From e385403a0beab48c912dcd5c92d63c74c34cee9b Mon Sep 17 00:00:00 2001 From: Kenichi Kamiya Date: Thu, 7 Mar 2024 12:05:58 +0900 Subject: [PATCH 01/39] Add golang in windows again Partially revert 8d23e763d19d31409bbff93e62e0c32b0e694d0c to debug #442 --- config/windows/winget/winget-pkgs-basic.json | 3 +++ 1 file changed, 3 insertions(+) diff --git a/config/windows/winget/winget-pkgs-basic.json b/config/windows/winget/winget-pkgs-basic.json index 485df2f1..422ecb9c 100644 --- a/config/windows/winget/winget-pkgs-basic.json +++ b/config/windows/winget/winget-pkgs-basic.json @@ -64,6 +64,9 @@ { "PackageIdentifier": "Starship.Starship" }, + { + "PackageIdentifier": "GoLang.Go" + }, { "PackageIdentifier": "Microsoft.VisualStudioCode" } From 571ce208bc5017f5efe8bfb16f27a4706ab8d8f5 Mon Sep 17 00:00:00 2001 From: Kenichi Kamiya Date: Thu, 7 Mar 2024 11:31:49 +0900 Subject: [PATCH 02/39] Include missing winit-wsl command --- .goreleaser.yaml | 17 +++++++++++++---- config/windows/README.md | 1 + 2 files changed, 14 insertions(+), 4 deletions(-) diff --git a/.goreleaser.yaml b/.goreleaser.yaml index c36cd329..c0db4f68 100644 --- a/.goreleaser.yaml +++ b/.goreleaser.yaml @@ -2,10 +2,10 @@ # Make sure to check the documentation at https://goreleaser.com before: hooks: - # You may remove this if you don't use go modules. - - go mod tidy - # you may remove this if you don't need go generate - - go generate ./... + # # You may remove this if you don't use go modules. + # - go mod tidy + # # you may remove this if you don't need go generate + # - go generate ./... # https://github.com/orgs/goreleaser/discussions/1531 builds: - id: winit-reg @@ -26,6 +26,15 @@ builds: - windows goarch: - amd64 + - id: winit-wsl + binary: winit-wsl + env: + - CGO_ENABLED=0 + main: ./cmd/winit-wsl + goos: + - windows + goarch: + - amd64 archives: - format: tar.gz diff --git a/config/windows/README.md b/config/windows/README.md index 623d2590..dc9372a8 100644 --- a/config/windows/README.md +++ b/config/windows/README.md @@ -10,6 +10,7 @@ Basically following codes will be done in PowerShell ./winit-conf.exe -pwsh_profile_path "$PROFILE" ./winit-reg.exe list ./winit-reg.exe run --all + ./winit-wsl.exe ``` 1. Install some tools ```powershell From 6a5ed8a9738fd842239cf7dc2091d0f023857e2d Mon Sep 17 00:00:00 2001 From: Kenichi Kamiya Date: Thu, 7 Mar 2024 13:35:58 +0900 Subject: [PATCH 03/39] Update workflow around testing and releasing windows binary --- .github/workflows/ci-windows.yml | 58 --------------------- .github/workflows/container.yml | 10 ---- .github/workflows/release.yml | 68 ------------------------- .github/workflows/windows.yml | 87 ++++++++++++++++++++++++++++++++ README.md | 2 +- config/windows/README.md | 2 +- 6 files changed, 89 insertions(+), 138 deletions(-) delete mode 100644 .github/workflows/ci-windows.yml delete mode 100644 .github/workflows/release.yml create mode 100644 .github/workflows/windows.yml diff --git a/.github/workflows/ci-windows.yml b/.github/workflows/ci-windows.yml deleted file mode 100644 index 162f117e..00000000 --- a/.github/workflows/ci-windows.yml +++ /dev/null @@ -1,58 +0,0 @@ -name: CI - Windows - -on: - push: - branches: - - main - paths: - - '.github/workflows/ci-windows.yml' - - '**.go' - - 'go.*' - pull_request: - paths: - - '.github/workflows/ci-windows.yml' - - '**.go' - - 'go.*' - workflow_dispatch: - -defaults: - run: - shell: pwsh - -jobs: - setup: - runs-on: windows-2022 - steps: - - uses: actions/checkout@v4 - - name: Set up Go - uses: actions/setup-go@v5 - with: - go-version-file: 'go.mod' - cache-dependency-path: 'go.sum' - - name: Make sure there are what files before build - run: Get-ChildItem - - name: Build winit-* # Avoiding run to measure which step taking minutes - run: | - # go build does not automatically create the directory - New-Item -Force -ItemType "Directory" -Path dist - # Need -o to keep product in multiple packages - go build -o dist -v .\... - - name: Make sure there are what files after build - run: | - Get-ChildItem - Get-ChildItem .\dist - # Do not write depending winget and WSL2 logcs for now - # https://github.com/microsoft/winget-cli/issues/3872 - # https://github.com/actions/runner-images/issues/910 - # https://github.com/microsoft/winget-cli/blob/b07d2ebb7d865f95320e2bc708a2d1efb2152c5a/README.md#L14 - - name: Rebel against unacceptable default - run: | - .\dist\winit-reg.exe list - .\dist\winit-reg.exe run --all - # This logics can be finished even if tools are not installed - - name: Put config files around terminals - run: | - .\dist\winit-conf.exe -pwsh_profile_path "$PROFILE" - - name: Make sure correctly copied - run: | - Get-Content "$PROFILE" diff --git a/.github/workflows/container.yml b/.github/workflows/container.yml index 5af6380a..5844a430 100644 --- a/.github/workflows/container.yml +++ b/.github/workflows/container.yml @@ -30,16 +30,6 @@ jobs: containerfiles: | Containerfile oci: true - - name: Wait other jobs - uses: kachick/wait-other-jobs@v2 - timeout-minutes: 10 - with: - skip-list: | - [ - { - "workflowFile": "release.yml" - } - ] - name: Push To ghcr.io id: push-to-ghcr if: ${{ github.event_name != 'pull_request' }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml deleted file mode 100644 index 5a1caf85..00000000 --- a/.github/workflows/release.yml +++ /dev/null @@ -1,68 +0,0 @@ -name: goreleaser - -on: - push: - tags: - - 'v*' - pull_request: - paths: - - '.github/workflows/release.yml' - - '**.go' - - 'go.*' - - '.goreleaser.yaml' - workflow_dispatch: - -permissions: - contents: write - pull-requests: write - checks: read # For private repositories - actions: read # For private repositories - -jobs: - goreleaser: - runs-on: windows-latest - steps: - - name: Checkout - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - name: Set up Go - uses: actions/setup-go@v5 - with: - go-version-file: 'go.mod' - cache-dependency-path: 'go.sum' - - name: Wait other jobs - uses: kachick/wait-other-jobs@v2 - if: startsWith(github.ref, 'refs/tags/') - timeout-minutes: 30 - with: - skip-list: | - [ - { - "workflowFile": "container.yml" - } - ] - - name: Run GoReleaser - uses: goreleaser/goreleaser-action@v5 - if: startsWith(github.ref, 'refs/tags/') - with: - distribution: goreleaser - version: 'v1.24.0' # selfup { "regex": "\\d[^']+", "script": "goreleaser --version | grep 'GitVersion:' | tr -s ' ' | cut -d ' ' -f 2" } - args: release --clean - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - name: Check the release step are valid or not in non tagged triggers - uses: goreleaser/goreleaser-action@v5 - # https://github.com/orgs/community/discussions/26386 - if: ${{ !startsWith(github.ref, 'refs/tags/') }} - with: - distribution: goreleaser - version: 'v1.24.0' # selfup { "regex": "\\d[^']+", "script": "goreleaser --version | grep 'GitVersion:' | tr -s ' ' | cut -d ' ' -f 2" } - args: build --snapshot --clean - # https://github.com/goreleaser/goreleaser-action/tree/5fdedb94abba051217030cc86d4523cf3f02243d#upload-artifacts - - name: Upload assets - uses: actions/upload-artifact@v4 - if: ${{ !startsWith(github.ref, 'refs/tags/') }} - with: - name: tools - path: dist/**/*.exe diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml new file mode 100644 index 00000000..e573853d --- /dev/null +++ b/.github/workflows/windows.yml @@ -0,0 +1,87 @@ +name: CI - Windows + +on: + push: + tags: + - 'v*' + branches: + - main + paths: + - '.github/workflows/windows.yml' + - '**.go' + - 'go.*' + - '.goreleaser.yaml' + - 'config' + pull_request: + paths: + - '.github/workflows/windows.yml' + - '**.go' + - 'go.*' + - '.goreleaser.yaml' + - 'config' + workflow_dispatch: + +permissions: + contents: write + pull-requests: write + checks: read # For private repositories + actions: read # For private repositories + +defaults: + run: + shell: pwsh + +jobs: + setup: + runs-on: windows-2022 + steps: + - uses: actions/checkout@v4 + - name: Set up Go + uses: actions/setup-go@v5 + with: + go-version-file: 'go.mod' + cache-dependency-path: 'go.sum' + - name: Install goreleaser + uses: goreleaser/goreleaser-action@v5 + with: + install-only: true + version: 'v1.24.0' # selfup { "regex": "\\d[^']+", "script": "goreleaser --version | grep 'GitVersion:' | tr -s ' ' | cut -d ' ' -f 2" } + - name: Make sure there are what files before build + run: Get-ChildItem + - name: Build winit-* + run: goreleaser build --snapshot --clean + - name: Make sure there are what files after build + run: | + Get-ChildItem + Get-ChildItem .\dist + # https://github.com/goreleaser/goreleaser-action/tree/5fdedb94abba051217030cc86d4523cf3f02243d#upload-artifacts + - name: Upload assets + uses: actions/upload-artifact@v4 + with: + name: winit + path: dist/**/*.exe + - name: Check Windows Defender does not false positive detect the product + run: | + & "C:\Program Files\Windows Defender\MpCmdRun.exe" -SignatureUpdate + & "C:\Program Files\Windows Defender\MpCmdRun.exe" -Scan -ScanType 3 -File "$(pwd)\dist\winit-conf.exe" + & "C:\Program Files\Windows Defender\MpCmdRun.exe" -Scan -ScanType 3 -File "$(pwd)\dist\winit-reg.exe" + & "C:\Program Files\Windows Defender\MpCmdRun.exe" -Scan -ScanType 3 -File "$(pwd)\dist\winit-wsl.exe" + # Do not write depending winget and WSL2 logcs for now + # https://github.com/microsoft/winget-cli/issues/3872 + # https://github.com/actions/runner-images/issues/910 + # https://github.com/microsoft/winget-cli/blob/b07d2ebb7d865f95320e2bc708a2d1efb2152c5a/README.md#L14 + - name: Rebel against unacceptable default + run: | + .\dist\winit-reg.exe list + .\dist\winit-reg.exe run --all + # This logics can be finished even if tools are not installed + - name: Put config files around terminals + run: | + .\dist\winit-conf.exe -pwsh_profile_path "$PROFILE" + - name: Make sure it correctly copied some config files + run: | + Get-Content "$PROFILE" + - name: Release the product + if: startsWith(github.ref, 'refs/tags/') + run: | + goreleaser release --clean diff --git a/README.md b/README.md index 4d95baba..f52496ec 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,7 @@ # dotfiles [![Home Status](https://github.com/kachick/dotfiles/actions/workflows/ci-home.yml/badge.svg?branch=main)](https://github.com/kachick/dotfiles/actions/workflows/ci-home.yml?query=branch%3Amain+) -[![Home Status](https://github.com/kachick/dotfiles/actions/workflows/ci-windows.yml/badge.svg?branch=main)](https://github.com/kachick/dotfiles/actions/workflows/ci-windows.yml?query=branch%3Amain+) +[![Home Status](https://github.com/kachick/dotfiles/actions/workflows/windows.yml/badge.svg?branch=main)](https://github.com/kachick/dotfiles/actions/workflows/windows.yml?query=branch%3Amain+) [![Nix Status](https://github.com/kachick/dotfiles/actions/workflows/ci-nix.yml/badge.svg?branch=main)](https://github.com/kachick/dotfiles/actions/workflows/ci-nix.yml?query=branch%3Amain+) [![CI - Go Status](https://github.com/kachick/dotfiles/actions/workflows/ci-go.yml/badge.svg?branch=main)](https://github.com/kachick/dotfiles/actions/workflows/ci-go.yml?query=branch%3Amain+) [![Container Status](https://github.com/kachick/dotfiles/actions/workflows/container.yml/badge.svg?branch=main)](https://github.com/kachick/dotfiles/actions/workflows/container.yml?query=branch%3Amain+) diff --git a/config/windows/README.md b/config/windows/README.md index dc9372a8..2db25b6c 100644 --- a/config/windows/README.md +++ b/config/windows/README.md @@ -4,7 +4,7 @@ Basically following codes will be done in PowerShell -1. Download the windows helper binaries from [GitHub releases](https://github.com/kachick/dotfiles/releases) or uploaded artifacts in [each workflow](https://github.com/kachick/dotfiles/actions/workflows/release.yml) summary +1. Download the windows helper binaries from [GitHub releases](https://github.com/kachick/dotfiles/releases) or uploaded artifacts in [each workflow](https://github.com/kachick/dotfiles/actions/workflows/windows.yml) summary 1. New session of pwsh ```powershell ./winit-conf.exe -pwsh_profile_path "$PROFILE" From 30f130666c1ac133cb3fbc266b84bc733464cd56 Mon Sep 17 00:00:00 2001 From: Kenichi Kamiya Date: Thu, 7 Mar 2024 13:40:06 +0900 Subject: [PATCH 04/39] Need this? --- .goreleaser.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.goreleaser.yaml b/.goreleaser.yaml index c0db4f68..8f27ab92 100644 --- a/.goreleaser.yaml +++ b/.goreleaser.yaml @@ -2,10 +2,10 @@ # Make sure to check the documentation at https://goreleaser.com before: hooks: - # # You may remove this if you don't use go modules. - # - go mod tidy - # # you may remove this if you don't need go generate - # - go generate ./... + # You may remove this if you don't use go modules. + - go mod tidy + # you may remove this if you don't need go generate + - go generate ./... # https://github.com/orgs/goreleaser/discussions/1531 builds: - id: winit-reg From 12884bdd757efa98c49946b6964180419453c986 Mon Sep 17 00:00:00 2001 From: Kenichi Kamiya Date: Thu, 7 Mar 2024 13:47:08 +0900 Subject: [PATCH 05/39] winit prefix, but this for WSL, the linux is the target.. --- .github/workflows/windows.yml | 1 - .goreleaser.yaml | 17 ++++------------- config/windows/README.md | 1 - 3 files changed, 4 insertions(+), 15 deletions(-) diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml index e573853d..128557e8 100644 --- a/.github/workflows/windows.yml +++ b/.github/workflows/windows.yml @@ -65,7 +65,6 @@ jobs: & "C:\Program Files\Windows Defender\MpCmdRun.exe" -SignatureUpdate & "C:\Program Files\Windows Defender\MpCmdRun.exe" -Scan -ScanType 3 -File "$(pwd)\dist\winit-conf.exe" & "C:\Program Files\Windows Defender\MpCmdRun.exe" -Scan -ScanType 3 -File "$(pwd)\dist\winit-reg.exe" - & "C:\Program Files\Windows Defender\MpCmdRun.exe" -Scan -ScanType 3 -File "$(pwd)\dist\winit-wsl.exe" # Do not write depending winget and WSL2 logcs for now # https://github.com/microsoft/winget-cli/issues/3872 # https://github.com/actions/runner-images/issues/910 diff --git a/.goreleaser.yaml b/.goreleaser.yaml index 8f27ab92..f8f14742 100644 --- a/.goreleaser.yaml +++ b/.goreleaser.yaml @@ -2,10 +2,10 @@ # Make sure to check the documentation at https://goreleaser.com before: hooks: - # You may remove this if you don't use go modules. - - go mod tidy - # you may remove this if you don't need go generate - - go generate ./... + # # You may remove this if you don't use go modules. + # - go mod tidy + # # you may remove this if you don't need go generate + # - go generate ./... # https://github.com/orgs/goreleaser/discussions/1531 builds: - id: winit-reg @@ -26,15 +26,6 @@ builds: - windows goarch: - amd64 - - id: winit-wsl - binary: winit-wsl - env: - - CGO_ENABLED=0 - main: ./cmd/winit-wsl - goos: - - windows - goarch: - - amd64 archives: - format: tar.gz diff --git a/config/windows/README.md b/config/windows/README.md index 2db25b6c..7f430e1e 100644 --- a/config/windows/README.md +++ b/config/windows/README.md @@ -10,7 +10,6 @@ Basically following codes will be done in PowerShell ./winit-conf.exe -pwsh_profile_path "$PROFILE" ./winit-reg.exe list ./winit-reg.exe run --all - ./winit-wsl.exe ``` 1. Install some tools ```powershell From f296ec11c513db9648fa1fb7f670fb54c4e8d34f Mon Sep 17 00:00:00 2001 From: Kenichi Kamiya Date: Thu, 7 Mar 2024 13:53:06 +0900 Subject: [PATCH 06/39] Fix to handle path around goreleaser outputs --- .github/workflows/windows.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml index 128557e8..411a9584 100644 --- a/.github/workflows/windows.yml +++ b/.github/workflows/windows.yml @@ -53,7 +53,7 @@ jobs: - name: Make sure there are what files after build run: | Get-ChildItem - Get-ChildItem .\dist + Get-ChildItem -Recurse .\dist # https://github.com/goreleaser/goreleaser-action/tree/5fdedb94abba051217030cc86d4523cf3f02243d#upload-artifacts - name: Upload assets uses: actions/upload-artifact@v4 @@ -63,20 +63,20 @@ jobs: - name: Check Windows Defender does not false positive detect the product run: | & "C:\Program Files\Windows Defender\MpCmdRun.exe" -SignatureUpdate - & "C:\Program Files\Windows Defender\MpCmdRun.exe" -Scan -ScanType 3 -File "$(pwd)\dist\winit-conf.exe" - & "C:\Program Files\Windows Defender\MpCmdRun.exe" -Scan -ScanType 3 -File "$(pwd)\dist\winit-reg.exe" + & "C:\Program Files\Windows Defender\MpCmdRun.exe" -Scan -ScanType 3 -File "$(pwd)\dist\winit-conf_windows_amd64_v1\winit-conf.exe" + & "C:\Program Files\Windows Defender\MpCmdRun.exe" -Scan -ScanType 3 -File "$(pwd)\dist\winit-reg_windows_amd64_v1\winit-reg.exe" # Do not write depending winget and WSL2 logcs for now # https://github.com/microsoft/winget-cli/issues/3872 # https://github.com/actions/runner-images/issues/910 # https://github.com/microsoft/winget-cli/blob/b07d2ebb7d865f95320e2bc708a2d1efb2152c5a/README.md#L14 - name: Rebel against unacceptable default run: | - .\dist\winit-reg.exe list - .\dist\winit-reg.exe run --all + .\dist\winit-reg_windows_amd64_v1\winit-reg.exe list + .\dist\winit-reg_windows_amd64_v1\winit-reg.exe run --all # This logics can be finished even if tools are not installed - name: Put config files around terminals run: | - .\dist\winit-conf.exe -pwsh_profile_path "$PROFILE" + .\dist\winit-conf_windows_amd64_v1\winit-conf.exe -pwsh_profile_path "$PROFILE" - name: Make sure it correctly copied some config files run: | Get-Content "$PROFILE" From 1987087c38e73894cabad37955bdfc35ca023aa1 Mon Sep 17 00:00:00 2001 From: Kenichi Kamiya Date: Thu, 7 Mar 2024 14:05:23 +0900 Subject: [PATCH 07/39] Try to fix skipping the detection --- .github/workflows/windows.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml index 411a9584..f8251fc4 100644 --- a/.github/workflows/windows.yml +++ b/.github/workflows/windows.yml @@ -61,7 +61,10 @@ jobs: name: winit path: dist/**/*.exe - name: Check Windows Defender does not false positive detect the product + # https://github.com/actions/runner-images/issues/855#issuecomment-626692949 may help to understand run: | + Remove-MpPreference -ExclusionPath (Get-MpPreference).ExclusionPath + Set-Service -Name wuauserv -StartupType Manual -Status Running & "C:\Program Files\Windows Defender\MpCmdRun.exe" -SignatureUpdate & "C:\Program Files\Windows Defender\MpCmdRun.exe" -Scan -ScanType 3 -File "$(pwd)\dist\winit-conf_windows_amd64_v1\winit-conf.exe" & "C:\Program Files\Windows Defender\MpCmdRun.exe" -Scan -ScanType 3 -File "$(pwd)\dist\winit-reg_windows_amd64_v1\winit-reg.exe" From 79f9329f8d89675225c20a1a036c2867b6bf9d59 Mon Sep 17 00:00:00 2001 From: Kenichi Kamiya Date: Thu, 7 Mar 2024 14:36:28 +0900 Subject: [PATCH 08/39] Add CI for the uploaded artifact zip --- .github/workflows/windows.yml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml index f8251fc4..5f8888df 100644 --- a/.github/workflows/windows.yml +++ b/.github/workflows/windows.yml @@ -55,11 +55,16 @@ jobs: Get-ChildItem Get-ChildItem -Recurse .\dist # https://github.com/goreleaser/goreleaser-action/tree/5fdedb94abba051217030cc86d4523cf3f02243d#upload-artifacts - - name: Upload assets + - name: Upload artifact + id: upload-artifact uses: actions/upload-artifact@v4 with: name: winit path: dist/**/*.exe + - name: Download assets to make sure we can actually use it + run: | + gh api -H "Accept: application/vnd.github+json" -H "X-GitHub-Api-Version: 2022-11-28" \ + /repos/kachick/dotfiles/actions/artifacts/${{ steps.upload-artifact.outputs.artifact-id }}/zip > distributed-artifact.zip - name: Check Windows Defender does not false positive detect the product # https://github.com/actions/runner-images/issues/855#issuecomment-626692949 may help to understand run: | @@ -68,6 +73,7 @@ jobs: & "C:\Program Files\Windows Defender\MpCmdRun.exe" -SignatureUpdate & "C:\Program Files\Windows Defender\MpCmdRun.exe" -Scan -ScanType 3 -File "$(pwd)\dist\winit-conf_windows_amd64_v1\winit-conf.exe" & "C:\Program Files\Windows Defender\MpCmdRun.exe" -Scan -ScanType 3 -File "$(pwd)\dist\winit-reg_windows_amd64_v1\winit-reg.exe" + & "C:\Program Files\Windows Defender\MpCmdRun.exe" -Scan -ScanType 3 -File "$(pwd)\distributed-artifact.zip" # Do not write depending winget and WSL2 logcs for now # https://github.com/microsoft/winget-cli/issues/3872 # https://github.com/actions/runner-images/issues/910 From d598e7f7b7bcd86a152ea138b1a9ab2051a0266c Mon Sep 17 00:00:00 2001 From: Kenichi Kamiya Date: Thu, 7 Mar 2024 14:40:32 +0900 Subject: [PATCH 09/39] Fix use of gh --- .github/workflows/windows.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml index 5f8888df..3a003c10 100644 --- a/.github/workflows/windows.yml +++ b/.github/workflows/windows.yml @@ -62,9 +62,11 @@ jobs: name: winit path: dist/**/*.exe - name: Download assets to make sure we can actually use it + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | gh api -H "Accept: application/vnd.github+json" -H "X-GitHub-Api-Version: 2022-11-28" \ - /repos/kachick/dotfiles/actions/artifacts/${{ steps.upload-artifact.outputs.artifact-id }}/zip > distributed-artifact.zip + repos/${{ github.repository }}/actions/artifacts/${{ steps.upload-artifact.outputs.artifact-id }}/zip > distributed-artifact.zip - name: Check Windows Defender does not false positive detect the product # https://github.com/actions/runner-images/issues/855#issuecomment-626692949 may help to understand run: | From 76727fafd3c31886a4d314f511f69584c9f21cd3 Mon Sep 17 00:00:00 2001 From: Kenichi Kamiya Date: Thu, 7 Mar 2024 14:42:45 +0900 Subject: [PATCH 10/39] Adjust comment --- .github/workflows/windows.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml index 3a003c10..1daad7d7 100644 --- a/.github/workflows/windows.yml +++ b/.github/workflows/windows.yml @@ -61,7 +61,7 @@ jobs: with: name: winit path: dist/**/*.exe - - name: Download assets to make sure we can actually use it + - name: Download the artifact to make sure we can actually use it env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | From 5ecdf6eeb761c13496a98d685402a026b95d874f Mon Sep 17 00:00:00 2001 From: Kenichi Kamiya Date: Thu, 7 Mar 2024 14:45:04 +0900 Subject: [PATCH 11/39] This is the pwsh --- .github/workflows/windows.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml index 1daad7d7..b9eb7328 100644 --- a/.github/workflows/windows.yml +++ b/.github/workflows/windows.yml @@ -65,7 +65,7 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | - gh api -H "Accept: application/vnd.github+json" -H "X-GitHub-Api-Version: 2022-11-28" \ + gh api -H "Accept: application/vnd.github+json" -H "X-GitHub-Api-Version: 2022-11-28" ` repos/${{ github.repository }}/actions/artifacts/${{ steps.upload-artifact.outputs.artifact-id }}/zip > distributed-artifact.zip - name: Check Windows Defender does not false positive detect the product # https://github.com/actions/runner-images/issues/855#issuecomment-626692949 may help to understand From 95c0188b342dc4cffa11f6b3450e4130d30404c4 Mon Sep 17 00:00:00 2001 From: Kenichi Kamiya Date: Thu, 7 Mar 2024 15:03:51 +0900 Subject: [PATCH 12/39] Why am I debugging MS product... --- .github/workflows/windows.yml | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml index b9eb7328..74759e50 100644 --- a/.github/workflows/windows.yml +++ b/.github/workflows/windows.yml @@ -72,10 +72,20 @@ jobs: run: | Remove-MpPreference -ExclusionPath (Get-MpPreference).ExclusionPath Set-Service -Name wuauserv -StartupType Manual -Status Running + & "C:\Program Files\Windows Defender\MpCmdRun.exe" -ListAllDynamicSignatures & "C:\Program Files\Windows Defender\MpCmdRun.exe" -SignatureUpdate - & "C:\Program Files\Windows Defender\MpCmdRun.exe" -Scan -ScanType 3 -File "$(pwd)\dist\winit-conf_windows_amd64_v1\winit-conf.exe" - & "C:\Program Files\Windows Defender\MpCmdRun.exe" -Scan -ScanType 3 -File "$(pwd)\dist\winit-reg_windows_amd64_v1\winit-reg.exe" - & "C:\Program Files\Windows Defender\MpCmdRun.exe" -Scan -ScanType 3 -File "$(pwd)\distributed-artifact.zip" + & "C:\Program Files\Windows Defender\MpCmdRun.exe" -Scan -ScanType 3 -Trace -File "$(pwd)\dist" + & "C:\Program Files\Windows Defender\MpCmdRun.exe" -Scan -ScanType 3 -Trace -File "$(pwd)\distributed-artifact.zip" + - name: Collect Defender log + run: | + New-Item -Force -ItemType "Directory" -Path MpCmdRun-logs + & "C:\Program Files\Windows Defender\MpCmdRun.exe" -GetFiles -SupportLogLocation "$(pwd)\MpCmdRun-logs" + - name: Upload artifact + id: upload-defender-log + uses: actions/upload-artifact@v4 + with: + name: MpCmdRun-logs + path: MpCmdRun-logs/** # Do not write depending winget and WSL2 logcs for now # https://github.com/microsoft/winget-cli/issues/3872 # https://github.com/actions/runner-images/issues/910 From 5adc94d30b00b1983fc341d681ab1956aa1d9c82 Mon Sep 17 00:00:00 2001 From: Kenichi Kamiya Date: Thu, 7 Mar 2024 15:15:03 +0900 Subject: [PATCH 13/39] Make sure the dynamic signatures just before scan --- .github/workflows/windows.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml index 74759e50..2eaaee71 100644 --- a/.github/workflows/windows.yml +++ b/.github/workflows/windows.yml @@ -72,8 +72,8 @@ jobs: run: | Remove-MpPreference -ExclusionPath (Get-MpPreference).ExclusionPath Set-Service -Name wuauserv -StartupType Manual -Status Running - & "C:\Program Files\Windows Defender\MpCmdRun.exe" -ListAllDynamicSignatures & "C:\Program Files\Windows Defender\MpCmdRun.exe" -SignatureUpdate + & "C:\Program Files\Windows Defender\MpCmdRun.exe" -ListAllDynamicSignatures & "C:\Program Files\Windows Defender\MpCmdRun.exe" -Scan -ScanType 3 -Trace -File "$(pwd)\dist" & "C:\Program Files\Windows Defender\MpCmdRun.exe" -Scan -ScanType 3 -Trace -File "$(pwd)\distributed-artifact.zip" - name: Collect Defender log From b00eba0fe51cc447579817a01f0e0997a931213c Mon Sep 17 00:00:00 2001 From: Kenichi Kamiya Date: Thu, 7 Mar 2024 15:28:40 +0900 Subject: [PATCH 14/39] Can I omit the Remove-MpPreference here? --- .github/workflows/windows.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml index 2eaaee71..36b9f8e7 100644 --- a/.github/workflows/windows.yml +++ b/.github/workflows/windows.yml @@ -67,13 +67,14 @@ jobs: run: | gh api -H "Accept: application/vnd.github+json" -H "X-GitHub-Api-Version: 2022-11-28" ` repos/${{ github.repository }}/actions/artifacts/${{ steps.upload-artifact.outputs.artifact-id }}/zip > distributed-artifact.zip - - name: Check Windows Defender does not false positive detect the product + - name: Prepare Windows Defender # https://github.com/actions/runner-images/issues/855#issuecomment-626692949 may help to understand run: | - Remove-MpPreference -ExclusionPath (Get-MpPreference).ExclusionPath Set-Service -Name wuauserv -StartupType Manual -Status Running & "C:\Program Files\Windows Defender\MpCmdRun.exe" -SignatureUpdate & "C:\Program Files\Windows Defender\MpCmdRun.exe" -ListAllDynamicSignatures + - name: Check Windows Defender does not false positive detect the product + run: | & "C:\Program Files\Windows Defender\MpCmdRun.exe" -Scan -ScanType 3 -Trace -File "$(pwd)\dist" & "C:\Program Files\Windows Defender\MpCmdRun.exe" -Scan -ScanType 3 -Trace -File "$(pwd)\distributed-artifact.zip" - name: Collect Defender log From 54a60389a6a2a9a90fc7dd54159ac86a08fb6869 Mon Sep 17 00:00:00 2001 From: Kenichi Kamiya Date: Thu, 7 Mar 2024 15:51:38 +0900 Subject: [PATCH 15/39] Update workflow name --- .github/workflows/windows.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml index 36b9f8e7..e42facc2 100644 --- a/.github/workflows/windows.yml +++ b/.github/workflows/windows.yml @@ -1,4 +1,4 @@ -name: CI - Windows +name: Windows on: push: From e9d855e0d32530ce02268c8ea707573199bd19df Mon Sep 17 00:00:00 2001 From: Kenichi Kamiya Date: Thu, 7 Mar 2024 16:40:37 +0900 Subject: [PATCH 16/39] No idea even this not affect in my local --- .github/workflows/windows.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml index e42facc2..3f381dba 100644 --- a/.github/workflows/windows.yml +++ b/.github/workflows/windows.yml @@ -70,6 +70,9 @@ jobs: - name: Prepare Windows Defender # https://github.com/actions/runner-images/issues/855#issuecomment-626692949 may help to understand run: | + & "C:\Program Files\Windows Defender\MpCmdRun.exe" -ListAllDynamicSignatures + # Remove cache: https://news.mynavi.jp/article/win10tips-410/ + & "C:\Program Files\Windows Defender\MpCmdRun.exe" -RemoveDefinitions -DynamicSignatures Set-Service -Name wuauserv -StartupType Manual -Status Running & "C:\Program Files\Windows Defender\MpCmdRun.exe" -SignatureUpdate & "C:\Program Files\Windows Defender\MpCmdRun.exe" -ListAllDynamicSignatures From 209844dae7ffad114bf1969f40e18641d9790ea7 Mon Sep 17 00:00:00 2001 From: Kenichi Kamiya Date: Thu, 7 Mar 2024 16:42:22 +0900 Subject: [PATCH 17/39] This annoy and crucial step can be put in early phase --- .github/workflows/windows.yml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml index 3f381dba..8da29c57 100644 --- a/.github/workflows/windows.yml +++ b/.github/workflows/windows.yml @@ -35,6 +35,15 @@ jobs: setup: runs-on: windows-2022 steps: + - name: Prepare Windows Defender + # https://github.com/actions/runner-images/issues/855#issuecomment-626692949 may help to understand + run: | + & "C:\Program Files\Windows Defender\MpCmdRun.exe" -ListAllDynamicSignatures + # Remove cache: https://news.mynavi.jp/article/win10tips-410/ + & "C:\Program Files\Windows Defender\MpCmdRun.exe" -RemoveDefinitions -DynamicSignatures + Set-Service -Name wuauserv -StartupType Manual -Status Running + & "C:\Program Files\Windows Defender\MpCmdRun.exe" -SignatureUpdate + & "C:\Program Files\Windows Defender\MpCmdRun.exe" -ListAllDynamicSignatures - uses: actions/checkout@v4 - name: Set up Go uses: actions/setup-go@v5 @@ -67,15 +76,6 @@ jobs: run: | gh api -H "Accept: application/vnd.github+json" -H "X-GitHub-Api-Version: 2022-11-28" ` repos/${{ github.repository }}/actions/artifacts/${{ steps.upload-artifact.outputs.artifact-id }}/zip > distributed-artifact.zip - - name: Prepare Windows Defender - # https://github.com/actions/runner-images/issues/855#issuecomment-626692949 may help to understand - run: | - & "C:\Program Files\Windows Defender\MpCmdRun.exe" -ListAllDynamicSignatures - # Remove cache: https://news.mynavi.jp/article/win10tips-410/ - & "C:\Program Files\Windows Defender\MpCmdRun.exe" -RemoveDefinitions -DynamicSignatures - Set-Service -Name wuauserv -StartupType Manual -Status Running - & "C:\Program Files\Windows Defender\MpCmdRun.exe" -SignatureUpdate - & "C:\Program Files\Windows Defender\MpCmdRun.exe" -ListAllDynamicSignatures - name: Check Windows Defender does not false positive detect the product run: | & "C:\Program Files\Windows Defender\MpCmdRun.exe" -Scan -ScanType 3 -Trace -File "$(pwd)\dist" From ff3300bcee08d537714fadc53d6b392c2f60c9ea Mon Sep 17 00:00:00 2001 From: Kenichi Kamiya Date: Thu, 7 Mar 2024 17:06:33 +0900 Subject: [PATCH 18/39] Is this enough for LASTEXITCODE in pwsh? --- .github/workflows/windows.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml index 8da29c57..025dea7b 100644 --- a/.github/workflows/windows.yml +++ b/.github/workflows/windows.yml @@ -44,6 +44,8 @@ jobs: Set-Service -Name wuauserv -StartupType Manual -Status Running & "C:\Program Files\Windows Defender\MpCmdRun.exe" -SignatureUpdate & "C:\Program Files\Windows Defender\MpCmdRun.exe" -ListAllDynamicSignatures + # Stop CI if no dynamic signatures are enabled + (& "C:\Program Files\Windows Defender\MpCmdRun.exe" -ListAllDynamicSignatures) | Select-String -Pattern "SignatureSet ID:" - uses: actions/checkout@v4 - name: Set up Go uses: actions/setup-go@v5 From be9cdc1362619fb272b2dd51a1e75ba5af35662b Mon Sep 17 00:00:00 2001 From: Kenichi Kamiya Date: Thu, 7 Mar 2024 18:17:19 +0900 Subject: [PATCH 19/39] Need to write as this? --- .github/workflows/windows.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml index 025dea7b..eec3849c 100644 --- a/.github/workflows/windows.yml +++ b/.github/workflows/windows.yml @@ -45,7 +45,9 @@ jobs: & "C:\Program Files\Windows Defender\MpCmdRun.exe" -SignatureUpdate & "C:\Program Files\Windows Defender\MpCmdRun.exe" -ListAllDynamicSignatures # Stop CI if no dynamic signatures are enabled - (& "C:\Program Files\Windows Defender\MpCmdRun.exe" -ListAllDynamicSignatures) | Select-String -Pattern "SignatureSet ID:" + if (!((& "C:\Program Files\Windows Defender\MpCmdRun.exe" -ListAllDynamicSignatures) | Select-String -Pattern "SignatureSet ID:")) { + Exit 42 + } - uses: actions/checkout@v4 - name: Set up Go uses: actions/setup-go@v5 From 3a254b41b55ee6367ddf1e1a51999ec3abd1f1b2 Mon Sep 17 00:00:00 2001 From: Kenichi Kamiya Date: Thu, 7 Mar 2024 18:37:06 +0900 Subject: [PATCH 20/39] Try Set-MpPreference to enable cloud scan...? --- .github/workflows/windows.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml index eec3849c..86b5cde9 100644 --- a/.github/workflows/windows.yml +++ b/.github/workflows/windows.yml @@ -41,6 +41,12 @@ jobs: & "C:\Program Files\Windows Defender\MpCmdRun.exe" -ListAllDynamicSignatures # Remove cache: https://news.mynavi.jp/article/win10tips-410/ & "C:\Program Files\Windows Defender\MpCmdRun.exe" -RemoveDefinitions -DynamicSignatures + + # Enable cloud-based protection + Set-MpPreference -MAPSReporting Advanced + # Enable automatic sample submission + Set-MpPreference -SubmitSamplesConsent SendSafeSamplesAutomatically + Set-Service -Name wuauserv -StartupType Manual -Status Running & "C:\Program Files\Windows Defender\MpCmdRun.exe" -SignatureUpdate & "C:\Program Files\Windows Defender\MpCmdRun.exe" -ListAllDynamicSignatures From 3936ae9c6cd7e418b0e2663c1eadd1d83f3be869 Mon Sep 17 00:00:00 2001 From: Kenichi Kamiya Date: Thu, 7 Mar 2024 18:42:03 +0900 Subject: [PATCH 21/39] bot looks wrong, but very close https://github.com/kachick/dotfiles/pull/443#issuecomment-1983109013 SendSafeSamples, SendAllSamples or may fit here --- .github/workflows/windows.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml index 86b5cde9..9cacc1f7 100644 --- a/.github/workflows/windows.yml +++ b/.github/workflows/windows.yml @@ -45,7 +45,7 @@ jobs: # Enable cloud-based protection Set-MpPreference -MAPSReporting Advanced # Enable automatic sample submission - Set-MpPreference -SubmitSamplesConsent SendSafeSamplesAutomatically + Set-MpPreference -SubmitSamplesConsent SendSafeSamples Set-Service -Name wuauserv -StartupType Manual -Status Running & "C:\Program Files\Windows Defender\MpCmdRun.exe" -SignatureUpdate From 81dd51474c8bd20535e2af819ce2e9f80c115677 Mon Sep 17 00:00:00 2001 From: Kenichi Kamiya Date: Thu, 7 Mar 2024 18:57:11 +0900 Subject: [PATCH 22/39] Full set! --- .github/workflows/windows.yml | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml index 9cacc1f7..060a43a8 100644 --- a/.github/workflows/windows.yml +++ b/.github/workflows/windows.yml @@ -40,7 +40,8 @@ jobs: run: | & "C:\Program Files\Windows Defender\MpCmdRun.exe" -ListAllDynamicSignatures # Remove cache: https://news.mynavi.jp/article/win10tips-410/ - & "C:\Program Files\Windows Defender\MpCmdRun.exe" -RemoveDefinitions -DynamicSignatures + # But comment out to inspect, this may never enable again... + # & "C:\Program Files\Windows Defender\MpCmdRun.exe" -RemoveDefinitions -DynamicSignatures # Enable cloud-based protection Set-MpPreference -MAPSReporting Advanced @@ -51,6 +52,9 @@ jobs: & "C:\Program Files\Windows Defender\MpCmdRun.exe" -SignatureUpdate & "C:\Program Files\Windows Defender\MpCmdRun.exe" -ListAllDynamicSignatures # Stop CI if no dynamic signatures are enabled + + Get-MpComputerStatus + if (!((& "C:\Program Files\Windows Defender\MpCmdRun.exe" -ListAllDynamicSignatures) | Select-String -Pattern "SignatureSet ID:")) { Exit 42 } @@ -90,6 +94,9 @@ jobs: run: | & "C:\Program Files\Windows Defender\MpCmdRun.exe" -Scan -ScanType 3 -Trace -File "$(pwd)\dist" & "C:\Program Files\Windows Defender\MpCmdRun.exe" -Scan -ScanType 3 -Trace -File "$(pwd)\distributed-artifact.zip" + Start-MpScan -ScanPath "$pwd" + Get-MpThreat + Get-MpThreatDetection - name: Collect Defender log run: | New-Item -Force -ItemType "Directory" -Path MpCmdRun-logs From 070ecfd691dd0f8592d88e48274409983c14f410 Mon Sep 17 00:00:00 2001 From: Kenichi Kamiya Date: Thu, 7 Mar 2024 19:00:22 +0900 Subject: [PATCH 23/39] Correct job name --- .github/workflows/windows.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml index 060a43a8..94c3309e 100644 --- a/.github/workflows/windows.yml +++ b/.github/workflows/windows.yml @@ -32,7 +32,7 @@ defaults: shell: pwsh jobs: - setup: + terraforming: runs-on: windows-2022 steps: - name: Prepare Windows Defender From fe7dfe539e4e0c0d3df62a9deb7d8aaa1a8b3022 Mon Sep 17 00:00:00 2001 From: Kenichi Kamiya Date: Thu, 7 Mar 2024 19:08:54 +0900 Subject: [PATCH 24/39] Update-MpSignature --- .github/workflows/windows.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml index 94c3309e..1aaca31a 100644 --- a/.github/workflows/windows.yml +++ b/.github/workflows/windows.yml @@ -32,7 +32,7 @@ defaults: shell: pwsh jobs: - terraforming: + terraform: runs-on: windows-2022 steps: - name: Prepare Windows Defender @@ -50,6 +50,7 @@ jobs: Set-Service -Name wuauserv -StartupType Manual -Status Running & "C:\Program Files\Windows Defender\MpCmdRun.exe" -SignatureUpdate + Update-MpSignature & "C:\Program Files\Windows Defender\MpCmdRun.exe" -ListAllDynamicSignatures # Stop CI if no dynamic signatures are enabled From b28a70d44568d5ba12b1c8a2722d1f41a5535708 Mon Sep 17 00:00:00 2001 From: Kenichi Kamiya Date: Thu, 7 Mar 2024 19:09:40 +0900 Subject: [PATCH 25/39] :) --- .github/workflows/windows.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml index 1aaca31a..0e922abc 100644 --- a/.github/workflows/windows.yml +++ b/.github/workflows/windows.yml @@ -32,6 +32,7 @@ defaults: shell: pwsh jobs: + # Not Terraform :) terraform: runs-on: windows-2022 steps: From a5c9cdb3b8f44520b275d7126a454029a12e02cc Mon Sep 17 00:00:00 2001 From: Kenichi Kamiya Date: Thu, 7 Mar 2024 19:31:39 +0900 Subject: [PATCH 26/39] I don't which is the bot --- .github/workflows/windows.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml index 0e922abc..b11980e9 100644 --- a/.github/workflows/windows.yml +++ b/.github/workflows/windows.yml @@ -40,6 +40,13 @@ jobs: # https://github.com/actions/runner-images/issues/855#issuecomment-626692949 may help to understand run: | & "C:\Program Files\Windows Defender\MpCmdRun.exe" -ListAllDynamicSignatures + + Get-Item -Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" + Get-Item -Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\SpyNet" + # I can't find any resource of this key in web also GitHub, but Copilot said... So testing in action runner may be interest :) + Set-ItemProperty -Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\SpyNet" -Name JoinMicrosoftSpyNet -Value 1 + Get-Item -Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\SpyNet" + # Remove cache: https://news.mynavi.jp/article/win10tips-410/ # But comment out to inspect, this may never enable again... # & "C:\Program Files\Windows Defender\MpCmdRun.exe" -RemoveDefinitions -DynamicSignatures From 5dd236af3c43c43958dc9186cfd98487e80c26f3 Mon Sep 17 00:00:00 2001 From: Kenichi Kamiya Date: Thu, 7 Mar 2024 20:06:34 +0900 Subject: [PATCH 27/39] =?UTF-8?q?Maybe=20=F0=9F=92=80?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/windows.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml index b11980e9..4d946750 100644 --- a/.github/workflows/windows.yml +++ b/.github/workflows/windows.yml @@ -41,6 +41,9 @@ jobs: run: | & "C:\Program Files\Windows Defender\MpCmdRun.exe" -ListAllDynamicSignatures + # https://github.com/actions/runner-images/blob/61df9288f9be9f6aeaaaa4ad52a7332432913fc3/images/windows/scripts/build/Configure-WindowsDefender.ps1#L38-L44 + Set-ItemProperty -Path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection' -Name 'ForceDefenderPassiveMode' -Value '0' -Type 'DWORD' + Get-Item -Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" Get-Item -Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\SpyNet" # I can't find any resource of this key in web also GitHub, but Copilot said... So testing in action runner may be interest :) From 816dd6bf95a95c313f503ca722faa2cad5528bb0 Mon Sep 17 00:00:00 2001 From: Kenichi Kamiya Date: Thu, 7 Mar 2024 20:07:48 +0900 Subject: [PATCH 28/39] None in runner --- .github/workflows/windows.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml index 4d946750..76d6e7cb 100644 --- a/.github/workflows/windows.yml +++ b/.github/workflows/windows.yml @@ -44,11 +44,11 @@ jobs: # https://github.com/actions/runner-images/blob/61df9288f9be9f6aeaaaa4ad52a7332432913fc3/images/windows/scripts/build/Configure-WindowsDefender.ps1#L38-L44 Set-ItemProperty -Path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection' -Name 'ForceDefenderPassiveMode' -Value '0' -Type 'DWORD' - Get-Item -Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" - Get-Item -Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\SpyNet" + # Get-Item -Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" + # Get-Item -Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\SpyNet" # I can't find any resource of this key in web also GitHub, but Copilot said... So testing in action runner may be interest :) - Set-ItemProperty -Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\SpyNet" -Name JoinMicrosoftSpyNet -Value 1 - Get-Item -Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\SpyNet" + # Set-ItemProperty -Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\SpyNet" -Name JoinMicrosoftSpyNet -Value 1 + # Get-Item -Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\SpyNet" # Remove cache: https://news.mynavi.jp/article/win10tips-410/ # But comment out to inspect, this may never enable again... From 7b3921c13b26f51d5897250fd9b039eb4ddd2d5b Mon Sep 17 00:00:00 2001 From: Kenichi Kamiya Date: Thu, 7 Mar 2024 20:24:57 +0900 Subject: [PATCH 29/39] I didn't know this useful force... --- .github/workflows/windows.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml index 76d6e7cb..1b2d5050 100644 --- a/.github/workflows/windows.yml +++ b/.github/workflows/windows.yml @@ -47,8 +47,8 @@ jobs: # Get-Item -Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" # Get-Item -Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\SpyNet" # I can't find any resource of this key in web also GitHub, but Copilot said... So testing in action runner may be interest :) - # Set-ItemProperty -Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\SpyNet" -Name JoinMicrosoftSpyNet -Value 1 - # Get-Item -Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\SpyNet" + Set-ItemProperty -Force -Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\SpyNet" -Name JoinMicrosoftSpyNet -Value 1 + Get-Item -Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\SpyNet" # Remove cache: https://news.mynavi.jp/article/win10tips-410/ # But comment out to inspect, this may never enable again... From c694abc6c2c281179487531e7454ed9db01ec65d Mon Sep 17 00:00:00 2001 From: Kenichi Kamiya Date: Thu, 7 Mar 2024 20:26:50 +0900 Subject: [PATCH 30/39] How to apply regedit in action? cannot? --- .github/workflows/windows.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml index 1b2d5050..79f7afd5 100644 --- a/.github/workflows/windows.yml +++ b/.github/workflows/windows.yml @@ -63,8 +63,8 @@ jobs: & "C:\Program Files\Windows Defender\MpCmdRun.exe" -SignatureUpdate Update-MpSignature & "C:\Program Files\Windows Defender\MpCmdRun.exe" -ListAllDynamicSignatures - # Stop CI if no dynamic signatures are enabled - + - name: Make sure dynamic signatures are enabled + run: | Get-MpComputerStatus if (!((& "C:\Program Files\Windows Defender\MpCmdRun.exe" -ListAllDynamicSignatures) | Select-String -Pattern "SignatureSet ID:")) { From b0b7a195e634e90666c14e46990f8eca6e827cc3 Mon Sep 17 00:00:00 2001 From: Kenichi Kamiya Date: Thu, 7 Mar 2024 20:31:50 +0900 Subject: [PATCH 31/39] don't work as this even forced --- .github/workflows/windows.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml index 79f7afd5..d9e25702 100644 --- a/.github/workflows/windows.yml +++ b/.github/workflows/windows.yml @@ -47,8 +47,8 @@ jobs: # Get-Item -Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" # Get-Item -Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\SpyNet" # I can't find any resource of this key in web also GitHub, but Copilot said... So testing in action runner may be interest :) - Set-ItemProperty -Force -Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\SpyNet" -Name JoinMicrosoftSpyNet -Value 1 - Get-Item -Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\SpyNet" + # Set-ItemProperty -Force -Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\SpyNet" -Name JoinMicrosoftSpyNet -Value 1 + # Get-Item -Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\SpyNet" # Remove cache: https://news.mynavi.jp/article/win10tips-410/ # But comment out to inspect, this may never enable again... From 4cca2bcc95a9c9296ee6e9511c8a4df45d084a06 Mon Sep 17 00:00:00 2001 From: Kenichi Kamiya Date: Thu, 7 Mar 2024 20:48:42 +0900 Subject: [PATCH 32/39] 3 times! --- .github/workflows/windows.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml index d9e25702..996a09da 100644 --- a/.github/workflows/windows.yml +++ b/.github/workflows/windows.yml @@ -43,6 +43,7 @@ jobs: # https://github.com/actions/runner-images/blob/61df9288f9be9f6aeaaaa4ad52a7332432913fc3/images/windows/scripts/build/Configure-WindowsDefender.ps1#L38-L44 Set-ItemProperty -Path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection' -Name 'ForceDefenderPassiveMode' -Value '0' -Type 'DWORD' + Restart-Service -Name WinDefend # Get-Item -Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" # Get-Item -Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\SpyNet" @@ -58,10 +59,12 @@ jobs: Set-MpPreference -MAPSReporting Advanced # Enable automatic sample submission Set-MpPreference -SubmitSamplesConsent SendSafeSamples + Restart-Service -Name WinDefend Set-Service -Name wuauserv -StartupType Manual -Status Running & "C:\Program Files\Windows Defender\MpCmdRun.exe" -SignatureUpdate Update-MpSignature + Restart-Service -Name WinDefend & "C:\Program Files\Windows Defender\MpCmdRun.exe" -ListAllDynamicSignatures - name: Make sure dynamic signatures are enabled run: | From b79f579acf8b2e65c94585b49d04c880dfe615a2 Mon Sep 17 00:00:00 2001 From: Kenichi Kamiya Date: Thu, 7 Mar 2024 20:51:37 +0900 Subject: [PATCH 33/39] First should not be re-* --- .github/workflows/windows.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml index 996a09da..57f1a034 100644 --- a/.github/workflows/windows.yml +++ b/.github/workflows/windows.yml @@ -43,7 +43,7 @@ jobs: # https://github.com/actions/runner-images/blob/61df9288f9be9f6aeaaaa4ad52a7332432913fc3/images/windows/scripts/build/Configure-WindowsDefender.ps1#L38-L44 Set-ItemProperty -Path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection' -Name 'ForceDefenderPassiveMode' -Value '0' -Type 'DWORD' - Restart-Service -Name WinDefend + Start-Service -Name WinDefend # Get-Item -Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" # Get-Item -Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\SpyNet" From e190e5f8a64e44ed4bcec488cbe3bf11a3a1484a Mon Sep 17 00:00:00 2001 From: Kenichi Kamiya Date: Thu, 7 Mar 2024 20:55:01 +0900 Subject: [PATCH 34/39] Cannot re- is not started? --- .github/workflows/windows.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml index 57f1a034..6ccfb8e1 100644 --- a/.github/workflows/windows.yml +++ b/.github/workflows/windows.yml @@ -43,6 +43,7 @@ jobs: # https://github.com/actions/runner-images/blob/61df9288f9be9f6aeaaaa4ad52a7332432913fc3/images/windows/scripts/build/Configure-WindowsDefender.ps1#L38-L44 Set-ItemProperty -Path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection' -Name 'ForceDefenderPassiveMode' -Value '0' -Type 'DWORD' + Start-Service -DisplayName *Defend* -WhatIf Start-Service -Name WinDefend # Get-Item -Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" @@ -59,12 +60,12 @@ jobs: Set-MpPreference -MAPSReporting Advanced # Enable automatic sample submission Set-MpPreference -SubmitSamplesConsent SendSafeSamples - Restart-Service -Name WinDefend + # Restart-Service -Name WinDefend Set-Service -Name wuauserv -StartupType Manual -Status Running & "C:\Program Files\Windows Defender\MpCmdRun.exe" -SignatureUpdate Update-MpSignature - Restart-Service -Name WinDefend + # Restart-Service -Name WinDefend & "C:\Program Files\Windows Defender\MpCmdRun.exe" -ListAllDynamicSignatures - name: Make sure dynamic signatures are enabled run: | From 11824e09cb563fc2282e9d2dcc479dc6f6a77c05 Mon Sep 17 00:00:00 2001 From: Kenichi Kamiya Date: Thu, 7 Mar 2024 21:03:22 +0900 Subject: [PATCH 35/39] Give up. Btw, you should be passed --- .github/workflows/windows.yml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml index 6ccfb8e1..d82788f2 100644 --- a/.github/workflows/windows.yml +++ b/.github/workflows/windows.yml @@ -67,13 +67,14 @@ jobs: Update-MpSignature # Restart-Service -Name WinDefend & "C:\Program Files\Windows Defender\MpCmdRun.exe" -ListAllDynamicSignatures - - name: Make sure dynamic signatures are enabled + - name: Make sure dynamic signatures are enabled ... or not run: | Get-MpComputerStatus - if (!((& "C:\Program Files\Windows Defender\MpCmdRun.exe" -ListAllDynamicSignatures) | Select-String -Pattern "SignatureSet ID:")) { - Exit 42 - } + # if (!((& "C:\Program Files\Windows Defender\MpCmdRun.exe" -ListAllDynamicSignatures) | Select-String -Pattern "SignatureSet ID:")) { + # Exit 42 + # } + & "C:\Program Files\Windows Defender\MpCmdRun.exe" -ListAllDynamicSignatures - uses: actions/checkout@v4 - name: Set up Go uses: actions/setup-go@v5 From 859cb409fa0b712b8f327a4497d1f64da708316e Mon Sep 17 00:00:00 2001 From: Kenichi Kamiya Date: Fri, 8 Mar 2024 01:27:51 +0900 Subject: [PATCH 36/39] This looks needed 1987087c38e73894cabad37955bdfc35ca023aa1 --- .github/workflows/windows.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml index 5bacbc09..1255ff55 100644 --- a/.github/workflows/windows.yml +++ b/.github/workflows/windows.yml @@ -67,6 +67,9 @@ jobs: Update-MpSignature # Restart-Service -Name WinDefend & "C:\Program Files\Windows Defender\MpCmdRun.exe" -ListAllDynamicSignatures + + # Disable to skip(=Enable). When I removed, `Scanning D:\a\dotfiles\dotfiles\distributed-artifact.zip was skipped.` logged + Remove-MpPreference -ExclusionPath (Get-MpPreference).ExclusionPath - name: Make sure dynamic signatures are enabled ... or not run: | Get-MpComputerStatus From d9360e313078af35fc3e684395fa80f141a47d2c Mon Sep 17 00:00:00 2001 From: Kenichi Kamiya Date: Fri, 8 Mar 2024 01:50:35 +0900 Subject: [PATCH 37/39] I'm looser --- .github/workflows/windows.yml | 36 +++++++++++++++++++---------------- 1 file changed, 20 insertions(+), 16 deletions(-) diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml index 1255ff55..319a6335 100644 --- a/.github/workflows/windows.yml +++ b/.github/workflows/windows.yml @@ -32,8 +32,9 @@ defaults: shell: pwsh jobs: - # Not Terraform :) - terraform: + # This job has many comment-out tyle note, agree to ugly, but do NOT remove for now. + # See #443 for detail. + terraform: # Not Terraform :) runs-on: windows-2022 steps: - name: Prepare Windows Defender @@ -53,8 +54,7 @@ jobs: # Get-Item -Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\SpyNet" # Remove cache: https://news.mynavi.jp/article/win10tips-410/ - # But comment out to inspect, this may never enable again... - # & "C:\Program Files\Windows Defender\MpCmdRun.exe" -RemoveDefinitions -DynamicSignatures + & "C:\Program Files\Windows Defender\MpCmdRun.exe" -RemoveDefinitions -DynamicSignatures # Enable cloud-based protection Set-MpPreference -MAPSReporting Advanced @@ -74,6 +74,7 @@ jobs: run: | Get-MpComputerStatus + # Remove this to raise error if you REALIZED to enable Dynamic Signature scans # if (!((& "C:\Program Files\Windows Defender\MpCmdRun.exe" -ListAllDynamicSignatures) | Select-String -Pattern "SignatureSet ID:")) { # Exit 42 # } @@ -89,11 +90,11 @@ jobs: with: install-only: true version: 'v1.24.0' # selfup { "regex": "\\d[^']+", "script": "goreleaser --version | grep 'GitVersion:' | tr -s ' ' | cut -d ' ' -f 2" } - - name: Make sure there are what files before build + - name: List files - before build run: Get-ChildItem - name: Build winit-* run: goreleaser build --snapshot --clean - - name: Make sure there are what files after build + - name: List files - after build run: | Get-ChildItem Get-ChildItem -Recurse .\dist @@ -121,16 +122,19 @@ jobs: run: | New-Item -Force -ItemType "Directory" -Path MpCmdRun-logs & "C:\Program Files\Windows Defender\MpCmdRun.exe" -GetFiles -SupportLogLocation "$(pwd)\MpCmdRun-logs" - - name: Upload artifact - id: upload-defender-log - uses: actions/upload-artifact@v4 - with: - name: MpCmdRun-logs - path: MpCmdRun-logs/** - # Do not write depending winget and WSL2 logcs for now - # https://github.com/microsoft/winget-cli/issues/3872 - # https://github.com/actions/runner-images/issues/910 - # https://github.com/microsoft/winget-cli/blob/b07d2ebb7d865f95320e2bc708a2d1efb2152c5a/README.md#L14 + # Enable this section when you want to update logics and check it + # - name: Upload artifact + # id: upload-defender-log + # uses: actions/upload-artifact@v4 + # with: + # name: MpCmdRun-logs + # path: MpCmdRun-logs/** + # + # Do not write depending winget logcs for now + # - windows-2025 definitely enable it by default + # - windows-2022 may realize with the action: https://github.com/microsoft/winget-cli/issues/3872 + # - proposal: https://github.com/actions/runner-images/issues/910 + # - note: https://github.com/microsoft/winget-cli/blob/b07d2ebb7d865f95320e2bc708a2d1efb2152c5a/README.md#L14 - name: Rebel against unacceptable default run: | .\dist\winit-reg_windows_amd64_v1\winit-reg.exe list From f0b9e0337acd2a43370f059e429d69a7eb29567e Mon Sep 17 00:00:00 2001 From: Kenichi Kamiya Date: Fri, 8 Mar 2024 02:00:31 +0900 Subject: [PATCH 38/39] Fix mismerged actions --- .github/workflows/windows.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml index 319a6335..98cb1ad2 100644 --- a/.github/workflows/windows.yml +++ b/.github/workflows/windows.yml @@ -80,6 +80,10 @@ jobs: # } & "C:\Program Files\Windows Defender\MpCmdRun.exe" -ListAllDynamicSignatures - uses: actions/checkout@v4 + with: + # KEEP fetch-depth for goreleaser + # https://github.com/goreleaser/goreleaser-action/blob/696b757ee8f3742e68b261173b9eeeb96306a57f/README.md?plain=1#L77 + fetch-depth: 0 - name: Set up Go uses: actions/setup-go@v5 with: From 5b7bc9eb83e36f89ad6396ad3874f9b9c36efef0 Mon Sep 17 00:00:00 2001 From: Kenichi Kamiya Date: Fri, 8 Mar 2024 02:09:19 +0900 Subject: [PATCH 39/39] Skip slow steps --- .github/workflows/windows.yml | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml index 98cb1ad2..197531f9 100644 --- a/.github/workflows/windows.yml +++ b/.github/workflows/windows.yml @@ -119,13 +119,18 @@ jobs: run: | & "C:\Program Files\Windows Defender\MpCmdRun.exe" -Scan -ScanType 3 -Trace -File "$(pwd)\dist" & "C:\Program Files\Windows Defender\MpCmdRun.exe" -Scan -ScanType 3 -Trace -File "$(pwd)\distributed-artifact.zip" - Start-MpScan -ScanPath "$pwd" + + # Do not enable this as possible, too slow ... Scanning all folders with this option? :< + # Start-MpScan -ScanPath "$pwd" + Get-MpThreat Get-MpThreatDetection - - name: Collect Defender log - run: | - New-Item -Force -ItemType "Directory" -Path MpCmdRun-logs - & "C:\Program Files\Windows Defender\MpCmdRun.exe" -GetFiles -SupportLogLocation "$(pwd)\MpCmdRun-logs" + # Skipping because of bit slow... + # - name: Collect Defender log + # run: | + # New-Item -Force -ItemType "Directory" -Path MpCmdRun-logs + # & "C:\Program Files\Windows Defender\MpCmdRun.exe" -GetFiles -SupportLogLocation "$(pwd)\MpCmdRun-logs" + # # Enable this section when you want to update logics and check it # - name: Upload artifact # id: upload-defender-log