fix(cli): fix sha acquisiton for windows signing (#1031)

<!-- For Coveo Employees only. Fill this section.

CDX-1230

-->

## Proposed changes
Similar problem and similar fix as #988

## Testing

- [x] Manual Tests: Replicated file tree and ran the script. Assessed
the hash was there and complete

.github/workflows/build-binaries.yml

@@ -40,8 +40,6 @@ jobs:
         run: npm i
       - name: Get tags
         run: node ./scripts/get-tags.mjs
-      - name: Get commit short hash
-        run: node ./scripts/get-commit-short-hash.mjs
       - name: Build
         run: npm run build
       - name: Create install kits
@@ -51,6 +49,9 @@ jobs:
         working-directory: ./packages/cli/core
         if: ${{matrix.os == 'ubuntu-latest'}}
         run: ../../../node_modules/oclif/bin/run pack tarballs
+      - name: Get commit hash of binaries
+        run: node ../../../scripts/get-commit-short-hash.mjs
+        working-directory: ./packages/cli/core
       - name: Sign Executable
         working-directory: ./packages/cli/core
         if: ${{matrix.os == 'windows-latest'}}

scripts/get-commit-short-hash.mjs

@@ -1,14 +1,19 @@
 import {exportVariable, setFailed} from '@actions/core';
-import {getSHA1fromRef} from '@coveo/semantic-monorepo-tools';
+import {readdirSync} from 'node:fs';
+import {join} from 'node:path';
+import {binariesMatcher} from './oclifArtifactMatchers.mjs';
 
-const getCommitShortHash = async () =>
-  (await getSHA1fromRef('HEAD')).substring(0, 7);
+// Should be executed at the root of the CLI workspace.
+const pathToArtifacts = join('dist', process.platform);
+const artifacts = readdirSync(pathToArtifacts, {withFileTypes: true});
+const someExe = artifacts.find(
+  (candidate) => candidate.isFile() && candidate.name.endsWith('.exe')
+);
 
-(async () => {
-  try {
-    const commitShortHash = await getCommitShortHash();
-    exportVariable('commitSHA1', commitShortHash);
-  } catch (error) {
-    setFailed(error.message);
-  }
-})();
+if (!binariesMatcher.exec(someExe.name)?.groups?.commitSHA) {
+  setFailed('Binary does not match');
+}
+exportVariable(
+  'commitSHA1',
+  binariesMatcher.exec(someExe.name).groups.commitSHA
+);

scripts/get-release-artifact-and-commit-sha.mjs

@@ -7,6 +7,11 @@ import {mkdirSync, writeFileSync, readdirSync, copyFileSync} from 'fs';
 import {resolve, join} from 'path';
 import {execSync} from 'node:child_process';
 import {spawnSync} from 'child_process';
+import {
+  binariesMatcher,
+  manifestMatcher,
+  tarballMatcher,
+} from './oclifArtifactMatchers.mjs';
 
 async function main() {
   const release = await getLastCliRelease();
@@ -17,12 +22,6 @@ async function main() {
   const getSubDirectoryForTarball = ({version, commitSHA}) =>
     join(topLevelDirectory, 'versions', version, commitSHA);
   const subDirectoryForManifest = join(topLevelDirectory, 'channels', 'stable');
-  const binariesMatcher =
-    /^coveo[_-]{1}(?<version>v?\d+\.\d+\.\d+(-\d+)?)[_.-]{1}(?<commitSHA>\w+)[_-]?(\d+_)?(?<longExt>.*\.(exe|deb|pkg))$/;
-  const manifestMatcher =
-    /^coveo-(?<version>v?\d+\.\d+\.\d+(-\d+)?)-(?<commitSHA>\w+)-(?<targetSignature>.*-buildmanifest)$/;
-  const tarballMatcher =
-    /^coveo-v?(?<version>\d+\.\d+\.\d+(-\d+)?)-(?<commitSHA>\w+)-(?<targetSignature>[\w-]+).tar\.[gx]z$/;
 
   const determineAssetLocation = (assetName) => {
     if (assetName.match(tarballMatcher)) {

scripts/oclifArtifactMatchers.mjs

@@ -0,0 +1,6 @@
+export const binariesMatcher =
+  /^coveo[_-]{1}(?<version>v?\d+\.\d+\.\d+(-\d+)?)[_.-]{1}(?<commitSHA>\w+)[_-]?(\d+_)?(?<longExt>.*\.(exe|deb|pkg))$/;
+export const manifestMatcher =
+  /^coveo-(?<version>v?\d+\.\d+\.\d+(-\d+)?)-(?<commitSHA>\w+)-(?<targetSignature>.*-buildmanifest)$/;
+export const tarballMatcher =
+  /^coveo-v?(?<version>\d+\.\d+\.\d+(-\d+)?)-(?<commitSHA>\w+)-(?<targetSignature>[\w-]+).tar\.[gx]z$/;