forked from CringeStudios/element-desktop
Improve CI test signing & assert expected files (#2137)
This commit is contained in:
Michael Telatynski
GitHub
parent
b8bb4d3316
commit
8f464b9450
35
.github/SSLcom-sandbox.crt
vendored
Normal file
35
.github/SSLcom-sandbox.crt
vendored
Normal file
@ -0,0 +1,35 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIGBzCCA++gAwIBAgIIaI6ivggL++4wDQYJKoZIhvcNAQELBQAwgZAxCzAJBgNV
|
||||
BAYTAlVTMQ4wDAYDVQQIDAVUZXhhczEQMA4GA1UEBwwHSG91c3RvbjEYMBYGA1UE
|
||||
CgwPU1NMIENvcnBvcmF0aW9uMUUwQwYDVQQDDDxTU0wuY29tIEVWIFJvb3QgQ2Vy
|
||||
dGlmaWNhdGlvbiBBdXRob3JpdHkgUlNBIFIyIC0gRGV2ZWxvcG1lbnQwHhcNMTgw
|
||||
MTE2MTIxNjM2WhcNNDMwMTE1MTIxNjM2WjCBkDELMAkGA1UEBhMCVVMxDjAMBgNV
|
||||
BAgMBVRleGFzMRAwDgYDVQQHDAdIb3VzdG9uMRgwFgYDVQQKDA9TU0wgQ29ycG9y
|
||||
YXRpb24xRTBDBgNVBAMMPFNTTC5jb20gRVYgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1
|
||||
dGhvcml0eSBSU0EgUjIgLSBEZXZlbG9wbWVudDCCAiIwDQYJKoZIhvcNAQEBBQAD
|
||||
ggIPADCCAgoCggIBAK/qcD65JCkueKp0+KXG2kAw8euDHuraLR3lJoUFz4ilGK1M
|
||||
t+RjSuY6dHQw8ku7TnW9ejWoSFjCBSDx7tP/fzOwOxmBW6+F1NDuV/IaUtn3G2lk
|
||||
CZglVk9z3n1HuWDN10xNiLoo5nzeIlvNAoDbXDGhI4Y6Z0qouAIS607JpJMWHOqZ
|
||||
OUiiOuM11gI5Kz9GtVttXCjRmwlkU8WiJVIUuVedQAQt2FChrzNQewGFFi0uIau/
|
||||
wFRclx6hd4JRIImC6VMJd9lcitWsqMcM94pD3fX2ozNgWX+MVlmcDYFSN9Sv8tG4
|
||||
yCj4ONS8HZGzbxeyQXJhEJSi2FnBi0j6MD/d4DNFj0hCg9wz3fgVLDGCO0pNMO0Y
|
||||
oXdrzfoj1/zEv0Ibgh7zKG2JHkPfapn3ExFI5d6xi66u5tPVI8cvLxqrgybRPs7Z
|
||||
y1dQA7ew3LyTPAHoGtbTMvewtx1TkTtRxxhRRm0l58owqSVbSYrixFtosNobCERo
|
||||
uiknaQqoY1ZDsdKsaqFoZDbntNRYhN3Ea4OPWVqDUU5ZPz9MTIRAi3MIq854yyQo
|
||||
BjX9nv+kYa+Esr19pxUW0z7BWFhbXsMVpt0QMVyhwgzXvEreaZHFwHHaGb9d5x5P
|
||||
VBDhsigMmtzBk9NlbCsy+uGXWHgZA/DVefueEq0sv38VoU30uYa5Tj0FLm09AgMB
|
||||
AAGjYzBhMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUI9PCucv3G9fRoTDu
|
||||
ZQ4Hw6g4PkIwHQYDVR0OBBYEFCPTwrnL9xvX0aEw7mUOB8OoOD5CMA4GA1UdDwEB
|
||||
/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAk43CCrC0Zbvi7YUsSePKi+KzvyQ9
|
||||
mjKa5NBU/A5/sLeZS3R+wqCX7l5euYVDsUuNgNVD/QL9jNIonuHBrvKaxkmqxE1r
|
||||
IcDEaUdjy2lQ0uqD7UDoS3ctrjGkPpUahrTdr3gaKcQBtUhn9v4Y2OBm6J1hDVwI
|
||||
CIKcxIzRv6AUpApOtk+++m5tzDU48t8+GzrVl1hkspSYcumA+zuHllbPDL1ADdo5
|
||||
kK/bBQtZrGqzPqKzeqaB1A5Wm0Igwf++7nyzdKNdjxtv907D9vg8EB4Swavuv/Ne
|
||||
5/jbpI32pz0NIzzSl5ARAHuFhILsO/cEAlloDoTHzibHqFDIeU9/59HMUsJYMOtD
|
||||
Ii0/LmQ6dBE4TeukCCLJwtkFYZ2eBgDjF/LHBB+z/UBs4milRgwx+Pe5UDUEjtGe
|
||||
G/XMVnTSKZTy9jMaXJD5EmfP+Cfh8EEgFgjg4AmLUbEo9gXzPxyXSLgd8JGSsjg8
|
||||
EV/Ri4Mmmt4XUwlSVvEOezxxDGd17gwbottCIC+rqPHonHkGmKpLMH80Bk0uOOCs
|
||||
ui1oVwSifMyIcudgCcOfRLUf/f2j2NW7N7E7Vw/Zqfn+pqp/EG0KCqOM2vfJAc0s
|
||||
u3rSrOJZGtB6txgtmTjoadxApWf4U/FCi3uArt6gS5MJqZjuiRNXs/K3SlSAqLGl
|
||||
5UiG52ew+VdBHzE=
|
||||
-----END CERTIFICATE-----
|
||||
6
.github/workflows/build_and_test.yaml
vendored
6
.github/workflows/build_and_test.yaml
vendored
@ -121,12 +121,6 @@ jobs:
|
||||
# We need sudo on Linux as it is installed in /opt/
|
||||
RUN_AS: ${{ runner.os == 'Linux' && 'sudo' || '' }}
|
||||
|
||||
- name: Workaround macOS GHA permission issues
|
||||
if: runner.os == 'macOS'
|
||||
run: |
|
||||
sqlite3 $HOME/Library/Application\ Support/com.apple.TCC/TCC.db "INSERT OR IGNORE INTO access VALUES ('kTCCServiceMicrophone','/usr/local/opt/runner/provisioner/provisioner',1,2,4,1,NULL,NULL,0,'UNUSED',NULL,0,1687786159,NULL,NULL,'UNUSED',1687786159);"
|
||||
sqlite3 $HOME/Library/Application\ Support/com.apple.TCC/TCC.db "INSERT OR IGNORE INTO access VALUES ('kTCCServiceMicrophone','/opt/off/opt/runner/provisioner/provisioner',1,2,4,1,NULL,NULL,0,'UNUSED',NULL,0,1687786159,NULL,NULL,'UNUSED',1687786159);"
|
||||
|
||||
- name: Run tests
|
||||
uses: coactions/setup-xvfb@6b00cf1889f4e1d5a48635647013c0508128ee1a
|
||||
timeout-minutes: 5
|
||||
|
||||
7
.github/workflows/build_linux.yaml
vendored
7
.github/workflows/build_linux.yaml
vendored
@ -180,3 +180,10 @@ jobs:
|
||||
dist
|
||||
!dist/*-unpacked/**
|
||||
retention-days: 1
|
||||
|
||||
- name: Assert all required files are present
|
||||
run: |
|
||||
test -f ./dist/element-desktop*$ARCH.deb
|
||||
test -f ./dist/element-desktop*.tar.gz
|
||||
env:
|
||||
ARCH: ${{ inputs.arch }}
|
||||
|
||||
5
.github/workflows/build_macos.yaml
vendored
5
.github/workflows/build_macos.yaml
vendored
@ -139,3 +139,8 @@ jobs:
|
||||
dist
|
||||
!dist/mac-universal/**
|
||||
retention-days: 1
|
||||
|
||||
- name: Assert all required files are present
|
||||
run: |
|
||||
test -f ./dist/Element*.dmg
|
||||
test -f ./dist/Element*-mac.zip
|
||||
|
||||
23
.github/workflows/build_windows.yaml
vendored
23
.github/workflows/build_windows.yaml
vendored
@ -172,10 +172,19 @@ jobs:
|
||||
# Only set for Nightly builds
|
||||
ED_NIGHTLY: ${{ inputs.version }}
|
||||
|
||||
- name: Check app was signed successfully
|
||||
if: inputs.sign
|
||||
- name: Trust eSigner sandbox cert
|
||||
if: inputs.sign == ''
|
||||
run: |
|
||||
. "$env:SIGNTOOL_PATH" verify /pa (get-item ./dist/squirrel-windows*/*.exe)
|
||||
Set-StrictMode -Version 'Latest'
|
||||
Import-Certificate -CertStoreLocation Cert:\LocalMachine\Root -FilePath .github/SSLcom-sandbox.crt
|
||||
|
||||
- name: Check app was signed successfully
|
||||
run: |
|
||||
Set-StrictMode -Version 'Latest'
|
||||
Get-ChildItem `
|
||||
-Recurse dist `
|
||||
-Include *.exe, *.msi `
|
||||
| ForEach-Object -Process {. $env:SIGNTOOL_PATH verify /pa $_.FullName; if(!$?) { throw }}
|
||||
|
||||
- name: Upload Artifacts
|
||||
uses: actions/upload-artifact@v4
|
||||
@ -184,3 +193,11 @@ jobs:
|
||||
path: |
|
||||
dist
|
||||
retention-days: 1
|
||||
|
||||
- name: Assert all required files are present
|
||||
run: |
|
||||
Test-Path './dist/win-*unpacked/Element*.exe'
|
||||
Test-Path './dist/squirrel-windows*/Element Setup*.exe'
|
||||
Test-Path './dist/squirrel-windows*/element-desktop-*-full.nupkg'
|
||||
Test-Path './dist/squirrel-windows*/RELEASES'
|
||||
Test-Path './dist/Element*.msi'
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user