-
-
Notifications
You must be signed in to change notification settings - Fork 1.5k
122 lines (107 loc) · 4.23 KB
/
pre-release.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
name: Pre-Release WinUtil
permissions:
contents: write
actions: read
on:
workflow_dispatch: # Manual trigger added
jobs:
build-runspace:
runs-on: windows-latest
env:
CERTIFICATE_BASE64: ${{ secrets.CERTIFICATE_BASE64 }}
steps:
- name: Checkout Repository
uses: actions/checkout@v4
- name: Compile project
shell: pwsh
run: |
Set-ExecutionPolicy Bypass -Scope Process -Force; ./Compile.ps1
continue-on-error: false # Directly fail the job on error, removing the need for a separate check
- name: Set Version to Todays Date
id: extract_version
run: |
$version = (Get-Date -Format "yy.MM.dd")
echo "VERSION=$version" >> $env:GITHUB_ENV
shell: pwsh
- name: Create Tag
id: create_tag
run: |
$tagExists = git tag -l $env:VERSION
if ($tagExists -eq "") {
git tag $env:VERSION
if ($LASTEXITCODE -ne 0) {
Write-Error "Failed to create tag $env:VERSION"
exit 1
}
git push origin $env:VERSION
if ($LASTEXITCODE -ne 0) {
Write-Error "Failed to push tag $env:VERSION"
exit 1
}
} else {
Write-Host "Tag $env:VERSION already exists, skipping tag creation"
}
shell: pwsh
- name: Create and import code signing certificate
shell: pwsh
run: |
[System.IO.File]::WriteAllBytes("$env:USERPROFILE\code-signing-cert.pfx", [System.Convert]::FromBase64String("$env:CERTIFICATE_BASE64"))
Import-PfxCertificate -FilePath "$env:USERPROFILE\code-signing-cert.pfx" -CertStoreLocation Cert:\CurrentUser\My
- name: Code sign winutil.ps1
shell: pwsh
run: |
$cert = Get-ChildItem -Path Cert:\CurrentUser\My -CodeSigningCert | Select-Object -First 1
if ($null -eq $cert) { throw "Code signing certificate not found" }
Set-AuthenticodeSignature -FilePath ./winutil.ps1 -Certificate $cert
- name: Verify code signature
shell: pwsh
run: |
$signature = Get-AuthenticodeSignature -FilePath ./winutil.ps1
if ($signature.Status -ne 'Valid') { throw "Code signing failed" }
- name: Upload winutil.ps1 as artifact
uses: actions/upload-artifact@v4
with:
name: winutil
path: ./winutil.ps1
- name: Get latest release tag
id: get_latest_release
run: |
git fetch --tags --force
$latestTag = git for-each-ref --sort=-creatordate --format '%(refname:short)' refs/tags --count 1
if ($LASTEXITCODE -ne 0 -or [string]::IsNullOrEmpty($latestTag)) {
Write-Error "Failed to get latest tag. Error code: $LASTEXITCODE"
exit 1
}
Write-Host "Latest tag: $latestTag"
echo "LATEST_TAG=$latestTag" >> $env:GITHUB_ENV
shell: pwsh
- name: Generate Release Notes
id: generate_notes
uses: release-drafter/release-drafter@v5
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
config-name: release-drafter.yml
version: ${{ env.version }}
tag: ${{ env.LATEST_TAG }}
- name: Prepare Release Body
id: prepare_body
run: |
$newChanges = '${{ steps.generate_notes.outputs.body }}'
$escapedChanges = $newChanges -replace '(?m)^\s*(.+)\s*$', '$1' -replace "'", "''" -replace '"', '\"' -replace "`n", "\n" -replace "`r", ""
echo "body=$escapedChanges" | Out-File -Append -Encoding utf8 $env:GITHUB_OUTPUT
shell: pwsh
- name: Create and Upload Release
id: create_release
uses: softprops/action-gh-release@v2
with:
tag_name: ${{ env.version }}
name: Pre-Release ${{ env.version }}
body: |
${{ steps.prepare_body.outputs.body }}
![GitHub Downloads (specific asset, specific tag)](https://img.shields.io/github/downloads/ChrisTitusTech/winutil/${{ env.VERSION }}/winutil.ps1)
append_body: false
files: ./winutil.ps1
prerelease: true
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}