mirror of
https://github.com/enso-org/enso.git
synced 2024-12-29 04:13:33 +03:00
Code Signing on Windows (#3654)
This PR reenables code signing on Windows. Each Windows package built on CI should be now signed. Additionally, some refactorings were done around electron-builder config, so it is easier to use outside the build script and offers more configuration options.
This commit is contained in:
parent
183d2ba35d
commit
2507a2049b
2
.github/workflows/gui.yml
vendored
2
.github/workflows/gui.yml
vendored
@ -602,6 +602,8 @@ jobs:
|
|||||||
- run: "./run ide build --wasm-source current-ci-run --backend-source current-ci-run"
|
- run: "./run ide build --wasm-source current-ci-run --backend-source current-ci-run"
|
||||||
env:
|
env:
|
||||||
GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
|
GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
|
||||||
|
WIN_CSC_KEY_PASSWORD: "${{ secrets.MICROSOFT_CODE_SIGNING_CERT_PASSWORD }}"
|
||||||
|
WIN_CSC_LINK: "${{ secrets.MICROSOFT_CODE_SIGNING_CERT }}"
|
||||||
- name: List files if failed (Windows)
|
- name: List files if failed (Windows)
|
||||||
run: Get-ChildItem -Force -Recurse
|
run: Get-ChildItem -Force -Recurse
|
||||||
if: "failure() && runner.os == 'Windows'"
|
if: "failure() && runner.os == 'Windows'"
|
||||||
|
6
Cargo.lock
generated
6
Cargo.lock
generated
@ -1751,7 +1751,7 @@ dependencies = [
|
|||||||
[[package]]
|
[[package]]
|
||||||
name = "enso-build"
|
name = "enso-build"
|
||||||
version = "0.1.0"
|
version = "0.1.0"
|
||||||
source = "git+https://github.com/enso-org/ci-build?branch=develop#1a30f55064c607eb2b86436155414db286c05ade"
|
source = "git+https://github.com/enso-org/ci-build?branch=develop#2b998bd5021c387ad50e99f087b7605ddecfbcc0"
|
||||||
dependencies = [
|
dependencies = [
|
||||||
"anyhow",
|
"anyhow",
|
||||||
"async-compression",
|
"async-compression",
|
||||||
@ -1825,7 +1825,7 @@ dependencies = [
|
|||||||
[[package]]
|
[[package]]
|
||||||
name = "enso-build-cli"
|
name = "enso-build-cli"
|
||||||
version = "0.1.0"
|
version = "0.1.0"
|
||||||
source = "git+https://github.com/enso-org/ci-build?branch=develop#1a30f55064c607eb2b86436155414db286c05ade"
|
source = "git+https://github.com/enso-org/ci-build?branch=develop#2b998bd5021c387ad50e99f087b7605ddecfbcc0"
|
||||||
dependencies = [
|
dependencies = [
|
||||||
"anyhow",
|
"anyhow",
|
||||||
"byte-unit",
|
"byte-unit",
|
||||||
@ -3736,7 +3736,7 @@ dependencies = [
|
|||||||
[[package]]
|
[[package]]
|
||||||
name = "ide-ci"
|
name = "ide-ci"
|
||||||
version = "0.1.0"
|
version = "0.1.0"
|
||||||
source = "git+https://github.com/enso-org/ci-build?branch=develop#1a30f55064c607eb2b86436155414db286c05ade"
|
source = "git+https://github.com/enso-org/ci-build?branch=develop#2b998bd5021c387ad50e99f087b7605ddecfbcc0"
|
||||||
dependencies = [
|
dependencies = [
|
||||||
"anyhow",
|
"anyhow",
|
||||||
"async-compression",
|
"async-compression",
|
||||||
|
@ -1,15 +1,64 @@
|
|||||||
|
/**
|
||||||
|
* This module defines a TS script that is responsible for invoking the Electron Builder process to
|
||||||
|
* bundle the entire IDE distribution.
|
||||||
|
*
|
||||||
|
* There are two areas to this:
|
||||||
|
* - Parsing CLI options as per our needs.
|
||||||
|
* - The default configuration of the build process.
|
||||||
|
*
|
||||||
|
* @module
|
||||||
|
*/
|
||||||
|
|
||||||
import path from 'node:path'
|
import path from 'node:path'
|
||||||
import fs from 'node:fs/promises'
|
import fs from 'node:fs/promises'
|
||||||
import { Configuration } from 'electron-builder'
|
import { CliOptions, Configuration, LinuxTargetSpecificOptions, Platform } from 'electron-builder'
|
||||||
|
import builder from 'electron-builder'
|
||||||
|
|
||||||
import { require_env } from '../../utils.js'
|
import { require_env } from '../../utils.js'
|
||||||
import { project_manager_bundle } from './paths.js'
|
import { project_manager_bundle } from './paths.js'
|
||||||
import build from '../../build.json' assert { type: 'json' }
|
import build from '../../build.json' assert { type: 'json' }
|
||||||
|
import yargs from 'yargs'
|
||||||
|
import { MacOsTargetName } from 'app-builder-lib/out/options/macOptions'
|
||||||
|
|
||||||
const dist = require_env('ENSO_BUILD_IDE')
|
const args = await yargs(process.argv.slice(2))
|
||||||
const gui = require_env('ENSO_BUILD_GUI')
|
.env('ENSO_BUILD')
|
||||||
const icons = require_env('ENSO_BUILD_ICONS')
|
.option({
|
||||||
const project_manager = require_env('ENSO_BUILD_PROJECT_MANAGER')
|
ideDist: {
|
||||||
|
// Alias here (and subsequent occurrences) are for the environment variable name.
|
||||||
|
alias: 'ide',
|
||||||
|
type: 'string',
|
||||||
|
description: 'Output directory for IDE',
|
||||||
|
demandOption: true,
|
||||||
|
},
|
||||||
|
guiDist: {
|
||||||
|
alias: 'gui',
|
||||||
|
type: 'string',
|
||||||
|
description: 'Output directory with GUI',
|
||||||
|
demandOption: true,
|
||||||
|
},
|
||||||
|
iconsDist: {
|
||||||
|
alias: 'icons',
|
||||||
|
type: 'string',
|
||||||
|
description: 'Output directory with icons',
|
||||||
|
demandOption: true,
|
||||||
|
},
|
||||||
|
projectManagerDist: {
|
||||||
|
alias: 'project-manager',
|
||||||
|
type: 'string',
|
||||||
|
description: 'Output directory with project manager',
|
||||||
|
demandOption: true,
|
||||||
|
},
|
||||||
|
platform: {
|
||||||
|
type: 'string',
|
||||||
|
description: 'Platform that Electron Builder should target',
|
||||||
|
default: Platform.current().toString(),
|
||||||
|
coerce: (p: string) => Platform.fromString(p),
|
||||||
|
},
|
||||||
|
targetOverride: {
|
||||||
|
type: 'string',
|
||||||
|
description: 'Overwrite the platform-default target',
|
||||||
|
},
|
||||||
|
}).argv
|
||||||
|
|
||||||
const config: Configuration = {
|
const config: Configuration = {
|
||||||
appId: 'org.enso',
|
appId: 'org.enso',
|
||||||
@ -21,8 +70,8 @@ const config: Configuration = {
|
|||||||
artifactName: 'enso-${os}-${version}.${ext}',
|
artifactName: 'enso-${os}-${version}.${ext}',
|
||||||
mac: {
|
mac: {
|
||||||
// We do not use compression as the build time is huge and file size saving is almost zero.
|
// We do not use compression as the build time is huge and file size saving is almost zero.
|
||||||
target: ['dmg'],
|
target: (args.targetOverride as MacOsTargetName) ?? 'dmg',
|
||||||
icon: `${icons}/icon.icns`,
|
icon: `${args.iconsDist}/icon.icns`,
|
||||||
category: 'public.app-category.developer-tools',
|
category: 'public.app-category.developer-tools',
|
||||||
darkModeSupport: true,
|
darkModeSupport: true,
|
||||||
type: 'distribution',
|
type: 'distribution',
|
||||||
@ -39,23 +88,23 @@ const config: Configuration = {
|
|||||||
},
|
},
|
||||||
win: {
|
win: {
|
||||||
// We do not use compression as the build time is huge and file size saving is almost zero.
|
// We do not use compression as the build time is huge and file size saving is almost zero.
|
||||||
target: ['nsis'],
|
target: args.targetOverride ?? 'nsis',
|
||||||
icon: `${icons}/icon.ico`,
|
icon: `${args.iconsDist}/icon.ico`,
|
||||||
},
|
},
|
||||||
linux: {
|
linux: {
|
||||||
// We do not use compression as the build time is huge and file size saving is almost zero.
|
// We do not use compression as the build time is huge and file size saving is almost zero.
|
||||||
target: ['AppImage'],
|
target: args.targetOverride ?? 'AppImage',
|
||||||
icon: `${icons}/png`,
|
icon: `${args.iconsDist}/png`,
|
||||||
category: 'Development',
|
category: 'Development',
|
||||||
},
|
},
|
||||||
files: [
|
files: [
|
||||||
'!**/node_modules/**/*',
|
'!**/node_modules/**/*',
|
||||||
{ from: `${gui}/`, to: '.' },
|
{ from: `${args.guiDist}/`, to: '.' },
|
||||||
{ from: `${dist}/client`, to: '.' },
|
{ from: `${args.ideDist}/client`, to: '.' },
|
||||||
],
|
],
|
||||||
extraResources: [
|
extraResources: [
|
||||||
{
|
{
|
||||||
from: `${project_manager}/`,
|
from: `${args.projectManagerDist}/`,
|
||||||
to: project_manager_bundle,
|
to: project_manager_bundle,
|
||||||
filter: ['!**.tar.gz', '!**.zip'],
|
filter: ['!**.tar.gz', '!**.zip'],
|
||||||
},
|
},
|
||||||
@ -68,7 +117,7 @@ const config: Configuration = {
|
|||||||
},
|
},
|
||||||
],
|
],
|
||||||
directories: {
|
directories: {
|
||||||
output: `${dist}`,
|
output: `${args.ideDist}`,
|
||||||
},
|
},
|
||||||
nsis: {
|
nsis: {
|
||||||
// Disables "block map" generation during electron building. Block maps
|
// Disables "block map" generation during electron building. Block maps
|
||||||
@ -101,6 +150,8 @@ const config: Configuration = {
|
|||||||
// TODO [mwu]: Temporarily disabled, signing should be revised.
|
// TODO [mwu]: Temporarily disabled, signing should be revised.
|
||||||
// In particular, engine should handle signing of its artifacts.
|
// In particular, engine should handle signing of its artifacts.
|
||||||
// afterPack: 'tasks/prepareToSign.js',
|
// afterPack: 'tasks/prepareToSign.js',
|
||||||
|
|
||||||
|
publish: null,
|
||||||
}
|
}
|
||||||
|
|
||||||
// `electron-builder` checks for presence of `node_modules` directory. If it is not present, it will
|
// `electron-builder` checks for presence of `node_modules` directory. If it is not present, it will
|
||||||
@ -110,4 +161,13 @@ const config: Configuration = {
|
|||||||
// Without this workaround, `electron-builder` will end up erasing its own dependencies and failing
|
// Without this workaround, `electron-builder` will end up erasing its own dependencies and failing
|
||||||
// because of that.
|
// because of that.
|
||||||
await fs.mkdir('node_modules', { recursive: true })
|
await fs.mkdir('node_modules', { recursive: true })
|
||||||
await fs.writeFile('electron-builder-config.json', JSON.stringify(config, null, 2))
|
|
||||||
|
const cli_opts: CliOptions = {
|
||||||
|
config: config,
|
||||||
|
targets: args.platform.createTarget(),
|
||||||
|
}
|
||||||
|
|
||||||
|
console.log('Building with configuration:', cli_opts)
|
||||||
|
|
||||||
|
const result = await builder.build(cli_opts)
|
||||||
|
console.log('Electron Builder is done. Result:', result)
|
||||||
|
@ -36,6 +36,6 @@
|
|||||||
"scripts": {
|
"scripts": {
|
||||||
"start": "electron ../../../../dist/content -- ",
|
"start": "electron ../../../../dist/content -- ",
|
||||||
"build": "ts-node bundle.ts",
|
"build": "ts-node bundle.ts",
|
||||||
"dist": "ts-node electron-builder-config.ts && electron-builder --publish never --config electron-builder-config.json"
|
"dist": "ts-node electron-builder-config.ts"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user