diff --git a/.github/workflows/build/windows.yml b/.github/workflows/build/windows.yml new file mode 100644 index 00000000..d83f59dd --- /dev/null +++ b/.github/workflows/build/windows.yml @@ -0,0 +1,81 @@ +# .github/workflows/build/windows.yml +name: Release Windows app + +on: + workflow_dispatch: + workflow_call: + inputs: + sign-and-publish: + description: 'Sign the executable and publish to release page' + default: false + required: false + type: boolean + +jobs: + build-windows: + runs-on: windows-latest + steps: + - name: Enable Long Name + shell: pwsh + run: New-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\FileSystem" -Name "LongPathsEnabled" -Value 1 -PropertyType DWORD -Force + - run: git config --system core.longpaths true + - name: Set up certificate + run: | + echo "${{ secrets.DIGICERT_AUTHENTICATION_CERTIFICATE_BASE64 }}" | base64 --decode > /d/Certificate_pkcs12.p12 + shell: bash + - name: Github checkout + uses: actions/checkout@v4 + - name: Use Node.js + uses: actions/setup-node@v4 + with: + node-version: 20 + - run: yarn install + - name: Set variables + id: variables + run: | + echo "{version}={${GITHUB_REF#refs/tags/v}}" >> $GITHUB_OUTPUT + echo "SM_HOST=${{ secrets.DIGICERT_HOST_ENVIRONMENT }}" >> "$GITHUB_ENV" + echo "SM_API_KEY=${{ secrets.DIGICERT_API_KEY }}" >> "$GITHUB_ENV" + echo "SM_CLIENT_CERT_FILE=D:\\Certificate_pkcs12.p12" >> "$GITHUB_ENV" + echo "SM_CLIENT_CERT_PASSWORD=${{ secrets.DIGICERT_AUTHENTICATION_CERTIFICATE_PASSWORD }}" >> "$GITHUB_ENV" + echo "C:\Program Files (x86)\Windows Kits\10\App Certification Kit" >> $GITHUB_PATH + echo "C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools" >> $GITHUB_PATH + echo "C:\Program Files\DigiCert\DigiCert Keylocker Tools" >> $GITHUB_PATH + shell: bash + - name: Download Keylocker Software + run: | + curl -X GET https://one.digicert.com/signingmanager/api-ui/v1/releases/Keylockertools-windows-x64.msi/download -H "x-api-key:%SM_API_KEY%" -o Keylockertools-windows-x64.msi + shell: cmd + - name: Install and Sync Cert Software + run: | + msiexec /i Keylockertools-windows-x64.msi /passive + smksp_registrar.exe list + smctl.exe keypair ls + C:\Windows\System32\certutil.exe -csp "DigiCert Signing Manager KSP" -key -user + smksp_cert_sync.exe + shell: cmd + - name: health check + run: smctl healthcheck --user + - name: Download and prepare ComfyUI + run: | + curl -L -o comfyui-win.7z https://github.com/Comfy-Org/python-dependencies/releases/download/embedded-windows-deps-cu11.8-py11.9-5/ComfyUI_windows_portable.7z + 7z x comfyui-win.7z -odist/ + move dist/ComfyUI_windows_portable/ComfyUI assets/UI/ + move dist/ComfyUI_windows_portable/python_embedded assets/UI/ + cd assets/UI/ComfyUI && ls + - name: Make app + shell: powershell + env: + DIGICERT_FINGERPRINT: ${{ secrets.DIGICERT_FINGERPRINT }} + DEBUG: electron-forge:* + PUBLISH: ${{ inputs.sign-and-publish }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: npm run publish -- --dry-run + - name: Print SignLogs + if: always() + continue-on-error: true + shell: powershell + run: cd $HOME ; gc .signingmanager\logs\smksp.log + - name: verify signing + run: + signtool verify /v /pa out/ComfyUI-win32-x64/ComfyUI.exe \ No newline at end of file diff --git a/.github/workflows/debug_windows.yml b/.github/workflows/debug_windows.yml new file mode 100644 index 00000000..8dc74063 --- /dev/null +++ b/.github/workflows/debug_windows.yml @@ -0,0 +1,26 @@ +name: Build Windows Debug + +on: + push: + branches: + #For Testig + - "prod-kendal-ghaction-split" + +jobs: + Build Debug: + runs-on: windows-latest + steps: + - name: Declare some variables + shell: bash + run: | + echo "sha_short=$(git rev-parse --short "$GITHUB_SHA")" >> "$GITHUB_ENV" + - name: Build No Release + uses: Comfy-Org/electron/.github/workflows/build/windows.yml + with: + sign-and-publish: false + secrets: inherit + - name: Upload Build + uses: actions/upload-artifact@v4 + with: + name: comfyui-electron-debug-build-${{env.sha_short}} + path: out/ComfyUI-win32-x64 \ No newline at end of file