Skip to content

Commit

Permalink
ci: update certificate for signing MSI (#6000)
Browse files Browse the repository at this point in the history
update certificate for signing MS
  • Loading branch information
ypoplavs authored Oct 30, 2024
1 parent efd7175 commit 7510bab
Show file tree
Hide file tree
Showing 2 changed files with 34 additions and 30 deletions.
32 changes: 17 additions & 15 deletions .github/workflows/release-dev.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -255,14 +255,6 @@ jobs:
name: testkube_windows
path: windows

- name: Get MSFT Cert
id: write_file
uses: timheuer/base64-to-file@v1.2
with:
fileName: "kubeshop_msft.p12"
fileDir: "./temp/"
encodedString: ${{ secrets.CERT_MSFT_KUBESHOP_P12_B64 }}

- name: Create and Sign MSI
run: |
Copy-Item 'windows\testkube_windows_386\kubectl-testkube.exe' '.\kubectl-testkube.exe'
Expand All @@ -271,10 +263,17 @@ jobs:
Copy-Item 'build\installer\windows\testkube.bat' '.\testkube.bat'
& "$env:WIX\bin\candle.exe" *.wxs
& "$env:WIX\bin\light.exe" *.wixobj
& "C:\Program Files (x86)\Microsoft SDKs\ClickOnce\SignTool\signtool.exe" sign /f "$env:P12_CERT" /p "$env:P12_PASSWORD" /d "Kubetest by Kubeshop" /tr http://timestamp.digicert.com testkube.msi
env:
P12_CERT: ${{ steps.write_file.outputs.filePath }}
P12_PASSWORD: ${{ secrets.CERT_MSFT_KUBESHOP_P12_PASSWORD }}
- name: Sign Artifact with CodeSignTool
uses: sslcom/esigner-codesign@develop
with:
command: sign
username: ${{ secrets.ES_USERNAME }}
password: ${{ secrets.ES_PASSWORD }}
totp_secret: ${{ secrets.ES_TOTP_SECRET }}
file_path: testkube.msi
output_path: ${GITHUB_WORKSPACE}\artifacts
malware_block: false

- name: Get tag
id: tag
Expand All @@ -293,26 +292,29 @@ jobs:
id: checksum
run: |
$installer_name = $env:MSI_NAME
$hash=Get-FileHash testkube.msi
$installer_path = $env:MSI_PATH
$hash=Get-FileHash $installer_path
$hash.Hash + " " + $installer_name + ".msi" >> msi_checksum.txt
echo "::set-output name=INSTALLER_NAME::${installer_name}"
echo "::set-output name=INSTALLER_PATH::${installer_path}"
#export MSI hash to environment
$hashsum = $hash.Hash
echo "::set-output name=CHECKSUM::${hashsum}"
#copy MSI to choco directory to build a nuget package
Copy-Item -Path "testkube.msi" -Destination ".\choco\tools\$env:MSI_NAME.msi"
Copy-Item -Path "$installer_path" -Destination ".\choco\tools\$env:MSI_NAME.msi"
env:
MSI_NAME: testkube_${{steps.tag.outputs.tag}}_Windows_i386
MSI_PATH: D:\a\testkube\testkube\artifacts\testkube.msi

- name: Upload release binary
uses: actions/upload-release-asset@v1.0.2
env:
GITHUB_TOKEN: ${{ github.token }}
with:
upload_url: ${{ steps.get_release.outputs.upload_url }}
asset_path: testkube.msi
asset_path: ${{steps.checksum.outputs.INSTALLER_PATH}}
asset_name: ${{steps.checksum.outputs.INSTALLER_NAME}}.msi
asset_content_type: application/octet-stream

Expand Down
32 changes: 17 additions & 15 deletions .github/workflows/release.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -247,14 +247,6 @@ jobs:
name: testkube_windows
path: windows

- name: Get MSFT Cert
id: write_file
uses: timheuer/base64-to-file@v1.2
with:
fileName: "kubeshop_msft.p12"
fileDir: "./temp/"
encodedString: ${{ secrets.CERT_MSFT_KUBESHOP_P12_B64 }}

- name: Create and Sign MSI
run: |
Copy-Item 'windows\testkube_windows_386\kubectl-testkube.exe' '.\kubectl-testkube.exe'
Expand All @@ -263,10 +255,17 @@ jobs:
Copy-Item 'build\installer\windows\testkube.bat' '.\testkube.bat'
& "$env:WIX\bin\candle.exe" *.wxs
& "$env:WIX\bin\light.exe" *.wixobj
& "C:\Program Files (x86)\Microsoft SDKs\ClickOnce\SignTool\signtool.exe" sign /f "$env:P12_CERT" /p "$env:P12_PASSWORD" /d "Kubetest by Kubeshop" /tr http://timestamp.digicert.com testkube.msi
env:
P12_CERT: ${{ steps.write_file.outputs.filePath }}
P12_PASSWORD: ${{ secrets.CERT_MSFT_KUBESHOP_P12_PASSWORD }}
- name: Sign Artifact with CodeSignTool
uses: sslcom/esigner-codesign@develop
with:
command: sign
username: ${{ secrets.ES_USERNAME }}
password: ${{ secrets.ES_PASSWORD }}
totp_secret: ${{ secrets.ES_TOTP_SECRET }}
file_path: testkube.msi
output_path: ${GITHUB_WORKSPACE}\artifacts
malware_block: false

- name: Get tag
id: tag
Expand All @@ -285,26 +284,29 @@ jobs:
id: checksum
run: |
$installer_name = $env:MSI_NAME
$hash=Get-FileHash testkube.msi
$installer_path = $env:MSI_PATH
$hash=Get-FileHash $installer_path
$hash.Hash + " " + $installer_name + ".msi" >> msi_checksum.txt
echo "::set-output name=INSTALLER_NAME::${installer_name}"
echo "::set-output name=INSTALLER_PATH::${installer_path}"
#export MSI hash to environment
$hashsum = $hash.Hash
echo "::set-output name=CHECKSUM::${hashsum}"
#copy MSI to choco directory to build a nuget package
Copy-Item -Path "testkube.msi" -Destination ".\choco\tools\$env:MSI_NAME.msi"
Copy-Item -Path "$installer_path" -Destination ".\choco\tools\$env:MSI_NAME.msi"
env:
MSI_NAME: testkube_${{steps.tag.outputs.tag}}_Windows_i386
MSI_PATH: D:\a\testkube\testkube\artifacts\testkube.msi

- name: Upload release binary
uses: actions/upload-release-asset@v1.0.2
env:
GITHUB_TOKEN: ${{ github.token }}
with:
upload_url: ${{ steps.get_release.outputs.upload_url }}
asset_path: testkube.msi
asset_path: ${{steps.checksum.outputs.INSTALLER_PATH}}
asset_name: ${{steps.checksum.outputs.INSTALLER_NAME}}.msi
asset_content_type: application/octet-stream

Expand Down

0 comments on commit 7510bab

Please sign in to comment.