Skip to content

V3

V3 #87

Workflow file for this run

name: PR Tests
on:
pull_request:
jobs:
default-signtool-tests:
runs-on: ${{ matrix.os }}
env:
term: xterm
strategy:
fail-fast: false
matrix:
include:
- os: macos-14
file: dist/@lando/code-sign-action
node-version: '20'
- os: ubuntu-24.04
file: dist/@lando/code-sign-action
node-version: '20'
- os: windows-2022
file: dist/@lando/code-sign-action.exe
node-version: '20'
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Install node ${{ matrix.node-version }}
uses: actions/setup-node@v4
with:
node-version: ${{ matrix.node-version }}
cache: npm
- name: Install dependencies
shell: bash
run: npm clean-install --prefer-offline --frozen-lockfile
- name: Package node binary
shell: bash
run: npm run build
- name: Trust test certs
shell: bash
if: runner.os == 'Linux'
run: |
# dump
echo "${{ secrets.DEFAULT_CERT_DATA }}" | base64 --decode | sudo install -D /dev/stdin /tmp/LandoCodeSigningTest.p12
# extract
openssl pkcs12 -in /tmp/LandoCodeSigningTest.p12 -clcerts -nokeys -out /tmp/LandoCodeSigningTest.pem -password pass:${{ secrets.DEFAULT_CERT_PASSWORD }}
# trust
sudo cp /tmp/LandoCodeSigningTest.pem /usr/local/share/ca-certificates/LandoCodeSigningTest.crt
sudo update-ca-certificates
- name: Trust test certs
shell: bash
if: runner.os == 'macOS'
run: |
# dump
echo "${{ secrets.DEFAULT_CERT_DATA }}" | base64 --decode > /tmp/LandoCodeSigningTest.p12
# extract
openssl pkcs12 -in /tmp/LandoCodeSigningTest.p12 -clcerts -nokeys -out /tmp/LandoCodeSigningTest.pem -password pass:${{ secrets.DEFAULT_CERT_PASSWORD }}
# trust
sudo security authorizationdb write com.apple.trust-settings.user allow
sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain /tmp/LandoCodeSigningTest.pem
sudo security find-certificate -a -c "Lando System Code Signing Test Certificate" -p /Library/Keychains/System.keychain
- name: Trust test certs
shell: powershell
if: runner.os == 'Windows'
run: |
# vars
$temp_dir = "$env:TMP"
$cert_data = "${{ secrets.DEFAULT_CERT_DATA }}"
$cert_path = "$temp_dir\LandoCodeSigningTest.p12"
$cert_password = "${{ secrets.DEFAULT_CERT_PASSWORD }}"
$cert_secure_password = ConvertTo-SecureString -String $cert_password -Force -AsPlainText
$cert_store = "Cert:\LocalMachine\Root"
# dump
If (!(Test-Path $cert_path)) {
Write-Output "Dumping cert to $cert_path..."
$bytes = [Convert]::FromBase64String($cert_data)
[IO.File]::WriteAllBytes($cert_path, $bytes)
}
# trust
Import-PfxCertificate -FilePath $cert_path -CertStoreLocation $cert_store -Password $cert_secure_password
- name: Codesign
uses: ./
id: code-sign-action
with:
file: ${{ matrix.file }}
certificate-data: ${{ secrets.DEFAULT_CERT_DATA }}
certificate-id: LSL337X6
certificate-password: ${{ secrets.DEFAULT_CERT_PASSWORD }}
- name: Test output
shell: bash
run: |
echo "${{ steps.code-sign-action.outputs.file }}"
stat "${{ steps.code-sign-action.outputs.file }}"
- name: Execute file
shell: bash
run: chmod +x "${{ steps.code-sign-action.outputs.file }}" && "${{ steps.code-sign-action.outputs.file }}"
# basic-tests:
# runs-on: ${{ matrix.os }}
# env:
# term: xterm
# strategy:
# fail-fast: false
# matrix:
# include:
# - os: macos-14
# file: dist/@lando/code-sign-action
# certificate-data: APPLE_CERT_DATA
# certificate-password: APPLE_CERT_PASSWORD
# node-version: '20'
# - os: ubuntu-24.04
# file: dist/@lando/code-sign-action
# certificate-data: KEYLOCKER_CLIENT_CERT
# certificate-password: KEYLOCKER_CLIENT_CERT_PASSWORD
# node-version: '20'
# - os: windows-2022
# file: dist/@lando/code-sign-action.exe
# certificate-data: KEYLOCKER_CLIENT_CERT
# certificate-password: KEYLOCKER_CLIENT_CERT_PASSWORD
# node-version: '20'
# steps:
# - name: Checkout code
# uses: actions/checkout@v4
# with:
# fetch-depth: 0
# - name: Install node ${{ matrix.node-version }}
# uses: actions/setup-node@v4
# with:
# node-version: ${{ matrix.node-version }}
# cache: npm
# - name: Install dependencies
# shell: bash
# run: npm clean-install --prefer-offline --frozen-lockfile
# - name: Package node binary
# shell: bash
# run: npm run build
# - name: Codesign
# uses: ./
# id: code-sign-action
# with:
# file: ${{ matrix.file }}
# certificate-data: ${{ secrets[matrix.certificate-data] }}
# certificate-password: ${{ secrets[matrix.certificate-password] }}
# apple-team-id: FY8GAUX282
# keylocker-host: https://clientauth.one.digicert.com
# keylocker-api-key: ${{ secrets.KEYLOCKER_API_KEY }}
# keylocker-cert-sha1-hash: ${{ secrets.KEYLOCKER_CERT_SHA1_HASH }}
# keylocker-keypair-alias: ${{ secrets.KEYLOCKER_KEYPAIR_ALIAS }}
# - name: Test outputs + execute file
# shell: bash
# env:
# FILE: ${{ steps.code-sign-action.outputs.file }}
# run: |
# chmod +x "$FILE"
# "$FILE"
# options-tests:
# runs-on: macos-14
# env:
# term: xterm
# strategy:
# fail-fast: false
# matrix:
# node-version:
# - '20'
# steps:
# - name: Checkout code
# uses: actions/checkout@v4
# with:
# fetch-depth: 0
# - name: Install node ${{ matrix.node-version }}
# uses: actions/setup-node@v4
# with:
# node-version: ${{ matrix.node-version }}
# cache: npm
# - name: Install dependencies
# shell: bash
# run: npm clean-install --prefer-offline --frozen-lockfile
# - name: Package node binary
# shell: bash
# run: npm run build
# - name: Codesign
# uses: ./
# with:
# file: "dist/@lando/code-sign-action"
# certificate-data: ${{ secrets.APPLE_CERT_DATA }}
# certificate-password: ${{ secrets.APPLE_CERT_PASSWORD }}
# apple-team-id: FY8GAUX282
# options: --options runtime --entitlements entitlements.xml
notarize-tests:
runs-on: macos-14
env:
term: xterm
strategy:
fail-fast: false
matrix:
node-version:
- '20'
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Install node ${{ matrix.node-version }}
uses: actions/setup-node@v4
with:
node-version: ${{ matrix.node-version }}
cache: npm
- name: Install dependencies
shell: bash
run: npm clean-install --prefer-offline --frozen-lockfile
- name: Package node binary
shell: bash
run: npm run build
- name: Codesign
uses: ./
with:
file: "dist/@lando/code-sign-action"
certificate-data: ${{ secrets.APPLE_CERT_DATA }}
certificate-password: ${{ secrets.APPLE_CERT_PASSWORD }}
apple-notary-user: ${{ secrets.APPLE_NOTARY_USER }}
apple-notary-password: ${{ secrets.APPLE_NOTARY_PASSWORD }}
apple-team-id: FY8GAUX282
apple-product-id: dev.lando.code-sign-action
options: --options runtime --entitlements entitlements.xml