feat: adding windows package signing configurations (twilio#341)

* feat: added windows signing * feat: added windows signing * feat: revert release yml changes Co-authored-by: Sindhura Chamala <[email protected]>
shrutiburman · Nov 24, 2021 · 7b9abb1 · 7b9abb1
1 parent f9eec20
commit 7b9abb1
Show file tree

Hide file tree

Showing 2 changed files with 92 additions and 4 deletions.
diff --git a/.github/workflows/platform-executables.yml b/.github/workflows/platform-executables.yml
@@ -29,10 +29,6 @@ jobs:
             artifact_name: deb/${{ github.event.inputs.formula }}_${{ needs.get-tag.outputs.TAG_NAME }}-1_amd64.deb
             asset_name: ${{ github.event.inputs.formula }}-${{ needs.get-tag.outputs.TAG_NAME }}.deb
             command_name: sudo npx oclif-dev pack:deb
-          - os: macos-latest
-            artifact_name: win/${{ github.event.inputs.formula }}-v${{ needs.get-tag.outputs.TAG_NAME }}-x86.exe
-            asset_name: ${{ github.event.inputs.formula }}-${{ needs.get-tag.outputs.TAG_NAME }}.exe
-            command_name: npx oclif-dev pack:win
           - os: macos-latest
             artifact_name: macos/${{ github.event.inputs.formula }}-v${{ needs.get-tag.outputs.TAG_NAME }}.pkg
             asset_name: ${{ github.event.inputs.formula }}-${{ needs.get-tag.outputs.TAG_NAME }}.pkg

diff --git a/.github/workflows/windows-executable-release.yml b/.github/workflows/windows-executable-release.yml
@@ -0,0 +1,92 @@
+name: Windows Executable Release
+on:
+  workflow_dispatch:
+    inputs:
+      formula:
+        description: 'Artifact Prefix'
+        default: twilio
+  workflow_run:
+  # wait for Cli Release to complete, when it completes, start this workflow
+    workflows: ["Cli Release"]
+    branches: [main]
+    types:
+      - completed
+    inputs:
+      formula:
+        description: 'Artifact Prefix'
+        default: twilio
+jobs:
+  get-tag:
+    runs-on: macos-latest
+    outputs:
+     TAG_NAME: ${{steps.get-tag.outputs.TAG_NAME}}
+    steps:
+     - uses: actions/checkout@v2
+     - name: Getting latest tag
+       id: get-tag
+       run: |
+        git fetch --prune --unshallow
+        echo "::set-output name=TAG_NAME::$(git describe --tags $(git rev-list --tags --max-count=1))"
+  pack-windows-release:
+    runs-on: macos-latest
+    needs: [get-tag]
+    steps:
+     - uses: actions/checkout@v2
+     - run: |
+        make install
+        brew install makensis
+        npx oclif-dev pack:win
+     - name: upload artifact
+       uses: actions/upload-artifact@v2
+       with:
+        name: ${{ github.event.inputs.formula }}-${{ needs.get-tag.outputs.TAG_NAME }}.exe
+        path: dist/win/${{ github.event.inputs.formula }}-v${{ needs.get-tag.outputs.TAG_NAME }}-x86.exe
+        retention-days: 1
+
+  sign-windows-release:
+    needs: [pack-windows-release, get-tag]
+    runs-on: windows-latest
+    steps:
+     - uses: actions/checkout@v2
+     - run: make install
+     - name: import certificate
+       run: |
+        New-Item -ItemType directory -Path certificate
+        Set-Content -Path certificate\certificate.txt -Value '${{ secrets.WINDOWS_CERTIFICATE }}'
+        certutil -decode certificate\certificate.txt certificate\certificate.pfx
+     - name: import Executable
+       id: download
+       uses: actions/download-artifact@v2
+       with:
+         name: ${{ github.event.inputs.formula }}-${{ needs.get-tag.outputs.TAG_NAME }}.exe
+     - name: 'Echo download path'
+       run: ls ${{steps.download.outputs.download-path}}
+     - name: Code Sign The Executable
+       run: |
+          & 'C:/Program Files (x86)/Windows Kits/10/bin/10.0.17763.0/x86/signtool.exe' sign /f certificate\certificate.pfx /p '${{ secrets.WINDOWS_CERTIFICATE_PASS }}' /t http://timestamp.digicert.com ${{steps.download.outputs.download-path}}/${{ github.event.inputs.formula }}-v${{ needs.get-tag.outputs.TAG_NAME }}-x86.exe
+     - name: Upload binaries to release
+       run: node .github/scripts/update-platform-executables.js
+       env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        FILE: ${{steps.download.outputs.download-path}}\${{ github.event.inputs.formula }}-v${{ needs.get-tag.outputs.TAG_NAME }}-x86.exe
+        ASSET_NAME: ${{ github.event.inputs.formula }}-${{ needs.get-tag.outputs.TAG_NAME }}.exe
+        TAG_NAME: ${{ needs.get-tag.outputs.TAG_NAME }}
+        REPO_NAME: twilio/twilio-cli
+
+  notify-complete-fail:
+    if: ${{ failure() || cancelled() }}
+    needs: [sign-windows-release ]
+    name: Notify Release Failed
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: Slack Notification
+        uses: rtCamp/action-slack-notify@v2
+        env:
+          SLACK_WEBHOOK: ${{ secrets.ALERT_SLACK_WEB_HOOK }}
+          SLACK_COLOR: "#ff3333"
+          SLACK_USERNAME: CLI Release Bot
+          SLACK_ICON_EMOJI: ":ship:"
+          SLACK_TITLE: "Twilio Cli"
+          SLACK_MESSAGE: 'Windows Executable Release Failed'
+          MSG_MINIMAL: actions url