使用无密码保护的sign.pfx #299
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: PyInstaller Build & Release | |
| on: | |
| push: | |
| branches: | |
| - '*' | |
| jobs: | |
| clear-old-pre-release-and-create-new-pre-release: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Delete Release with Tag 'newest-build' | |
| run: | | |
| GITHUB_REPOSITORY="${{ github.repository }}" | |
| OWNER=$(echo $GITHUB_REPOSITORY | cut -d'/' -f1) | |
| REPO=$(echo $GITHUB_REPOSITORY | cut -d'/' -f2) | |
| # 删除预发布版本 | |
| LATEST_RELEASE_WITH_TAG=$(curl -s -H "Authorization: token ${{ secrets.GH_TOKEN }}" https://api.github.com/repos/$OWNER/$REPO/releases/tags/newest-build) | |
| if [ ! -z "$LATEST_RELEASE_WITH_TAG" ]; then | |
| RELEASE_ID=$(echo $LATEST_RELEASE_WITH_TAG | jq -r '.id') | |
| curl -X DELETE -H "Authorization: token ${{ secrets.GH_TOKEN }}" https://api.github.com/repos/$OWNER/$REPO/releases/$RELEASE_ID | |
| echo "Deleted the release with tag 'newest-build'" | |
| fi | |
| # 删除标签 | |
| TAG_DELETE_URL="https://api.github.com/repos/$OWNER/$REPO/git/refs/tags/newest-build" | |
| curl -X DELETE -H "Authorization: token ${{ secrets.GH_TOKEN }}" $TAG_DELETE_URL | |
| echo "Deleted the tag 'newest-build'" | |
| - name: Set Release Version | |
| id: set_version | |
| run: echo ::set-output name=VERSION::newest-build | |
| - name: Create Pre-Release | |
| id: create_release | |
| uses: actions/create-release@v1 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GH_TOKEN }} | |
| with: | |
| tag_name: newest-build | |
| release_name: 最新开发构建版本(自动创建的版本) | |
| body: "此预发布版本由Github Action自动构建。请注意,此版本为测试版,并不代表最终版本。" | |
| draft: false | |
| prerelease: true | |
| build-and-release-on-linux: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: '3.12' | |
| - name: Install dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install pyinstaller psutil pygame requests Pillow | |
| - name: Update Dev_Version in Suya_Downloader.py | |
| run: | | |
| cd $(pwd) | |
| SHORT_SHA="${GITHUB_SHA:0:8}" | |
| sed -i "s/^Dev_Version = .*/Dev_Version = \"$SHORT_SHA\"/" Suya_Downloader.py | |
| shell: bash | |
| - name: Update Dev_Version in Updater.py | |
| run: | | |
| cd $(pwd) | |
| SHORT_SHA="${GITHUB_SHA:0:8}" | |
| sed -i "s/^Dev_Version = .*/Dev_Version = \"$SHORT_SHA\"/" Updater.py | |
| shell: bash | |
| - name: Build Suya_Downloader with PyInstaller | |
| id: build-Suya_Downloader | |
| run: | | |
| pyinstaller --onefile --distpath=./dist Suya_Downloader.py | |
| - name: Build Updater with PyInstaller | |
| id: build-updater | |
| run: | | |
| pyinstaller --onefile --distpath=./dist Updater.py | |
| - name: Move needed files to dist | |
| run: | | |
| mv Resources-Downloader ./dist/ | |
| mv Resources-Server ./dist/ | |
| mv LICENSE-APACHE ./dist/ | |
| mv LICENSE-AGPL ./dist/ | |
| mv default_api_setting.json ./dist/ | |
| - name: Compress dist folder into app.zip | |
| run: | | |
| cd dist | |
| zip -r ../app.zip . | |
| cd .. | |
| - name: Upload assets to pre-release | |
| id: upload-assets-to-pre-release | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GH_TOKEN }} | |
| run: | | |
| # Extract the version number from Suya_Downloader.py | |
| Suya_Downloader_VERSION=$(python -c "import re; match = re.search(r'Suya_Downloader_Version\s*=\s*\"([^\"]+)\"', open('Suya_Downloader.py').read()); print(match.group(1) if match else 'UNKNOWN')") | |
| # Extract the version number from Updater.py | |
| UPDATER_VERSION=$(python -c "import re; match = re.search(r'Suya_Updater_Version\s*=\s*\"([^\"]+)\"', open('Updater.py').read()); print(match.group(1) if match else 'UNKNOWN')") | |
| # Extract the first 8 characters of the commit SHA | |
| COMMIT_SHA_SHORT=$(echo ${{ github.sha }} | cut -c1-8) | |
| # Build the file names | |
| Suya_Downloader_FILE_NAME=Suya_Downloader-linux-${Suya_Downloader_VERSION}-${COMMIT_SHA_SHORT} | |
| UPDATER_FILE_NAME=Updater-linux-${UPDATER_VERSION}-${COMMIT_SHA_SHORT} | |
| FULL_FILE_NAME=Suya-Downloader-FULL-linux-${Suya_Downloader_VERSION}-${UPDATER_VERSION}-${COMMIT_SHA_SHORT} | |
| # Rename the files | |
| mv ./dist/Suya_Downloader ./dist/${Suya_Downloader_FILE_NAME} | |
| mv ./dist/Updater ./dist/${UPDATER_FILE_NAME} | |
| mv ./app.zip ./${FULL_FILE_NAME}.zip | |
| # Upload the files | |
| gh release upload newest-build ./dist/${Suya_Downloader_FILE_NAME} | |
| gh release upload newest-build ./dist/${UPDATER_FILE_NAME} | |
| gh release upload newest-build ./${FULL_FILE_NAME}.zip | |
| build-and-release-on-windows: | |
| runs-on: windows-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Clone other repository | |
| run: | | |
| git clone https://${{ secrets.GH_TOKEN }}@github.com/Suisuroru/sign.git | |
| shell: cmd | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: '3.12' | |
| - name: Install dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install pyinstaller psutil pygame requests Pillow | |
| - name: Update Dev_Version in Suya_Downloader.py | |
| run: | | |
| $SHORT_SHA = "${{ github.sha }}".Substring(0,8) | |
| (Get-Content Suya_Downloader.py) | ForEach-Object { $_ -replace '^Dev_Version = .*$',"Dev_Version = ""$SHORT_SHA"""} | Set-Content Suya_Downloader.py | |
| shell: powershell | |
| - name: Update Dev_Version in Updater.py | |
| run: | | |
| $SHORT_SHA = "${{ github.sha }}".Substring(0,8) | |
| (Get-Content Updater.py) | ForEach-Object { $_ -replace '^Dev_Version = .*$',"Dev_Version = ""$SHORT_SHA"""} | Set-Content Updater.py | |
| shell: powershell | |
| - name: Build Suya_Downloader with PyInstaller | |
| id: build-Suya_Downloader | |
| run: | | |
| # Build the executable | |
| pyinstaller -F -w -i ./Resources-Downloader/Pictures/Suya.ico --distpath=./dist Suya_Downloader.py | |
| - name: Build Updater with PyInstaller | |
| id: build-updater | |
| run: | | |
| # Build the executable | |
| pyinstaller -F -w -i ./Resources-Downloader/Pictures/Suya.ico --distpath=./dist Updater.py | |
| - name: Read signing key from secrets | |
| id: read-sign-key | |
| run: | | |
| $Env:SIGN_KEY = "${{ secrets.SIGN_KEY }}" | |
| echo "SIGN_KEY=$Env:SIGN_KEY" >> $env:GITHUB_ENV | |
| shell: powershell | |
| - name: Verify certificate and private key files exist | |
| run: | | |
| if not exist "%GITHUB_WORKSPACE%\sign\root.cer" ( | |
| echo "Warning: Certificate file 'root.cer' not found. Skipping signing." | |
| exit 0 | |
| ) | |
| if not exist "%GITHUB_WORKSPACE%\sign\root.pvk" ( | |
| echo "Warning: Private key file 'root.pvk' not found. Skipping signing." | |
| exit 0 | |
| ) | |
| shell: cmd | |
| - name: Install certificate | |
| run: | | |
| $CERTIFICATE_PATH = Join-Path $env:GITHUB_WORKSPACE 'sign\root.cer' | |
| $PRIVATE_KEY_PATH = Join-Path $env:GITHUB_WORKSPACE 'sign\root.pvk' | |
| if (Test-Path $CERTIFICATE_PATH) { | |
| Import-Certificate -FilePath $CERTIFICATE_PATH -CertStoreLocation Cert:\CurrentUser\My | |
| } else { | |
| Write-Host "Error: Certificate file 'root.cer' not found." | |
| exit 1 | |
| } | |
| # Assuming root.pvk is a private key file, you might need to handle it differently | |
| if (Test-Path $PRIVATE_KEY_PATH) { | |
| # Example of handling a private key file (this part depends on how you manage the private key) | |
| # This is just a placeholder and should be replaced with actual logic to import the private key | |
| Write-Host "Handling private key file..." | |
| } else { | |
| Write-Host "Error: Private key file 'root.pvk' not found." | |
| exit 1 | |
| } | |
| shell: powershell | |
| - name: Sign Suya_Downloader executable | |
| run: | | |
| $SIGN_TOOL_PATH = Join-Path $env:GITHUB_WORKSPACE 'sign\signtool.exe' | |
| $PFX_PATH = Join-Path $env:GITHUB_WORKSPACE 'sign\sign.pfx' | |
| Write-Host "PFX Path: $PFX_PATH" | |
| & $SIGN_TOOL_PATH sign /f $PFX_PATH /p "" /n "MY" /v /d "Suya Downloader" /tr http://timestamp.digicert.com /td SHA256 (Join-Path $env:GITHUB_WORKSPACE 'dist\Suya_Downloader.exe') | |
| shell: powershell | |
| - name: Sign Updater executable | |
| run: | | |
| $SIGN_TOOL_PATH = Join-Path $env:GITHUB_WORKSPACE 'sign\signtool.exe' | |
| $PFX_PATH = Join-Path $env:GITHUB_WORKSPACE 'sign\sign.pfx' | |
| Write-Host "PFX Path: $PFX_PATH" | |
| & $SIGN_TOOL_PATH sign /f $PFX_PATH /p "" /n "MY" /v /d "Updater" /tr http://timestamp.digicert.com /td SHA256 (Join-Path $env:GITHUB_WORKSPACE 'dist\Updater.exe') | |
| shell: powershell | |
| - name: Zip the dist directory | |
| run: | | |
| # Navigate to the dist directory | |
| cd ./dist | |
| # Use 7z to create a zip archive of all files in the current directory | |
| 7z a -tzip ../app.zip * | |
| # Return to the root directory | |
| cd .. | |
| shell: cmd | |
| - name: Set short commit SHA as environment variable | |
| run: | | |
| $Env:SHA_SHORT = "${{ github.sha }}".Substring(0,8) | |
| echo "SHA_SHORT=$Env:SHA_SHORT" >> $env:GITHUB_ENV | |
| shell: powershell | |
| - name: Extract Suya_Downloader version | |
| id: extract_Suya_Downloader_version | |
| run: | | |
| $content = Get-Content .\Suya_Downloader.py | |
| foreach ($line in $content) { | |
| if ($line.StartsWith("Suya_Downloader_Version")) { | |
| $version = $line.Split('=')[1].Trim().Trim('"') | |
| Write-Host "Suya_Downloader version: $version" | |
| echo "Suya_Downloader_VERSION=$version" >> $env:GITHUB_ENV | |
| break | |
| } | |
| } | |
| shell: powershell | |
| - name: Extract Updater version | |
| id: extract_updater_version | |
| run: | | |
| $content = Get-Content .\Updater.py | |
| foreach ($line in $content) { | |
| if ($line.StartsWith("Suya_Updater_Version")) { | |
| $version = $line.Split('=')[1].Trim().Trim('"') | |
| Write-Host "Updater version: $version" | |
| echo "UPDATER_VERSION=$version" >> $env:GITHUB_ENV | |
| break | |
| } | |
| } | |
| shell: powershell | |
| - name: Rename Suya_Downloader and Updater Executables | |
| run: | | |
| set Suya_Downloader_FILE_NAME=Suya_Downloader-windows-%Suya_Downloader_VERSION%-%SHA_SHORT%.exe | |
| set UPDATER_FILE_NAME=Updater-windows-%UPDATER_VERSION%-%SHA_SHORT%.exe | |
| set FULL_FILE_NAME=Suya-Downloader-FULL-windows-%Suya_Downloader_VERSION%-%UPDATER_VERSION%-%SHA_SHORT%.zip | |
| cd dist | |
| ren Suya_Downloader.exe %Suya_Downloader_FILE_NAME% | |
| ren Updater.exe %UPDATER_FILE_NAME% | |
| cd .. | |
| ren app.zip %FULL_FILE_NAME% | |
| shell: cmd | |
| - name: Upload assets to latest pre-release | |
| id: upload-assets-to-pre-release | |
| env: | |
| GH_TOKEN: ${{ secrets.GH_TOKEN }} | |
| run: | | |
| # Build the file names | |
| $Suya_Downloader_FILE_NAME="Suya_Downloader-windows-${env:Suya_Downloader_VERSION}-${env:SHA_SHORT}.exe" | |
| $UPDATER_FILE_NAME="Updater-windows-${env:UPDATER_VERSION}-${env:SHA_SHORT}.exe" | |
| $FULL_FILE_NAME="Suya-Downloader-FULL-windows-${env:Suya_Downloader_VERSION}-${env:UPDATER_VERSION}-${env:SHA_SHORT}" | |
| # Upload the files | |
| gh release upload newest-build ./dist/${Suya_Downloader_FILE_NAME} | |
| gh release upload newest-build ./dist/${UPDATER_FILE_NAME} | |
| gh release upload newest-build ./${FULL_FILE_NAME}.zip | |
| build-and-release-on-macos: | |
| runs-on: macos-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: '3.12' | |
| - name: Install dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install pyinstaller psutil pygame requests Pillow | |
| - name: Update Dev_Version in Suya_Downloader.py | |
| run: | | |
| SHORT_SHA="${GITHUB_SHA:0:8}" | |
| sed -i '' "s/^Dev_Version = .*/Dev_Version = \"$SHORT_SHA\"/" Suya_Downloader.py | |
| shell: bash | |
| - name: Update Dev_Version in Updater.py | |
| run: | | |
| SHORT_SHA="${GITHUB_SHA:0:8}" | |
| sed -i '' "s/^Dev_Version = .*/Dev_Version = \"$SHORT_SHA\"/" Updater.py | |
| shell: bash | |
| - name: Build Suya_Downloader with PyInstaller | |
| id: build-Suya_Downloader | |
| run: | | |
| # Build the macOS app bundle | |
| pyinstaller --onefile --windowed --distpath=./dist Suya_Downloader.py | |
| - name: Build Updater with PyInstaller | |
| id: build-updater | |
| run: | | |
| # Build the macOS app bundle | |
| pyinstaller --onefile --windowed --distpath=./dist Updater.py | |
| - name: Move needed files to dist | |
| run: | | |
| mv ./Resources-Downloader ./dist/Resources-Downloader | |
| mv ./Resources-Server ./dist/Resources-Server | |
| mv ./LICENSE-APACHE ./dist/LICENSE-APACHE | |
| mv ./LICENSE-AGPL ./dist/LICENSE-AGPL | |
| mv ./default_api_setting.json ./dist/default_api_setting.json | |
| - name: Package dist files into a zip archive | |
| run: | | |
| # Navigate to the dist directory | |
| cd dist | |
| # Create a zip archive of the contents in the dist directory | |
| zip -r ../app.zip . | |
| - name: Package Suya_Downloader.app into a zip archive | |
| id: package-Suya_Downloader | |
| run: | # Navigate to the dist directory | |
| cd ./dist | |
| # Create a zip archive for Suya_Downloader.app | |
| zip -r ../Suya_Downloader.zip Suya_Downloader.app | |
| - name: Package Updater.app into a zip archive | |
| id: package-updater | |
| run: | # Navigate to the dist directory | |
| cd ./dist | |
| # Create a zip archive for Updater.app | |
| zip -r ../Updater.zip Updater.app | |
| - name: Extract Suya_Downloader version | |
| id: extract_Suya_Downloader_version | |
| run: | | |
| VERSION=$(python -c "import re; match = re.search(r'Suya_Downloader_Version\s*=\s*\"([^\"]+)\"', open('Suya_Downloader.py').read()); print(match.group(1) if match else 'UNKNOWN')") | |
| echo "Suya_Downloader_VERSION=$VERSION" >> $GITHUB_ENV | |
| shell: bash | |
| - name: Extract Updater version | |
| id: extract_updater_version | |
| run: | | |
| VERSION=$(python -c "import re; match = re.search(r'Suya_Updater_Version\s*=\s*\"([^\"]+)\"', open('Updater.py').read()); print(match.group(1) if match else 'UNKNOWN')") | |
| echo "UPDATER_VERSION=$VERSION" >> $GITHUB_ENV | |
| shell: bash | |
| - name: Set short commit SHA as environment variable | |
| run: | | |
| SHORT_SHA="${GITHUB_SHA::8}" | |
| echo "SHORT_SHA=${SHORT_SHA}" >> $GITHUB_ENV | |
| - name: Upload assets to pre-release | |
| id: upload-assets-to-pre-release | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GH_TOKEN }} | |
| run: | | |
| # Build the file names | |
| Suya_Downloader_FILE_NAME=Suya_Downloader-macos-${Suya_Downloader_VERSION}-${SHORT_SHA} | |
| UPDATER_FILE_NAME=Updater-macos-${UPDATER_VERSION}-${SHORT_SHA} | |
| FULL_FILE_NAME=Suya-Downloader-FULL-macos-${Suya_Downloader_VERSION}-${UPDATER_VERSION}-${SHORT_SHA}.zip | |
| # Rename the files | |
| mv "./Suya_Downloader.zip" "./${Suya_Downloader_FILE_NAME}.zip" | |
| mv "./Updater.zip" "./${UPDATER_FILE_NAME}.zip" | |
| mv "./app.zip" "./${FULL_FILE_NAME}" | |
| # Upload the files | |
| gh release upload newest-build "./${Suya_Downloader_FILE_NAME}.zip" | |
| gh release upload newest-build "./${UPDATER_FILE_NAME}.zip" | |
| gh release upload newest-build "./${FULL_FILE_NAME}" |