mirrors
/
OpenRCT2
mirror of https://github.com/OpenRCT2/OpenRCT2.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #2923 from OpenRCT2/test-sign-push 

Sign and push AppVeyor builds to OpenRCT2.org
This commit is contained in:
Ted John 2016-02-13 19:34:54 +00:00
parent c29a02605d c9a532a180
commit 45a5af5610
6 changed files with 278 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
appveyor.yml
View File

@ -1,12 +1,30 @@
version: 0.0.4.{build}
os: Previous Visual Studio 2015
os: Visual Studio 2015
environment:
ENCKEY:
secure: saYAIpqXzpq0U+JH+MNi/isRQ6Y51PZhm4BrnePDiAPptFO5htxFOLegrYqxdy67
CODE-SIGN-KEY-OPENRCT2.ORG.PFX.PASSWORD:
secure: bzYmf0ElxisSGyZnIjUOYQ==
OPENRCT2.ORG_TOKEN:
secure: leQX3xCQpmBLGuMqrxjFlzexDt96ypNRMM5TTRVHbGE8PwVg9crgeykLc2BIZU6HDHveJCHqh2cGMdHtHYJYcw==
install:
- cmd: >-
IF DEFINED ENCKEY ( nuget install secure-file -ExcludeVersion && secure-file\tools\secure-file -decrypt distribution\windows\code-sign-key-openrct2.org.pfx.enc -secret %ENCKEY% )
cinst nsis.portable -pre > nul
- ps: >-
curl "http://nsis.sourceforge.net/mediawiki/images/5/53/KillProcDll%26FindProcDll.zip" -OutFile nsisxtra.zip
7z x nsisxtra.zip > $null
cp FindProcDLL.dll "C:\ProgramData\chocolatey\lib\nsis.portable\tools\nsis-3.0b1\Plugins\x86-ansi"
build_script:
- ps: >-
.\setenv.ps1
install
publish -Server AppVeyor -BuildNumber $env:APPVEYOR_BUILD_NUMBER -GitBranch $env:APPVEYOR_REPO_BRANCH
appveyor_run
artifacts:
- path: .\artifacts\openrct2.zip
name: OpenRCT2
name: OpenRCT2-portable
- path: .\artifacts\*.exe
name: OpenRCT2-installer

8
distribution/windows/build.ps1
View File

@ -1,9 +1,11 @@
param (
[Parameter(Position = 1)]
[string]$BuildNumber = "",
[string]$GitBranch = ""
[string]$VersionExtra = ""
)
$path = Split-Path $Script:MyInvocation.MyCommand.Path
Write-Host "Building Windows Installer (NSIS script)";
makensis /DAPPV_BUILD=$BuildNumber /DAPPV_EXTRA=-$GitBranch-b$BuildNumber /DVERSION_INCLUDE=$path\win32.txt $path\install.nsi > $path\win32.log;
Write-Host " $VersionExtra";
makensis /DAPPV_EXTRA=-$VersionExtra `
/DVERSION_INCLUDE=$path\win32.txt `
$path\install.nsi > $path\win32.log;

BIN
distribution/windows/code-sign-key-openrct2.org.pfx.enc Normal file
View File

Binary file not shown.

6
distribution/windows/install.nsi
View File

@ -461,7 +461,9 @@ Function .onInit
; Starts Setup - let's look for an older version of OpenRCT2
ReadRegStr $R8 HKLM "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OpenRCT2" "Version"
IfErrors ShowWelcomeMessage ShowUpgradeMessage
; Skip upgrade checking for now
;IfErrors ShowWelcomeMessage ShowUpgradeMessage
Goto ShowWelcomeMessage
ShowWelcomeMessage:
ReadRegStr $R8 HKLM "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OpenRCT2" "Version"
IfErrors FinishCallback
@ -488,6 +490,8 @@ DoUninstall: ; You have the same version as this installer. This allows you to
Quit
InstallerIsOlder:
; A newer version was found. Let's let the user know there's an downgrade that will take place.
ReadRegStr $OLDVERSION HKEY_LOCAL_MACHINE "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OpenRCT2" "DisplayVersion"
;MessageBox MB_OK|MB_ICONSTOP \
; "You have a newer version of ${APPNAME}.$\nSetup will now exit."
;Quit

130
scripts/ps/appveyor_run.ps1 Normal file
View File

@ -0,0 +1,130 @@
#########################################################
# Script to build OpenRCT2 on AppVeyor
#########################################################
function Push-Build($file, $name, $version, $flavourId)
{
curl.exe -s -o - `
--form "key=${env:OPENRCT2.ORG_TOKEN}" `
--form "fileName=$name" `
--form "version=$version" `
--form "gitHash=${env:APPVEYOR_REPO_COMMIT}" `
--form "gitBranch=${env:APPVEYOR_REPO_BRANCH}" `
--form "flavourId=$flavourId" `
--form "file=@$file" `
"https://openrct2.org/altapi/?command=push-build"
}
$server = "AppVeyor"
# Provide a short commit SHA1 too
${env:APPVEYOR_REPO_COMMIT_SHORT} = (${env:APPVEYOR_REPO_COMMIT}).Substring(0, 7)
# Current version
$version = "0.0.4.0"
# Tagged builds will hide branch and commit SHA1
$tag = $null
if (${env:APPVEYOR_REPO_TAG} -ne $null)
{
$tag = ${env:APPVEYOR_REPO_TAG_NAME}
}
# Enable code signing if password environment variable is set
$codeSign = $false
if (${env:CODE-SIGN-KEY-OPENRCT2.ORG.PFX.PASSWORD} -ne $null)
{
$codeSign = $true
}
# Enable pushing builds to OpenRCT2.org if token environment variable is set
$pushBuilds = $false
$installer = $false
if (${env:OPENRCT2.ORG_TOKEN} -ne $null)
{
$pushBuilds = $true
$installer = $true
}
# Write out summary of the build
Write-Host "AppVeyor CI Build" -ForegroundColor Green
if ($tag -ne $null)
{
Write-Host " $version-$tag" -ForegroundColor Green
}
else
{
Write-Host " $version-$env:APPVEYOR_REPO_BRANCH-$env:APPVEYOR_REPO_COMMIT_SHORT" -ForegroundColor Green
}
Write-Host " Signed: $codeSign" -ForegroundColor Green
Write-Host " Push : $pushBuilds" -ForegroundColor Green
# Install dependencies
install -Quiet
# Build OpenRCT2
publish build `
-Server $server `
-GitTag $tag `
-GitBranch $env:APPVEYOR_REPO_BRANCH `
-GitSha1 $env:APPVEYOR_REPO_COMMIT `
-GitSha1Short $env:APPVEYOR_REPO_COMMIT_SHORT `
-CodeSign $codeSign
if ($LASTEXITCODE -ne 0)
{
exit 1
}
# Create a Portable ZIP
publish package `
-Server $server `
-GitTag $tag `
-GitBranch $env:APPVEYOR_REPO_BRANCH `
-GitSha1 $env:APPVEYOR_REPO_COMMIT `
-GitSha1Short $env:APPVEYOR_REPO_COMMIT_SHORT `
-CodeSign $codeSign
# Create an Installer
if ($installer)
{
publish package `
-Installer `
-Server $server `
-GitTag $tag `
-GitBranch $env:APPVEYOR_REPO_BRANCH `
-GitSha1 $env:APPVEYOR_REPO_COMMIT `
-GitSha1Short $env:APPVEYOR_REPO_COMMIT_SHORT `
-CodeSign $codeSign
}
if ($pushBuilds)
{
$versionExtension = ""
if ($tag -ne $null)
{
$versionExtension = "-$tag"
}
else
{
$versionExtension = "-${env:APPVEYOR_REPO_BRANCH}-${env:APPVEYOR_REPO_COMMIT_SHORT}"
}
$pushFileName = "OpenRCT2-${version}${versionExtension}-windows"
# Push portable zip
Write-Host "Sending portable zip to OpenRCT2.org" -ForegroundColor Cyan
Push-Build -file ".\artifacts\openrct2.zip" `
-name "$pushFileName.zip" `
-version $version `
-flavourId 1
# Push installer
if ($installer)
{
Write-Host "Sending installer to OpenRCT2.org" -ForegroundColor Cyan
Push-Build -file ".\artifacts\openrct2-install.exe" `
-name "$pushFileName.exe" `
-version $version `
-flavourId 2
}
}

136
scripts/ps/publish.ps1
View File

@ -6,14 +6,33 @@
#########################################################
param (
[Parameter(Position = 1)]
[string]$Task = "all",
[string]$Task = "all",
[string]$Server = "",
[string]$BuildNumber = "",
[string]$GitBranch = "",
[switch]$Installer = $false
[string]$Server = "",
[string]$GitTag = "",
[string]$GitBranch = "",
[string]$GitSha1 = "",
[string]$GitSha1Short = "",
[bool] $CodeSign = $false,
[switch]$Installer = $false
)
if ($GitTag -eq "")
{
if ($GitBranch -eq $null)
{
$GitBranch = (git rev-parse --abbrev-ref HEAD)
}
if ($GitCommitSha1 -eq $null)
{
$GitCommitSha1 = (git rev-parse HEAD)
}
if ($GitCommitSha1Short -eq $null)
{
$GitCommitSha1Short = (git rev-parse --short HEAD)
}
}
# Setup
$ErrorActionPreference = "Stop"
$scriptsPath = Split-Path $Script:MyInvocation.MyCommand.Path
@ -26,19 +45,18 @@ $rootPath = Get-RootPath
function Do-PrepareSource()
{
Write-Host "Setting build #defines..." -ForegroundColor Cyan
if ($GitBranch -eq "")
{
$GitBranch = (git rev-parse --abbrev-ref HEAD)
}
$GitCommitSha1 = (git rev-parse HEAD)
$GitCommitSha1Short = (git rev-parse --short HEAD)
$defines = @{ }
$defines["OPENRCT2_BUILD_NUMBER"] = $BuildNumber;
$defines["OPENRCT2_BUILD_SERVER"] = $Server;
$defines["OPENRCT2_BRANCH"] = $GitBranch;
$defines["OPENRCT2_COMMIT_SHA1"] = $GitCommitSha1;
$defines["OPENRCT2_COMMIT_SHA1_SHORT"] = $GitCommitSha1Short;
$defines["OPENRCT2_BUILD_SERVER"] = $Server;
if ($GitTag -ne "")
{
$defines["OPENRCT2_BRANCH"] = $GitTag;
}
else
{
$defines["OPENRCT2_BRANCH"] = $GitBranch;
$defines["OPENRCT2_COMMIT_SHA1"] = $GitCommitSha1;
$defines["OPENRCT2_COMMIT_SHA1_SHORT"] = $GitCommitSha1Short;
}
$defineString = ""
foreach ($key in $defines.Keys) {
@ -51,6 +69,7 @@ function Do-PrepareSource()
# Set the environment variable which the msbuild project will use
$env:OPENRCT2_DEFINES = $defineString;
return 0
}
@ -59,7 +78,23 @@ function Do-Build()
{
Write-Host "Building OpenRCT2..." -ForegroundColor Cyan
& "$scriptsPath\build.ps1" all -Rebuild
return $LASTEXITCODE
if ($LASTEXITCODE -ne 0)
{
Write-Host "Failed to build OpenRCT2" -ForegroundColor Red
return 1
}
if ($CodeSign)
{
$releaseDir = "$rootPath\bin"
$exePath = "$releaseDir\openrct2.exe"
$dllPath = "$releaseDir\openrct2.dll"
if (-not (Sign-Binary($exePath))) { return 1 }
if (-not (Sign-Binary($dllPath))) { return 1 }
}
return 0
}
# Package
@ -98,7 +133,7 @@ function Do-Package()
return 1
}
}
& $7zcmd a -tzip -mx9 $outZip "$tempDir\*" | Write-Host
& $7zcmd a -tzip -mx9 $outZip "$tempDir\*" > $null
if ($LASTEXITCODE -ne 0)
{
Write-Host "Failed to create zip." -ForegroundColor Red
@ -120,8 +155,19 @@ function Do-Installer()
# Create artifacts directory
New-Item -Force -ItemType Directory $artifactsDir > $null
# Resolve version extension
$VersionExtra = ""
if ($GitTag -ne "")
{
$VersionExtra = "$GitTag"
}
else
{
$VersionExtra = "$GitBranch-$GitCommitSha1Short"
}
# Create installer
& "$installerDir\build.ps1" -BuildNumber $BuildNumber -GitBranch $GitBranch
& "$installerDir\build.ps1" -VersionExtra $VersionExtra
if ($LASTEXITCODE -ne 0)
{
Write-Host "Failed to create installer." -ForegroundColor Red
@ -139,7 +185,14 @@ function Do-Installer()
return 1
}
Move-Item $binaries[0].FullName $artifactsDir
$installerPath = $binaries[0].FullName
if ($CodeSign)
{
if (-not (Sign-Binary($installerPath))) { return 1 }
}
Move-Item -Force $installerPath "$artifactsDir\openrct2-install.exe"
return 0
}
@ -170,6 +223,47 @@ function Do-Task-All()
return 0
}
function Sign-Binary($binaryPath)
{
$pfxPath = "$rootPath\distribution\windows\code-sign-key-openrct2.org.pfx"
$pfxPassword = ${env:CODE-SIGN-KEY-OPENRCT2.ORG.PFX.PASSWORD}
$timestampUrl = "http://timestamp.comodoca.com/authenticode"
if (-not (Test-Path -PathType Leaf $pfxPath))
{
Write-Host "Unable to sign, code signature key was not found." -ForegroundColor Red
return 1
}
if ($pfxPassword -eq $null)
{
Write-Host "Unable to sign, %CODE-SIGN-KEY-OPENRCT2.ORG.PFX.PASSWORD% was not set." -ForegroundColor Red
return 1
}
# Resolve signtool path
$signtoolcmd = "signtool"
if (-not (AppExists($signtoolcmd)))
{
$signtoolcmd = "C:\Program Files (x86)\Microsoft SDKs\Windows\v7.1A\Bin\SignTool.exe"
if (-not (AppExists($signtoolcmd)))
{
Write-Host "Publish script requires signtool to be in PATH" -ForegroundColor Red
return 1
}
}
# Sign the binary
& $signtoolcmd sign /f $pfxPath /p $pfxPassword /t $timestampUrl $binaryPath
if ($LASTEXITCODE -ne 0)
{
Write-Host "Failed to sign binary." -ForegroundColor Red
return 1
}
return 0
}
# Script entry point
switch ($Task)
{