Skip to content

Commit

Permalink
chore: testing installation of digicert tools
Browse files Browse the repository at this point in the history
  • Loading branch information
@cprice404
cprice404 committed Mar 26, 2024
1 parent 7181a32 commit b71bdbf
Showing 1 changed file with 60 additions and 64 deletions.
124 changes: 60 additions & 64 deletions .github/workflows/execute-release.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -255,36 +255,36 @@ jobs:
steps:
- uses: actions/checkout@v3

# - name: Install protoc
# run: choco install protoc
#
# - name: Setup Python
# uses: actions/setup-python@v2
# with:
# python-version: "3.x"
#
# - uses: actions-rs/toolchain@v1
# with:
# toolchain: stable
# components: rustfmt
# override: true
- name: Install protoc
run: choco install protoc

- name: Setup Python
uses: actions/setup-python@v2
with:
python-version: "3.x"

- uses: actions-rs/toolchain@v1
with:
toolchain: stable
components: rustfmt
override: true

- name: Show Cargo Version
run: |
cat Cargo.toml
shell: bash

# - name: Build
# id: build
# env:
# VERSION: ${{ needs.release.outputs.version }}
# run: |
# rustup target add x86_64-pc-windows-gnu
# cargo build --release --target x86_64-pc-windows-gnu
#
# echo "::set-output name=momento_binary_path::.\target\x86_64-pc-windows-gnu\release\momento.exe"
# $distributableFile64Prefix = "momento-cli-$env:VERSION.windows_x64"
# echo "::set-output name=distributable_file_prefix::$distributableFile64Prefix"
- name: Build
id: build
env:
VERSION: ${{ needs.release.outputs.version }}
run: |
rustup target add x86_64-pc-windows-gnu
cargo build --release --target x86_64-pc-windows-gnu
echo "::set-output name=momento_binary_path::.\target\x86_64-pc-windows-gnu\release\momento.exe"
$distributableFile64Prefix = "momento-cli-$env:VERSION.windows_x64"
echo "::set-output name=distributable_file_prefix::$distributableFile64Prefix"
- name: Write client auth certificate file
id: write_client_auth_cert
Expand All @@ -296,22 +296,22 @@ jobs:
Set-Content $p12Path -Value $encodedBytes -AsByteStream;
echo "p12_path=$p12Path" >> $ENV:GITHUB_OUTPUT
# - name: Download digicert smtools
# env:
# SM_API_KEY: ${{ secrets.CODE_SIGNING_API_KEY }}
# run: |
# curl -X GET https://one.digicert.com/signingmanager/api-ui/v1/releases/smtools-windows-x64.msi/download -H "x-api-key:%SM_API_KEY%" -o smtools-windows-x64.msi
# shell: cmd
#
# - name: Install digicert smtools
# run: |
# $procMain = Start-Process "msiexec" "/i smtools-windows-x64.msi /qn /l*! msi_install.log" -NoNewWindow -PassThru
# echo $null >> msi_install.log
# $procLog = Start-Process "powershell" "Get-Content -Path msi_install.log -Wait" -NoNewWindow -PassThru
# $procMain.WaitForExit()
# $procLog.Kill()
# shell: powershell
#
- name: Download digicert smtools
env:
SM_API_KEY: ${{ secrets.CODE_SIGNING_API_KEY }}
run: |
curl -X GET https://one.digicert.com/signingmanager/api-ui/v1/releases/smtools-windows-x64.msi/download -H "x-api-key:%SM_API_KEY%" -o smtools-windows-x64.msi
shell: cmd

- name: Install digicert smtools
run: |
$procMain = Start-Process "msiexec" "/i smtools-windows-x64.msi /qn /l*! msi_install.log" -NoNewWindow -PassThru
echo $null >> msi_install.log
$procLog = Start-Process "powershell" "Get-Content -Path msi_install.log -Wait" -NoNewWindow -PassThru
$procMain.WaitForExit()
$procLog.Kill()
shell: powershell

- name: Add digicert tools to path
run: |
echo "C:\Program Files (x86)\Windows Kits\10\App Certification Kit" >> $GITHUB_PATH
Expand All @@ -323,26 +323,26 @@ jobs:
run: |
echo %path%
shell: cmd
#
# - name: List digicert dir
# run: |
# dir "C:\Program Files\DigiCert\DigiCert One Signing Manager Tools"
# shell: cmd
#
# - name: Verify KSP Registration
# env:
# SM_HOST: ${{ secrets.CODE_SIGNING_HOST }}
# SM_API_KEY: ${{ secrets.CODE_SIGNING_API_KEY }}
# SM_CLIENT_CERT_FILE: "${{ steps.write_client_auth_cert.outputs.p12_path }}"
# SM_CLIENT_CERT_PASSWORD: ${{ secrets.CODE_SIGNING_CERT_PASSWORD }}
# run: |
# dir
# smksp_registrar.exe list
# smctl.exe keypair ls
# C:\Windows\System32\certutil.exe -csp "DigiCert Signing Manager KSP" -key -user
# smksp_cert_sync.exe
# smctl healthcheck
# shell: cmd

- name: List digicert dir
run: |
dir "C:\Program Files\DigiCert\DigiCert One Signing Manager Tools"
shell: cmd

- name: Verify KSP Registration
env:
SM_HOST: ${{ secrets.CODE_SIGNING_HOST }}
SM_API_KEY: ${{ secrets.CODE_SIGNING_API_KEY }}
SM_CLIENT_CERT_FILE: "${{ steps.write_client_auth_cert.outputs.p12_path }}"
SM_CLIENT_CERT_PASSWORD: ${{ secrets.CODE_SIGNING_CERT_PASSWORD }}
run: |
dir
smksp_registrar.exe list
smctl.exe keypair ls
C:\Windows\System32\certutil.exe -csp "DigiCert Signing Manager KSP" -key -user
smksp_cert_sync.exe
smctl healthcheck
shell: cmd

- name: Sign Momento binary
env:
Expand All @@ -352,8 +352,6 @@ jobs:
SM_CLIENT_CERT_FILE: "${{ steps.write_client_auth_cert.outputs.p12_path }}"
SM_CLIENT_CERT_PASSWORD: ${{ secrets.CODE_SIGNING_CERT_PASSWORD }}
run: |
echo "HERE IS THE SIGNTOOL PATH:"
echo $env:SIGNTOOL_PATH
signtool.exe sign /sha1 ${{ secrets.CODE_SIGNING_CERT_SHA1_HASH }} /tr http://timestamp.digicert.com /td SHA256 /fd SHA256 $env:MOMENTO_BINARY_PATH
signtool.exe verify /v /pa $env:MOMENTO_BINARY_PATH
Expand Down Expand Up @@ -397,8 +395,6 @@ jobs:
SM_CLIENT_CERT_FILE: "${{ steps.write_client_auth_cert.outputs.p12_path }}"
SM_CLIENT_CERT_PASSWORD: ${{ secrets.CODE_SIGNING_CERT_PASSWORD }}
run: |
echo "HERE IS THE SIGNTOOL PATH:"
echo $env:SIGNTOOL_PATH
signtool.exe sign /sha1 ${{ secrets.CODE_SIGNING_CERT_SHA1_HASH }} /tr http://timestamp.digicert.com /td SHA256 /fd SHA256 $env:MSI_PATH
signtool.exe verify /v /pa $env:MSI_PATH
Expand Down

0 comments on commit b71bdbf

Please sign in to comment.