From 53107afb7267714e02eb8907818dcb0adbda8c3d Mon Sep 17 00:00:00 2001 From: Vitalii Koshura Date: Sun, 29 Dec 2024 05:24:30 +0100 Subject: [PATCH] [ci][windows] sign executables using Azure Signed-off-by: Vitalii Koshura --- .github/workflows/windows.yml | 21 +++++++++++++++++- ci_tools/create_signing_metadata.py | 20 +++++++++++++++++ win_build/boinc.sln | 14 ++++++++++++ win_build/boinc_signing.targets | 4 ++-- win_build/installer.vcxproj | 7 +----- win_build/installer_msi.vcxproj | 33 +++++++++++++++++++++++++++++ win_build/installer_setup.vcxproj | 13 +----------- 7 files changed, 91 insertions(+), 21 deletions(-) create mode 100644 ci_tools/create_signing_metadata.py create mode 100644 win_build/installer_msi.vcxproj diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml index 905f994004f..473c3dafe31 100644 --- a/.github/workflows/windows.yml +++ b/.github/workflows/windows.yml @@ -33,6 +33,16 @@ env: AWS_ACCESS_KEY_ID: ${{secrets.S3_ACCESS_KEY}} AWS_SECRET_ACCESS_KEY: ${{secrets.S3_SECRET_KEY}} AWS_DEFAULT_REGION: us-west-2 + AZURE_CLIENT_ID: ${{secrets.AZURE_CLIENT_ID}} + AZURE_CLIENT_SECRET: ${{secrets.AZURE_CLIENT_SECRET}} + AZURE_TENANT_ID: ${{secrets.AZURE_TENANT_ID}} + AZURE_ENDPOINT: ${{secrets.AZURE_ENDPOINT}} + AZURE_CODE_SIGNING_NAME: ${{secrets.AZURE_CODE_SIGNING_NAME}} + AZURE_CERT_PROFILE_NAME: ${{secrets.AZURE_CERT_PROFILE_NAME}} + + TSCT: ${{github.workspace}}\temp\TSCT + DLIB: ${{github.workspace}}\temp\TSCT\x64\Azure.CodeSigning.Dlib.dll + DMDF: ${{github.workspace}}\metadata.json jobs: build: @@ -88,9 +98,18 @@ jobs: ${{github.workspace}}\3rdParty\Windows\cuda\ key: windows-${{matrix.platform}}-${{matrix.configuration}}-${{hashFiles('win_build/vcpkg_3rdparty_dependencies.vcxproj', '.github/workflows/windows.yml')}} + - name: Install Trusted Signing Client Tools + if: success() && matrix.type == 'msbuild' + run: .\nuget.exe install Microsoft.Trusted.Signing.Client -Version 1.0.53 -x -OutputDirectory "${{ env.TSCT }}" + + - name: Write metadata.json + if: success() && matrix.type == 'msbuild' + run: | + python ./ci_tools/create_signing_metadata.py "${{ env.DMDF }}" "${{ env.AZURE_ENDPOINT }}" "${{ env.AZURE_CODE_SIGNING_NAME }}" "${{ env.AZURE_CERT_PROFILE_NAME }}" + - name: Build if: success() && matrix.type == 'msbuild' - run: msbuild win_build\boinc.sln -p:Configuration=${{matrix.configuration}} -p:Platform=${{matrix.platform}} -p:VcpkgTripletConfig=ci -m + run: msbuild win_build\boinc.sln -p:Configuration=${{matrix.configuration}} -p:Platform=${{matrix.platform}} -p:VcpkgTripletConfig=ci -p:DLIB=${{ env.DLIB }} -p:DMDF=${{ env.DMDF }} -m - name: Build CMake if: success() && matrix.type == 'libs-cmake' diff --git a/ci_tools/create_signing_metadata.py b/ci_tools/create_signing_metadata.py new file mode 100644 index 00000000000..e3fb618864d --- /dev/null +++ b/ci_tools/create_signing_metadata.py @@ -0,0 +1,20 @@ +import sys +import json + +def main(): + if len(sys.argv) != 5: + print("Usage: create_signing_metadata.py ") + sys.exit(1) + + output_file = sys.argv[1] + metadata = { + "Endpoint": sys.argv[2], + "CodeSigningAccountName": sys.argv[3], + "CertificateProfileName": sys.argv[4] + } + + with open(output_file, 'w', encoding='utf-8') as f: + json.dump(metadata, f, ensure_ascii=False, indent=4) + +if __name__ == "__main__": + main() diff --git a/win_build/boinc.sln b/win_build/boinc.sln index f637609f3bd..ae401bb3118 100644 --- a/win_build/boinc.sln +++ b/win_build/boinc.sln @@ -152,6 +152,12 @@ Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "installer_icon", "installer EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "installer_setup", "installer_setup.vcxproj", "{80DFF29A-7B1D-41F4-BEAE-307CDB39BF54}" ProjectSection(ProjectDependencies) = postProject + {88EB73FC-A865-4C3F-906D-44E00EF27A27} = {88EB73FC-A865-4C3F-906D-44E00EF27A27} + EndProjectSection +EndProject +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "installer_msi", "installer_msi.vcxproj", "{88EB73FC-A865-4C3F-906D-44E00EF27A27}" + ProjectSection(ProjectDependencies) = postProject + {49723CA5-DA05-43C0-93AB-6FD30D046919} = {49723CA5-DA05-43C0-93AB-6FD30D046919} {BB5EF2AB-F453-463B-835A-65BBE7182378} = {BB5EF2AB-F453-463B-835A-65BBE7182378} EndProjectSection EndProject @@ -505,6 +511,14 @@ Global {80DFF29A-7B1D-41F4-BEAE-307CDB39BF54}.Release|ARM64.Build.0 = Release|ARM64 {80DFF29A-7B1D-41F4-BEAE-307CDB39BF54}.Release|x64.ActiveCfg = Release|x64 {80DFF29A-7B1D-41F4-BEAE-307CDB39BF54}.Release|x64.Build.0 = Release|x64 + {88EB73FC-A865-4C3F-906D-44E00EF27A27}.Debug|ARM64.ActiveCfg = Debug|ARM64 + {88EB73FC-A865-4C3F-906D-44E00EF27A27}.Debug|ARM64.Build.0 = Debug|ARM64 + {88EB73FC-A865-4C3F-906D-44E00EF27A27}.Debug|x64.ActiveCfg = Debug|x64 + {88EB73FC-A865-4C3F-906D-44E00EF27A27}.Debug|x64.Build.0 = Debug|x64 + {88EB73FC-A865-4C3F-906D-44E00EF27A27}.Release|ARM64.ActiveCfg = Release|ARM64 + {88EB73FC-A865-4C3F-906D-44E00EF27A27}.Release|ARM64.Build.0 = Release|ARM64 + {88EB73FC-A865-4C3F-906D-44E00EF27A27}.Release|x64.ActiveCfg = Release|x64 + {88EB73FC-A865-4C3F-906D-44E00EF27A27}.Release|x64.Build.0 = Release|x64 EndGlobalSection GlobalSection(SolutionProperties) = preSolution HideSolutionNode = FALSE diff --git a/win_build/boinc_signing.targets b/win_build/boinc_signing.targets index efa7e372b10..bc9f11a9121 100644 --- a/win_build/boinc_signing.targets +++ b/win_build/boinc_signing.targets @@ -2,7 +2,7 @@ - - + + diff --git a/win_build/installer.vcxproj b/win_build/installer.vcxproj index c57a9609d97..831937b390b 100644 --- a/win_build/installer.vcxproj +++ b/win_build/installer.vcxproj @@ -182,12 +182,7 @@ - - - - - - + diff --git a/win_build/installer_msi.vcxproj b/win_build/installer_msi.vcxproj new file mode 100644 index 00000000000..e59b9d438a7 --- /dev/null +++ b/win_build/installer_msi.vcxproj @@ -0,0 +1,33 @@ + + + + installer_msi + {88EB73FC-A865-4C3F-906D-44E00EF27A27} + + + Application + MultiByte + + + + boinc + .msi + + + + + + + + + + ClCompile + + + + $(SolutionDir)Build\x64\$(Configuration)\installer.exe -p $(Platform) + $(OutDir)$(TargetName)$(TargetExt) + + + + diff --git a/win_build/installer_setup.vcxproj b/win_build/installer_setup.vcxproj index 3e41e65e927..53d871b1bb4 100644 --- a/win_build/installer_setup.vcxproj +++ b/win_build/installer_setup.vcxproj @@ -35,17 +35,6 @@ - - - - ClCompile - - - - $(SolutionDir)Build\x64\$(Configuration)\installer.exe -p $(Platform) - $(MSBuildThisFileDirectory)..\installer\boinc.json;$(MSBuildThisFileDirectory)..\installer\locale\en.json;$(OutDir)boinccas.dll;$(SolutionDir)Build\x64\$(Configuration)\installer.exe - $(OutDir)boinc.msi - - +