From c1f1885e3c5569e08898d74f8567e3eee2b77aaa Mon Sep 17 00:00:00 2001 From: Dave Simpson <45690499+davegarthsimpson@users.noreply.github.com> Date: Mon, 10 Jun 2024 14:58:25 +0200 Subject: [PATCH 1/7] attempt 1: using self hosted runner in new job --- .github/workflows/build.yml | 87 ++++++++++++++++++++++-- .github/workflows/check-certificates.yml | 65 +++++++++++------- electron-app/scripts/package.js | 2 +- 3 files changed, 126 insertions(+), 28 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 54cdcdbbd..cd277983e 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -61,11 +61,13 @@ env: container: | null # Name of the secret that contains the certificate. - certificate-secret: WINDOWS_SIGNING_CERTIFICATE_PFX + certificate-secret: INSTALLER_CERT_WINDOWS_CER # Name of the secret that contains the certificate password. - certificate-password-secret: WINDOWS_SIGNING_CERTIFICATE_PASSWORD + certificate-password-secret: INSTALLER_CERT_WINDOWS_PASSWORD # File extension for the certificate. certificate-extension: pfx + # Container for windows cert signing + certificate-container: INSTALLER_CERT_WINDOWS_CONTAINER # Quoting on the value is required here to allow the same comparison expression syntax to be used for this # and the companion needs.select-targets.outputs.merge-channel-files property (output values always have string # type). @@ -73,10 +75,16 @@ env: artifacts: - path: '*Windows_64bit.exe' name: Windows_X86-64_interactive_installer + - path: '*Windows_64bit_unsigned.exe' + name: Windows_X86-64_interactive_installer_unsigned - path: '*Windows_64bit.msi' name: Windows_X86-64_MSI + - path: '*Windows_64bit_unsigned.msi' + name: Windows_X86-64_MSI_unsigned - path: '*Windows_64bit.zip' name: Windows_X86-64_zip + - path: '*Windows_64bit_unsigned.zip' + name: Windows_X86-64_zip_unsigned - config: name: Linux runs-on: ubuntu-latest @@ -345,6 +353,7 @@ jobs: IS_NIGHTLY: ${{ needs.build-type-determination.outputs.is-nightly }} IS_RELEASE: ${{ needs.build-type-determination.outputs.is-release }} CAN_SIGN: ${{ secrets[matrix.config.certificate-secret] != '' }} + IS_WINDOWS_CONFIG: ${{ matrix.config.name == 'Windows' }} # The CREATE_* environment vars are only used to run tests. These secrets are optional. Dependent tests will # be skipped if not available. CREATE_USERNAME: ${{ secrets.CREATE_USERNAME }} @@ -352,7 +361,7 @@ jobs: CREATE_CLIENT_SECRET: ${{ secrets.CREATE_CLIENT_SECRET }} run: | # See: https://www.electron.build/code-signing - if [ $CAN_SIGN = false ]; then + if [ $CAN_SIGN = false ] || [ $IS_WINDOWS_CONFIG = true ]; then echo "Skipping the app signing: certificate not provided." else export CSC_LINK="${{ runner.temp }}/signing_certificate.${{ matrix.config.certificate-extension }}" @@ -372,7 +381,7 @@ jobs: yarn --cwd electron-app rebuild yarn --cwd electron-app build yarn --cwd electron-app package - + # Both macOS jobs generate a "channel update info file" with same path and name. The second job to complete would # overwrite the file generated by the first in the workflow artifact. - name: Stage channel file for merge @@ -406,11 +415,76 @@ jobs: name: ${{ env.JOB_TRANSFER_ARTIFACT }} path: ${{ env.BUILD_ARTIFACTS_PATH }} + sign-windows: + runs-on: [self-hosted, windows-sign-pc] + needs: build + + defaults: + run: + shell: bash + + env: + BUILD_ARTIFACTS_PATH: electron-app/dist/build-artifacts + INSTALLER_CERT_WINDOWS_CER: "/tmp/cert.cer" + # We are hardcoding the path for signtool because is not present on the windows PATH env var by default. + # Keep in mind that this path could change when upgrading to a new runner version + SIGNTOOL_PATH: "C:/Program Files (x86)/Windows Kits/10/bin/10.0.19041.0/x86/signtool.exe" + + steps: + - name: Download artifact + uses: actions/download-artifact@v3 + with: + name: ${{ env.JOB_TRANSFER_ARTIFACT }} + path: ${{ env.BUILD_ARTIFACTS_PATH }} + + - name: Find and process exe and msi artifacts + shell: bash + env: + CERT_PASSWORD: ${{ secrets.INSTALLER_CERT_WINDOWS_PASSWORD }} + CONTAINER_NAME: ${{ secrets.INSTALLER_CERT_WINDOWS_CONTAINER }} + # https://stackoverflow.com/questions/17927895/automate-extended-validation-ev-code-signing-with-safenet-etoken + run: | + shopt -s nullglob + for ARTIFACT in "${{ env.BUILD_ARTIFACTS_PATH }}"/*_unsigned.{exe,msi}; do + echo "Processing $ARTIFACT" + FILENAME=$(basename "$ARTIFACT") + BASE_NAME="${FILENAME%.*}" + EXTENSION="${FILENAME##*.}" + # Remove '_unsigned' from the base name + SIGNED_BASE_NAME="${BASE_NAME%_unsigned}" + + # Sign and rename EXE and MSI files + if [[ "$EXTENSION" == "exe" || "$EXTENSION" == "msi" ]]; then + echo "Signing $ARTIFACT" + "${{ env.SIGNTOOL_PATH }}" sign -d "Arduino IDE" -f ${{ env.INSTALLER_CERT_WINDOWS_CER }} -csp "eToken Base Cryptographic Provider" -k "[{{${{ env.CERT_PASSWORD }}}}]=${{ env.CONTAINER_NAME }}" -fd sha256 -tr http://timestamp.digicert.com -td SHA256 -v "$ARTIFACT" + SIGNED_ARTIFACT_PATH="${{ env.BUILD_ARTIFACTS_PATH }}/${SIGNED_BASE_NAME}.${EXTENSION}" + mv "$ARTIFACT" "$SIGNED_ARTIFACT_PATH" + echo "Renamed $ARTIFACT to $SIGNED_ARTIFACT_PATH" + fi + done + + - name: Upload signed EXE + uses: actions/upload-artifact@v3 + with: + name: Windows_X86-64_interactive_installer + path: ${{ env.BUILD_ARTIFACTS_PATH }}/*Windows_64bit.exe + + - name: Upload signed MSI + uses: actions/upload-artifact@v3 + with: + name: Windows_X86-64_MSI + path: ${{ env.BUILD_ARTIFACTS_PATH }}/*Windows_64bit.msi + + # This step is needed because the self hosted runner does not delete files automatically + - name: Clean up artifacts + run: rm -rf ${{ env.BUILD_ARTIFACTS_PATH }} + merge-channel-files: needs: - build-type-determination - select-targets - build + - sign-windows if: needs.select-targets.outputs.merge-channel-files == 'true' runs-on: ubuntu-latest permissions: {} @@ -474,6 +548,7 @@ jobs: needs: - select-targets - build + - sign-windows if: always() && needs.build.result != 'skipped' runs-on: ubuntu-latest @@ -498,6 +573,7 @@ jobs: needs: - build-type-determination - build + - sign-windows runs-on: ubuntu-latest outputs: BODY: ${{ steps.changelog.outputs.BODY }} @@ -547,6 +623,7 @@ jobs: - build-type-determination - merge-channel-files - changelog + - sign-windows if: > always() && needs.build-type-determination.result == 'success' && @@ -580,6 +657,7 @@ jobs: - build-type-determination - merge-channel-files - changelog + - sign-windows if: > always() && needs.build-type-determination.result == 'success' && @@ -631,6 +709,7 @@ jobs: - publish - release - artifacts + - sign-windows if: always() && needs.build.result != 'skipped' runs-on: ubuntu-latest diff --git a/.github/workflows/check-certificates.yml b/.github/workflows/check-certificates.yml index db5ffc09b..adf4052be 100644 --- a/.github/workflows/check-certificates.yml +++ b/.github/workflows/check-certificates.yml @@ -74,9 +74,11 @@ jobs: - identifier: macOS signing certificate # Text used to identify certificate in notifications. certificate-secret: APPLE_SIGNING_CERTIFICATE_P12 # Name of the secret that contains the certificate. password-secret: KEYCHAIN_PASSWORD # Name of the secret that contains the certificate password. + type: pkcs12 - identifier: Windows signing certificate - certificate-secret: WINDOWS_SIGNING_CERTIFICATE_PFX - password-secret: WINDOWS_SIGNING_CERTIFICATE_PASSWORD + certificate-secret: INSTALLER_CERT_WINDOWS_CER + # The password for the Windows certificate is not needed, because its not a container, but a single certificate. + type: x509 steps: - name: Set certificate path environment variable @@ -95,7 +97,7 @@ jobs: CERTIFICATE_PASSWORD: ${{ secrets[matrix.certificate.password-secret] }} run: | ( - openssl pkcs12 \ + openssl ${{ matrix.certificate.type }} \ -in "${{ env.CERTIFICATE_PATH }}" \ -legacy \ -noout \ @@ -122,26 +124,43 @@ jobs: CERTIFICATE_PASSWORD: ${{ secrets[matrix.certificate.password-secret] }} id: get-days-before-expiration run: | - EXPIRATION_DATE="$( - ( - openssl pkcs12 \ - -in "${{ env.CERTIFICATE_PATH }}" \ - -clcerts \ - -legacy \ - -nodes \ - -passin env:CERTIFICATE_PASSWORD - ) | ( - openssl x509 \ - -noout \ - -enddate - ) | ( - grep \ - --max-count=1 \ - --only-matching \ - --perl-regexp \ - 'notAfter=(\K.*)' - ) - )" + if [[ ${{ matrix.certificate.type }} == "pkcs12" ]]; then + EXPIRATION_DATE="$( + ( + openssl pkcs12 \ + -in "${{ env.CERTIFICATE_PATH }}" \ + -clcerts \ + -legacy \ + -nodes \ + -passin env:CERTIFICATE_PASSWORD + ) | ( + openssl x509 \ + -noout \ + -enddate + ) | ( + grep \ + --max-count=1 \ + --only-matching \ + --perl-regexp \ + 'notAfter=(\K.*)' + ) + )" + elif [[ ${{ matrix.certificate.type }} == "x509" ]]; then + EXPIRATION_DATE="$( + ( + openssl x509 \ + -in ${{ env.CERTIFICATE_PATH }} \ + -noout \ + -enddate + ) | ( + grep \ + --max-count=1 \ + --only-matching \ + --perl-regexp \ + 'notAfter=(\K.*)' + ) + )" + fi DAYS_BEFORE_EXPIRATION="$((($(date --utc --date="$EXPIRATION_DATE" +%s) - $(date --utc +%s)) / 60 / 60 / 24))" diff --git a/electron-app/scripts/package.js b/electron-app/scripts/package.js index 87a597094..83fb0b4d1 100644 --- a/electron-app/scripts/package.js +++ b/electron-app/scripts/package.js @@ -100,7 +100,7 @@ async function getArtifactName(version) { switch (platform) { case 'win32': { if (arch === 'x64') { - return `${name}_${version}_Windows_64bit.\$\{ext}`; + return `${name}_${version}_Windows_64bit_unsigned.\$\{ext}`; } throw new Error(`Unsupported platform, arch: ${platform}, ${arch}`); } From b7d1d4d80b07c554bee6f4bc0fb4951be6bf4751 Mon Sep 17 00:00:00 2001 From: Dave Simpson <45690499+davegarthsimpson@users.noreply.github.com> Date: Mon, 1 Jul 2024 13:42:09 +0200 Subject: [PATCH 2/7] build ide on self hosted runner --- .github/workflows/build.yml | 92 ++--------------------- electron-app/package.json | 3 +- electron-app/scripts/package.js | 2 +- electron-app/scripts/windowsCustomSign.js | 26 +++++++ 4 files changed, 37 insertions(+), 86 deletions(-) create mode 100644 electron-app/scripts/windowsCustomSign.js diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index cd277983e..ecf765c55 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -55,7 +55,7 @@ env: - config: # Human identifier for the job. name: Windows - runs-on: windows-2019 + runs-on: [self-hosted, windows-sign-pc] # The value is a string representing a JSON document. # Setting this to null causes the job to run directly in the runner machine instead of in a container. container: | @@ -75,16 +75,10 @@ env: artifacts: - path: '*Windows_64bit.exe' name: Windows_X86-64_interactive_installer - - path: '*Windows_64bit_unsigned.exe' - name: Windows_X86-64_interactive_installer_unsigned - path: '*Windows_64bit.msi' name: Windows_X86-64_MSI - - path: '*Windows_64bit_unsigned.msi' - name: Windows_X86-64_MSI_unsigned - path: '*Windows_64bit.zip' name: Windows_X86-64_zip - - path: '*Windows_64bit_unsigned.zip' - name: Windows_X86-64_zip_unsigned - config: name: Linux runs-on: ubuntu-latest @@ -278,6 +272,7 @@ jobs: env: # Location of artifacts generated by build. BUILD_ARTIFACTS_PATH: electron-app/dist/build-artifacts + IS_WINDOWS_CONFIG: ${{ matrix.config.name == 'Windows' }} strategy: matrix: config: ${{ fromJson(needs.select-targets.outputs.build-matrix) }} @@ -301,7 +296,7 @@ jobs: uses: actions/checkout@v3 - name: Install Node.js - if: fromJSON(matrix.config.container) == null + if: fromJSON(matrix.config.container) == null && env.IS_WINDOWS_CONFIG == false uses: actions/setup-node@v4 with: node-version: ${{ env.NODE_VERSION }} @@ -309,26 +304,26 @@ jobs: cache: 'yarn' - name: Install Python 3.x - if: fromJSON(matrix.config.container) == null + if: fromJSON(matrix.config.container) == null && env.IS_WINDOWS_CONFIG == false uses: actions/setup-python@v5 with: python-version: '3.11.x' - name: Install Go - if: fromJSON(matrix.config.container) == null + if: fromJSON(matrix.config.container) == null && env.IS_WINDOWS_CONFIG == false uses: actions/setup-go@v5 with: go-version: ${{ env.GO_VERSION }} - name: Install Go # actions/setup-go@v5 has dependency on a higher version of glibc than available in the Linux container. - if: fromJSON(matrix.config.container) != null + if: fromJSON(matrix.config.container) != null && env.IS_WINDOWS_CONFIG == false uses: actions/setup-go@v4 with: go-version: ${{ env.GO_VERSION }} - name: Install Taskfile - if: fromJSON(matrix.config.container) == null + if: fromJSON(matrix.config.container) == null && env.IS_WINDOWS_CONFIG == false uses: arduino/setup-task@v2 with: repo-token: ${{ secrets.GITHUB_TOKEN }} @@ -336,7 +331,7 @@ jobs: - name: Install Taskfile # actions/setup-task@v2 has dependency on a higher version of glibc than available in the Linux container. - if: fromJSON(matrix.config.container) != null + if: fromJSON(matrix.config.container) != null && env.IS_WINDOWS_CONFIG == false uses: arduino/setup-task@v1 with: repo-token: ${{ secrets.GITHUB_TOKEN }} @@ -353,7 +348,6 @@ jobs: IS_NIGHTLY: ${{ needs.build-type-determination.outputs.is-nightly }} IS_RELEASE: ${{ needs.build-type-determination.outputs.is-release }} CAN_SIGN: ${{ secrets[matrix.config.certificate-secret] != '' }} - IS_WINDOWS_CONFIG: ${{ matrix.config.name == 'Windows' }} # The CREATE_* environment vars are only used to run tests. These secrets are optional. Dependent tests will # be skipped if not available. CREATE_USERNAME: ${{ secrets.CREATE_USERNAME }} @@ -415,76 +409,11 @@ jobs: name: ${{ env.JOB_TRANSFER_ARTIFACT }} path: ${{ env.BUILD_ARTIFACTS_PATH }} - sign-windows: - runs-on: [self-hosted, windows-sign-pc] - needs: build - - defaults: - run: - shell: bash - - env: - BUILD_ARTIFACTS_PATH: electron-app/dist/build-artifacts - INSTALLER_CERT_WINDOWS_CER: "/tmp/cert.cer" - # We are hardcoding the path for signtool because is not present on the windows PATH env var by default. - # Keep in mind that this path could change when upgrading to a new runner version - SIGNTOOL_PATH: "C:/Program Files (x86)/Windows Kits/10/bin/10.0.19041.0/x86/signtool.exe" - - steps: - - name: Download artifact - uses: actions/download-artifact@v3 - with: - name: ${{ env.JOB_TRANSFER_ARTIFACT }} - path: ${{ env.BUILD_ARTIFACTS_PATH }} - - - name: Find and process exe and msi artifacts - shell: bash - env: - CERT_PASSWORD: ${{ secrets.INSTALLER_CERT_WINDOWS_PASSWORD }} - CONTAINER_NAME: ${{ secrets.INSTALLER_CERT_WINDOWS_CONTAINER }} - # https://stackoverflow.com/questions/17927895/automate-extended-validation-ev-code-signing-with-safenet-etoken - run: | - shopt -s nullglob - for ARTIFACT in "${{ env.BUILD_ARTIFACTS_PATH }}"/*_unsigned.{exe,msi}; do - echo "Processing $ARTIFACT" - FILENAME=$(basename "$ARTIFACT") - BASE_NAME="${FILENAME%.*}" - EXTENSION="${FILENAME##*.}" - # Remove '_unsigned' from the base name - SIGNED_BASE_NAME="${BASE_NAME%_unsigned}" - - # Sign and rename EXE and MSI files - if [[ "$EXTENSION" == "exe" || "$EXTENSION" == "msi" ]]; then - echo "Signing $ARTIFACT" - "${{ env.SIGNTOOL_PATH }}" sign -d "Arduino IDE" -f ${{ env.INSTALLER_CERT_WINDOWS_CER }} -csp "eToken Base Cryptographic Provider" -k "[{{${{ env.CERT_PASSWORD }}}}]=${{ env.CONTAINER_NAME }}" -fd sha256 -tr http://timestamp.digicert.com -td SHA256 -v "$ARTIFACT" - SIGNED_ARTIFACT_PATH="${{ env.BUILD_ARTIFACTS_PATH }}/${SIGNED_BASE_NAME}.${EXTENSION}" - mv "$ARTIFACT" "$SIGNED_ARTIFACT_PATH" - echo "Renamed $ARTIFACT to $SIGNED_ARTIFACT_PATH" - fi - done - - - name: Upload signed EXE - uses: actions/upload-artifact@v3 - with: - name: Windows_X86-64_interactive_installer - path: ${{ env.BUILD_ARTIFACTS_PATH }}/*Windows_64bit.exe - - - name: Upload signed MSI - uses: actions/upload-artifact@v3 - with: - name: Windows_X86-64_MSI - path: ${{ env.BUILD_ARTIFACTS_PATH }}/*Windows_64bit.msi - - # This step is needed because the self hosted runner does not delete files automatically - - name: Clean up artifacts - run: rm -rf ${{ env.BUILD_ARTIFACTS_PATH }} - merge-channel-files: needs: - build-type-determination - select-targets - build - - sign-windows if: needs.select-targets.outputs.merge-channel-files == 'true' runs-on: ubuntu-latest permissions: {} @@ -548,7 +477,6 @@ jobs: needs: - select-targets - build - - sign-windows if: always() && needs.build.result != 'skipped' runs-on: ubuntu-latest @@ -573,7 +501,6 @@ jobs: needs: - build-type-determination - build - - sign-windows runs-on: ubuntu-latest outputs: BODY: ${{ steps.changelog.outputs.BODY }} @@ -623,7 +550,6 @@ jobs: - build-type-determination - merge-channel-files - changelog - - sign-windows if: > always() && needs.build-type-determination.result == 'success' && @@ -657,7 +583,6 @@ jobs: - build-type-determination - merge-channel-files - changelog - - sign-windows if: > always() && needs.build-type-determination.result == 'success' && @@ -709,7 +634,6 @@ jobs: - publish - release - artifacts - - sign-windows if: always() && needs.build.result != 'skipped' runs-on: ubuntu-latest diff --git a/electron-app/package.json b/electron-app/package.json index 3e42fdd0d..0451107f1 100644 --- a/electron-app/package.json +++ b/electron-app/package.json @@ -133,7 +133,8 @@ "msi", "nsis", "zip" - ] + ], + "sign": "./scripts/windowsCustomSign.js" }, "mac": { "darkModeSupport": true, diff --git a/electron-app/scripts/package.js b/electron-app/scripts/package.js index 83fb0b4d1..87a597094 100644 --- a/electron-app/scripts/package.js +++ b/electron-app/scripts/package.js @@ -100,7 +100,7 @@ async function getArtifactName(version) { switch (platform) { case 'win32': { if (arch === 'x64') { - return `${name}_${version}_Windows_64bit_unsigned.\$\{ext}`; + return `${name}_${version}_Windows_64bit.\$\{ext}`; } throw new Error(`Unsupported platform, arch: ${platform}, ${arch}`); } diff --git a/electron-app/scripts/windowsCustomSign.js b/electron-app/scripts/windowsCustomSign.js new file mode 100644 index 000000000..19db2b300 --- /dev/null +++ b/electron-app/scripts/windowsCustomSign.js @@ -0,0 +1,26 @@ +const childProcess = require('child_process'); + +exports.default = async function (configuration) { + const SIGNTOOL_PATH = process.env.SIGNTOOL_PATH; + const INSTALLER_CERT_WINDOWS_CER = process.env.INSTALLER_CERT_WINDOWS_CER; + const CERT_PASSWORD = process.env.CERT_PASSWORD; + const CONTAINER_NAME = process.env.CONTAINER_NAME; + const filePath = configuration.path; + + if ( + SIGNTOOL_PATH && + INSTALLER_CERT_WINDOWS_CER && + CERT_PASSWORD && + CONTAINER_NAME + ) { + childProcess.execSync( + `"${SIGNTOOL_PATH}" sign -d "Arduino IDE" -f "${INSTALLER_CERT_WINDOWS_CER}" -csp "eToken Base Cryptographic Provider" -k "[{{${CERT_PASSWORD}}}]=${CONTAINER_NAME}" -fd sha256 -tr http://timestamp.digicert.com -td SHA256 -v "${filePath}"`, + { stdio: 'inherit' } + ); + } else { + console.warn( + 'Custom windows signing was no performed: SIGNTOOL_PATH, INSTALLER_CERT_WINDOWS_CER, CERT_PASSWORD, and CONTAINER_NAME environment variables were not provided.' + ); + process.exit(1); + } +}; From bbd15062fea818cd4ce12bcbbc5781133361ff50 Mon Sep 17 00:00:00 2001 From: Dave Simpson <45690499+davegarthsimpson@users.noreply.github.com> Date: Mon, 1 Jul 2024 14:54:57 +0200 Subject: [PATCH 3/7] test --- .github/workflows/build.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index ecf765c55..149c8f1bc 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -286,6 +286,9 @@ jobs: timeout-minutes: 90 steps: + - name: Print IS_WINDOWS_CONFIG + run: echo "IS_WINDOWS_CONFIG=${{ env.IS_WINDOWS_CONFIG }}" + - name: Checkout if: fromJSON(matrix.config.container) == null uses: actions/checkout@v4 From ae82b21613f6eaf0d1df73f4e87e7820d150bd53 Mon Sep 17 00:00:00 2001 From: Dave Simpson <45690499+davegarthsimpson@users.noreply.github.com> Date: Mon, 1 Jul 2024 15:20:07 +0200 Subject: [PATCH 4/7] log container --- .github/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 149c8f1bc..e940e0a38 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -287,7 +287,7 @@ jobs: steps: - name: Print IS_WINDOWS_CONFIG - run: echo "IS_WINDOWS_CONFIG=${{ env.IS_WINDOWS_CONFIG }}" + run: echo "${{ fromJSON(matrix.config.container) }}" - name: Checkout if: fromJSON(matrix.config.container) == null From a6ce4498e2d83d3a96e1fbf79396b5bef118288f Mon Sep 17 00:00:00 2001 From: Dave Simpson <45690499+davegarthsimpson@users.noreply.github.com> Date: Mon, 1 Jul 2024 15:30:35 +0200 Subject: [PATCH 5/7] setuptools --- .github/workflows/build.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index e940e0a38..4132d33da 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -311,6 +311,10 @@ jobs: uses: actions/setup-python@v5 with: python-version: '3.11.x' + + - name: Ensure distutils is available + run: | + python -m pip install setuptools - name: Install Go if: fromJSON(matrix.config.container) == null && env.IS_WINDOWS_CONFIG == false From 3a3e8c907a98cb495e697e8e8dda6e050102bf89 Mon Sep 17 00:00:00 2001 From: Dave Simpson <45690499+davegarthsimpson@users.noreply.github.com> Date: Mon, 1 Jul 2024 15:32:56 +0200 Subject: [PATCH 6/7] mac only --- .github/workflows/build.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 4132d33da..e74dee76b 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -273,6 +273,7 @@ jobs: # Location of artifacts generated by build. BUILD_ARTIFACTS_PATH: electron-app/dist/build-artifacts IS_WINDOWS_CONFIG: ${{ matrix.config.name == 'Windows' }} + IS_MACOS_CONFIG: ${{ matrix.config.name == 'macOS x86' }} strategy: matrix: config: ${{ fromJson(needs.select-targets.outputs.build-matrix) }} @@ -313,6 +314,7 @@ jobs: python-version: '3.11.x' - name: Ensure distutils is available + if: env.IS_MACOS_CONFIG == true run: | python -m pip install setuptools From 1121f22416322c01f256e401c963f8c6c8a9bb8a Mon Sep 17 00:00:00 2001 From: Dave Simpson <45690499+davegarthsimpson@users.noreply.github.com> Date: Mon, 1 Jul 2024 15:36:13 +0200 Subject: [PATCH 7/7] remove steps --- .github/workflows/build.yml | 8 -------- 1 file changed, 8 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index e74dee76b..078363e12 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -287,9 +287,6 @@ jobs: timeout-minutes: 90 steps: - - name: Print IS_WINDOWS_CONFIG - run: echo "${{ fromJSON(matrix.config.container) }}" - - name: Checkout if: fromJSON(matrix.config.container) == null uses: actions/checkout@v4 @@ -312,11 +309,6 @@ jobs: uses: actions/setup-python@v5 with: python-version: '3.11.x' - - - name: Ensure distutils is available - if: env.IS_MACOS_CONFIG == true - run: | - python -m pip install setuptools - name: Install Go if: fromJSON(matrix.config.container) == null && env.IS_WINDOWS_CONFIG == false