From 8b81e519bb8eea7c9868707cae49ff09135c5b1f Mon Sep 17 00:00:00 2001 From: rozyczko Date: Thu, 9 Apr 2026 09:53:10 +0200 Subject: [PATCH 1/2] try the new action --- .github/workflows/installer.yml | 46 +++++++++++++-------------------- 1 file changed, 18 insertions(+), 28 deletions(-) diff --git a/.github/workflows/installer.yml b/.github/workflows/installer.yml index 16f6ca33..add19adb 100644 --- a/.github/workflows/installer.yml +++ b/.github/workflows/installer.yml @@ -17,7 +17,8 @@ jobs: strategy: fail-fast: false matrix: - os: [ubuntu-22.04, ubuntu-24.04, windows-2022, macos-14] + # os: [ubuntu-22.04, ubuntu-24.04, windows-2022, macos-14] + os: [windows-2022] steps: - name: Check-out repository @@ -114,37 +115,26 @@ jobs: # ${{ secrets.APPLE_CERT_DATA }} ${{ secrets.APPLE_CERT_PASSWORD }} # ${{ secrets.APPLE_NOTARY_USER }} ${{ secrets.APPLE_NOTARY_PASSWORD }} - - name: Install DigiCert Client tools from Github Custom Actions marketplace - if: | - runner.os == 'windows' && github.event_name == 'push' - uses: digicert/ssm-code-signing@v1.0.1 - - - name: Set up P12 certificate - if: | - runner.os == 'windows' && github.event_name == 'push' + - name: Setup SM_CLIENT_CERT_FILE from base64 secret data + if: runner.os == 'Windows' run: | - echo "${{ secrets.WINDOWS_CERT_DATA }}" | base64 --decode > /d/Certificate_pkcs12.p12 + echo "${{ secrets.KEYLOCKER_CERT_DATA }}" | base64 --decode > /d/Certificate_pkcs12.p12 shell: bash - - name: Set keylocker variables - if: | - runner.os == 'windows' && github.event_name == 'push' - id: variables - run: | - echo "version=${GITHUB_REF#refs/tags/v}" >> $GITHUB_OUTPUT - echo "SM_HOST=${{ secrets.KEYLOCKER_HOST }}" >> "$GITHUB_ENV" - echo "SM_API_KEY=${{ secrets.KEYLOCKER_API_KEY }}" >> "$GITHUB_ENV" - echo "SM_CLIENT_CERT_FILE=D:\\Certificate_pkcs12.p12" >> "$GITHUB_ENV" - echo "SM_CLIENT_CERT_PASSWORD=${{ secrets.WINDOWS_CERT_PASSWORD }}" >> "$GITHUB_ENV" - shell: bash - - - name: Sign the binary using keypair alias - if: | - runner.os == 'windows' && github.event_name == 'push' && env.BRANCH_NAME == 'master' - run: | - smctl sign --keypair-alias key_911959544 --input ${{ env.SETUP_EXE_PATH }} - shell: cmd + - name: Setup Software Trust Manager + if: runner.os == 'Windows' + uses: digicert/code-signing-software-trust-action@v1 + with: + simple-signing-mode: true + # If the below 2 parameters are supplied, then smctl executable is invoked to attempt the signing. + input: ${{ env.SETUP_EXE_PATH }} + keypair-alias: ${{ secrets.KEYLOCKER_KEYPAIR_ALIAS }} + env: + SM_HOST: ${{ secrets.KEYLOCKER_HOST }} + SM_API_KEY: ${{ secrets.KEYLOCKER_API_KEY }} + SM_CLIENT_CERT_FILE: D:\\Certificate_pkcs12.p12 + SM_CLIENT_CERT_PASSWORD: ${{ secrets.WINDOWS_CERT_PASSWORD }} - name: Create zip archive of offline app installer for distribution run: > From e69efdf7992c9e7b754370d59cf6aa6852322fae Mon Sep 17 00:00:00 2001 From: rozyczko Date: Thu, 9 Apr 2026 10:20:03 +0200 Subject: [PATCH 2/2] turn on all platforms --- .github/workflows/installer.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/installer.yml b/.github/workflows/installer.yml index add19adb..9bb2f023 100644 --- a/.github/workflows/installer.yml +++ b/.github/workflows/installer.yml @@ -17,8 +17,7 @@ jobs: strategy: fail-fast: false matrix: - # os: [ubuntu-22.04, ubuntu-24.04, windows-2022, macos-14] - os: [windows-2022] + os: [ubuntu-22.04, ubuntu-24.04, windows-2022, macos-14] steps: - name: Check-out repository