mirror of
https://github.com/DeNNiiInc/dbgate.git
synced 2026-04-17 22:36:01 +00:00
azure code signing
This commit is contained in:
SPRINX0\prochazka
@@ -85,9 +85,14 @@ on:
|
|||||||
# branches:
|
# branches:
|
||||||
# - production
|
# - production
|
||||||
|
|
||||||
|
permissions:
|
||||||
|
id-token: write
|
||||||
|
contents: write
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
build:
|
build:
|
||||||
runs-on: ${{ matrix.os }}
|
runs-on: ${{ matrix.os }}
|
||||||
|
environment: dbgate-app
|
||||||
|
|
||||||
strategy:
|
strategy:
|
||||||
fail-fast: false
|
fail-fast: false
|
||||||
@@ -145,33 +150,65 @@ jobs:
|
|||||||
_if: _community
|
_if: _community
|
||||||
if: matrix.os == 'ubuntu-22.04'
|
if: matrix.os == 'ubuntu-22.04'
|
||||||
uses: samuelmeuli/action-snapcraft@v1
|
uses: samuelmeuli/action-snapcraft@v1
|
||||||
- name: Publish
|
|
||||||
|
- name: Publish Windows
|
||||||
|
if: matrix.os == 'windows-2022'
|
||||||
run: |
|
run: |
|
||||||
<<cd_merged>>
|
<<cd_merged>>
|
||||||
yarn run build:app
|
yarn run build:app
|
||||||
env:
|
env:
|
||||||
GH_TOKEN: ${{ secrets.GH_TOKEN }} # token for electron publish
|
GH_TOKEN: ${{ secrets.GH_TOKEN }} # token for electron publish
|
||||||
|
|
||||||
WIN_CSC_LINK: ${{ secrets.WINCERT_2025 }}
|
- name: Publish MacOS
|
||||||
WIN_CSC_KEY_PASSWORD: ${{ secrets.WINCERT_2025_PASSWORD }}
|
if: matrix.os == 'macos-14'
|
||||||
# WIN_CSC_LINK: ${{ secrets.WINCERT_CERTIFICATE }}
|
run: |
|
||||||
# WIN_CSC_KEY_PASSWORD: ${{ secrets.WINCERT_PASSWORD }}
|
<<cd_merged>>
|
||||||
|
yarn run build:app
|
||||||
|
env:
|
||||||
|
GH_TOKEN: ${{ secrets.GH_TOKEN }} # token for electron publish
|
||||||
CSC_LINK: ${{ secrets.APPLECERT_CERTIFICATE }}
|
CSC_LINK: ${{ secrets.APPLECERT_CERTIFICATE }}
|
||||||
CSC_KEY_PASSWORD: ${{ secrets.APPLECERT_PASSWORD }}
|
CSC_KEY_PASSWORD: ${{ secrets.APPLECERT_PASSWORD }}
|
||||||
|
|
||||||
APPLE_ID: ${{ secrets.APPLE_ID }}
|
APPLE_ID: ${{ secrets.APPLE_ID }}
|
||||||
APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
|
APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
|
||||||
APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
|
APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
|
||||||
|
|
||||||
SNAPCRAFT_STORE_CREDENTIALS: ${{secrets.SNAPCRAFT_LOGIN}}
|
|
||||||
APPLE_APP_SPECIFIC_PASSWORD: ${{secrets.APPLE_APP_SPECIFIC_PASSWORD}}
|
APPLE_APP_SPECIFIC_PASSWORD: ${{secrets.APPLE_APP_SPECIFIC_PASSWORD}}
|
||||||
|
|
||||||
|
- name: Publish Linux
|
||||||
|
if: matrix.os == 'ubuntu-22.04'
|
||||||
|
run: |
|
||||||
|
<<cd_merged>>
|
||||||
|
yarn run build:app
|
||||||
|
env:
|
||||||
|
GH_TOKEN: ${{ secrets.GH_TOKEN }} # token for electron publish
|
||||||
|
SNAPCRAFT_STORE_CREDENTIALS: ${{secrets.SNAPCRAFT_LOGIN}}
|
||||||
|
|
||||||
- name: generatePadFile
|
- name: generatePadFile
|
||||||
_if: _community_stable
|
_if: _community_stable
|
||||||
run: |
|
run: |
|
||||||
yarn generatePadFile
|
yarn generatePadFile
|
||||||
|
|
||||||
|
- name: Azure login (OIDC)
|
||||||
|
uses: azure/login@v2
|
||||||
|
if: matrix.os == 'windows-2022'
|
||||||
|
with:
|
||||||
|
client-id: ${{ secrets.AZURE_TC_CLIENT_ID }}
|
||||||
|
tenant-id: ${{ secrets.AZURE_TC_TENANT_ID }}
|
||||||
|
allow-no-subscriptions: true
|
||||||
|
|
||||||
|
- name: Sign Windows artifacts with Azure Trusted Signing
|
||||||
|
uses: azure/trusted-signing-action@v0
|
||||||
|
if: matrix.os == 'windows-2022'
|
||||||
|
with:
|
||||||
|
endpoint: https://wus3.codesigning.azure.net/
|
||||||
|
trusted-signing-account-name: DbGate
|
||||||
|
certificate-profile-name: DbGate-Release
|
||||||
|
|
||||||
|
files-folder: app/dist
|
||||||
|
files-folder-filter: exe
|
||||||
|
|
||||||
|
timestamp-rfc3161: http://timestamp.acs.microsoft.com
|
||||||
|
timestamp-digest: SHA256
|
||||||
|
|
||||||
- name: Copy artifacts
|
- name: Copy artifacts
|
||||||
run: |
|
run: |
|
||||||
mkdir artifacts
|
mkdir artifacts
|
||||||
|
|||||||
Reference in New Issue
Block a user