diff --git a/.github/workflows/alpha.yml b/.github/workflows/alpha.yml index b9a8c6a5..818e788f 100644 --- a/.github/workflows/alpha.yml +++ b/.github/workflows/alpha.yml @@ -29,15 +29,7 @@ on: jobs: build: - runs-on: ${{ matrix.runner }} - - strategy: - fail-fast: false - matrix: - runner: - - self-hosted - - windows-latest - + runs-on: self-hosted steps: - name: Checkout uses: actions/checkout@v4 @@ -53,13 +45,55 @@ jobs: run: dotnet tool restore && dotnet cake env: VERSION_API_TOKEN: ${{ secrets.VERSION_API_TOKEN }} - - - name: Sign Msix - if: success() && github.event_name != 'pull_request' - shell: pwsh - run: | - [System.Convert]::FromBase64String("${{ secrets.CERTIFICATE }}") | Set-Content -AsByteStream temp.pfx - signtool.exe sign /debug /v /a /fd SHA256 /f temp.pfx /p ${{ secrets.PW }} ${{ github.workspace }}\src\output\Snap.Hutao.Alpha-${{ steps.cake.outputs.version }}.msix + CERTIFICATE: ${{ secrets.CERTIFICATE }} + PW: ${{ secrets.PW }} + + - name: Upload signed msix + if: success() && github.event_name != 'pull_request' + uses: actions/upload-artifact@v4 + with: + name: Snap.Hutao.Alpha-${{ steps.cake.outputs.version }} + path: ${{ github.workspace }}/src/output/Snap.Hutao.Alpha-${{ steps.cake.outputs.version }}.msix + + - name: Add summary + if: success() && github.event_name != 'pull_request' + shell: pwsh + run: | + $summary = " + > [!WARNING] + > 该版本是由 CI 程序自动打包生成的 `Alpha` 测试版本,**仅供开发者测试使用** + + > [!TIP] + > 普通用户请[点击这里](https://github.com/DGP-Studio/Snap.Hutao/releases/latest/)下载最新的稳定版本 + + > [!IMPORTANT] + > 请注意,从 Snap Hutao Alpha 2023.12.21.3 开始,我们将使用全新的 CI 证书,原有的 Snap.Hutao.CI.cer 将在几天后过期停止使用。 + > + > 请安装 [DGP_Studio_CA.crt](https://github.com/DGP-Automation/Hutao-Auto-Release/releases/download/certificate-ca/DGP_Studio_CA.crt) 到 `受信任的根证书颁发机构` 以安装测试版安装包 + " + + echo $summary >> $Env:GITHUB_STEP_SUMMARY + fallback_build: + runs-on: windows-latest + needs: build + if: failure() + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Setup .NET + uses: actions/setup-dotnet@v4 + with: + dotnet-version: 8.0 + + - name: Cake + id: cake + shell: pwsh + run: dotnet tool restore && dotnet cake + env: + VERSION_API_TOKEN: ${{ secrets.VERSION_API_TOKEN }} + CERTIFICATE: ${{ secrets.CERTIFICATE }} + PW: ${{ secrets.PW }} - name: Upload signed msix if: success() && github.event_name != 'pull_request' diff --git a/build.cake b/build.cake index c244c84d..2efbc8f6 100644 --- a/build.cake +++ b/build.cake @@ -11,6 +11,8 @@ var version = "version"; var repoDir = "repoDir"; var outputPath = "outputPath"; +var pw = "pw"; + // Extension static ProcessArgumentBuilder AppendIf(this ProcessArgumentBuilder builder, string text, bool condition) @@ -62,6 +64,10 @@ if (GitHubActions.IsRunningOnGitHubActions) } ); + var certificateBase64 = HasEnvironmentVariable("CERTIFICATE") ? EnvironmentVariable("CERTIFICATE") : throw new Exception("Cannot find CERTIFICATE"); + pw = HasEnvironmentVariable("PW") ? EnvironmentVariable("PW") : throw new Exception("Cannot find PW"); + System.IO.File.WriteAllBytes(System.IO.Path.Combine(outputPath, "temp.pfx"), System.Convert.FromBase64String(certificateBase64)); + Information($"Version: {version}"); } @@ -88,10 +94,19 @@ else // Local Information($"Version: {version}"); } +// Windows SDK +var registry = new WindowsRegistry(); +var winsdkRegistry = registry.LocalMachine.OpenKey(@"SOFTWARE\Microsoft\Windows Kits\Installed Roots"); +var winsdkVersion = winsdkRegistry.GetSubKeyNames().MaxBy(key => int.Parse(key.Split(".")[2])); +var winsdkPath = (string)winsdkRegistry.GetValue("KitsRoot10"); +var winsdkBinPath = System.IO.Path.Combine(winsdkPath, "bin", winsdkVersion, "x64"); +Information($"Windows SDK: {winsdkPath}"); + Task("Build") .IsDependentOn("Build binary package") .IsDependentOn("Copy files") - .IsDependentOn("Build MSIX"); + .IsDependentOn("Build MSIX") + .IsDependentOn("Sign"); Task("NuGet Restore") .Does(() => @@ -208,11 +223,7 @@ Task("Build MSIX") arguments = "pack /d " + binPath + " /p " + System.IO.Path.Combine(outputPath, $"Snap.Hutao.Local-{version}.msix"); } - var registry = new WindowsRegistry(); - var winsdkRegistry = registry.LocalMachine.OpenKey(@"SOFTWARE\Microsoft\Windows Kits\Installed Roots"); - var winsdkVersion = winsdkRegistry.GetSubKeyNames().MaxBy(key => int.Parse(key.Split(".")[2])); - var winsdkPath = (string)winsdkRegistry.GetValue("KitsRoot10"); - var makeappxPath = System.IO.Path.Combine(winsdkPath, "bin", winsdkVersion, "x64", "makeappx.exe"); + var makeappxPath = System.IO.Path.Combine(winsdkBinPath, "makeappx.exe"); var p = StartProcess( makeappxPath, @@ -223,7 +234,47 @@ Task("Build MSIX") ); if (p != 0) { - throw new InvalidOperationException("Build failed with exit code " + p); + throw new InvalidOperationException("Build MSIX failed with exit code " + p); + } +}); + +Task("Sign") + .IsDependentOn("Build MSIX") + .Does(() => +{ + if (AppVeyor.IsRunningOnAppVeyor) + { + Information("Move to SignPath. Skip signing."); + return; + } + else if (GitHubActions.IsRunningOnGitHubActions) + { + if (GitHubActions.Environment.PullRequest.IsPullRequest) + { + Information("Is Pull Request. Skip signing."); + return; + } + + var signPath = System.IO.Path.Combine(winsdkBinPath, "signtool.exe"); + var pfxPath = System.IO.Path.Combine(outputPath, "temp.pfx"); + var arguments = $"sign /debug /v /a /fd SHA256 /f {pfxPath} /p {pw} {System.IO.Path.Combine(outputPath, $"Snap.Hutao.Alpha-{version}.msix")}"; + + var p = StartProcess( + signPath, + new ProcessSettings + { + Arguments = arguments + } + ); + if (p != 0) + { + throw new InvalidOperationException("Sign failed with exit code " + p); + } + } + else + { + Information("Local configuration. Skip signing."); + return; } });