Build_windows skips code sign verification when secrets not available (#290)

* Test windows codesign workaround * Enable actions on repo * pass env variable in build-windows.yml
2024-09-11 18:58:59 +03:00 · 2020-06-12 18:18:20 -07:00 · 2020-06-12 18:18:20 -07:00 · cc47e7ce43
commit cc47e7ce43
parent 10e4bf71af
3 changed files with 11 additions and 6 deletions
--- a/.github/workflows/build-windows.yml
+++ b/.github/workflows/build-windows.yml
@ -43,6 +43,7 @@ jobs:
      - name: Build Windows installer with build_scripts\build_windows.ps1
        env:
          WIN_CODE_SIGN_PASS: ${{ secrets.WIN_CODE_SIGN_PASS }}
+          HAS_SECRET: steps.check_secrets.outputs.HAS_SECRET
        run: |
          $env:path="C:\Program` Files` (x86)\Microsoft` Visual` Studio\2019\Enterprise\SDK\ScopeCppSDK\vc15\VC\bin\;$env:path"
          $env:path="C:\Program` Files` (x86)\Windows` Kits\10\App` Certification` Kit;$env:path"
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -11,7 +11,7 @@ for setuptools_scm/PEP 440 reasons.
 ### Added

 ### Changed
- Minor changes have been made across the repositories to better support compiling on OpenBSD. HT @n1000
+- Minor changes have been made across the repositories to better support compiling on OpenBSD. HT @n1000.
 - A push to a branch will cancel all ci runs still running for that branch.
 - Ci's check to see if they have secret access and attempt to fail cleanly so that ci runs complete from PRs or forked repositories.

--- a/build_scripts/build_windows.ps1
+++ b/build_scripts/build_windows.ps1
@ -94,11 +94,15 @@ Write-Output "node winstaller.js"
 node winstaller.js
 Write-Output "   ---"

-Write-Output "   ---"
-Write-Output "Add timestamp and verify signature"
-Write-Output "   ---"
-signtool.exe timestamp /v /t http://timestamp.comodoca.com/ .\release-builds\windows-installer\ChiaSetup-$packageVersion.exe
-signtool.exe verify /v /pa .\release-builds\windows-installer\ChiaSetup-$packageVersion.exe
+If ($env:HAS_SECRETS) {
+   Write-Output "   ---"
+   Write-Output "Add timestamp and verify signature"
+   Write-Output "   ---"
+   signtool.exe timestamp /v /t http://timestamp.comodoca.com/ .\release-builds\windows-installer\ChiaSetup-$packageVersion.exe
+   signtool.exe verify /v /pa .\release-builds\windows-installer\ChiaSetup-$packageVersion.exe
+   }   Else    {
+   Write-Output "Skipping timestamp and verify signatures - no authorization to install certificates"
+}

 Write-Output "   ---"
 Write-Output "Windows Installer complete"