diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index f576cfa..4dcf3c0 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -13,6 +13,7 @@ jobs: env: solution: AmagnoVirtualPrinter.sln configuration: Release + certificatepassword: ${{ secrets.CERTIFICATEPASSWORD }} steps: - name: Checkout uses: actions/checkout@v3 @@ -24,8 +25,11 @@ jobs: run: msbuild $env:solution /m /t:Restore /p:Configuration=$env:configuration - name: Build solution run: msbuild $env:solution /m /t:Rebuild /p:Configuration=$env:configuration - - name: Create msi from PowerShell Script + - name: Create msi with PowerShell Script run: pwsh -command ".\$GITHUB_WORKSPACE\create_msi.ps1" + - name: Sign msi with PowerShell Script + shell: powershell + run: .\$GITHUB_WORKSPACE\sign_files.ps1 -Path .\$GITHUB_WORKSPACE\Files -CertPath .\$GITHUB_WORKSPACE\codeSigningCert.pfx -CertPwd $env:SUPER_SECRET - name: Upload files artifact uses: actions/upload-artifact@v3 with: diff --git a/.gitignore b/.gitignore index 655d1e5..c20e88e 100644 --- a/.gitignore +++ b/.gitignore @@ -236,7 +236,6 @@ ClientBin/ *.dbmdl *.dbproj.schemaview *.jfm -*.pfx *.publishsettings orleans.codegen.cs diff --git a/codeSigningCert.pfx b/codeSigningCert.pfx new file mode 100644 index 0000000..9e96a73 Binary files /dev/null and b/codeSigningCert.pfx differ diff --git a/create_msi.ps1 b/create_msi.ps1 index d56405d..be6963c 100644 --- a/create_msi.ps1 +++ b/create_msi.ps1 @@ -1,5 +1,5 @@ Set-Location $PSScriptRoot -$args = "/MSBUILD:$PSScriptRoot\Installer\AmagnoVirtualPrinter.WixSharpInstaller", "/p:$PSScriptRoot" +$arguments = "/MSBUILD:$PSScriptRoot\Installer\AmagnoVirtualPrinter.WixSharpInstaller", "/p:$PSScriptRoot" Remove-Item -Path "$PSScriptRoot\Files\*" -Filter '*.pdb' -Force -Start-Process -FilePath "$PSScriptRoot\Files\AmagnoPrinterInstaller.exe" -ArgumentList $args -wait \ No newline at end of file +Start-Process -FilePath "$PSScriptRoot\Files\AmagnoPrinterInstaller.exe" -ArgumentList $arguments -wait \ No newline at end of file diff --git a/sign_files.ps1 b/sign_files.ps1 new file mode 100644 index 0000000..762ce33 --- /dev/null +++ b/sign_files.ps1 @@ -0,0 +1,26 @@ +[CmdletBinding()] +param ( + [Parameter(Mandatory=$true)] + [String] + $path, + [Parameter(Mandatory=$true)] + [String] + $certPath, + [Parameter(Mandatory=$true)] + [String] + $certPwd +) + +$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2($certPath, $certPwd) + +$files = Get-ChildItem -Path $path | + Where-Object { $_.Extension -in '.dll', '.exe' } | + Select-Object -ExpandProperty FullName | + Get-AuthenticodeSignature | + Where-Object { $_.Status -eq "NotSigned" } | + Select-Object -ExpandProperty Path + +foreach($file in $files){ + Write-Host "Signing... $file" + Set-AuthenticodeSignature $file -Certificate $cert -TimestampServer "http://timestamp.digicert.com" +} diff --git a/sign_setup.ps1 b/sign_setup.ps1 new file mode 100644 index 0000000..e229278 --- /dev/null +++ b/sign_setup.ps1 @@ -0,0 +1,16 @@ +[CmdletBinding()] +param ( + [Parameter(Mandatory=$true)] + [String] + $certPath, + [Parameter(Mandatory=$true)] + [String] + $certPwd +) + +$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2($certPath, $certPwd) + +$file = "AmagnoPrinterInstaller.msi" + +Write-Host "Signing... $file" +Set-AuthenticodeSignature $file -Certificate $cert -TimestampServer "http://timestamp.digicert.com"