diff --git a/.github/SSLcom-sandbox.crt b/.github/SSLcom-sandbox.crt new file mode 100644 index 00000000..84a7d867 --- /dev/null +++ b/.github/SSLcom-sandbox.crt @@ -0,0 +1,35 @@ +-----BEGIN CERTIFICATE----- +MIIGBzCCA++gAwIBAgIIaI6ivggL++4wDQYJKoZIhvcNAQELBQAwgZAxCzAJBgNV +BAYTAlVTMQ4wDAYDVQQIDAVUZXhhczEQMA4GA1UEBwwHSG91c3RvbjEYMBYGA1UE +CgwPU1NMIENvcnBvcmF0aW9uMUUwQwYDVQQDDDxTU0wuY29tIEVWIFJvb3QgQ2Vy +dGlmaWNhdGlvbiBBdXRob3JpdHkgUlNBIFIyIC0gRGV2ZWxvcG1lbnQwHhcNMTgw +MTE2MTIxNjM2WhcNNDMwMTE1MTIxNjM2WjCBkDELMAkGA1UEBhMCVVMxDjAMBgNV +BAgMBVRleGFzMRAwDgYDVQQHDAdIb3VzdG9uMRgwFgYDVQQKDA9TU0wgQ29ycG9y +YXRpb24xRTBDBgNVBAMMPFNTTC5jb20gRVYgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1 +dGhvcml0eSBSU0EgUjIgLSBEZXZlbG9wbWVudDCCAiIwDQYJKoZIhvcNAQEBBQAD +ggIPADCCAgoCggIBAK/qcD65JCkueKp0+KXG2kAw8euDHuraLR3lJoUFz4ilGK1M +t+RjSuY6dHQw8ku7TnW9ejWoSFjCBSDx7tP/fzOwOxmBW6+F1NDuV/IaUtn3G2lk +CZglVk9z3n1HuWDN10xNiLoo5nzeIlvNAoDbXDGhI4Y6Z0qouAIS607JpJMWHOqZ +OUiiOuM11gI5Kz9GtVttXCjRmwlkU8WiJVIUuVedQAQt2FChrzNQewGFFi0uIau/ +wFRclx6hd4JRIImC6VMJd9lcitWsqMcM94pD3fX2ozNgWX+MVlmcDYFSN9Sv8tG4 +yCj4ONS8HZGzbxeyQXJhEJSi2FnBi0j6MD/d4DNFj0hCg9wz3fgVLDGCO0pNMO0Y +oXdrzfoj1/zEv0Ibgh7zKG2JHkPfapn3ExFI5d6xi66u5tPVI8cvLxqrgybRPs7Z +y1dQA7ew3LyTPAHoGtbTMvewtx1TkTtRxxhRRm0l58owqSVbSYrixFtosNobCERo +uiknaQqoY1ZDsdKsaqFoZDbntNRYhN3Ea4OPWVqDUU5ZPz9MTIRAi3MIq854yyQo +BjX9nv+kYa+Esr19pxUW0z7BWFhbXsMVpt0QMVyhwgzXvEreaZHFwHHaGb9d5x5P +VBDhsigMmtzBk9NlbCsy+uGXWHgZA/DVefueEq0sv38VoU30uYa5Tj0FLm09AgMB +AAGjYzBhMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUI9PCucv3G9fRoTDu +ZQ4Hw6g4PkIwHQYDVR0OBBYEFCPTwrnL9xvX0aEw7mUOB8OoOD5CMA4GA1UdDwEB +/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAk43CCrC0Zbvi7YUsSePKi+KzvyQ9 +mjKa5NBU/A5/sLeZS3R+wqCX7l5euYVDsUuNgNVD/QL9jNIonuHBrvKaxkmqxE1r +IcDEaUdjy2lQ0uqD7UDoS3ctrjGkPpUahrTdr3gaKcQBtUhn9v4Y2OBm6J1hDVwI +CIKcxIzRv6AUpApOtk+++m5tzDU48t8+GzrVl1hkspSYcumA+zuHllbPDL1ADdo5 +kK/bBQtZrGqzPqKzeqaB1A5Wm0Igwf++7nyzdKNdjxtv907D9vg8EB4Swavuv/Ne +5/jbpI32pz0NIzzSl5ARAHuFhILsO/cEAlloDoTHzibHqFDIeU9/59HMUsJYMOtD +Ii0/LmQ6dBE4TeukCCLJwtkFYZ2eBgDjF/LHBB+z/UBs4milRgwx+Pe5UDUEjtGe +G/XMVnTSKZTy9jMaXJD5EmfP+Cfh8EEgFgjg4AmLUbEo9gXzPxyXSLgd8JGSsjg8 +EV/Ri4Mmmt4XUwlSVvEOezxxDGd17gwbottCIC+rqPHonHkGmKpLMH80Bk0uOOCs +ui1oVwSifMyIcudgCcOfRLUf/f2j2NW7N7E7Vw/Zqfn+pqp/EG0KCqOM2vfJAc0s +u3rSrOJZGtB6txgtmTjoadxApWf4U/FCi3uArt6gS5MJqZjuiRNXs/K3SlSAqLGl +5UiG52ew+VdBHzE= +-----END CERTIFICATE----- diff --git a/.github/workflows/build_and_test.yaml b/.github/workflows/build_and_test.yaml index c0874163..469bd918 100644 --- a/.github/workflows/build_and_test.yaml +++ b/.github/workflows/build_and_test.yaml @@ -82,14 +82,25 @@ jobs: artifact: linux-arm64-sqlcipher-static executable: "/opt/Element/element-desktop" prepare_cmd: "sudo apt-get -qq update && sudo apt install -y ./dist/*.deb" - - name: Windows (x86) + - name: Windows (x86) Squirrel os: windows-2022 artifact: win-ia32 executable: "./dist/win-ia32-unpacked/Element.exe" - - name: Windows (x64) + - name: Windows (x86) MSI + os: windows-2022 + artifact: win-ia32 + executable: "C:/Program Files (x86)/Element/Element*.exe" + prepare_cmd: "msiexec ./dist/Element*.msi" + - name: Windows (x64) Squirrel os: windows-2022 artifact: win-x64 - executable: "./dist/win-unpacked/Element.exe" + executable: "%LOCALAPPDATA%/element-desktop*/Element.exe" + prepare_cmd: "./dist/squirrel-windows*/Element Setup*.exe" + - name: Windows (x64) MSI + os: windows-2022 + artifact: win-x64 + executable: "C:/Program Files/Element/Element*.exe" + prepare_cmd: "msiexec ./dist/Element*.msi" name: Test ${{ matrix.name }} runs-on: ${{ matrix.os }} steps: diff --git a/.github/workflows/build_linux.yaml b/.github/workflows/build_linux.yaml index 51e99d88..62f1f137 100644 --- a/.github/workflows/build_linux.yaml +++ b/.github/workflows/build_linux.yaml @@ -182,3 +182,10 @@ jobs: dist !dist/*-unpacked/** retention-days: 1 + + - name: Assert all required files are present + run: | + test -f ./dist/element-desktop*$ARCH.deb + test -f ./dist/element-desktop*.tar.gz + env: + ARCH: ${{ inputs.arch }} diff --git a/.github/workflows/build_macos.yaml b/.github/workflows/build_macos.yaml index b1b423eb..5035aae0 100644 --- a/.github/workflows/build_macos.yaml +++ b/.github/workflows/build_macos.yaml @@ -143,3 +143,8 @@ jobs: dist !dist/mac-universal/** retention-days: 1 + + - name: Assert all required files are present + run: | + test -f ./dist/Element*.dmg + test -f ./dist/Element*-mac.zip diff --git a/.github/workflows/build_windows.yaml b/.github/workflows/build_windows.yaml index 1802beff..54149fcc 100644 --- a/.github/workflows/build_windows.yaml +++ b/.github/workflows/build_windows.yaml @@ -174,10 +174,20 @@ jobs: run: | yarn electron-builder --publish never -w ${{ steps.config.outputs.build-args }} + - name: Trust eSigner sandbox cert + if: inputs.sign == '' + run: | + Set-StrictMode -Version 'Latest' + Import-Certificate -CertStoreLocation Cert:\LocalMachine\Root -FilePath .github/SSLcom-sandbox.crt + - name: Check app was signed successfully if: inputs.sign run: | - . "$env:SIGNTOOL_PATH" verify /pa (get-item ./dist/squirrel-windows*/*.exe) + Set-StrictMode -Version 'Latest' + Get-ChildItem ` + -Recurse dist ` + -Include *.exe, *.msi ` + | ForEach-Object -Process {. 'C:\Program Files (x86)\Windows Kits\10\bin\10.0.22000.0\x64\signtool.exe' verify /pa $_.FullName; if(!$?) { throw }} - name: Upload Artifacts uses: actions/upload-artifact@v4 @@ -186,3 +196,11 @@ jobs: path: | dist retention-days: 1 + + - name: Assert all required files are present + run: | + Test-Path './dist/win-*unpacked/Element*.exe' + Test-Path './dist/squirrel-windows*/Element Setup*.exe' + Test-Path './dist/squirrel-windows*/element-desktop-*-full.nupkg' + Test-Path './dist/squirrel-windows*/RELEASES' + Test-Path './dist/Element*.msi'