V3 #105
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: PR Tests | |
on: | |
pull_request: | |
jobs: | |
default-signtool-tests: | |
runs-on: ${{ matrix.os }} | |
env: | |
term: xterm | |
strategy: | |
fail-fast: false | |
matrix: | |
include: | |
- os: macos-14 | |
file: dist/@lando/code-sign-action | |
node-version: '20' | |
- os: windows-2022 | |
file: dist/@lando/code-sign-action.exe | |
node-version: '20' | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Install node ${{ matrix.node-version }} | |
uses: actions/setup-node@v4 | |
with: | |
node-version: ${{ matrix.node-version }} | |
cache: npm | |
- name: Install dependencies | |
shell: bash | |
run: npm clean-install --prefer-offline --frozen-lockfile | |
- name: Package node binary | |
shell: bash | |
run: npm run build | |
- name: Trust test certs | |
if: runner.os == 'macOS' | |
shell: bash | |
run: | | |
# dump | |
echo "${{ secrets.DEFAULT_CERT_DATA }}" | base64 --decode > /tmp/LandoCodeSigningTest.p12 | |
# extract | |
openssl pkcs12 -in /tmp/LandoCodeSigningTest.p12 -clcerts -nokeys -out /tmp/LandoCodeSigningTest.pem -password pass:${{ secrets.DEFAULT_CERT_PASSWORD }} | |
# trust | |
sudo security authorizationdb write com.apple.trust-settings.user allow | |
sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain /tmp/LandoCodeSigningTest.pem | |
sudo security find-certificate -a -c "Lando System Code Signing Test Certificate" -p /Library/Keychains/System.keychain | |
- name: Trust test certs | |
if: runner.os == 'Windows' | |
shell: powershell | |
run: | | |
# vars | |
$temp_dir = "$env:TMP" | |
$cert_data = "${{ secrets.DEFAULT_CERT_DATA }}" | |
$cert_path = "$temp_dir\LandoCodeSigningTest.p12" | |
$cert_password = "${{ secrets.DEFAULT_CERT_PASSWORD }}" | |
$cert_secure_password = ConvertTo-SecureString -String $cert_password -Force -AsPlainText | |
$cert_store = "Cert:\LocalMachine\Root" | |
# dump | |
If (!(Test-Path $cert_path)) { | |
Write-Output "Dumping cert to $cert_path..." | |
$bytes = [Convert]::FromBase64String($cert_data) | |
[IO.File]::WriteAllBytes($cert_path, $bytes) | |
} | |
# trust | |
Import-PfxCertificate -FilePath $cert_path -CertStoreLocation $cert_store -Password $cert_secure_password | |
- name: Codesign | |
id: code-sign-action | |
uses: ./ | |
with: | |
file: ${{ matrix.file }} | |
certificate-data: ${{ secrets.DEFAULT_CERT_DATA }} | |
certificate-id: LSL337X6 | |
certificate-password: ${{ secrets.DEFAULT_CERT_PASSWORD }} | |
- name: Test output | |
shell: bash | |
run: | | |
echo "${{ steps.code-sign-action.outputs.file }}" | |
stat "${{ steps.code-sign-action.outputs.file }}" | |
- name: Execute file | |
shell: bash | |
run: chmod +x "${{ steps.code-sign-action.outputs.file }}" && "${{ steps.code-sign-action.outputs.file }}" | |
keylocker-tests: | |
runs-on: windows-2022 | |
env: | |
term: xterm | |
strategy: | |
fail-fast: false | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Install node ${{ matrix.node-version }} | |
uses: actions/setup-node@v4 | |
with: | |
node-version: ${{ matrix.node-version }} | |
cache: npm | |
- name: Install dependencies | |
shell: bash | |
run: npm clean-install --prefer-offline --frozen-lockfile | |
- name: Package node binary | |
shell: bash | |
run: npm run build | |
- name: Codesign | |
id: code-sign-action | |
uses: ./ | |
with: | |
file: dist/@lando/code-sign-action.exe | |
certificate-data: ${{ secrets.KEYLOCKER_CLIENT_CERT }} | |
certificate-password: ${{ secrets.KEYLOCKER_CLIENT_CERT_PASSWORD }} | |
keylocker-host: https://clientauth.one.digicert.com | |
keylocker-api-key: ${{ secrets.KEYLOCKER_API_KEY }} | |
keylocker-cert-sha1-hash: ${{ secrets.KEYLOCKER_CERT_SHA1_HASH }} | |
keylocker-keypair-alias: ${{ secrets.KEYLOCKER_KEYPAIR_ALIAS }} | |
- name: Test output | |
shell: bash | |
run: | | |
echo "${{ steps.code-sign-action.outputs.file }}" | |
stat "${{ steps.code-sign-action.outputs.file }}" | |
- name: Execute file | |
shell: bash | |
run: chmod +x "${{ steps.code-sign-action.outputs.file }}" && "${{ steps.code-sign-action.outputs.file }}" | |
notarize-tests: | |
runs-on: macos-14 | |
env: | |
term: xterm | |
strategy: | |
fail-fast: false | |
matrix: | |
node-version: | |
- '20' | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Install node ${{ matrix.node-version }} | |
uses: actions/setup-node@v4 | |
with: | |
node-version: ${{ matrix.node-version }} | |
cache: npm | |
- name: Install dependencies | |
shell: bash | |
run: npm clean-install --prefer-offline --frozen-lockfile | |
- name: Package node binary | |
shell: bash | |
run: npm run build | |
- name: Codesign | |
id: code-sign-action | |
uses: ./ | |
with: | |
file: dist/@lando/code-sign-action | |
certificate-data: ${{ secrets.APPLE_CERT_DATA }} | |
certificate-password: ${{ secrets.APPLE_CERT_PASSWORD }} | |
apple-notary-user: ${{ secrets.APPLE_NOTARY_USER }} | |
apple-notary-password: ${{ secrets.APPLE_NOTARY_PASSWORD }} | |
apple-team-id: FY8GAUX282 | |
apple-product-id: dev.lando.code-sign-action | |
options: --options runtime --entitlements entitlements.xml | |
- name: Test output | |
shell: bash | |
run: | | |
echo "${{ steps.code-sign-action.outputs.file }}" | |
stat "${{ steps.code-sign-action.outputs.file }}" | |
- name: Execute file | |
shell: bash | |
run: chmod +x "${{ steps.code-sign-action.outputs.file }}" && "${{ steps.code-sign-action.outputs.file }}" |