From 8a25d1e5e9ac929eeb2ce75ef08b018f69cbe1d3 Mon Sep 17 00:00:00 2001 From: STAM Date: Wed, 16 Jul 2025 17:17:27 +0300 Subject: [PATCH] ci-build updated + added signing + migrated to windows-2025 runner + wmic deprecated and migrated to ps --- .github/workflows/build.yml | 154 ++++++++++++++++++++++++++++++++++- reapi/version/appversion.bat | 33 ++++++-- 2 files changed, 176 insertions(+), 11 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 37bd39c..f6dcac7 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -5,16 +5,18 @@ on: branches: [master] paths-ignore: - '**.md' + - '.github/**' pull_request: types: [opened, reopened, synchronize] release: types: [published] + workflow_dispatch: jobs: windows: name: 'Windows' - runs-on: windows-2019 + runs-on: windows-2025 env: solution: 'msvc/reapi.sln' @@ -32,12 +34,52 @@ jobs: - name: Setup MSBuild uses: microsoft/setup-msbuild@v2 - with: - vs-version: '16' +# TODO: add support of 141_xp toolchain at VS2022+ +# - name: Install v140, v141 and v142 toolsets +# shell: cmd +# run: | +# "C:\Program Files (x86)\Microsoft Visual Studio\Installer\vs_installer.exe" modify ^ +# --installPath "C:\Program Files\Microsoft Visual Studio\2022\Enterprise" ^ +# --add Microsoft.VisualStudio.Component.WindowsXP ^ +# --add Microsoft.VisualStudio.Component.VC.v140 ^ +# --add Microsoft.VisualStudio.Component.VC.v140.x86.x64 ^ +# --add Microsoft.VisualStudio.Component.VC.v140.xp ^ +# --add Microsoft.VisualStudio.Component.VC.140.CRT ^ +# --add Microsoft.VisualStudio.Component.VC.v141 ^ +# --add Microsoft.VisualStudio.Component.VC.v141.x86.x64 ^ +# --add Microsoft.VisualStudio.Component.VC.v141.xp ^ +# --add Microsoft.VisualStudio.Component.VC.v142 ^ +# --add Microsoft.VisualStudio.Component.VC.v142.x86.x64 ^ +# --quiet --norestart + + - name: Select PlatformToolset + id: select_toolset + shell: pwsh + run: | + $vswhere = "${env:ProgramFiles(x86)}\Microsoft Visual Studio\Installer\vswhere.exe" + $vs2019 = & $vswhere -products * -version "[16.0,17.0)" -property installationPath -latest + $vs2022 = & $vswhere -products * -version "[17.0,)" -property installationPath -latest + + if ($vs2019) { + "toolset=v140_xp" >> $env:GITHUB_OUTPUT + Write-Host "Selected v140_xp toolset" + } elseif ($vs2022) { + "toolset=v143" >> $env:GITHUB_OUTPUT + Write-Host "Selected v143 toolset" + } else { + Write-Error "No suitable Visual Studio installation found" + exit 1 + } - name: Build run: | - msbuild ${{ env.solution }} -p:Configuration="${{ env.buildRelease }}" /t:Clean,Build /p:Platform=${{ env.buildPlatform }} /p:PlatformToolset=v140_xp /p:XPDeprecationWarning=false + $toolset = '${{ steps.select_toolset.outputs.toolset }}' + msbuild ${{ env.solution }} -p:Configuration="${{ env.buildRelease }}" /t:Clean,Build /p:Platform=${{ env.buildPlatform }} /p:PlatformToolset=$toolset /p:XPDeprecationWarning=false + +# - name: Get rcedit from chocolatey +# shell: pwsh +# run: | +# choco install rcedit -y - name: Move files run: | @@ -47,6 +89,44 @@ jobs: move msvc\${{ env.buildRelease }}\reapi_amxx.dll publish\addons\amxmodx\modules\reapi_amxx.dll move msvc\${{ env.buildRelease }}\reapi_amxx.pdb publish\debug\reapi_amxx.pdb + - name: Get app version + id: get_version + shell: pwsh + run: | + $versionFile = "reapi/version/appversion.h" + if (-not (Test-Path $versionFile)) { + Write-Error "Version file not found: $versionFile" + exit 1 + } + + $content = Get-Content $versionFile + foreach ($line in $content) { + if ($line -match '^\s*#define\s+APP_VERSION\s+"([^"]+)"') { + $version = $matches[1] + "version=$version" >> $env:GITHUB_OUTPUT + Write-Host "Found version: $version" + exit 0 + } + } + Write-Error "APP_VERSION not found in file" + exit 1 + + - name: Show version + run: echo "Version is ${{ steps.get_version.outputs.version }}" + + - name: Import PFX and sign + if: github.event_name != 'pull_request' + env: + KEY_PFX_PASS: ${{ secrets.KEY_PFX_PASS }} + # https://github.com/actions/runner-images/blob/main/images/windows/Windows2025-Readme.md + run: | + $pfxBase64 = "${{ secrets.KEY_PFX_B64 }}" + [IO.File]::WriteAllBytes("${{ github.workspace }}\signing-cert.pfx", [Convert]::FromBase64String($pfxBase64)) + certutil -f -p "${{ secrets.KEY_PFX_PASS }}" -importPFX "${{ github.workspace }}\signing-cert.pfx" + & 'C:\Program Files (x86)\Windows Kits\10\bin\10.0.26100.0\x86\signtool.exe' sign /a /f "${{ github.workspace }}\signing-cert.pfx" /p $env:KEY_PFX_PASS /d "ReAPI - AMX Mod X module, using API regamedll & rehlds" /du "https://rehlds.dev/" /tr "http://timestamp.digicert.com" /td sha256 /fd sha256 /v ${{ github.workspace }}\publish\addons\amxmodx\modules\reapi_amxx.dll + Remove-Item -Recurse -Force "${{ github.workspace }}\signing-cert.pfx" + shell: "pwsh" + - name: Deploy artifacts uses: actions/upload-artifact@v4 with: @@ -80,6 +160,49 @@ jobs: with: fetch-depth: 0 + - name: GPG Import + run: | + echo "${{ secrets.PUB_ASC }}" > "${{ secrets.PUB_ASC_FILE }}" + echo "${{ secrets.KEY_ASC }}" > "${{ secrets.KEY_ASC_FILE }}" + + # Import the public key + gpg --batch --yes --import "${{ secrets.PUB_ASC_FILE }}" + if [[ $? -ne 0 ]]; then + echo "Error: Failed to import the public key" + exit 1 + fi + + # Import the private key + gpg --batch --yes --import "${{ secrets.KEY_ASC_FILE }}" + if [[ $? -ne 0 ]]; then + echo "Error: Failed to import the private key" + exit 2 + fi + + # Extract the fingerprint of the imported public key + GPG_LINUX_FINGERPRINT=$(gpg --list-keys --with-colons | grep '^fpr' | head -n 1 | cut -d: -f10) + + # Check if the fingerprint was extracted + if [[ -z "$GPG_LINUX_FINGERPRINT" ]]; then + echo "Error: Failed to extract the fingerprint of the key" + exit 3 + fi + + # Set the trust level for the key + echo "$GPG_LINUX_FINGERPRINT:6:" | gpg --batch --import-ownertrust + if [ $? -ne 0 ]; then + echo "Error: Failed to set trust for the key $GPG_LINUX_FINGERPRINT" + exit 4 + fi + + echo "Key $GPG_LINUX_FINGERPRINT successfully imported and trusted" + gpg --list-keys + + #export for global use + echo "GPG_LINUX_FINGERPRINT=$GPG_LINUX_FINGERPRINT" >> $GITHUB_ENV + shell: bash + if: github.event_name != 'pull_request' + - name: Build run: | rm -rf build && CC=gcc CXX=g++ cmake -B build && cmake --build build -j8 @@ -94,6 +217,7 @@ jobs: else # Remove quotes APP_VERSION=$(echo $APP_VERSION | xargs) + echo "APP_VERSION=${APP_VERSION}" >> $GITHUB_ENV fi fi echo "version=${APP_VERSION}" >> "$GITHUB_OUTPUT" @@ -150,7 +274,29 @@ jobs: github.event.action == 'published' && startsWith(github.ref, 'refs/tags/') run: | + + # new runner, niw signs + echo "${{ secrets.PUB_ASC }}" > "${{ secrets.PUB_ASC_FILE }}" + echo "${{ secrets.KEY_ASC }}" > "${{ secrets.KEY_ASC_FILE }}" + gpg --batch --yes --import "${{ secrets.PUB_ASC_FILE }}" + gpg --batch --yes --import "${{ secrets.KEY_ASC_FILE }}" + GPG_LINUX_FINGERPRINT=$(gpg --list-keys --with-colons | grep '^fpr' | head -n 1 | cut -d: -f10) + echo "$GPG_LINUX_FINGERPRINT:6:" | gpg --batch --import-ownertrust + echo "GPG_LINUX_FINGERPRINT=$GPG_LINUX_FINGERPRINT" >> $GITHUB_ENV + + sign_file() { + local file=$1 + gpg --batch --yes --detach-sign --armor -u "$GPG_LINUX_FINGERPRINT" "$file" + if [ $? -ne 0 ]; then + echo "Error: Failed to sign $file" + exit 2 + fi + echo "$file signed successfully." + } + + # Pack and sign final archive 7z a -tzip reapi-bin-${{ needs.linux.outputs.app-version }}.zip addons/ + sign_file "reapi-bin-${{ env.APP_VERSION }}.zip" - name: Publish artifacts uses: softprops/action-gh-release@v2 diff --git a/reapi/version/appversion.bat b/reapi/version/appversion.bat index 0b80dfd..4702baa 100644 --- a/reapi/version/appversion.bat +++ b/reapi/version/appversion.bat @@ -23,13 +23,32 @@ set commitURL= set commitCount=0 set branch_name=master -for /f "delims=" %%a in ('wmic OS Get localdatetime ^| find "."') do set "dt=%%a" -set "YYYY=%dt:~0,4%" -set "MM=%dt:~4,2%" -set "DD=%dt:~6,2%" -set "hour=%dt:~8,2%" -set "min=%dt:~10,2%" -set "sec=%dt:~12,2%" +for /f "tokens=*" %%i in ('powershell -NoProfile -Command ^ + "$now = Get-Date; Write-Output ('{0:yyyy}|{0:MM}|{0:dd}|{0:HH}|{0:mm}|{0:ss}' -f $now)"') do ( + for /f "tokens=1-6 delims=|" %%a in ("%%i") do ( + set "YYYY=%%a" + set "MM=%%b" + set "DD=%%c" + set "hour=%%d" + set "min=%%e" + set "sec=%%f" + ) +) + +echo YYYY=%YYYY% +echo MM=%MM% +echo DD=%DD% +echo hour=%hour% +echo min=%min% +echo sec=%sec% + +:: for /f "delims=" %%a in ('wmic OS Get localdatetime ^| find "."') do set "dt=%%a" +:: set "YYYY=%dt:~0,4%" +:: set "MM=%dt:~4,2%" +:: set "DD=%dt:~6,2%" +:: set "hour=%dt:~8,2%" +:: set "min=%dt:~10,2%" +:: set "sec=%dt:~12,2%" :: :: Remove leading zero from MM (e.g 09 > 9)