Build Windows Installer Package #47
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build Windows Installer Package | |
on: | |
workflow_dispatch: | |
inputs: | |
release_version: | |
description: 'Release number for MW Agent for Windows' | |
required: true | |
push: | |
paths-ignore: | |
- '.github/**' | |
tags: | |
- '[0-9]+.[0-9]+.[0-9]+' | |
env: | |
ACTIONS_ALLOW_UNSECURE_COMMANDS: true | |
jobs: | |
create_installer: | |
runs-on: ${{ matrix.os }} | |
strategy: | |
matrix: | |
os: [ 'ubuntu-22.04'] | |
steps: | |
- name: Checkout Repo | |
uses: actions/checkout@v3 | |
with: | |
token: ${{ secrets.GHCR_TOKEN }} | |
ssh-key: ${{ secrets.CHECK_AGENT_ACCESS }} | |
submodules: 'recursive' | |
- name: Install makensis | |
run: sudo apt update && sudo apt install -y nsis nsis-pluginapi | |
if: ${{ matrix.os == 'ubuntu-22.04' }} | |
- name: Set up Git credentials for Go | |
run: | | |
git config --global url."https://${{ secrets.GHCR_TOKEN }}:@github.com/".insteadOf "https://github.com/" | |
env: | |
GITHUB_TOKEN: ${{ secrets.GHCR_TOKEN }} | |
- name: Setting Release Number | |
run: | | |
if [ -n "${{ github.event.inputs.release_version }}" ]; then | |
echo "RELEASE_VERSION=${{ github.event.inputs.release_version }}" >> $GITHUB_ENV | |
else | |
echo "RELEASE_VERSION=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV | |
fi | |
- name: Build MW Agent for Windows | |
run: | | |
GOOS=windows CGO_ENABLED=0 GOPRIVATE=github.com/middleware-labs go build -ldflags "-s -w -X main.agentVersion=$RELEASE_VERSION" -o build/mw-windows-agent.exe cmd/host-agent/main.go | |
makensis -DVERSION=$RELEASE_VERSION package-tooling/windows/package-windows.nsi | |
- name: Install jsign Tool For Microsoft Authenticode | |
run: | | |
wget https://github.com/ebourg/jsign/releases/download/5.0/jsign_5.0_all.deb | |
sudo dpkg -i jsign_5.0_all.deb | |
- name: Setup Code Signing Certificate | |
run: | | |
echo "${{ secrets.SM_CLIENT_CERT_FILE_B64 }}" | base64 --decode > certificate_pkcs12.p12 | |
- name: Sign MW Agent Installer Package | |
run: | | |
jsign --storetype ${{ secrets.SM_CLIENT_CERT_STORE_TYPE }} --alias ${{ secrets.SM_CLIENT_CERT_ALIAS }} --tsaurl ${{ secrets.SM_TIMESTAMP_AUTHORITY_URL }} --storepass "${{ secrets.SM_API_KEY }}|./certificate_pkcs12.p12|${{ secrets.SM_CLIENT_CERT_PASSWORD }}" package-tooling/windows/mw-windows-agent-$RELEASE_VERSION-setup.exe | |
- name: Upload Artifact | |
uses: actions/upload-artifact@v3 | |
with: | |
name: mw-windows-agent-$RELEASE_VERSION-setup.exe | |
path: package-tooling/windows/mw-windows-agent-$RELEASE_VERSION-setup.exe |