Skip to content

Commit

Permalink
Add msi signing and mac latest binaries
Browse files Browse the repository at this point in the history
  • Loading branch information
@byrnHDF
byrnHDF committed Aug 12, 2024
1 parent 0c54d39 commit fa4dacb
Show file tree
Hide file tree
Showing 5 changed files with 96 additions and 32 deletions.
34 changes: 26 additions & 8 deletions .github/workflows/ant-app.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,18 @@ on:
required: true
KEYCHAIN_PASSWD:
required: true
AZURE_TENANT_ID:
required: true
AZURE_CLIENT_ID:
required: true
AZURE_CLIENT_SECRET:
required: true
AZURE_ENDPOINT:
required: true
AZURE_CODE_SIGNING_NAME:
required: true
AZURE_CERT_PROFILE_NAME:
required: true

permissions:
contents: read
Expand Down Expand Up @@ -196,6 +208,12 @@ jobs:
env:
HDFLIBS: ${{ steps.set-hdflib-name.outputs.HDFLIB_ENV }}
HDF5LIBS: ${{ steps.set-hdf5lib-name.outputs.HDF5LIB_ENV }}
AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }}
AZURE_ENDPOINT: ${{ secrets.AZURE_ENDPOINT }}
AZURE_CODE_SIGNING_NAME: ${{ secrets.AZURE_CODE_SIGNING_NAME }}
AZURE_CERT_PROFILE_NAME: ${{ secrets.AZURE_CERT_PROFILE_NAME }}
run: |
ant -noinput -buildfile build.xml binaryAppPackage
shell: bash
Expand Down Expand Up @@ -456,23 +474,23 @@ jobs:
with:
repo: 'HDFGroup/hdf4'
version: 'tags/${{ inputs.use_hdf }}'
file: '${{ inputs.use_hdf }}-osx.tar.gz'
file: '${{ inputs.use_hdf }}-macos14_clang.tar.gz'

- name: Get hdf4 release
if: ${{ (inputs.use_environ == 'snapshots') }}
uses: dsaltares/fetch-gh-release-asset@master
with:
repo: 'HDFGroup/hdf4'
version: 'tags/snapshot'
file: '${{ inputs.use_hdf }}-osx.tar.gz'
file: '${{ inputs.use_hdf }}-macos14_clang.tar.gz'

- name: List files for the space (mac)
run: |
ls -l ${{ github.workspace }}
ls ${{ runner.workspace }}
- name: Uncompress gh binary (mac)
run: tar -zxvf ${{ github.workspace }}/${{ inputs.use_hdf }}-osx*.tar.gz
run: tar -zxvf ${{ github.workspace }}/${{ inputs.use_hdf }}-macos14_clang*.tar.gz

- name: Uncompress hdf4 binary (mac)
run: |
Expand All @@ -492,23 +510,23 @@ jobs:
with:
repo: 'HDFGroup/hdf5'
version: 'tags/${{ inputs.use_hdf5 }}'
file: '${{ inputs.name_hdf5 }}-osx.tar.gz'
file: '${{ inputs.name_hdf5 }}-macos14_clang.tar.gz'

- name: Get hdf5 snapshot
if: ${{ (inputs.use_environ == 'snapshots') }}
uses: dsaltares/fetch-gh-release-asset@master
with:
repo: 'HDFGroup/hdf5'
version: 'tags/snapshot'
file: '${{ inputs.name_hdf5 }}-osx.tar.gz'
file: '${{ inputs.name_hdf5 }}-macos14_clang.tar.gz'

- name: List files for the space (mac)
run: |
ls -l ${{ github.workspace }}
ls ${{ runner.workspace }}
- name: Uncompress gh binary (mac)
run: tar -zxvf ${{ github.workspace }}/${{ inputs.name_hdf5 }}-osx*.tar.gz
run: tar -zxvf ${{ github.workspace }}/${{ inputs.name_hdf5 }}-macos14_clang*.tar.gz

- name: Uncompress hdf5 binary (mac)
run: |
Expand Down Expand Up @@ -591,7 +609,7 @@ jobs:
- name: Save published snapshot-app binary (mac)
uses: actions/upload-artifact@v4
with:
name: tgz-osx-app-binary
name: tgz-macos14_clang-app-binary
path: ${{ github.workspace }}/build/dist/${{ steps.set-file-base.outputs.FILE_BASE }}App-Darwin.tar.gz
if-no-files-found: error # 'warn' or 'ignore' are also available, defaults to `warn`
if: ${{ (inputs.use_environ == 'snapshots') }}
Expand All @@ -600,7 +618,7 @@ jobs:
- name: Save published release-app binary (mac)
uses: actions/upload-artifact@v4
with:
name: tgz-osx-app-binary
name: tgz-macos14_clang-app-binary
path: ${{ github.workspace }}/build/dist/${{ inputs.snap_name }}App-Darwin.tar.gz
if-no-files-found: error # 'warn' or 'ignore' are also available, defaults to `warn`
if: ${{ (inputs.use_environ == 'release') }}
Expand Down
57 changes: 45 additions & 12 deletions .github/workflows/ant.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,18 @@ on:
required: true
KEYCHAIN_PASSWD:
required: true
AZURE_TENANT_ID:
required: true
AZURE_CLIENT_ID:
required: true
AZURE_CLIENT_SECRET:
required: true
AZURE_ENDPOINT:
required: true
AZURE_CODE_SIGNING_NAME:
required: true
AZURE_CERT_PROFILE_NAME:
required: true

permissions:
contents: read
Expand Down Expand Up @@ -174,28 +186,49 @@ jobs:
- name: Get zip-tarball (Windows)
uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4
with:
name: zip-tarball
path: ${{ github.workspace }}
name: zip-tarball
path: ${{ github.workspace }}

- name: using powershell
shell: pwsh
run: Get-Location

- name: List files for the space (Windows)
run: |
Get-ChildItem -Path ${{ github.workspace }}
Get-ChildItem -Path ${{ runner.workspace }}
Get-ChildItem -Path ${{ github.workspace }}
Get-ChildItem -Path ${{ runner.workspace }}
shell: pwsh

- name: Uncompress source (Windows)
working-directory: ${{ github.workspace }}
run: 7z x ${{ steps.set-file-base.outputs.FILE_BASE }}.zip
shell: bash

- name: Install TrustedSigning (Windows)
run: |
Invoke-WebRequest -Uri https://dist.nuget.org/win-x86-commandline/latest/nuget.exe -OutFile .\nuget.exe
.\nuget.exe install Microsoft.Windows.SDK.BuildTools -Version 10.0.22621.3233 -x
.\nuget.exe install Microsoft.Trusted.Signing.Client -Version 1.0.53 -x
Install-Module -Name TrustedSigning -RequiredVersion 0.3.8
shell: pwsh

- name: create-json
id: create-json
uses: jsdaniell/create-json@v1.2.3
with:
name: "credentials.json"
json: '{"Endpoint": "${{ secrets.AZURE_ENDPOINT }}","CodeSigningAccountName": "${{ secrets.AZURE_CODE_SIGNING_NAME }}","CertificateProfileName": "${{ secrets.AZURE_CERT_PROFILE_NAME }}"}'

- name: Build with Ant
env:
HDFLIBS: ${{ steps.set-hdflib-name.outputs.HDFLIB_ENV }}
HDF5LIBS: ${{ steps.set-hdf5lib-name.outputs.HDF5LIB_ENV }}
AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }}
AZURE_ENDPOINT: ${{ secrets.AZURE_ENDPOINT }}
AZURE_CODE_SIGNING_NAME: ${{ secrets.AZURE_CODE_SIGNING_NAME }}
AZURE_CERT_PROFILE_NAME: ${{ secrets.AZURE_CERT_PROFILE_NAME }}
run: |
ant -noinput -buildfile build.xml binaryPackage
shell: bash
Expand Down Expand Up @@ -440,23 +473,23 @@ jobs:
with:
repo: 'HDFGroup/hdf4'
version: 'tags/${{ inputs.use_hdf }}'
file: '${{ inputs.use_hdf }}-osx.tar.gz'
file: '${{ inputs.use_hdf }}-macos14_clang.tar.gz'

- name: Get hdf4 snapshot
if: ${{ (inputs.use_environ == 'snapshots') }}
uses: dsaltares/fetch-gh-release-asset@master
with:
repo: 'HDFGroup/hdf4'
version: 'tags/snapshot'
file: '${{ inputs.use_hdf }}-osx.tar.gz'
file: '${{ inputs.use_hdf }}-macos14_clang.tar.gz'

- name: List files for the space (mac)
run: |
ls -l ${{ github.workspace }}
ls ${{ runner.workspace }}
- name: Uncompress gh binary (mac)
run: tar -zxvf ${{ github.workspace }}/${{ inputs.use_hdf }}-osx*.tar.gz
run: tar -zxvf ${{ github.workspace }}/${{ inputs.use_hdf }}-macos14_clang*.tar.gz

- name: Uncompress hdf4 binary (mac)
run: |
Expand All @@ -476,23 +509,23 @@ jobs:
with:
repo: 'HDFGroup/hdf5'
version: 'tags/${{ inputs.use_hdf5 }}'
file: '${{ inputs.name_hdf5 }}-osx.tar.gz'
file: '${{ inputs.name_hdf5 }}-macos14_clang.tar.gz'

- name: Get hdf5 snapshot
if: ${{ (inputs.use_environ == 'snapshots') }}
uses: dsaltares/fetch-gh-release-asset@master
with:
repo: 'HDFGroup/hdf5'
version: 'tags/snapshot'
file: '${{ inputs.name_hdf5 }}-osx.tar.gz'
file: '${{ inputs.name_hdf5 }}-macos14_clang.tar.gz'

- name: List files for the space (mac)
run: |
ls -l ${{ github.workspace }}
ls ${{ runner.workspace }}
- name: Uncompress gh binary (mac)
run: tar -zxvf ${{ github.workspace }}/${{ inputs.name_hdf5 }}-osx*.tar.gz
run: tar -zxvf ${{ github.workspace }}/${{ inputs.name_hdf5 }}-macos14_clang*.tar.gz

- name: Uncompress hdf5 binary (mac)
run: |
Expand Down Expand Up @@ -567,7 +600,7 @@ jobs:
- name: Save published snapshot binary (mac)
uses: actions/upload-artifact@v4
with:
name: tgz-osx-binary
name: tgz-macos14_clang-binary
path: ${{ github.workspace }}/build/dist/${{ steps.set-file-base.outputs.FILE_BASE }}-Darwin.tar.gz
if-no-files-found: error # 'warn' or 'ignore' are also available, defaults to `warn`
if: ${{ (inputs.use_environ == 'snapshots') }}
Expand All @@ -576,7 +609,7 @@ jobs:
- name: Save published release binary (mac)
uses: actions/upload-artifact@v4
with:
name: tgz-osx-binary
name: tgz-macos14_clang-binary
path: ${{ github.workspace }}/build/dist/${{ inputs.snap_name }}-Darwin.tar.gz
if-no-files-found: error # 'warn' or 'ignore' are also available, defaults to `warn`
if: ${{ (inputs.use_environ == 'release') }}
Expand Down
12 changes: 12 additions & 0 deletions .github/workflows/daily-build.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -99,6 +99,12 @@ jobs:
APPLE_CERTS_BASE64: ${{ secrets.APPLE_CERTS_BASE64 }}
APPLE_CERTS_BASE64_PASSWD: ${{ secrets.APPLE_CERTS_BASE64_PASSWD }}
KEYCHAIN_PASSWD: ${{ secrets.KEYCHAIN_PASSWD }}
AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }}
AZURE_ENDPOINT: ${{ secrets.AZURE_ENDPOINT }}
AZURE_CODE_SIGNING_NAME: ${{ secrets.AZURE_CODE_SIGNING_NAME }}
AZURE_CERT_PROFILE_NAME: ${{ secrets.AZURE_CERT_PROFILE_NAME }}

call-workflow-ant-app:
needs: [get-base-names, call-workflow-tarball]
Expand All @@ -113,6 +119,12 @@ jobs:
APPLE_CERTS_BASE64: ${{ secrets.APPLE_CERTS_BASE64 }}
APPLE_CERTS_BASE64_PASSWD: ${{ secrets.APPLE_CERTS_BASE64_PASSWD }}
KEYCHAIN_PASSWD: ${{ secrets.KEYCHAIN_PASSWD }}
AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }}
AZURE_ENDPOINT: ${{ secrets.AZURE_ENDPOINT }}
AZURE_CODE_SIGNING_NAME: ${{ secrets.AZURE_CODE_SIGNING_NAME }}
AZURE_CERT_PROFILE_NAME: ${{ secrets.AZURE_CERT_PROFILE_NAME }}

call-workflow-release:
needs: [get-base-names, call-workflow-tarball, call-workflow-ant, call-workflow-ant-app]
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/release-files.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -94,7 +94,7 @@ jobs:
- name: Get published binary (MacOS)
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
with:
name: tgz-osx-binary
name: tgz-macos14_clang-binary
path: ${{ github.workspace }}

- name: Get published binary (Linux)
Expand All @@ -113,7 +113,7 @@ jobs:
- name: Get published app binary (MacOS)
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
with:
name: tgz-osx-app-binary
name: tgz-macos14_clang-app-binary
path: ${{ github.workspace }}

- name: Get published app binary (Linux)
Expand Down
21 changes: 11 additions & 10 deletions build.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1468,15 +1468,17 @@
<arg value="/debug" />
<arg value="/fd" />
<arg value="SHA256" />
<arg value="/tr" />
<arg value="http://timestamp.acs.microsoft.com" />
<arg value="/td" />
<arg value="SHA256" />
<arg value="/d" />
<arg value="${ant.project.name} ${app.version} Utility" />
<arg value="/f" />
<arg value="${env.CERTIFICATE}" />
<arg value="/p" />
<arg value="${env.SIGNPASSWORD}" />
<arg value="/t" />
<arg value="http://timestamp.digicert.com" />
<arg value="${basedir}\${dist.dir}\${ant.project.name}-${app.version}.exe" />
<arg value="/dlib" />
<arg value="Microsoft.Trusted.Signing.Client\bin\x64\Azure.CodeSigning.Dlib.dll" />
<arg value="/dmdf" />
<arg value="${basedir}\credentials.json" />
<arg value="${basedir}\${dist.dir}\${ant.project.name}-${app.version}.msi" />
</exec>

<echo message="xxxx Package the windows binary xxxx"/>
Expand Down Expand Up @@ -1824,9 +1826,8 @@
<arg value="--win-menu" />
<arg value="--win-menu-group" />
<arg value="The HDF Group" />
<!-- create exe installer - msi needs more work -->
<!-- <arg value="- -type" />
<arg value="msi" /> -->
<arg value="--type" />
<arg value="msi" />
</exec>
</target>

Expand Down

0 comments on commit fa4dacb

Please sign in to comment.