mirror of https://github.com/OpenRCT2/OpenRCT2.git
Merge pull request #2923 from OpenRCT2/test-sign-push
Sign and push AppVeyor builds to OpenRCT2.org
This commit is contained in:
commit
45a5af5610
28
appveyor.yml
28
appveyor.yml
|
@ -1,12 +1,30 @@
|
|||
version: 0.0.4.{build}
|
||||
os: Previous Visual Studio 2015
|
||||
os: Visual Studio 2015
|
||||
environment:
|
||||
ENCKEY:
|
||||
secure: saYAIpqXzpq0U+JH+MNi/isRQ6Y51PZhm4BrnePDiAPptFO5htxFOLegrYqxdy67
|
||||
CODE-SIGN-KEY-OPENRCT2.ORG.PFX.PASSWORD:
|
||||
secure: bzYmf0ElxisSGyZnIjUOYQ==
|
||||
OPENRCT2.ORG_TOKEN:
|
||||
secure: leQX3xCQpmBLGuMqrxjFlzexDt96ypNRMM5TTRVHbGE8PwVg9crgeykLc2BIZU6HDHveJCHqh2cGMdHtHYJYcw==
|
||||
install:
|
||||
- cmd: >-
|
||||
IF DEFINED ENCKEY ( nuget install secure-file -ExcludeVersion && secure-file\tools\secure-file -decrypt distribution\windows\code-sign-key-openrct2.org.pfx.enc -secret %ENCKEY% )
|
||||
|
||||
cinst nsis.portable -pre > nul
|
||||
- ps: >-
|
||||
curl "http://nsis.sourceforge.net/mediawiki/images/5/53/KillProcDll%26FindProcDll.zip" -OutFile nsisxtra.zip
|
||||
|
||||
7z x nsisxtra.zip > $null
|
||||
|
||||
cp FindProcDLL.dll "C:\ProgramData\chocolatey\lib\nsis.portable\tools\nsis-3.0b1\Plugins\x86-ansi"
|
||||
build_script:
|
||||
- ps: >-
|
||||
.\setenv.ps1
|
||||
|
||||
install
|
||||
|
||||
publish -Server AppVeyor -BuildNumber $env:APPVEYOR_BUILD_NUMBER -GitBranch $env:APPVEYOR_REPO_BRANCH
|
||||
appveyor_run
|
||||
artifacts:
|
||||
- path: .\artifacts\openrct2.zip
|
||||
name: OpenRCT2
|
||||
name: OpenRCT2-portable
|
||||
- path: .\artifacts\*.exe
|
||||
name: OpenRCT2-installer
|
||||
|
|
|
@ -1,9 +1,11 @@
|
|||
param (
|
||||
[Parameter(Position = 1)]
|
||||
[string]$BuildNumber = "",
|
||||
[string]$GitBranch = ""
|
||||
[string]$VersionExtra = ""
|
||||
)
|
||||
|
||||
$path = Split-Path $Script:MyInvocation.MyCommand.Path
|
||||
Write-Host "Building Windows Installer (NSIS script)";
|
||||
makensis /DAPPV_BUILD=$BuildNumber /DAPPV_EXTRA=-$GitBranch-b$BuildNumber /DVERSION_INCLUDE=$path\win32.txt $path\install.nsi > $path\win32.log;
|
||||
Write-Host " $VersionExtra";
|
||||
makensis /DAPPV_EXTRA=-$VersionExtra `
|
||||
/DVERSION_INCLUDE=$path\win32.txt `
|
||||
$path\install.nsi > $path\win32.log;
|
||||
|
|
Binary file not shown.
|
@ -461,7 +461,9 @@ Function .onInit
|
|||
; Starts Setup - let's look for an older version of OpenRCT2
|
||||
ReadRegStr $R8 HKLM "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OpenRCT2" "Version"
|
||||
|
||||
IfErrors ShowWelcomeMessage ShowUpgradeMessage
|
||||
; Skip upgrade checking for now
|
||||
;IfErrors ShowWelcomeMessage ShowUpgradeMessage
|
||||
Goto ShowWelcomeMessage
|
||||
ShowWelcomeMessage:
|
||||
ReadRegStr $R8 HKLM "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OpenRCT2" "Version"
|
||||
IfErrors FinishCallback
|
||||
|
@ -488,6 +490,8 @@ DoUninstall: ; You have the same version as this installer. This allows you to
|
|||
Quit
|
||||
|
||||
InstallerIsOlder:
|
||||
; A newer version was found. Let's let the user know there's an downgrade that will take place.
|
||||
ReadRegStr $OLDVERSION HKEY_LOCAL_MACHINE "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OpenRCT2" "DisplayVersion"
|
||||
;MessageBox MB_OK|MB_ICONSTOP \
|
||||
; "You have a newer version of ${APPNAME}.$\nSetup will now exit."
|
||||
;Quit
|
||||
|
|
|
@ -0,0 +1,130 @@
|
|||
#########################################################
|
||||
# Script to build OpenRCT2 on AppVeyor
|
||||
#########################################################
|
||||
|
||||
function Push-Build($file, $name, $version, $flavourId)
|
||||
{
|
||||
curl.exe -s -o - `
|
||||
--form "key=${env:OPENRCT2.ORG_TOKEN}" `
|
||||
--form "fileName=$name" `
|
||||
--form "version=$version" `
|
||||
--form "gitHash=${env:APPVEYOR_REPO_COMMIT}" `
|
||||
--form "gitBranch=${env:APPVEYOR_REPO_BRANCH}" `
|
||||
--form "flavourId=$flavourId" `
|
||||
--form "file=@$file" `
|
||||
"https://openrct2.org/altapi/?command=push-build"
|
||||
}
|
||||
|
||||
$server = "AppVeyor"
|
||||
|
||||
# Provide a short commit SHA1 too
|
||||
${env:APPVEYOR_REPO_COMMIT_SHORT} = (${env:APPVEYOR_REPO_COMMIT}).Substring(0, 7)
|
||||
|
||||
# Current version
|
||||
$version = "0.0.4.0"
|
||||
|
||||
# Tagged builds will hide branch and commit SHA1
|
||||
$tag = $null
|
||||
if (${env:APPVEYOR_REPO_TAG} -ne $null)
|
||||
{
|
||||
$tag = ${env:APPVEYOR_REPO_TAG_NAME}
|
||||
}
|
||||
|
||||
# Enable code signing if password environment variable is set
|
||||
$codeSign = $false
|
||||
if (${env:CODE-SIGN-KEY-OPENRCT2.ORG.PFX.PASSWORD} -ne $null)
|
||||
{
|
||||
$codeSign = $true
|
||||
}
|
||||
|
||||
# Enable pushing builds to OpenRCT2.org if token environment variable is set
|
||||
$pushBuilds = $false
|
||||
$installer = $false
|
||||
if (${env:OPENRCT2.ORG_TOKEN} -ne $null)
|
||||
{
|
||||
$pushBuilds = $true
|
||||
$installer = $true
|
||||
}
|
||||
|
||||
# Write out summary of the build
|
||||
Write-Host "AppVeyor CI Build" -ForegroundColor Green
|
||||
if ($tag -ne $null)
|
||||
{
|
||||
Write-Host " $version-$tag" -ForegroundColor Green
|
||||
}
|
||||
else
|
||||
{
|
||||
Write-Host " $version-$env:APPVEYOR_REPO_BRANCH-$env:APPVEYOR_REPO_COMMIT_SHORT" -ForegroundColor Green
|
||||
}
|
||||
Write-Host " Signed: $codeSign" -ForegroundColor Green
|
||||
Write-Host " Push : $pushBuilds" -ForegroundColor Green
|
||||
|
||||
# Install dependencies
|
||||
install -Quiet
|
||||
|
||||
# Build OpenRCT2
|
||||
publish build `
|
||||
-Server $server `
|
||||
-GitTag $tag `
|
||||
-GitBranch $env:APPVEYOR_REPO_BRANCH `
|
||||
-GitSha1 $env:APPVEYOR_REPO_COMMIT `
|
||||
-GitSha1Short $env:APPVEYOR_REPO_COMMIT_SHORT `
|
||||
-CodeSign $codeSign
|
||||
|
||||
if ($LASTEXITCODE -ne 0)
|
||||
{
|
||||
exit 1
|
||||
}
|
||||
|
||||
# Create a Portable ZIP
|
||||
publish package `
|
||||
-Server $server `
|
||||
-GitTag $tag `
|
||||
-GitBranch $env:APPVEYOR_REPO_BRANCH `
|
||||
-GitSha1 $env:APPVEYOR_REPO_COMMIT `
|
||||
-GitSha1Short $env:APPVEYOR_REPO_COMMIT_SHORT `
|
||||
-CodeSign $codeSign
|
||||
|
||||
# Create an Installer
|
||||
if ($installer)
|
||||
{
|
||||
publish package `
|
||||
-Installer `
|
||||
-Server $server `
|
||||
-GitTag $tag `
|
||||
-GitBranch $env:APPVEYOR_REPO_BRANCH `
|
||||
-GitSha1 $env:APPVEYOR_REPO_COMMIT `
|
||||
-GitSha1Short $env:APPVEYOR_REPO_COMMIT_SHORT `
|
||||
-CodeSign $codeSign
|
||||
}
|
||||
|
||||
if ($pushBuilds)
|
||||
{
|
||||
$versionExtension = ""
|
||||
if ($tag -ne $null)
|
||||
{
|
||||
$versionExtension = "-$tag"
|
||||
}
|
||||
else
|
||||
{
|
||||
$versionExtension = "-${env:APPVEYOR_REPO_BRANCH}-${env:APPVEYOR_REPO_COMMIT_SHORT}"
|
||||
}
|
||||
$pushFileName = "OpenRCT2-${version}${versionExtension}-windows"
|
||||
|
||||
# Push portable zip
|
||||
Write-Host "Sending portable zip to OpenRCT2.org" -ForegroundColor Cyan
|
||||
Push-Build -file ".\artifacts\openrct2.zip" `
|
||||
-name "$pushFileName.zip" `
|
||||
-version $version `
|
||||
-flavourId 1
|
||||
|
||||
# Push installer
|
||||
if ($installer)
|
||||
{
|
||||
Write-Host "Sending installer to OpenRCT2.org" -ForegroundColor Cyan
|
||||
Push-Build -file ".\artifacts\openrct2-install.exe" `
|
||||
-name "$pushFileName.exe" `
|
||||
-version $version `
|
||||
-flavourId 2
|
||||
}
|
||||
}
|
|
@ -9,11 +9,30 @@ param (
|
|||
[string]$Task = "all",
|
||||
|
||||
[string]$Server = "",
|
||||
[string]$BuildNumber = "",
|
||||
[string]$GitTag = "",
|
||||
[string]$GitBranch = "",
|
||||
[string]$GitSha1 = "",
|
||||
[string]$GitSha1Short = "",
|
||||
[bool] $CodeSign = $false,
|
||||
[switch]$Installer = $false
|
||||
)
|
||||
|
||||
if ($GitTag -eq "")
|
||||
{
|
||||
if ($GitBranch -eq $null)
|
||||
{
|
||||
$GitBranch = (git rev-parse --abbrev-ref HEAD)
|
||||
}
|
||||
if ($GitCommitSha1 -eq $null)
|
||||
{
|
||||
$GitCommitSha1 = (git rev-parse HEAD)
|
||||
}
|
||||
if ($GitCommitSha1Short -eq $null)
|
||||
{
|
||||
$GitCommitSha1Short = (git rev-parse --short HEAD)
|
||||
}
|
||||
}
|
||||
|
||||
# Setup
|
||||
$ErrorActionPreference = "Stop"
|
||||
$scriptsPath = Split-Path $Script:MyInvocation.MyCommand.Path
|
||||
|
@ -26,19 +45,18 @@ $rootPath = Get-RootPath
|
|||
function Do-PrepareSource()
|
||||
{
|
||||
Write-Host "Setting build #defines..." -ForegroundColor Cyan
|
||||
if ($GitBranch -eq "")
|
||||
{
|
||||
$GitBranch = (git rev-parse --abbrev-ref HEAD)
|
||||
}
|
||||
$GitCommitSha1 = (git rev-parse HEAD)
|
||||
$GitCommitSha1Short = (git rev-parse --short HEAD)
|
||||
|
||||
$defines = @{ }
|
||||
$defines["OPENRCT2_BUILD_NUMBER"] = $BuildNumber;
|
||||
$defines["OPENRCT2_BUILD_SERVER"] = $Server;
|
||||
if ($GitTag -ne "")
|
||||
{
|
||||
$defines["OPENRCT2_BRANCH"] = $GitTag;
|
||||
}
|
||||
else
|
||||
{
|
||||
$defines["OPENRCT2_BRANCH"] = $GitBranch;
|
||||
$defines["OPENRCT2_COMMIT_SHA1"] = $GitCommitSha1;
|
||||
$defines["OPENRCT2_COMMIT_SHA1_SHORT"] = $GitCommitSha1Short;
|
||||
}
|
||||
|
||||
$defineString = ""
|
||||
foreach ($key in $defines.Keys) {
|
||||
|
@ -51,6 +69,7 @@ function Do-PrepareSource()
|
|||
|
||||
# Set the environment variable which the msbuild project will use
|
||||
$env:OPENRCT2_DEFINES = $defineString;
|
||||
|
||||
return 0
|
||||
}
|
||||
|
||||
|
@ -59,7 +78,23 @@ function Do-Build()
|
|||
{
|
||||
Write-Host "Building OpenRCT2..." -ForegroundColor Cyan
|
||||
& "$scriptsPath\build.ps1" all -Rebuild
|
||||
return $LASTEXITCODE
|
||||
if ($LASTEXITCODE -ne 0)
|
||||
{
|
||||
Write-Host "Failed to build OpenRCT2" -ForegroundColor Red
|
||||
return 1
|
||||
}
|
||||
|
||||
if ($CodeSign)
|
||||
{
|
||||
$releaseDir = "$rootPath\bin"
|
||||
$exePath = "$releaseDir\openrct2.exe"
|
||||
$dllPath = "$releaseDir\openrct2.dll"
|
||||
|
||||
if (-not (Sign-Binary($exePath))) { return 1 }
|
||||
if (-not (Sign-Binary($dllPath))) { return 1 }
|
||||
}
|
||||
|
||||
return 0
|
||||
}
|
||||
|
||||
# Package
|
||||
|
@ -98,7 +133,7 @@ function Do-Package()
|
|||
return 1
|
||||
}
|
||||
}
|
||||
& $7zcmd a -tzip -mx9 $outZip "$tempDir\*" | Write-Host
|
||||
& $7zcmd a -tzip -mx9 $outZip "$tempDir\*" > $null
|
||||
if ($LASTEXITCODE -ne 0)
|
||||
{
|
||||
Write-Host "Failed to create zip." -ForegroundColor Red
|
||||
|
@ -120,8 +155,19 @@ function Do-Installer()
|
|||
# Create artifacts directory
|
||||
New-Item -Force -ItemType Directory $artifactsDir > $null
|
||||
|
||||
# Resolve version extension
|
||||
$VersionExtra = ""
|
||||
if ($GitTag -ne "")
|
||||
{
|
||||
$VersionExtra = "$GitTag"
|
||||
}
|
||||
else
|
||||
{
|
||||
$VersionExtra = "$GitBranch-$GitCommitSha1Short"
|
||||
}
|
||||
|
||||
# Create installer
|
||||
& "$installerDir\build.ps1" -BuildNumber $BuildNumber -GitBranch $GitBranch
|
||||
& "$installerDir\build.ps1" -VersionExtra $VersionExtra
|
||||
if ($LASTEXITCODE -ne 0)
|
||||
{
|
||||
Write-Host "Failed to create installer." -ForegroundColor Red
|
||||
|
@ -139,7 +185,14 @@ function Do-Installer()
|
|||
return 1
|
||||
}
|
||||
|
||||
Move-Item $binaries[0].FullName $artifactsDir
|
||||
$installerPath = $binaries[0].FullName
|
||||
|
||||
if ($CodeSign)
|
||||
{
|
||||
if (-not (Sign-Binary($installerPath))) { return 1 }
|
||||
}
|
||||
|
||||
Move-Item -Force $installerPath "$artifactsDir\openrct2-install.exe"
|
||||
return 0
|
||||
}
|
||||
|
||||
|
@ -170,6 +223,47 @@ function Do-Task-All()
|
|||
return 0
|
||||
}
|
||||
|
||||
function Sign-Binary($binaryPath)
|
||||
{
|
||||
$pfxPath = "$rootPath\distribution\windows\code-sign-key-openrct2.org.pfx"
|
||||
$pfxPassword = ${env:CODE-SIGN-KEY-OPENRCT2.ORG.PFX.PASSWORD}
|
||||
$timestampUrl = "http://timestamp.comodoca.com/authenticode"
|
||||
|
||||
if (-not (Test-Path -PathType Leaf $pfxPath))
|
||||
{
|
||||
Write-Host "Unable to sign, code signature key was not found." -ForegroundColor Red
|
||||
return 1
|
||||
}
|
||||
|
||||
if ($pfxPassword -eq $null)
|
||||
{
|
||||
Write-Host "Unable to sign, %CODE-SIGN-KEY-OPENRCT2.ORG.PFX.PASSWORD% was not set." -ForegroundColor Red
|
||||
return 1
|
||||
}
|
||||
|
||||
# Resolve signtool path
|
||||
$signtoolcmd = "signtool"
|
||||
if (-not (AppExists($signtoolcmd)))
|
||||
{
|
||||
$signtoolcmd = "C:\Program Files (x86)\Microsoft SDKs\Windows\v7.1A\Bin\SignTool.exe"
|
||||
if (-not (AppExists($signtoolcmd)))
|
||||
{
|
||||
Write-Host "Publish script requires signtool to be in PATH" -ForegroundColor Red
|
||||
return 1
|
||||
}
|
||||
}
|
||||
|
||||
# Sign the binary
|
||||
& $signtoolcmd sign /f $pfxPath /p $pfxPassword /t $timestampUrl $binaryPath
|
||||
if ($LASTEXITCODE -ne 0)
|
||||
{
|
||||
Write-Host "Failed to sign binary." -ForegroundColor Red
|
||||
return 1
|
||||
}
|
||||
|
||||
return 0
|
||||
}
|
||||
|
||||
# Script entry point
|
||||
switch ($Task)
|
||||
{
|
||||
|
|
Loading…
Reference in New Issue