fix: windows code signing #5
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Experiment Windows Codesign | |
| # This workflow bakes executables of the major platforms for Testing purposes | |
| on: | |
| merge_group: | |
| workflow_dispatch: | |
| push: | |
| branches: | |
| - develop | |
| pull_request: | |
| types: | |
| - opened | |
| - synchronize | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| env: | |
| PR_NUMBER: ${{ github.event.number }} | |
| jobs: | |
| build-and-upload-artifacts: | |
| timeout-minutes: 15 | |
| # Skip jobs for release PRs | |
| # windows on recurring should be portable | |
| if: ${{ !startsWith(github.head_ref, 'release/') }} | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - os: "windows-latest" | |
| steps: | |
| - name: Checkout branch | |
| uses: actions/checkout@v4 | |
| - name: Setup Node | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version-file: ".nvmrc" | |
| cache: 'npm' | |
| cache-dependency-path: package-lock.json | |
| - name: Install packages | |
| run: npm ci | |
| - name: Package unpacked app (Windows only) | |
| if: matrix.os == 'windows-latest' | |
| shell: bash | |
| run: NODE_OPTIONS='--max_old_space_size=6144' npm run package:windows:unpacked -w insomnia | |
| - name: Move .dll and .exe files to /tosign (PowerShell) | |
| if: matrix.os == 'windows-latest' | |
| shell: pwsh | |
| run: | | |
| New-Item -Path "packages/insomnia/dist/win-unpacked/tosign" -ItemType Directory -Force | |
| New-Item -Path "packages/insomnia/dist/win-unpacked/signed" -ItemType Directory -Force | |
| Get-ChildItem -Path "packages/insomnia/dist/win-unpacked" -Filter *.dll | Move-Item -Destination "packages/insomnia/dist/win-unpacked/tosign" | |
| Get-ChildItem -Path "packages/insomnia/dist/win-unpacked" -Filter *.exe | Move-Item -Destination "packages/insomnia/dist/win-unpacked/tosign" | |
| # signs unpacked electron-builder contents, in this case only the .exe | |
| - name: Code-sign unpacked .exe (Windows only) | |
| if: matrix.os == 'windows-latest' | |
| uses: sslcom/esigner-codesign@develop | |
| with: | |
| command: batch_sign | |
| username: ${{secrets.ES_USERNAME}} | |
| password: ${{secrets.ES_PASSWORD}} | |
| credential_id: ${{secrets.ES_CREDENTIAL_ID}} | |
| totp_secret: ${{secrets.ES_TOTP_SECRET}} | |
| dir_path: packages/insomnia/dist/win-unpacked/tosign | |
| output_path: packages/insomnia/dist/win-unpacked/signed | |
| override: true | |
| - name: Move .dll and .exe files back to win-unpacked and delete /tosign | |
| if: matrix.os == 'windows-latest' | |
| shell: pwsh | |
| run: | | |
| Get-ChildItem -Path "packages/insomnia/dist/win-unpacked/signed" -Filter *.dll | Move-Item -Destination "packages/insomnia/dist/win-unpacked" | |
| Get-ChildItem -Path "packages/insomnia/dist/win-unpacked/signed" -Filter *.exe | Move-Item -Destination "packages/insomnia/dist/win-unpacked" | |
| Remove-Item -Path "packages/insomnia/dist/win-unpacked/tosign" -Recurse -Force | |
| Remove-Item -Path "packages/insomnia/dist/win-unpacked/signed" -Recurse -Force | |
| # re-packages the now code-signed electron-builder contents into a squirrel installer | |
| - name: Package dist app (Windows only) | |
| if: matrix.os == 'windows-latest' | |
| shell: bash | |
| run: NODE_OPTIONS='--max_old_space_size=6144' npm run package:windows:dist -w insomnia | |
| env: | |
| USERNAME: ${{secrets.ES_USERNAME}} | |
| PASSWORD: ${{secrets.ES_PASSWORD}} | |
| CREDENTIAL_ID: ${{secrets.ES_CREDENTIAL_ID}} | |
| TOTP_SECRET: ${{secrets.ES_TOTP_SECRET}} | |
| - name: Upload artifacts | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| if-no-files-found: ignore | |
| name: ${{ matrix.os }}-artifacts-${{ github.run_number }} | |
| path: | | |
| packages/insomnia/dist/*.exe |