-on: macos-latest + needs: setup + steps: + - name: Set up Node + uses: actions/setup-node@v1 + with: + node-version: '10.x' + + - name: Set Node options + run: echo "NODE_OPTIONS=--max_old_space_size=4096" >> $GITHUB_ENV + + - name: Print environment + run: | + node --version + npm --version + Write-Output "GitHub ref: $env:GITHUB_REF" + Write-Output "GitHub event: $env:GITHUB_EVENT" + shell: pwsh + env: + GITHUB_REF: ${{ github.ref }} + GITHUB_EVENT: ${{ github.event_name }} + + - name: Checkout repo + uses: actions/checkout@v2 + + - name: Decrypt secrets + run: ./.github/scripts/macos/decrypt-secrets.ps1 + shell: pwsh + env: + DECRYPT_FILE_PASSWORD: ${{ secrets.DECRYPT_FILE_PASSWORD }} + + - name: Set up keychain + run: ./.github/scripts/macos/setup-keychain.ps1 + shell: pwsh + env: + KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} + DESKTOP_KEY_PASSWORD: ${{ secrets.DESKTOP_KEY_PASSWORD }} + DEVID_CERT_PASSWORD: ${{ secrets.DEVID_CERT_PASSWORD }} + APPSTORE_CERT_PASSWORD: ${{ secrets.APPSTORE_CERT_PASSWORD }} + MACDEV_CERT_PASSWORD: ${{ secrets.MACDEV_CERT_PASSWORD }} + APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }} + + - name: Set up provisioning profiles + run: ./.github/scripts/macos/setup-profiles.ps1 + shell: pwsh + + - name: Increment version + run: ./.github/scripts/macos/increment-version.ps1 + shell: pwsh + + - name: Load package version + run: ./.github/scripts/load-version.ps1 + shell: pwsh + + - name: Install Node dependencies + run: npm install + + - name: Run linter + run: npm run lint + + - name: Create Safari directory + shell: pwsh + run: New-Item ./dist-safari -ItemType Directory -ea 0 + + - name: Checkout browser extension + uses: actions/checkout@v2 + with: + repository: 'bitwarden/browser' + path: 'dist-safari/browser' + + - name: Build Safari extension + shell: pwsh + run: ./scripts/safari-build.ps1 -skipcheckout -skipoutcopy + + - name: Load Safari extension for .dmg + shell: pwsh + run: ./scripts/safari-build.ps1 -copyonly + + - name: Build application (dist) + run: npm run dist:mac + env: + APPLE_ID_USERNAME: ${{ secrets.APPLE_ID_USERNAME }} + APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }} + + - name: Load Safari extension for App Store + shell: pwsh + run: ./scripts/safari-build.ps1 -mas -copyonly + + - name: Build application for App Store + run: npm run dist:mac:mas + env: + APPLE_ID_USERNAME: ${{ secrets.APPLE_ID_USERNAME }} + APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }} + + - name: Deploy to App Store + run: npm run upload:mas + env: + APPLE_ID_USERNAME: ${{ secrets.APPLE_ID_USERNAME }} + APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }} + + - name: Upload .pkg release asset + uses: actions/upload-release-asset@v1 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + upload_url: ${{ needs.setup.outputs.release_upload_url }} + asset_name: Bitwarden-${{ env.PACKAGE_VERSION }}.pkg + asset_path: ./dist/mas/Bitwarden-${{ env.PACKAGE_VERSION }}.pkg + asset_content_type: application/vnd.apple.installer+xml + + - name: Upload zip release asset + uses: actions/upload-release-asset@v1 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + upload_url: ${{ needs.setup.outputs.release_upload_url }} + asset_name: Bitwarden-${{ env.PACKAGE_VERSION }}-mac.zip + asset_path: ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-mac.zip + asset_content_type: application/zip + + - name: Upload .dmg release asset + uses: actions/upload-release-asset@v1 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + upload_url: ${{ needs.setup.outputs.release_upload_url }} + asset_name: Bitwarden-${{ env.PACKAGE_VERSION }}.dmg + asset_path: ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}.dmg + asset_content_type: application/x-apple-diskimage diff --git a/appveyor.yml b/appveyor.yml.flagged-to-remove similarity index 100% rename from appveyor.yml rename to appveyor.yml.flagged-to-remove diff --git a/package.json b/package.json index 5a0cde7cdf..4f4bac1ba8 100644 --- a/package.json +++ b/package.json @@ -121,6 +121,7 @@ "nsis-web", "appx" ], + "sign": "./sign.js", "extraResources": [ { "from": "node_modules/regedit/vbs", diff --git a/sign.js b/sign.js new file mode 100644 index 0000000000..107f048d46 --- /dev/null +++ b/sign.js @@ -0,0 +1,24 @@ +exports.default = async function(configuration) { + if ( + parseInt(process.env.ELECTRON_BUILDER_SIGN) === 1 && + configuration.path.slice(-4) == ".exe" && + !(configuration.path.includes('win-unpacked') || configuration.path.includes('win-ia32-unpacked')) + ) { + console.log(`[*] Signing file: ${configuration.path}`) + require("child_process").execSync( + `azuresigntool sign ` + + `-kvu ${process.env.SIGNING_VAULT_URL} ` + + `-kvi ${process.env.SIGNING_CLIENT_ID} ` + + `-kvt ${process.env.SIGNING_TENANT_ID} ` + + `-kvs ${process.env.SIGNING_CLIENT_SECRET} ` + + `-kvc ${process.env.SIGNING_CERT_NAME} ` + + `-fd ${configuration.hash} ` + + `-du ${configuration.site} ` + + `-tr http://timestamp.digicert.com ` + + `${configuration.path}`, + { + stdio: "inherit" + } + ); + } +};