From 4fad04c441d5e88b4615efd1415f3bb4011655f5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luis=20=C3=81ngel=20San=20Mart=C3=ADn?= Date: Fri, 16 Sep 2022 10:28:20 +0200 Subject: [PATCH] Codesign only on master/develop and pull requests --- azure-pipelines-windows-template-qt6.yml | 33 +++++++++++++++--------- azure-pipelines-windows-template.yml | 33 +++++++++++++++--------- ci/win/build_installer.iss | 4 ++- ci/win/build_installer_qt6.iss | 4 ++- ci/win/create_installer.cmd | 14 +++++++--- 5 files changed, 59 insertions(+), 29 deletions(-) diff --git a/azure-pipelines-windows-template-qt6.yml b/azure-pipelines-windows-template-qt6.yml index 85b849de..32a1ee98 100644 --- a/azure-pipelines-windows-template-qt6.yml +++ b/azure-pipelines-windows-template-qt6.yml @@ -12,6 +12,7 @@ jobs: - job: ${{ parameters.name }} dependsOn: CodeFormatValidation variables: + - ${{ if and(eq(variables['System.TeamFoundationCollectionUri'], 'https://dev.azure.com/luisangelsm/'), or(contains(variables['Build.SourceBranch'], 'merge'), eq(variables['Build.SourceBranch'], 'refs/heads/master'), eq(variables['Build.SourceBranch'], 'refs/heads/develop'))) }}: - group: windows-codesign pool: vmImage: 'windows-2019' @@ -40,18 +41,26 @@ jobs: set PATH=C:\Qt\${{ parameters.qt_version }}\${{ parameters.qt_spec }}\bin;%PATH% nmake check TESTARGS="-maxwarnings 100000" displayName: 'Run tests' - - task: DownloadSecureFile@1 - name: pfxFile - displayName: 'Get the pfx file certificate' - inputs: - secureFile: 'certificate.pfx' - - script: | - set PATH=C:\Qt\${{ parameters.qt_version }}\${{ parameters.qt_spec }}\bin;%PATH% - cd $(Build.SourcesDirectory)\ci\win - .\create_installer.cmd ${{ parameters.architecture }} 7z $(Build.BuildNumber) qt6 $(Agent.TempDirectory)\certificate.pfx %PASSWORD% - env: - PASSWORD: $(pfxPassword) - displayName: 'Create installer' + - ${{ if and(eq(variables['System.TeamFoundationCollectionUri'], 'https://dev.azure.com/luisangelsm/'), or(contains(variables['Build.SourceBranch'], 'merge'), eq(variables['Build.SourceBranch'], 'refs/heads/master'), eq(variables['Build.SourceBranch'], 'refs/heads/develop'))) }}: + - task: DownloadSecureFile@1 + name: pfxFile + displayName: 'Get the pfx file certificate' + inputs: + secureFile: 'certificate.pfx' + - ${{ if and(eq(variables['System.TeamFoundationCollectionUri'], 'https://dev.azure.com/luisangelsm/'), or(contains(variables['Build.SourceBranch'], 'merge'), eq(variables['Build.SourceBranch'], 'refs/heads/master'), eq(variables['Build.SourceBranch'], 'refs/heads/develop'))) }}: + - script: | + set PATH=C:\Qt\${{ parameters.qt_version }}\${{ parameters.qt_spec }}\bin;%PATH% + cd $(Build.SourcesDirectory)\ci\win + .\create_installer.cmd ${{ parameters.architecture }} 7z $(Build.BuildNumber) qt6 $(pfxFile.secureFilePath) %PASSWORD% + env: + PASSWORD: $(pfxPassword) + displayName: 'Create installer' + - ${{ else }}: + - script: | + set PATH=C:\Qt\${{ parameters.qt_version }}\${{ parameters.qt_spec }}\bin;%PATH% + cd $(Build.SourcesDirectory)\ci\win + .\create_installer.cmd ${{ parameters.architecture }} 7z $(Build.BuildNumber) qt6 + displayName: 'Create installer' - task: CopyFiles@2 inputs: sourceFolder: $(Build.SourcesDirectory)\ci\win\Output\ diff --git a/azure-pipelines-windows-template.yml b/azure-pipelines-windows-template.yml index 56e0d4e1..31a9b137 100644 --- a/azure-pipelines-windows-template.yml +++ b/azure-pipelines-windows-template.yml @@ -12,6 +12,7 @@ jobs: - job: ${{ parameters.name }} dependsOn: CodeFormatValidation variables: + - ${{ if and(eq(variables['System.TeamFoundationCollectionUri'], 'https://dev.azure.com/luisangelsm/'), or(contains(variables['Build.SourceBranch'], 'merge'), eq(variables['Build.SourceBranch'], 'refs/heads/master'), eq(variables['Build.SourceBranch'], 'refs/heads/develop'))) }}: - group: windows-codesign pool: vmImage: 'windows-2019' @@ -40,18 +41,26 @@ jobs: set PATH=C:\Qt\${{ parameters.qt_version }}\${{ parameters.qt_spec }}\bin;%PATH% nmake check TESTARGS="-maxwarnings 100000" displayName: 'Run tests' - - task: DownloadSecureFile@1 - name: pfxFile - displayName: 'Get the pfx file certificate' - inputs: - secureFile: 'certificate.pfx' - - script: | - set PATH=C:\Qt\${{ parameters.qt_version }}\${{ parameters.qt_spec }}\bin;%PATH% - cd $(Build.SourcesDirectory)\ci\win - .\create_installer.cmd ${{ parameters.architecture }} 7z $(Build.BuildNumber) qt5 $(Agent.TempDirectory)\certificate.pfx %PASSWORD% - env: - PASSWORD: $(pfxPassword) - displayName: 'Create installer' + - ${{ if and(eq(variables['System.TeamFoundationCollectionUri'], 'https://dev.azure.com/luisangelsm/'), or(contains(variables['Build.SourceBranch'], 'merge'), eq(variables['Build.SourceBranch'], 'refs/heads/master'), eq(variables['Build.SourceBranch'], 'refs/heads/develop'))) }}: + - task: DownloadSecureFile@1 + name: pfxFile + displayName: 'Get the pfx file certificate' + inputs: + secureFile: 'certificate.pfx' + - ${{ if and(eq(variables['System.TeamFoundationCollectionUri'], 'https://dev.azure.com/luisangelsm/'), or(contains(variables['Build.SourceBranch'], 'merge'), eq(variables['Build.SourceBranch'], 'refs/heads/master'), eq(variables['Build.SourceBranch'], 'refs/heads/develop'))) }}: + - script: | + set PATH=C:\Qt\${{ parameters.qt_version }}\${{ parameters.qt_spec }}\bin;%PATH% + cd $(Build.SourcesDirectory)\ci\win + .\create_installer.cmd ${{ parameters.architecture }} 7z $(Build.BuildNumber) qt5 $(pfxFile.secureFilePath) %PASSWORD% + env: + PASSWORD: $(pfxPassword) + displayName: 'Create installer' + - ${{ else }}: + - script: | + set PATH=C:\Qt\${{ parameters.qt_version }}\${{ parameters.qt_spec }}\bin;%PATH% + cd $(Build.SourcesDirectory)\ci\win + .\create_installer.cmd ${{ parameters.architecture }} 7z $(Build.BuildNumber) qt5 + displayName: 'Create installer' - task: CopyFiles@2 inputs: sourceFolder: $(Build.SourcesDirectory)\ci\win\Output\ diff --git a/ci/win/build_installer.iss b/ci/win/build_installer.iss index 7a2e9a83..45f60110 100644 --- a/ci/win/build_installer.iss +++ b/ci/win/build_installer.iss @@ -15,7 +15,9 @@ SetupIconFile=setup.ico UninstallDisplayIcon=uninstall.ico ArchitecturesInstallIn64BitMode=x64 ArchitecturesAllowed=x64 -SignTool=signtool +#if CODE_SIGN == "true" + SignTool=signtool +#endif [Registry] Root: HKCR; SubKey: .cbz; ValueType: string; ValueData: Comic Book (zip); Flags: uninsdeletekey; Tasks: File_association diff --git a/ci/win/build_installer_qt6.iss b/ci/win/build_installer_qt6.iss index ec5fe9e9..05534151 100644 --- a/ci/win/build_installer_qt6.iss +++ b/ci/win/build_installer_qt6.iss @@ -15,7 +15,9 @@ SetupIconFile=setup.ico UninstallDisplayIcon=uninstall.ico ArchitecturesInstallIn64BitMode=x64 ArchitecturesAllowed=x64 -SignTool=signtool +#if CODE_SIGN == "true" + SignTool=signtool +#endif [Registry] Root: HKCR; SubKey: .cbz; ValueType: string; ValueData: Comic Book (zip); Flags: uninsdeletekey; Tasks: File_association diff --git a/ci/win/create_installer.cmd b/ci/win/create_installer.cmd index 82fa97f3..a9178dfe 100644 --- a/ci/win/create_installer.cmd +++ b/ci/win/create_installer.cmd @@ -59,10 +59,18 @@ if "%1"=="x86" ( ) echo "iscc start" -if "%4"=="qt6" ( - iscc /DVERSION=%VERSION% /DPLATFORM=%1 /DCOMPRESSED_ARCHIVE_BACKEND=%2 /DBUILD_NUMBER=%3 build_installer_qt6.iss "/Ssigntool=$qC:\Program Files (x86)\Microsoft SDKs\ClickOnce\SignTool\SignTool.exe$q sign /f %5 /p %6 $f" || exit /b +if "%~5" == "" ( + if "%4"=="qt6" ( + iscc /DVERSION=%VERSION% /DPLATFORM=%1 /DCOMPRESSED_ARCHIVE_BACKEND=%2 /DBUILD_NUMBER=%3 /DCODE_SIGN=false build_installer_qt6.iss || exit /b + ) else ( + iscc /DVERSION=%VERSION% /DPLATFORM=%1 /DCOMPRESSED_ARCHIVE_BACKEND=%2 /DBUILD_NUMBER=%3 /DCODE_SIGN=false build_installer.iss || exit /b + ) ) else ( - iscc /DVERSION=%VERSION% /DPLATFORM=%1 /DCOMPRESSED_ARCHIVE_BACKEND=%2 /DBUILD_NUMBER=%3 build_installer.iss "/Ssigntool=$qC:\Program Files (x86)\Microsoft SDKs\ClickOnce\SignTool\SignTool.exe$q sign /f %5 /p %6 $f" || exit /b + if "%4"=="qt6" ( + iscc /DVERSION=%VERSION% /DPLATFORM=%1 /DCOMPRESSED_ARCHIVE_BACKEND=%2 /DBUILD_NUMBER=%3 /DCODE_SIGN=true build_installer_qt6.iss "/Ssigntool=$qC:\Program Files (x86)\Microsoft SDKs\ClickOnce\SignTool\SignTool.exe$q sign /f %5 /p %6 $f" || exit /b + ) else ( + iscc /DVERSION=%VERSION% /DPLATFORM=%1 /DCOMPRESSED_ARCHIVE_BACKEND=%2 /DBUILD_NUMBER=%3 /DCODE_SIGN=true build_installer.iss "/Ssigntool=$qC:\Program Files (x86)\Microsoft SDKs\ClickOnce\SignTool\SignTool.exe$q sign /f %5 /p %6 $f" || exit /b + ) ) echo "iscc done!"