mirror/yacreader
1
0
Fork 0
mirror of https://github.com/YACReader/yacreader synced 2025-11-12 04:55:21 -05:00
Code Issues Actions Packages Projects Releases Wiki Activity

Sign executables before creating the installer
Some checks failed
Build / Initialization (push) Has been cancelled
Details
Build / Code Format Validation (push) Has been cancelled
Details
Build / Linux (Qt5) (push) Has been cancelled
Details
Build / Linux (Qt6) (push) Has been cancelled
Details
Build / Linux (Qt6 + 7zip) (push) Has been cancelled
Details
Build / macOS (Qt6 Universal) (push) Has been cancelled
Details
Build / macOS (Qt5) (push) Has been cancelled
Details
Build / Windows x64 (Qt5) (push) Has been cancelled
Details
Build / Windows x64 (Qt6) (push) Has been cancelled
Details
Build / Windows x86 (Qt5) (push) Has been cancelled
Details
Build / Docker amd64 Image (push) Has been cancelled
Details
Build / Docker arm64 Image (push) Has been cancelled
Details
Build / Publish Dev Builds (push) Has been cancelled
Details
Build / Publish Release (push) Has been cancelled
Details

Browse Source
This commit is contained in:
luisangelsm
2025-10-16 13:34:59 +02:00
parent aa5371c05f
commit c2aa5f6d23
1 changed files with 123 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

126
.github/workflows/build.yml vendored
View File

@ -295,6 +295,45 @@ jobs:
set PATH=C:\Qt\5.15.2\msvc2019_64\bin;%PATH% set PATH=C:\Qt\5.15.2\msvc2019_64\bin;%PATH%
nmake check TESTARGS="-maxwarnings 100000" nmake check TESTARGS="-maxwarnings 100000"
- name: Upload executables for signing
if: github.repository == 'YACReader/yacreader' && (github.ref == 'refs/heads/master' || github.ref == 'refs/heads/develop')
uses: actions/upload-artifact@v4
id: upload_executables
with:
name: windows-x64-executables-unsigned-${{ needs.initialization.outputs.build_number }}
path: |
release64/YACReader.exe
release64/YACReaderLibrary.exe
release64/YACReaderLibraryServer.exe
- name: Sign executables with SignPath
if: github.repository == 'YACReader/yacreader' && (github.ref == 'refs/heads/master' || github.ref == 'refs/heads/develop')
uses: signpath/github-action-submit-signing-request@v1
with:
api-token: ${{ secrets.SIGNPATH_API_TOKEN }}
organization-id: ${{ secrets.SIGNPATH_ORGANIZATION_ID }}
project-slug: 'yacreader'
signing-policy-slug: 'release-signing'
artifact-configuration-slug: 'zipped-files'
github-artifact-id: ${{ steps.upload_executables.outputs.artifact-id }}
wait-for-completion: true
wait-for-completion-timeout-in-seconds: "3600"
output-artifact-directory: release64/signed
- name: Replace with signed executables
if: github.repository == 'YACReader/yacreader' && (github.ref == 'refs/heads/master' || github.ref == 'refs/heads/develop')
shell: pwsh
run: |
Write-Host "=== Replacing executables with signed versions ==="
Get-ChildItem -Path "release64/signed" -Filter "*.exe" | ForEach-Object {
$destPath = "release64/$($_.Name)"
Write-Host "Moving signed: $($_.Name) -> $destPath"
Move-Item -Path $_.FullName -Destination $destPath -Force
Write-Host " Moved successfully"
}
Remove-Item -Path "release64/signed" -Recurse -Force -ErrorAction SilentlyContinue
Write-Host "Signed executables are ready for installer creation"
- name: Create installer - name: Create installer
shell: cmd shell: cmd
working-directory: ci/win working-directory: ci/win
@ -328,9 +367,10 @@ jobs:
organization-id: ${{ secrets.SIGNPATH_ORGANIZATION_ID }} organization-id: ${{ secrets.SIGNPATH_ORGANIZATION_ID }}
project-slug: 'yacreader' project-slug: 'yacreader'
signing-policy-slug: 'release-signing' signing-policy-slug: 'release-signing'
artifact-configuration-slug: 'windows-installer' artifact-configuration-slug: 'zipped-files'
github-artifact-id: ${{ steps.upload_unsigned.outputs.artifact-id }} github-artifact-id: ${{ steps.upload_unsigned.outputs.artifact-id }}
wait-for-completion: true wait-for-completion: true
wait-for-completion-timeout-in-seconds: "3600"
output-artifact-directory: ci/win/Output/signed output-artifact-directory: ci/win/Output/signed
- name: Replace with signed installer - name: Replace with signed installer
@ -421,6 +461,45 @@ jobs:
set PATH=C:\Qt\6.3.1\msvc2019_64\bin;%PATH% set PATH=C:\Qt\6.3.1\msvc2019_64\bin;%PATH%
nmake check TESTARGS="-maxwarnings 100000" nmake check TESTARGS="-maxwarnings 100000"
- name: Upload executables for signing
if: github.repository == 'YACReader/yacreader' && (github.ref == 'refs/heads/master' || github.ref == 'refs/heads/develop')
uses: actions/upload-artifact@v4
id: upload_executables
with:
name: windows-x64-qt6-executables-unsigned-${{ needs.initialization.outputs.build_number }}
path: |
release64/YACReader.exe
release64/YACReaderLibrary.exe
release64/YACReaderLibraryServer.exe
- name: Sign executables with SignPath
if: github.repository == 'YACReader/yacreader' && (github.ref == 'refs/heads/master' || github.ref == 'refs/heads/develop')
uses: signpath/github-action-submit-signing-request@v1
with:
api-token: ${{ secrets.SIGNPATH_API_TOKEN }}
organization-id: ${{ secrets.SIGNPATH_ORGANIZATION_ID }}
project-slug: 'yacreader'
signing-policy-slug: 'release-signing'
artifact-configuration-slug: 'zipped-files'
github-artifact-id: ${{ steps.upload_executables.outputs.artifact-id }}
wait-for-completion: true
wait-for-completion-timeout-in-seconds: "3600"
output-artifact-directory: release64/signed
- name: Replace with signed executables
if: github.repository == 'YACReader/yacreader' && (github.ref == 'refs/heads/master' || github.ref == 'refs/heads/develop')
shell: pwsh
run: |
Write-Host "=== Replacing executables with signed versions ==="
Get-ChildItem -Path "release64/signed" -Filter "*.exe" | ForEach-Object {
$destPath = "release64/$($_.Name)"
Write-Host "Moving signed: $($_.Name) -> $destPath"
Move-Item -Path $_.FullName -Destination $destPath -Force
Write-Host " Moved successfully"
}
Remove-Item -Path "release64/signed" -Recurse -Force -ErrorAction SilentlyContinue
Write-Host "Signed executables are ready for installer creation"
- name: Create installer - name: Create installer
shell: cmd shell: cmd
working-directory: ci/win working-directory: ci/win
@ -454,9 +533,10 @@ jobs:
organization-id: ${{ secrets.SIGNPATH_ORGANIZATION_ID }} organization-id: ${{ secrets.SIGNPATH_ORGANIZATION_ID }}
project-slug: 'yacreader' project-slug: 'yacreader'
signing-policy-slug: 'release-signing' signing-policy-slug: 'release-signing'
artifact-configuration-slug: 'windows-installer-qt6' artifact-configuration-slug: 'zipped-files'
github-artifact-id: ${{ steps.upload_unsigned.outputs.artifact-id }} github-artifact-id: ${{ steps.upload_unsigned.outputs.artifact-id }}
wait-for-completion: true wait-for-completion: true
wait-for-completion-timeout-in-seconds: "3600"
output-artifact-directory: ci/win/Output/signed output-artifact-directory: ci/win/Output/signed
- name: Replace with signed installer - name: Replace with signed installer
@ -531,6 +611,45 @@ jobs:
set PATH=C:\Qt\5.15.2\msvc2019\bin;%PATH% set PATH=C:\Qt\5.15.2\msvc2019\bin;%PATH%
nmake check TESTARGS="-maxwarnings 100000" nmake check TESTARGS="-maxwarnings 100000"
- name: Upload executables for signing
if: github.repository == 'YACReader/yacreader' && (github.ref == 'refs/heads/master' || github.ref == 'refs/heads/develop')
uses: actions/upload-artifact@v4
id: upload_executables
with:
name: windows-x86-executables-unsigned-${{ needs.initialization.outputs.build_number }}
path: |
release/YACReader.exe
release/YACReaderLibrary.exe
release/YACReaderLibraryServer.exe
- name: Sign executables with SignPath
if: github.repository == 'YACReader/yacreader' && (github.ref == 'refs/heads/master' || github.ref == 'refs/heads/develop')
uses: signpath/github-action-submit-signing-request@v1
with:
api-token: ${{ secrets.SIGNPATH_API_TOKEN }}
organization-id: ${{ secrets.SIGNPATH_ORGANIZATION_ID }}
project-slug: 'yacreader'
signing-policy-slug: 'release-signing'
artifact-configuration-slug: 'zipped-files'
github-artifact-id: ${{ steps.upload_executables.outputs.artifact-id }}
wait-for-completion: true
wait-for-completion-timeout-in-seconds: "3600"
output-artifact-directory: release/signed
- name: Replace with signed executables
if: github.repository == 'YACReader/yacreader' && (github.ref == 'refs/heads/master' || github.ref == 'refs/heads/develop')
shell: pwsh
run: |
Write-Host "=== Replacing executables with signed versions ==="
Get-ChildItem -Path "release/signed" -Filter "*.exe" | ForEach-Object {
$destPath = "release/$($_.Name)"
Write-Host "Moving signed: $($_.Name) -> $destPath"
Move-Item -Path $_.FullName -Destination $destPath -Force
Write-Host " Moved successfully"
}
Remove-Item -Path "release/signed" -Recurse -Force -ErrorAction SilentlyContinue
Write-Host "Signed executables are ready for installer creation"
- name: Create installer - name: Create installer
shell: cmd shell: cmd
working-directory: ci/win working-directory: ci/win
@ -564,9 +683,10 @@ jobs:
organization-id: ${{ secrets.SIGNPATH_ORGANIZATION_ID }} organization-id: ${{ secrets.SIGNPATH_ORGANIZATION_ID }}
project-slug: 'yacreader' project-slug: 'yacreader'
signing-policy-slug: 'release-signing' signing-policy-slug: 'release-signing'
artifact-configuration-slug: 'windows-installer-x86' artifact-configuration-slug: 'zipped-files'
github-artifact-id: ${{ steps.upload_unsigned.outputs.artifact-id }} github-artifact-id: ${{ steps.upload_unsigned.outputs.artifact-id }}
wait-for-completion: true wait-for-completion: true
wait-for-completion-timeout-in-seconds: "3600"
output-artifact-directory: ci/win/Output/signed output-artifact-directory: ci/win/Output/signed
- name: Replace with signed installer - name: Replace with signed installer