From 37d79e96a171a7e86e9995b00ac9878a029a83f2 Mon Sep 17 00:00:00 2001 From: askmeaboutloom Date: Thu, 17 Oct 2024 22:02:04 +0200 Subject: [PATCH] WIP: SignPath signing test --- .github/workflows/main.yml | 562 +++++++++++++++++++++---------------- README.md | 2 + 2 files changed, 318 insertions(+), 246 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index b68d75f2a4..d41b1dc2bb 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -43,206 +43,211 @@ jobs: # There's ways to deduplicate these includes, but any mistake causes # utterly confounding errors, so just explicitly specify each target. include: - - os: ubuntu-20.04 - cross_os: '' - component: '' - qt: 5.15.14 - arch: x86_64 - sccache_triplet: x86_64-unknown-linux-musl - build_flags: -DINITSYS=systemd -DBUILD_PACKAGE_SUFFIX=x86_64 -G Ninja - build_type: Release - collect_symbols: false - # This causes the AppImage to be generated, instead of just creating - # the portable tree, because there seems to be no way to separate - # these steps with linuxdeploy - # Even though the svg component is linked explicitly, - # linuxdeploy-plugin-qt does not seem to notice and so does not - # export the iconengine if it is not told that we really, really - # want svg plugins please - packager: >- - EXTRA_QT_PLUGINS="svg;" - VERSION="${{ startsWith(github.ref, 'refs/tags/') && github.ref_name || '$(git describe)' }}" - cmake --install build --config Release - # The runner has multiple clang versions installed and CMake/Qt gets - # confused about which one to pick for some reason, so this also - # sets Clang_ROOT during the Qt build - qt_pre_build: > - sudo apt-get update && - sudo apt-get install --no-install-recommends - libatspi2.0-dev libmtdev-dev libts-dev libgtk-3-dev - libgl1-mesa-dev libglu1-mesa-dev libxi-dev libdrm-dev - libgbm-dev libgl-dev libgles-dev libegl-dev libegl1-mesa-dev - libxext-dev libxfixes-dev libxrender-dev libx11-dev - libxcb1-dev libx11-xcb-dev libxcb-glx0-dev libxcb-util0-dev - libxkbcommon-dev libxkbcommon-x11-dev libxcb-keysyms1-dev - libxcb-image0-dev libxcb-shm0-dev libxcb-icccm4-dev - libxcb-sync-dev libxcb-xfixes0-dev libxcb-shape0-dev - libxcb-randr0-dev libxcb-render0-dev libxcb-render-util0-dev - libxcb-util-dev libinput-dev libvulkan-dev - libxcb-xinerama0-dev libxcb-xkb-dev libxcb-xinput-dev libclang-12-dev - libasound2-dev libpulse-dev libcups2-dev libssl-dev - libfontconfig1-dev && - echo "Clang_ROOT=/usr/lib/llvm-12" >> $GITHUB_ENV - ffmpeg_pre_build: > - sudo apt-get update && - sudo apt-get install --no-install-recommends - nasm yasm - other_pre_build: > - sudo apt-get update && - sudo apt-get install --no-install-recommends - libsecret-1-dev - - - os: ubuntu-20.04 - cross_os: Android - component: '' - qt: 5.15.14 - arch: arm64 - sccache_triplet: x86_64-unknown-linux-musl - build_type: Release - collect_symbols: false - packager: cmake --install build --config Release --prefix . - cross_qt_args: >- - "-DANDROID_SDK_ROOT=$ANDROID_SDK_ROOT" - "-DANDROID_NDK_ROOT=$ANDROID_NDK_ROOT" - "-DANDROID_PLATFORM=$ANDROID_PLATFORM" - -DANDROID_ABI=arm64-v8a - cross_ffmpeg_args: >- - "-DCMAKE_TOOLCHAIN_FILE=$ANDROID_NDK_TOOLCHAIN_FILE" - "-DANDROID_SDK_ROOT=$ANDROID_SDK_ROOT" - "-DANDROID_NDK_ROOT=$ANDROID_NDK_ROOT" - "-DANDROID_PLATFORM=$ANDROID_PLATFORM" - -DANDROID_ABI=arm64-v8a - cross_other_args: >- - "-DCMAKE_TOOLCHAIN_FILE=$ANDROID_NDK_TOOLCHAIN_FILE" - "-DANDROID_SDK_ROOT=$ANDROID_SDK_ROOT" - "-DANDROID_NDK_ROOT=$ANDROID_NDK_ROOT" - "-DANDROID_PLATFORM=$ANDROID_PLATFORM" - -DANDROID_ABI=arm64-v8a - build_flags: >- - "-DCMAKE_TOOLCHAIN_FILE=$ANDROID_NDK_TOOLCHAIN_FILE" - "-DANDROID_PLATFORM=$ANDROID_PLATFORM" - "-DANDROID_TARGET_SDK_VERSION=$ANDROID_TARGET_SDK_VERSION" - "-DANDROID_SDK_BUILD_TOOLS_REVISION=$ANDROID_BUILD_TOOLS_VERSION" - -DANDROID_ABI=arm64-v8a - -DCMAKE_FIND_ROOT_PATH_MODE_PACKAGE=on - -DCMAKE_FIND_ROOT_PATH_MODE_INCLUDE=BOTH - -DCMAKE_FIND_ROOT_PATH_MODE_LIBRARY=BOTH - -DCMAKE_FIND_ROOT_PATH_MODE_PROGRAM=BOTH - # The runner has multiple clang versions installed and CMake/Qt gets - # confused about which one to pick for some reason, so this also - # sets Clang_ROOT during the Qt build - qt_pre_build: > - sudo apt-get update && - sudo apt-get install --no-install-recommends - libatspi2.0-dev libmtdev-dev libts-dev libgtk-3-dev - libgl1-mesa-dev libglu1-mesa-dev libxi-dev libdrm-dev - libgbm-dev libgl-dev libgles-dev libegl-dev libegl1-mesa-dev - libxext-dev libxfixes-dev libxrender-dev libx11-dev - libxcb1-dev libx11-xcb-dev libxcb-glx0-dev libxcb-util0-dev - libxkbcommon-dev libxkbcommon-x11-dev libxcb-keysyms1-dev - libxcb-image0-dev libxcb-shm0-dev libxcb-icccm4-dev - libxcb-sync-dev libxcb-xfixes0-dev libxcb-shape0-dev - libxcb-randr0-dev libxcb-render0-dev libxcb-render-util0-dev - libxcb-util-dev libinput-dev libvulkan-dev - libxcb-xinerama0-dev libxcb-xkb-dev libxcb-xinput-dev libclang-12-dev - libasound2-dev libpulse-dev libcups2-dev libssl-dev - libfontconfig1-dev && - echo "Clang_ROOT=/usr/lib/llvm-12" >> $GITHUB_ENV - ffmpeg_pre_build: > - sudo apt-get update && - sudo apt-get install --no-install-recommends - yasm - other_pre_build: > - sudo apt-get update && - sudo apt-get install --no-install-recommends - libsecret-1-dev - - - os: ubuntu-20.04 - cross_os: Android - component: '' - qt: 5.15.14 - arch: arm32 - sccache_triplet: x86_64-unknown-linux-musl - build_type: Release - collect_symbols: false - packager: cmake --install build --config Release --prefix . - cross_qt_args: >- - "-DANDROID_SDK_ROOT=$ANDROID_SDK_ROOT" - "-DANDROID_NDK_ROOT=$ANDROID_NDK_ROOT" - "-DANDROID_PLATFORM=$ANDROID_PLATFORM" - -DANDROID_ABI=armeabi-v7a - cross_ffmpeg_args: >- - "-DCMAKE_TOOLCHAIN_FILE=$ANDROID_NDK_TOOLCHAIN_FILE" - "-DANDROID_SDK_ROOT=$ANDROID_SDK_ROOT" - "-DANDROID_NDK_ROOT=$ANDROID_NDK_ROOT" - "-DANDROID_PLATFORM=$ANDROID_PLATFORM" - -DANDROID_ABI=armeabi-v7a - cross_other_args: >- - "-DCMAKE_TOOLCHAIN_FILE=$ANDROID_NDK_TOOLCHAIN_FILE" - "-DANDROID_SDK_ROOT=$ANDROID_SDK_ROOT" - "-DANDROID_NDK_ROOT=$ANDROID_NDK_ROOT" - "-DANDROID_PLATFORM=$ANDROID_PLATFORM" - -DANDROID_ABI=armeabi-v7a - build_flags: >- - "-DCMAKE_TOOLCHAIN_FILE=$ANDROID_NDK_TOOLCHAIN_FILE" - "-DANDROID_PLATFORM=$ANDROID_PLATFORM" - "-DANDROID_TARGET_SDK_VERSION=$ANDROID_TARGET_SDK_VERSION" - "-DANDROID_SDK_BUILD_TOOLS_REVISION=$ANDROID_BUILD_TOOLS_VERSION" - -DANDROID_ABI=armeabi-v7a - -DCMAKE_FIND_ROOT_PATH_MODE_PACKAGE=on - -DCMAKE_FIND_ROOT_PATH_MODE_INCLUDE=BOTH - -DCMAKE_FIND_ROOT_PATH_MODE_LIBRARY=BOTH - -DCMAKE_FIND_ROOT_PATH_MODE_PROGRAM=BOTH - # The runner has multiple clang versions installed and CMake/Qt gets - # confused about which one to pick for some reason, so this also - # sets Clang_ROOT during the Qt build - qt_pre_build: > - sudo apt-get update && - sudo apt-get install --no-install-recommends - libatspi2.0-dev libmtdev-dev libts-dev libgtk-3-dev - libgl1-mesa-dev libglu1-mesa-dev libxi-dev libdrm-dev - libgbm-dev libgl-dev libgles-dev libegl-dev libegl1-mesa-dev - libxext-dev libxfixes-dev libxrender-dev libx11-dev - libxcb1-dev libx11-xcb-dev libxcb-glx0-dev libxcb-util0-dev - libxkbcommon-dev libxkbcommon-x11-dev libxcb-keysyms1-dev - libxcb-image0-dev libxcb-shm0-dev libxcb-icccm4-dev - libxcb-sync-dev libxcb-xfixes0-dev libxcb-shape0-dev - libxcb-randr0-dev libxcb-render0-dev libxcb-render-util0-dev - libxcb-util-dev libinput-dev libvulkan-dev - libxcb-xinerama0-dev libxcb-xkb-dev libxcb-xinput-dev libclang-12-dev - libasound2-dev libpulse-dev libcups2-dev libssl-dev - libfontconfig1-dev && - echo "Clang_ROOT=/usr/lib/llvm-12" >> $GITHUB_ENV - ffmpeg_pre_build: > - sudo apt-get update && - sudo apt-get install --no-install-recommends - yasm - other_pre_build: > - sudo apt-get update && - sudo apt-get install --no-install-recommends - libsecret-1-dev - - - os: macos-13 - cross_os: '' - component: '' - qt: 6.7.2 - arch: x86_64 - build_flags: -DBUILD_PACKAGE_SUFFIX=x86_64 -G Ninja - build_type: Release - collect_symbols: false - sccache_triplet: x86_64-apple-darwin - packager: cpack --verbose --config build/CPackConfig.cmake -C Release - - - os: macos-14 - cross_os: '' - component: '' - qt: 6.7.2 - arch: arm64 - build_flags: -DBUILD_PACKAGE_SUFFIX=arm64 -G Ninja - build_type: Release - collect_symbols: false - sccache_triplet: aarch64-apple-darwin - packager: cpack --verbose --config build/CPackConfig.cmake -C Release + # - os: ubuntu-20.04 + # cross_os: '' + # component: '' + # qt: 5.15.14 + # arch: x86_64 + # sccache_triplet: x86_64-unknown-linux-musl + # build_flags: -DINITSYS=systemd -DBUILD_PACKAGE_SUFFIX=x86_64 -G Ninja + # build_type: Release + # collect_symbols: false + # signpath: false + # # This causes the AppImage to be generated, instead of just creating + # # the portable tree, because there seems to be no way to separate + # # these steps with linuxdeploy + # # Even though the svg component is linked explicitly, + # # linuxdeploy-plugin-qt does not seem to notice and so does not + # # export the iconengine if it is not told that we really, really + # # want svg plugins please + # packager: >- + # EXTRA_QT_PLUGINS="svg;" + # VERSION="${{ startsWith(github.ref, 'refs/tags/') && github.ref_name || '$(git describe)' }}" + # cmake --install build --config Release + # # The runner has multiple clang versions installed and CMake/Qt gets + # # confused about which one to pick for some reason, so this also + # # sets Clang_ROOT during the Qt build + # qt_pre_build: > + # sudo apt-get update && + # sudo apt-get install --no-install-recommends + # libatspi2.0-dev libmtdev-dev libts-dev libgtk-3-dev + # libgl1-mesa-dev libglu1-mesa-dev libxi-dev libdrm-dev + # libgbm-dev libgl-dev libgles-dev libegl-dev libegl1-mesa-dev + # libxext-dev libxfixes-dev libxrender-dev libx11-dev + # libxcb1-dev libx11-xcb-dev libxcb-glx0-dev libxcb-util0-dev + # libxkbcommon-dev libxkbcommon-x11-dev libxcb-keysyms1-dev + # libxcb-image0-dev libxcb-shm0-dev libxcb-icccm4-dev + # libxcb-sync-dev libxcb-xfixes0-dev libxcb-shape0-dev + # libxcb-randr0-dev libxcb-render0-dev libxcb-render-util0-dev + # libxcb-util-dev libinput-dev libvulkan-dev + # libxcb-xinerama0-dev libxcb-xkb-dev libxcb-xinput-dev libclang-12-dev + # libasound2-dev libpulse-dev libcups2-dev libssl-dev + # libfontconfig1-dev && + # echo "Clang_ROOT=/usr/lib/llvm-12" >> $GITHUB_ENV + # ffmpeg_pre_build: > + # sudo apt-get update && + # sudo apt-get install --no-install-recommends + # nasm yasm + # other_pre_build: > + # sudo apt-get update && + # sudo apt-get install --no-install-recommends + # libsecret-1-dev + + # - os: ubuntu-20.04 + # cross_os: Android + # component: '' + # qt: 5.15.14 + # arch: arm64 + # sccache_triplet: x86_64-unknown-linux-musl + # build_type: Release + # collect_symbols: false + # signpath: false + # packager: cmake --install build --config Release --prefix . + # cross_qt_args: >- + # "-DANDROID_SDK_ROOT=$ANDROID_SDK_ROOT" + # "-DANDROID_NDK_ROOT=$ANDROID_NDK_ROOT" + # "-DANDROID_PLATFORM=$ANDROID_PLATFORM" + # -DANDROID_ABI=arm64-v8a + # cross_ffmpeg_args: >- + # "-DCMAKE_TOOLCHAIN_FILE=$ANDROID_NDK_TOOLCHAIN_FILE" + # "-DANDROID_SDK_ROOT=$ANDROID_SDK_ROOT" + # "-DANDROID_NDK_ROOT=$ANDROID_NDK_ROOT" + # "-DANDROID_PLATFORM=$ANDROID_PLATFORM" + # -DANDROID_ABI=arm64-v8a + # cross_other_args: >- + # "-DCMAKE_TOOLCHAIN_FILE=$ANDROID_NDK_TOOLCHAIN_FILE" + # "-DANDROID_SDK_ROOT=$ANDROID_SDK_ROOT" + # "-DANDROID_NDK_ROOT=$ANDROID_NDK_ROOT" + # "-DANDROID_PLATFORM=$ANDROID_PLATFORM" + # -DANDROID_ABI=arm64-v8a + # build_flags: >- + # "-DCMAKE_TOOLCHAIN_FILE=$ANDROID_NDK_TOOLCHAIN_FILE" + # "-DANDROID_PLATFORM=$ANDROID_PLATFORM" + # "-DANDROID_TARGET_SDK_VERSION=$ANDROID_TARGET_SDK_VERSION" + # "-DANDROID_SDK_BUILD_TOOLS_REVISION=$ANDROID_BUILD_TOOLS_VERSION" + # -DANDROID_ABI=arm64-v8a + # -DCMAKE_FIND_ROOT_PATH_MODE_PACKAGE=on + # -DCMAKE_FIND_ROOT_PATH_MODE_INCLUDE=BOTH + # -DCMAKE_FIND_ROOT_PATH_MODE_LIBRARY=BOTH + # -DCMAKE_FIND_ROOT_PATH_MODE_PROGRAM=BOTH + # # The runner has multiple clang versions installed and CMake/Qt gets + # # confused about which one to pick for some reason, so this also + # # sets Clang_ROOT during the Qt build + # qt_pre_build: > + # sudo apt-get update && + # sudo apt-get install --no-install-recommends + # libatspi2.0-dev libmtdev-dev libts-dev libgtk-3-dev + # libgl1-mesa-dev libglu1-mesa-dev libxi-dev libdrm-dev + # libgbm-dev libgl-dev libgles-dev libegl-dev libegl1-mesa-dev + # libxext-dev libxfixes-dev libxrender-dev libx11-dev + # libxcb1-dev libx11-xcb-dev libxcb-glx0-dev libxcb-util0-dev + # libxkbcommon-dev libxkbcommon-x11-dev libxcb-keysyms1-dev + # libxcb-image0-dev libxcb-shm0-dev libxcb-icccm4-dev + # libxcb-sync-dev libxcb-xfixes0-dev libxcb-shape0-dev + # libxcb-randr0-dev libxcb-render0-dev libxcb-render-util0-dev + # libxcb-util-dev libinput-dev libvulkan-dev + # libxcb-xinerama0-dev libxcb-xkb-dev libxcb-xinput-dev libclang-12-dev + # libasound2-dev libpulse-dev libcups2-dev libssl-dev + # libfontconfig1-dev && + # echo "Clang_ROOT=/usr/lib/llvm-12" >> $GITHUB_ENV + # ffmpeg_pre_build: > + # sudo apt-get update && + # sudo apt-get install --no-install-recommends + # yasm + # other_pre_build: > + # sudo apt-get update && + # sudo apt-get install --no-install-recommends + # libsecret-1-dev + + # - os: ubuntu-20.04 + # cross_os: Android + # component: '' + # qt: 5.15.14 + # arch: arm32 + # sccache_triplet: x86_64-unknown-linux-musl + # build_type: Release + # collect_symbols: false + # signpath: false + # packager: cmake --install build --config Release --prefix . + # cross_qt_args: >- + # "-DANDROID_SDK_ROOT=$ANDROID_SDK_ROOT" + # "-DANDROID_NDK_ROOT=$ANDROID_NDK_ROOT" + # "-DANDROID_PLATFORM=$ANDROID_PLATFORM" + # -DANDROID_ABI=armeabi-v7a + # cross_ffmpeg_args: >- + # "-DCMAKE_TOOLCHAIN_FILE=$ANDROID_NDK_TOOLCHAIN_FILE" + # "-DANDROID_SDK_ROOT=$ANDROID_SDK_ROOT" + # "-DANDROID_NDK_ROOT=$ANDROID_NDK_ROOT" + # "-DANDROID_PLATFORM=$ANDROID_PLATFORM" + # -DANDROID_ABI=armeabi-v7a + # cross_other_args: >- + # "-DCMAKE_TOOLCHAIN_FILE=$ANDROID_NDK_TOOLCHAIN_FILE" + # "-DANDROID_SDK_ROOT=$ANDROID_SDK_ROOT" + # "-DANDROID_NDK_ROOT=$ANDROID_NDK_ROOT" + # "-DANDROID_PLATFORM=$ANDROID_PLATFORM" + # -DANDROID_ABI=armeabi-v7a + # build_flags: >- + # "-DCMAKE_TOOLCHAIN_FILE=$ANDROID_NDK_TOOLCHAIN_FILE" + # "-DANDROID_PLATFORM=$ANDROID_PLATFORM" + # "-DANDROID_TARGET_SDK_VERSION=$ANDROID_TARGET_SDK_VERSION" + # "-DANDROID_SDK_BUILD_TOOLS_REVISION=$ANDROID_BUILD_TOOLS_VERSION" + # -DANDROID_ABI=armeabi-v7a + # -DCMAKE_FIND_ROOT_PATH_MODE_PACKAGE=on + # -DCMAKE_FIND_ROOT_PATH_MODE_INCLUDE=BOTH + # -DCMAKE_FIND_ROOT_PATH_MODE_LIBRARY=BOTH + # -DCMAKE_FIND_ROOT_PATH_MODE_PROGRAM=BOTH + # # The runner has multiple clang versions installed and CMake/Qt gets + # # confused about which one to pick for some reason, so this also + # # sets Clang_ROOT during the Qt build + # qt_pre_build: > + # sudo apt-get update && + # sudo apt-get install --no-install-recommends + # libatspi2.0-dev libmtdev-dev libts-dev libgtk-3-dev + # libgl1-mesa-dev libglu1-mesa-dev libxi-dev libdrm-dev + # libgbm-dev libgl-dev libgles-dev libegl-dev libegl1-mesa-dev + # libxext-dev libxfixes-dev libxrender-dev libx11-dev + # libxcb1-dev libx11-xcb-dev libxcb-glx0-dev libxcb-util0-dev + # libxkbcommon-dev libxkbcommon-x11-dev libxcb-keysyms1-dev + # libxcb-image0-dev libxcb-shm0-dev libxcb-icccm4-dev + # libxcb-sync-dev libxcb-xfixes0-dev libxcb-shape0-dev + # libxcb-randr0-dev libxcb-render0-dev libxcb-render-util0-dev + # libxcb-util-dev libinput-dev libvulkan-dev + # libxcb-xinerama0-dev libxcb-xkb-dev libxcb-xinput-dev libclang-12-dev + # libasound2-dev libpulse-dev libcups2-dev libssl-dev + # libfontconfig1-dev && + # echo "Clang_ROOT=/usr/lib/llvm-12" >> $GITHUB_ENV + # ffmpeg_pre_build: > + # sudo apt-get update && + # sudo apt-get install --no-install-recommends + # yasm + # other_pre_build: > + # sudo apt-get update && + # sudo apt-get install --no-install-recommends + # libsecret-1-dev + + # - os: macos-13 + # cross_os: '' + # component: '' + # qt: 6.7.2 + # arch: x86_64 + # build_flags: -DBUILD_PACKAGE_SUFFIX=x86_64 -G Ninja + # build_type: Release + # collect_symbols: false + # signpath: false + # sccache_triplet: x86_64-apple-darwin + # packager: cpack --verbose --config build/CPackConfig.cmake -C Release + + # - os: macos-14 + # cross_os: '' + # component: '' + # qt: 6.7.2 + # arch: arm64 + # build_flags: -DBUILD_PACKAGE_SUFFIX=arm64 -G Ninja + # build_type: Release + # collect_symbols: false + # signpath: false + # sccache_triplet: aarch64-apple-darwin + # packager: cpack --verbose --config build/CPackConfig.cmake -C Release - os: windows-latest cross_os: '' @@ -253,6 +258,7 @@ jobs: build_flags: -DBUILD_PACKAGE_SUFFIX=x86_64 -G Ninja build_type: RelWithDebInfo collect_symbols: true + signpath: true qt_pre_build: > choco install gperf jom winflexbison3 && New-Item -Path C:\ProgramData\Chocolatey\bin\flex.exe -ItemType SymbolicLink -Value C:\ProgramData\Chocolatey\bin\win_flex.exe && @@ -268,51 +274,53 @@ jobs: cp .github/deps/other/bin/qt*.dll .github/deps/qt/bin && cpack --verbose --config build/CPackConfig.cmake -C RelWithDebInfo - - os: windows-latest - cross_os: '' - component: 'Tools' - qt: 5.15.14 - arch: x86_64 - sccache_triplet: x86_64-pc-windows-msvc - build_flags: -DBUILD_PACKAGE_SUFFIX=x86_64 -G Ninja - build_type: RelWithDebInfo - collect_symbols: false - qt_pre_build: > - choco install gperf jom winflexbison3 && - New-Item -Path C:\ProgramData\Chocolatey\bin\flex.exe -ItemType SymbolicLink -Value C:\ProgramData\Chocolatey\bin\win_flex.exe && - New-Item -Path C:\ProgramData\Chocolatey\bin\bison.exe -ItemType SymbolicLink -Value C:\ProgramData\Chocolatey\bin\win_bison.exe - ffmpeg_pre_build: > - choco install yasm - # Copying files is a disgusting hack because windeployqt does not - # search PATH to find DLLs and it gets confused by QtKeychain having - # a Qt prefix and thinks it is part of Qt and tries to process it - # and fails if it is not in the Qt bin directory with the rest of - # them - packager: > - cp .github/deps/other/bin/qt*.dll .github/deps/qt/bin && - cpack --verbose --config build/CPackConfig.cmake -C RelWithDebInfo - - - os: windows-latest - qt: 5.15.14 - arch: x86 - sccache_triplet: x86_64-pc-windows-msvc - build_flags: -DCARGO_TRIPLE=i686-pc-windows-msvc -DBUILD_PACKAGE_SUFFIX=x86 -G Ninja - build_type: RelWithDebInfo - collect_symbols: false - qt_pre_build: > - choco install gperf jom winflexbison3 && - New-Item -Path C:\ProgramData\Chocolatey\bin\flex.exe -ItemType SymbolicLink -Value C:\ProgramData\Chocolatey\bin\win_flex.exe && - New-Item -Path C:\ProgramData\Chocolatey\bin\bison.exe -ItemType SymbolicLink -Value C:\ProgramData\Chocolatey\bin\win_bison.exe - ffmpeg_pre_build: > - choco install yasm - # Copying files is a disgusting hack because windeployqt does not - # search PATH to find DLLs and it gets confused by QtKeychain having - # a Qt prefix and thinks it is part of Qt and tries to process it - # and fails if it is not in the Qt bin directory with the rest of - # them - packager: > - cp .github/deps/other/bin/qt*.dll .github/deps/qt/bin && - cpack --verbose --config build/CPackConfig.cmake -C RelWithDebInfo + # - os: windows-latest + # cross_os: '' + # component: 'Tools' + # qt: 5.15.14 + # arch: x86_64 + # sccache_triplet: x86_64-pc-windows-msvc + # build_flags: -DBUILD_PACKAGE_SUFFIX=x86_64 -G Ninja + # build_type: RelWithDebInfo + # collect_symbols: false + # signpath: false + # qt_pre_build: > + # choco install gperf jom winflexbison3 && + # New-Item -Path C:\ProgramData\Chocolatey\bin\flex.exe -ItemType SymbolicLink -Value C:\ProgramData\Chocolatey\bin\win_flex.exe && + # New-Item -Path C:\ProgramData\Chocolatey\bin\bison.exe -ItemType SymbolicLink -Value C:\ProgramData\Chocolatey\bin\win_bison.exe + # ffmpeg_pre_build: > + # choco install yasm + # # Copying files is a disgusting hack because windeployqt does not + # # search PATH to find DLLs and it gets confused by QtKeychain having + # # a Qt prefix and thinks it is part of Qt and tries to process it + # # and fails if it is not in the Qt bin directory with the rest of + # # them + # packager: > + # cp .github/deps/other/bin/qt*.dll .github/deps/qt/bin && + # cpack --verbose --config build/CPackConfig.cmake -C RelWithDebInfo + + # - os: windows-latest + # qt: 5.15.14 + # arch: x86 + # sccache_triplet: x86_64-pc-windows-msvc + # build_flags: -DCARGO_TRIPLE=i686-pc-windows-msvc -DBUILD_PACKAGE_SUFFIX=x86 -G Ninja + # build_type: RelWithDebInfo + # collect_symbols: false + # signpath: true + # qt_pre_build: > + # choco install gperf jom winflexbison3 && + # New-Item -Path C:\ProgramData\Chocolatey\bin\flex.exe -ItemType SymbolicLink -Value C:\ProgramData\Chocolatey\bin\win_flex.exe && + # New-Item -Path C:\ProgramData\Chocolatey\bin\bison.exe -ItemType SymbolicLink -Value C:\ProgramData\Chocolatey\bin\win_bison.exe + # ffmpeg_pre_build: > + # choco install yasm + # # Copying files is a disgusting hack because windeployqt does not + # # search PATH to find DLLs and it gets confused by QtKeychain having + # # a Qt prefix and thinks it is part of Qt and tries to process it + # # and fails if it is not in the Qt bin directory with the rest of + # # them + # packager: > + # cp .github/deps/other/bin/qt*.dll .github/deps/qt/bin && + # cpack --verbose --config build/CPackConfig.cmake -C RelWithDebInfo steps: @@ -478,7 +486,7 @@ jobs: } env: WINDOWS_CERTIFICATE: ${{ secrets.WINDOWS_CERTIFICATE }} - if: runner.os == 'Windows' + if: runner.os == 'Windows' && !matrix.signpath - name: Generate project run: > @@ -547,6 +555,68 @@ jobs: WINDOWS_PFX_TIMESTAMP_URL: 'http://timestamp.digicert.com' if: matrix.packager + - name: Check what files are here + run: tree /f /a + if: runner.os == 'Windows' && matrix.packager && matrix.signpath + + - name: Upload artifacts for SignPath to sign + uses: actions/upload-artifact@v4 + id: signpath-upload + with: + name: SignPath${{ matrix.component && format('-{0}', matrix.component) }}-${{ matrix.cross_os || runner.os }}-${{ matrix.arch }}-Qt${{ matrix.qt }} + path: | + Drawpile-*.msi + Drawpile-*.zip + if: runner.os == 'Windows' && matrix.packager && matrix.signpath + # TODO: switch to commented version + # if: matrix.packager && startsWith(github.ref, 'refs/tags/') && matrix.signpath + + - name: Delete unsigned artifacts + id: signpath-delete-unsigned + shell: bash + run: rm -vf Drawpile-*.msi Drawpile-*.zip + if: runner.os == 'Windows' && matrix.packager && matrix.signpath + # TODO: switch to commented version + # if: matrix.packager && startsWith(github.ref, 'refs/tags/') && matrix.signpath + + # - name: Submit artifacts to SignPath to sign + # uses: signpath/github-action-submit-signing-request@v1 + # id: signpath-sign + # with: + # api-token: '${{ secrets.SIGNPATH_API_TOKEN }}' + # organization-id: '${{ secrets.SIGNPATH_ORGANIZATION_ID }}' + # project-slug: 'Drawpile' + # signing-policy-slug: 'test-signing' + # artifact-configuration-slug: 'executable' + # github-artifact-id: '${{ steps.signpath-upload.outputs.artifact-id }}' + # wait-for-completion: true + # output-artifact-directory: '${{ github.workspace }}' + # # TODO: uncomment + # # parameters: | + # # Version: "${{ github.ref_name }}" + # # Release_Tag: "${{ github.ref_name }}" + # # TODO: switch to commented version + # if: runner.os == 'Windows' && matrix.packager && matrix.signpath + # # if: matrix.packager && startsWith(github.ref, 'refs/tags/') && matrix.signpath + + - name: Check what files are here again + run: tree /f /a + if: runner.os == 'Windows' && matrix.packager && matrix.signpath + + - name: Delete unsigned executable uploaded for SignPath after signing + uses: actions/github-script@v7 + id: signpath-exe-delete + with: + script: | + github.rest.actions.deleteArtifact({ + owner: context.repo.owner, + repo: context.repo.repo, + artifact_id: ${{ steps.signpath-upload.outputs.artifact-id }} + }); + # TODO: switch to commented version + if: runner.os == 'Windows' && matrix.packager && matrix.signpath + # if: matrix.packager && startsWith(github.ref, 'refs/tags/') && matrix.signpath + - name: Bundle PDBs run: > cmake "-DEXE_SEARCH_PATHS=build" diff --git a/README.md b/README.md index b04d2aa656..2d101fd215 100644 --- a/README.md +++ b/README.md @@ -4,6 +4,8 @@ Drawpile is a drawing program that lets you draw, paint and animate together with others on the same canvas. It runs on Windows, Linux, macOS and Android. +Thanks to [SignPath.io](https://signpath.io/) for the code signing services and [the SignPath Foundation](https://signpath.org/) for providing us with an open source signing certificate. + ## Installing Take a look at [the downloads page on drawpile.net](https://drawpile.net/download/) or [the GitHub releases](https://github.com/drawpile/Drawpile/releases).