mirror of
https://github.com/saltstack/salt.git
synced 2025-04-17 10:10:20 +00:00
102 lines
3.4 KiB
YAML
102 lines
3.4 KiB
YAML
---
|
|
name: Build Windows Packages
|
|
|
|
on:
|
|
workflow_call:
|
|
inputs:
|
|
salt-version:
|
|
type: string
|
|
required: true
|
|
description: The Salt version to set prior to building packages
|
|
environment:
|
|
type: string
|
|
description: The GitHub Environment where this workflow should run
|
|
default: ci
|
|
|
|
jobs:
|
|
|
|
build-pkgs:
|
|
name: Windows
|
|
environment: ${{ inputs.environment }}
|
|
strategy:
|
|
fail-fast: false
|
|
max-parallel: 2
|
|
matrix:
|
|
arch:
|
|
- x86
|
|
- amd64
|
|
runs-on:
|
|
- windows-latest
|
|
env:
|
|
SM_HOST: "${{ secrets.WIN_SIGN_HOST_PROD }}"
|
|
SM_API_KEY: "${{ secrets.WIN_SIGN_API_KEY }}"
|
|
SM_CLIENT_CERT_FILE: "D:\\Certificate_pkcs12.p12"
|
|
SM_CLIENT_CERT_PASSWORD: "${{ secrets.WIN_SIGN_CERT_PASSWORD }}"
|
|
SM_CLIENT_CERT_FILE_B64: "${{ secrets.WIN_SIGN_CERT_FILE_B64 }}"
|
|
WIN_SIGN_CERT_SHA1_HASH: "${{ secrets.WIN_SIGN_CERT_SHA1_HASH }}"
|
|
|
|
steps:
|
|
- name: Check Package Signing Enabled
|
|
shell: bash
|
|
id: check-pkg-sign
|
|
run: |
|
|
if [ "${{ (secrets.WIN_SIGN_API_KEY != '' && env.SM_HOST != '' && inputs.environment == 'staging') && 'true' || 'false' }}" != "true" ]; then
|
|
echo "The packages created will NOT be signed"
|
|
echo "sign-pkgs=false" >> "$GITHUB_OUTPUT"
|
|
else
|
|
echo "The packages created WILL be signed"
|
|
echo "sign-pkgs=true" >> "$GITHUB_OUTPUT"
|
|
fi
|
|
|
|
- uses: actions/checkout@v3
|
|
- uses: actions/setup-python@v4
|
|
with:
|
|
python-version: 3.9
|
|
|
|
- name: Setup Python Tools Scripts
|
|
uses: ./.github/actions/setup-python-tools-scripts
|
|
|
|
- name: Setup Salt Version
|
|
id: setup-salt-version
|
|
uses: ./.github/actions/setup-salt-version
|
|
with:
|
|
salt-version: "${{ inputs.salt-version }}"
|
|
|
|
- name: Download Onedir Tarball as an Artifact
|
|
uses: actions/download-artifact@v3
|
|
with:
|
|
name: salt-${{ inputs.salt-version }}-onedir-windows-${{ matrix.arch }}.zip
|
|
path: artifacts/
|
|
|
|
- name: Code signing with Software Trust Manager
|
|
if: ${{ steps.check-pkg-sign.outputs.sign-pkgs == 'true' }}
|
|
uses: digicert/ssm-code-signing@v0.0.2
|
|
|
|
- name: Setup Certificate
|
|
if: ${{ steps.check-pkg-sign.outputs.sign-pkgs == 'true' }}
|
|
shell: bash
|
|
run: |
|
|
echo "${{ secrets.WIN_SIGN_CERT_FILE_B64 }}" | base64 --decode > /d/Certificate_pkcs12.p12
|
|
|
|
- name: Build Windows Packages
|
|
run: |
|
|
tools pkg build windows --onedir salt-${{ inputs.salt-version }}-onedir-windows-${{ matrix.arch }}.zip `
|
|
--salt-version ${{ inputs.salt-version }} --arch ${{ matrix.arch }} ${{
|
|
steps.check-pkg-sign.outputs.sign-pkgs == 'true' && '--sign' || ''
|
|
}}
|
|
|
|
- name: Upload ${{ matrix.arch }} Packages
|
|
uses: actions/upload-artifact@v3
|
|
with:
|
|
name: salt-${{ inputs.salt-version }}-${{ matrix.arch }}-NSIS
|
|
path: pkg/windows/build/Salt-*.exe
|
|
retention-days: 7
|
|
if-no-files-found: error
|
|
|
|
- name: Upload ${{ matrix.arch }} MSI Package
|
|
uses: actions/upload-artifact@v3
|
|
with:
|
|
name: salt-${{ inputs.salt-version }}-${{ matrix.arch }}-MSI
|
|
path: pkg/windows/build/Salt-*.msi
|
|
retention-days: 7
|
|
if-no-files-found: error
|