name: Build & Sign on: push: branches-ignore: - 'l10n_master' - 'gh-pages' release: types: - published jobs: windows: runs-on: windows-latest environment: prod steps: - name: Set up dotnet uses: actions/setup-dotnet@v1 with: dotnet-version: "3.1.x" - name: Set up Node uses: actions/setup-node@v1 with: node-version: '10.x' - name: Set Node options run: echo "NODE_OPTIONS=--max_old_space_size=4096" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append shell: pwsh - name: Print environment run: | node --version npm --version dotnet --version - name: Install AST shell: pwsh run: | cd $HOME git clone https://github.com/vcsjones/AzureSignTool.git cd AzureSignTool $latest_head = $(git rev-parse HEAD)[0..9] -join "" $latest_version = "0.0.0-g$latest_head" Write-Host "--------" Write-Host "git commit - $(git rev-parse HEAD)" Write-Host "latest_head - $latest_head" Write-Host "PACKAGE VERSION TO BUILD - $latest_version" Write-Host "--------" dotnet restore dotnet pack --output ./nupkg dotnet tool install --global --ignore-failed-sources --add-source ./nupkg --version $latest_version azuresigntool cd $HOME - name: Checkout repo uses: actions/checkout@v2 - name: Load package version run: ./.github/scripts/load-version.ps1 shell: pwsh - name: Install Node dependencies run: npm install - name: Run linter run: npm run lint - name: Build application run: npm run build - name: Build & Sign run: | npm run build npm run pack:win env: ELECTRON_BUILDER_SIGN: 1 SIGNING_VAULT_URL: ${{ secrets.SIGNING_VAULT_URL }} SIGNING_CLIENT_ID: ${{ secrets.SIGNING_CLIENT_ID }} SIGNING_TENANT_ID: ${{ secrets.SIGNING_TENANT_ID }} SIGNING_CLIENT_SECRET: ${{ secrets.SIGNING_CLIENT_SECRET }} SIGNING_CERT_NAME: ${{ secrets.SIGNING_CERT_NAME }} - name: List Dist run: dir ./dist - name: Upload signed portable exe artifact if: github.ref == 'refs/heads/master' || github.event_name == 'release' uses: actions/upload-artifact@v2 with: name: Bitwarden-Portable-${{ env.PACKAGE_VERSION }}-signed.exe path: ./dist/Bitwarden-Portable-${{ env.PACKAGE_VERSION }}.exe - name: Upload signed installer exe artifact if: github.ref == 'refs/heads/master' || github.event_name == 'release' uses: actions/upload-artifact@v2 with: name: Bitwarden-Installer-${{ env.PACKAGE_VERSION }}-signed.exe path: ./dist/nsis-web/Bitwarden-Installer-${{ env.PACKAGE_VERSION }}.exe - name: Upload appx ia32 artifact (not signed) if: github.ref == 'refs/heads/master' || github.event_name == 'release' uses: actions/upload-artifact@v2 with: name: Bitwarden-${{ env.PACKAGE_VERSION }}-ia32.appx path: ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-ia32.appx - name: Upload appx x64 artifact (not signed) if: github.ref == 'refs/heads/master' || github.event_name == 'release' uses: actions/upload-artifact@v2 with: name: Bitwarden-${{ env.PACKAGE_VERSION }}-x64.appx path: ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-x64.appx - name: Upload release assets if: github.event_name == 'release' run: | hub release edit ` -a ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-ia32.appx ` -a ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-x64.appx ` -a ./dist/Bitwarden-Portable-${{ env.PACKAGE_VERSION }}.exe ` -a ./dist/nsis-web/Bitwarden-Installer-${{ env.PACKAGE_VERSION }}.exe ` -m "$($env:RELEASE_TAG_NAME.TrimStart('v'))" ` $env:RELEASE_TAG_NAME shell: pwsh env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} RELEASE_TAG_NAME: ${{ github.event.release.tag_name }}