saltstack/salt
1
0
Fork 0
mirror of https://github.com/saltstack/salt.git synced 2025-04-16 01:30:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
salt/.github/workflows/build-windows-packages.yml
Pedro Algarvio 520ec4a0e9 Pass along the relenv version that should be used. 
Signed-off-by: Pedro Algarvio <palgarvio@vmware.com>
2023-06-14 16:43:53 +01:00

144 lines
5 KiB
YAML
Raw Blame History

---
name: Build Windows Packages
on:
workflow_call:
inputs:
salt-version:
type: string
required: true
description: The Salt version to set prior to building packages
relenv-version:
type: string
required: true
description: The relenv version to set prior to building packages.
sign-packages:
type: boolean
default: false
description: Sign Packages
environment:
type: string
description: The GitHub Environment where this workflow should run
default: ci
jobs:
build-pkgs:
name: Windows
environment: ${{ inputs.environment }}
strategy:
fail-fast: false
max-parallel: 2
matrix:
arch:
- x86
- amd64
source:
- onedir
- src
runs-on:
- windows-latest
env:
SM_HOST: "${{ secrets.WIN_SIGN_HOST_PROD }}"
SM_API_KEY: "${{ secrets.WIN_SIGN_API_KEY }}"
SM_CLIENT_CERT_FILE: "D:\\Certificate_pkcs12.p12"
SM_CLIENT_CERT_PASSWORD: "${{ secrets.WIN_SIGN_CERT_PASSWORD }}"
SM_CLIENT_CERT_FILE_B64: "${{ secrets.WIN_SIGN_CERT_FILE_B64 }}"
WIN_SIGN_CERT_SHA1_HASH: "${{ secrets.WIN_SIGN_CERT_SHA1_HASH }}"
steps:
- name: Check Package Signing Enabled
shell: bash
id: check-pkg-sign
run: |
if [ "${{ inputs.sign-packages }}" == "true" ]; then
if [ "${{ (secrets.WIN_SIGN_API_KEY != '' && env.SM_HOST != '' && inputs.environment == 'staging') && 'true' || 'false' }}" != "true" ]; then
MSG="Secrets for signing packages are not available. The packages created will NOT be signed."
echo "${MSG}"
echo "${MSG}" >> "${GITHUB_STEP_SUMMARY}"
echo "sign-pkgs=false" >> "$GITHUB_OUTPUT"
else
MSG="The packages created WILL be signed."
echo "${MSG}"
echo "${MSG}" >> "${GITHUB_STEP_SUMMARY}"
echo "sign-pkgs=true" >> "$GITHUB_OUTPUT"
fi
else
MSG="The sign-packages input is false. The packages created will NOT be signed."
echo "${MSG}"
echo "${MSG}" >> "${GITHUB_STEP_SUMMARY}"
echo "sign-pkgs=false" >> "$GITHUB_OUTPUT"
fi
- uses: actions/checkout@v3
- uses: actions/setup-python@v4
with:
python-version: 3.9
- name: Setup Python Tools Scripts
uses: ./.github/actions/setup-python-tools-scripts
- name: Setup Salt Version
id: setup-salt-version
uses: ./.github/actions/setup-salt-version
with:
salt-version: "${{ inputs.salt-version }}"
- name: Download Onedir Tarball as an Artifact
uses: actions/download-artifact@v3
with:
name: salt-${{ inputs.salt-version }}-onedir-windows-${{ matrix.arch }}.zip
path: artifacts/
- name: Code signing with Software Trust Manager
if: ${{ steps.check-pkg-sign.outputs.sign-pkgs == 'true' }}
uses: digicert/ssm-code-signing@v0.0.2
- name: Setup Certificate
if: ${{ steps.check-pkg-sign.outputs.sign-pkgs == 'true' }}
shell: bash
run: |
echo "${{ secrets.WIN_SIGN_CERT_FILE_B64 }}" | base64 --decode > /d/Certificate_pkcs12.p12
- name: Build Windows Packages
run: |
tools pkg build windows --relenv-version=${{ inputs.relenv-version }} ${{
matrix.source == 'onedir' &&
format(
'--onedir salt-{0}-onedir-windows-{1}.zip --salt-version {0} --arch {1} {2}',
inputs.salt-version,
matrix.arch,
steps.check-pkg-sign.outputs.sign-pkgs == 'true' && '--sign' || ''
)
||
format('--salt-version {0} --arch {1}', inputs.salt-version, matrix.arch)
}}
- name: Set Artifact Name
id: set-artifact-name
shell: bash
run: |
if [ "${{ matrix.source }}" != "src" ]; then
echo "artifact-name-nsis=salt-${{ inputs.salt-version }}-${{ matrix.arch }}-NSIS" >> "$GITHUB_OUTPUT"
echo "artifact-name-msi=salt-${{ inputs.salt-version }}-${{ matrix.arch }}-MSI" >> "$GITHUB_OUTPUT"
else
echo "artifact-name-nsis=salt-${{ inputs.salt-version }}-${{ matrix.arch }}-NSIS-from-src" >> "$GITHUB_OUTPUT"
echo "artifact-name-msi=salt-${{ inputs.salt-version }}-${{ matrix.arch }}-MSI-from-src" >> "$GITHUB_OUTPUT"
fi
- name: Upload ${{ matrix.arch }} NSIS Packages
uses: actions/upload-artifact@v3
with:
name: ${{ steps.set-artifact-name.outputs.artifact-name-nsis }}
path: pkg/windows/build/Salt-*.exe
retention-days: 7
if-no-files-found: error
- name: Upload ${{ matrix.arch }} MSI Package
uses: actions/upload-artifact@v3
with:
name: ${{ steps.set-artifact-name.outputs.artifact-name-msi }}
path: pkg/windows/build/Salt-*.msi
retention-days: 7
if-no-files-found: error
Reference in a new issue View git blame Copy permalink