Build and upload Windows app artifact #94
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build and upload Windows app artifact | |
on: | |
workflow_dispatch: | |
inputs: | |
buildBranch: | |
description: 'Headlamp ref/branch/tag' | |
required: true | |
default: 'main' | |
signBinaries: | |
description: Sign the binaries | |
default: false | |
type: boolean | |
exe: | |
description: Build Exe Installer | |
default: true | |
type: boolean | |
msi: | |
description: Build Msi Installer | |
default: false | |
type: boolean | |
jobs: | |
build-windows: | |
runs-on: windows-2022 | |
steps: | |
- name: Validate choices | |
if: ${{ !inputs.exe && !inputs.msi }} | |
shell: pwsh | |
run: | | |
echo Please choose either an exe or msi installer | |
exit 1 | |
- uses: actions/checkout@v2.3.3 | |
with: | |
path: build-helper | |
- uses: actions/checkout@v2.3.3 | |
with: | |
repository: headlamp-k8s/headlamp | |
ref: ${{ github.event.inputs.buildBranch }} | |
path: headlamp | |
- name: Setup nodejs | |
uses: actions/setup-node@v1 | |
with: | |
node-version: 18.x | |
- uses: actions/setup-go@v2 | |
with: | |
go-version: '1.20.*' | |
- name: Dependencies | |
uses: crazy-max/ghaction-chocolatey@v1 | |
with: | |
args: install make | |
- name: "Install Wix" | |
if: ${{ inputs.msi }} | |
shell: pwsh | |
run: | | |
mkdir C:\wix | |
cd C:\wix | |
Invoke-WebRequest -Uri https://github.com/wixtoolset/wix3/releases/download/wix3112rtm/wix311-binaries.zip -OutFile wix.zip | |
Expand-Archive -Path wix.zip | |
rm .\wix.zip | |
- name: Fetch certificates | |
if: ${{ inputs.signBinaries }} | |
shell: pwsh | |
run: | | |
az login --service-principal -u ${{ secrets.WINDOWS_CLIENT_ID }} -p ${{ secrets.AZ_LOGIN_PASS }} --tenant 72f988bf-86f1-41af-91ab-2d7cd011db47 | |
az keyvault secret download --subscription ${{ secrets.AZ_SUBSCRIPTION_ID }} --vault-name headlamp --name HeadlampAuthCert --file c:\HeadlampAuthCert.pfx --encoding base64 | |
az keyvault secret download --subscription ${{ secrets.AZ_SUBSCRIPTION_ID }} --vault-name headlamp --name ESRPHeadlampReqCert --file c:\HeadlampReqCert.pfx --encoding base64 | |
- name: Set up certificates | |
if: ${{ inputs.signBinaries }} | |
shell: pwsh | |
run: | | |
Import-PfxCertificate -FilePath c:\HeadlampAuthCert.pfx -CertStoreLocation Cert:\LocalMachine\My -Exportable | |
Import-PfxCertificate -FilePath c:\HeadlampReqCert.pfx -CertStoreLocation Cert:\LocalMachine\My -Exportable | |
- name: Download and Set up ESRPClient | |
if: ${{ inputs.signBinaries }} | |
shell: pwsh | |
run: | | |
nuget.exe sources add -name esrp -source ${{ secrets.ESRP_NUGET_INDEX_URL }} -username headlamp -password ${{ secrets.AZ_DEVOPS_TOKEN }} | |
nuget.exe install Microsoft.EsrpClient -Version 1.2.80 -source ${{ secrets.ESRP_NUGET_INDEX_URL }} | out-null | |
- name: App Windows Exe | |
if: ${{ inputs.exe }} | |
shell: pwsh | |
working-directory: headlamp | |
run: | | |
if ("${{ inputs.signBinaries }}" -eq "true") { | |
$env:ESRP_PATH="$(Get-Location)\..\Microsoft.EsrpClient.1.2.80\tools\EsrpClient.exe" | |
$env:HEADLAMP_WINDOWS_CLIENT_ID="${{ secrets.WINDOWS_CLIENT_ID }}" | |
$env:HEADLAMP_WINDOWS_SIGN_EMAIL="${{ secrets.WINDOWS_SIGN_EMAIL }}" | |
} else { | |
echo "Not signing binaries" | |
} | |
make app-win | |
- name: App Windows MSI | |
if: ${{ inputs.msi }} | |
shell: pwsh | |
working-directory: headlamp | |
run: | | |
if ("${{ inputs.signBinaries }}" -eq "true") { | |
$env:ESRP_PATH="$(Get-Location)\..\Microsoft.EsrpClient.1.2.80\tools\EsrpClient.exe" | |
$env:HEADLAMP_WINDOWS_CLIENT_ID="${{ secrets.WINDOWS_CLIENT_ID }}" | |
$env:HEADLAMP_WINDOWS_SIGN_EMAIL="${{ secrets.WINDOWS_SIGN_EMAIL }}" | |
} else { | |
echo "Not signing binaries" | |
} | |
$env:PATH = $env:PATH + ";C:\wix\wix;" | |
make app-win-msi | |
- name: Upload artifact | |
uses: actions/upload-artifact@v2 | |
with: | |
name: Win exes | |
path: ./headlamp/app/dist/Headlamp*.* | |
if-no-files-found: error | |
retention-days: 2 |