-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: Nicola Murino <[email protected]>
- Loading branch information
Showing
2 changed files
with
59 additions
and
21 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -5,6 +5,10 @@ on: | |
branches: [main] | ||
pull_request: | ||
|
||
permissions: | ||
id-token: write | ||
contents: read | ||
|
||
env: | ||
GO_VERSION: '1.23' | ||
|
||
|
@@ -25,10 +29,7 @@ jobs: | |
|
||
- name: Build | ||
run: | | ||
sudo apt-get update -q -y | ||
sudo apt-get install -q -y osslsigncode | ||
go install github.com/tc-hib/go-winres@latest | ||
GIT_COMMIT=`git describe --always --dirty` | ||
LATEST_TAG=$(git describe --tags $(git rev-list --tags --max-count=1)) | ||
NUM_COMMITS_FROM_TAG=$(git rev-list ${LATEST_TAG}.. --count) | ||
|
@@ -37,33 +38,70 @@ jobs: | |
mkdir bin | ||
go-winres simply --arch amd64 --product-version $VERSION-$GIT_COMMIT --file-version $FILE_VERSION --file-description "SFTPGo plugin KMS" --product-name "SFTPGo plugin KMS" --copyright "AGPL-3.0" --original-filename sftpgo-plugin-kms-windows-x86_64.exe --icon res/icon.ico | ||
CGO_ENABLED=0 GOOS=windows GOARCH=amd64 go build -trimpath -ldflags "-s -w -X main.commitHash=`git describe --always --dirty` -X main.date=`date -u +%FT%TZ`" -o sftpgo-plugin-kms-windows-x86_64.exe | ||
CGO_ENABLED=0 GOOS=windows GOARCH=amd64 go build -trimpath -ldflags "-s -w -X main.commitHash=`git describe --always --dirty` -X main.date=`date -u +%FT%TZ`" -o bin/sftpgo-plugin-kms-windows-x86_64.exe | ||
go-winres simply --arch arm64 --product-version $VERSION-$GIT_COMMIT --file-version $FILE_VERSION --file-description "SFTPGo plugin KMS" --product-name "SFTPGo plugin KMS" --copyright "AGPL-3.0" --original-filename sftpgo-plugin-kms-windows-arm64.exe --icon res/icon.ico | ||
CGO_ENABLED=0 GOOS=windows GOARCH=arm64 go build -trimpath -ldflags "-s -w -X main.commitHash=`git describe --always --dirty` -X main.date=`date -u +%FT%TZ`" -o sftpgo-plugin-kms-windows-arm64.exe | ||
CGO_ENABLED=0 GOOS=windows GOARCH=arm64 go build -trimpath -ldflags "-s -w -X main.commitHash=`git describe --always --dirty` -X main.date=`date -u +%FT%TZ`" -o bin/sftpgo-plugin-kms-windows-arm64.exe | ||
go-winres simply --arch 386 --product-version $VERSION-$GIT_COMMIT --file-version $FILE_VERSION --file-description "SFTPGo plugin KMS" --product-name "SFTPGo plugin KMS" --copyright "AGPL-3.0" --original-filename sftpgo-plugin-kms-windows-x86.exe --icon res/icon.ico | ||
CGO_ENABLED=0 GOOS=windows GOARCH=386 go build -trimpath -ldflags "-s -w -X main.commitHash=`git describe --always --dirty` -X main.date=`date -u +%FT%TZ`" -o sftpgo-plugin-kms-windows-x86.exe | ||
if [ "${{ github.event_name }}" = "pull_request" ]; then | ||
mv sftpgo-plugin-kms-windows-x86_64.exe bin/ | ||
mv sftpgo-plugin-kms-windows-arm64.exe bin/ | ||
mv sftpgo-plugin-kms-windows-x86.exe bin/ | ||
else | ||
echo $CERT_DATA | base64 --decode > cert.pfx | ||
osslsigncode sign -pkcs12 cert.pfx -pass $CERT_PASS -n "SFTPGo plugin kms" -i "https://github.com/sftpgo/sftpgo-plugin-kms" -ts "http://timestamp.sectigo.com" -h sha2 -in sftpgo-plugin-kms-windows-x86_64.exe -out bin/sftpgo-plugin-kms-windows-x86_64.exe | ||
osslsigncode sign -pkcs12 cert.pfx -pass $CERT_PASS -n "SFTPGo plugin kms" -i "https://github.com/sftpgo/sftpgo-plugin-kms" -ts "http://timestamp.sectigo.com" -h sha2 -in sftpgo-plugin-kms-windows-arm64.exe -out bin/sftpgo-plugin-kms-windows-arm64.exe | ||
osslsigncode sign -pkcs12 cert.pfx -pass $CERT_PASS -n "SFTPGo plugin kms" -i "https://github.com/sftpgo/sftpgo-plugin-kms" -ts "http://timestamp.sectigo.com" -h sha2 -in sftpgo-plugin-kms-windows-x86.exe -out bin/sftpgo-plugin-kms-windows-x86.exe | ||
rm -f cert.pfx | ||
fi | ||
CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -trimpath -ldflags "-s -w -X main.commitHash=`git describe --always --dirty` -X main.date=`date -u +%FT%TZ`" -o bin/sftpgo-plugin-kms-linux-amd64 | ||
CGO_ENABLED=0 GOOS=linux GOARCH=arm64 go build -trimpath -ldflags "-s -w -X main.commitHash=`git describe --always --dirty` -X main.date=`date -u +%FT%TZ`" -o bin/sftpgo-plugin-kms-linux-arm64 | ||
CGO_ENABLED=0 GOOS=linux GOARCH=arm GOARM=7 go build -trimpath -ldflags "-s -w -X main.commitHash=`git describe --always --dirty` -X main.date=`date -u +%FT%TZ`" -o bin/sftpgo-plugin-kms-linux-armv7 | ||
CGO_ENABLED=0 GOOS=linux GOARCH=ppc64le go build -trimpath -ldflags "-s -w -X main.commitHash=`git describe --always --dirty` -X main.date=`date -u +%FT%TZ`" -o bin/sftpgo-plugin-kms-linux-ppc64le | ||
CGO_ENABLED=0 GOOS=darwin GOARCH=amd64 go build -trimpath -ldflags "-s -w -X main.commitHash=`git describe --always --dirty` -X main.date=`date -u +%FT%TZ`" -o bin/sftpgo-plugin-kms-darwin-amd64 | ||
CGO_ENABLED=0 GOOS=darwin GOARCH=arm64 go build -trimpath -ldflags "-s -w -X main.commitHash=`git describe --always --dirty` -X main.date=`date -u +%FT%TZ`" -o bin/sftpgo-plugin-kms-darwin-arm64 | ||
shell: bash | ||
env: | ||
CERT_DATA: ${{ secrets.CERT_DATA }} | ||
CERT_PASS: ${{ secrets.CERT_PASS }} | ||
|
||
- name: Upload build artifact | ||
uses: actions/upload-artifact@v4 | ||
with: | ||
name: sftpgo-plugin-kms | ||
path: bin | ||
|
||
sign-windows-binaries: | ||
name: Sign Windows binaries | ||
if: ${{ github.event_name != 'pull_request' }} | ||
environment: signing | ||
needs: [build] | ||
runs-on: windows-latest | ||
|
||
steps: | ||
- name: Download artifact | ||
uses: actions/download-artifact@v4 | ||
with: | ||
name: sftpgo-plugin-kms | ||
path: ${{ github.workspace }}/bin | ||
|
||
- name: Azure login | ||
uses: azure/login@v2 | ||
with: | ||
client-id: ${{ secrets.AZURE_CLIENT_ID }} | ||
tenant-id: ${{ secrets.AZURE_TENANT_ID }} | ||
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | ||
|
||
- name: Sign | ||
uses: azure/[email protected] | ||
with: | ||
endpoint: https://eus.codesigning.azure.net/ | ||
trusted-signing-account-name: nicola | ||
certificate-profile-name: SFTPGo | ||
files: | | ||
${{ github.workspace }}\bin\sftpgo-plugin-kms-windows-x86_64.exe | ||
${{ github.workspace }}\bin\sftpgo-plugin-kms-windows-arm64.exe | ||
${{ github.workspace }}\bin\sftpgo-plugin-kms-windows-x86.exe | ||
files-folder-filter: exe,dll | ||
file-digest: SHA256 | ||
timestamp-rfc3161: http://timestamp.acs.microsoft.com | ||
timestamp-digest: SHA256 | ||
exclude-environment-credential: true | ||
exclude-workload-identity-credential: true | ||
exclude-managed-identity-credential: true | ||
exclude-shared-token-cache-credential: true | ||
exclude-visual-studio-credential: true | ||
exclude-visual-studio-code-credential: true | ||
exclude-azure-cli-credential: false | ||
exclude-azure-powershell-credential: true | ||
exclude-azure-developer-cli-credential: true | ||
exclude-interactive-browser-credential: true | ||
|
||
- name: Upload build artifact | ||
uses: actions/upload-artifact@v4 | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters