-
Notifications
You must be signed in to change notification settings - Fork 12
134 lines (131 loc) · 5.24 KB
/
build_exe.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
name: Build Windows installer
on:
workflow_dispatch:
# Inputs the workflow accepts.
inputs:
whl-url:
description: 'URL for Kolibri whl file'
required: true
release:
description: 'Is this a release asset?'
required: false
type: boolean
default: false
workflow_call:
inputs:
whl-file-name:
required: false
type: string
whl-url:
required: false
type: string
ref:
description: 'A ref for this workflow to check out its own repo'
required: false
type: string
release:
description: 'Is this a release asset?'
required: false
type: boolean
default: false
secrets:
KOLIBRI_WINDOWS_INSTALLER_CERTIFICATE:
required: false
KOLIBRI_WINDOWS_INSTALLER_CERTIFICATE_PASSWORD:
required: false
outputs:
exe-file-name:
description: "EXE file name"
value: ${{ jobs.build_exe.outputs.exe-file-name }}
jobs:
build_exe:
name: Build EXE file
runs-on: windows-latest
outputs:
exe-file-name: ${{ steps.get-exe-filename.outputs.exe-file-name }}
steps:
- name: Validate whl reference inputs
if: ${{ (inputs.whl-file-name && inputs.whl-url) || (!inputs.whl-file-name && !inputs.whl-url) }}
run: |
echo "Must specify exactly one reference for the whl file to build the EXE with."
exit 1
- uses: actions/checkout@v4
if: ${{ !inputs.ref }}
- uses: actions/checkout@v4
if: ${{ inputs.ref }}
with:
repository: learningequality/kolibri-installer-windows
ref: ${{ inputs.ref }}
- name: Set up Python 3.8
uses: actions/setup-python@v5
with:
python-version: 3.8
- uses: actions/cache@v4
with:
path: src\python-setup\python-*.exe
key: ${{ runner.os }}-python-installer-${{ hashFiles('make.bat') }}
restore-keys: |
${{ runner.os }}-python-installer-
- name: Get Python 32-bit installer
if: hashFiles('src\python-setup\python-3.8.10.exe') == ''
run: curl -L -o src\python-setup\python-3.8.10.exe https://www.python.org/ftp/python/3.8.10/python-3.8.10.exe
- name: Get Python 64-bit installer
if: hashFiles('src\python-setup\python-3.8.10-amd64.exe') == ''
run: curl -L -o src\python-setup\python-3.8.10-amd64.exe https://www.python.org/ftp/python/3.8.10/python-3.8.10-amd64.exe
- name: Download the whlfile from URL
if: ${{ inputs.whl-url }}
# Powershell recipe for downloading and using content disposition header:
# https://hodgkins.io/download-file-with-powershell-without-renaming
# Modified to remove query params
run: |
$download = Invoke-WebRequest -Uri "${{ inputs.whl-url }}"
$content = [System.Net.Mime.ContentDisposition]::new($download.Headers["Content-Disposition"])
$fileName = $content.FileName.split("?")[0]
$file = [System.IO.FileStream]::new($fileName, [System.IO.FileMode]::Create)
$file.Write($download.Content, 0, $download.RawContentLength)
$file.Close()
mv *.whl src
- name: Download the whlfile from artifacts
if: ${{ inputs.whl-file-name }}
uses: actions/download-artifact@v4
with:
name: ${{ inputs.whl-file-name }}
path: src
- name: Install pkginfo
run: pip install pkginfo
- name: Get Kolibri version
id: get-kolibri-version
run: |
import os
from pkginfo import Wheel
from glob import glob
whl_file = glob("src/*.whl")[0]
whl = Wheel(whl_file)
with open(os.environ['GITHUB_OUTPUT'], 'a') as fh:
print("kolibri-version={}".format(whl.version), file=fh)
shell: python
- name: Run the build
env:
KOLIBRI_BUILD_VERSION: ${{ steps.get-kolibri-version.outputs.kolibri-version }}
run: |
src\inno-compiler\ISCC.exe src\installer-source\KolibriSetupScript.iss
- name: Get EXE filename
id: get-exe-filename
run: |
import os
release = True if "${{ inputs.release == true }}" == "true" else False
with open(os.environ['GITHUB_OUTPUT'], 'a') as fh:
print("exe-file-name=kolibri-${{ steps.get-kolibri-version.outputs.kolibri-version }}-windows-setup{}.exe".format("" if release else "-unsigned"), file=fh)
shell: python
- name: Codesign the exe
if: ${{ inputs.release == true }}
id: codesign
run: |
Set-Content -Path pfx.b64 -Value "${{ secrets.KOLIBRI_WINDOWS_INSTALLER_CERTIFICATE }}"
certutil -decode pfx.b64 windows-2022.pfx
& 'C:/Program Files (x86)/Windows Kits/10/bin/10.0.22000.0/x64/signtool.exe' sign /tr http://timestamp.ssl.trustwave.com /td SHA256 /fd SHA256 /f windows-2022.pfx /p '${{ secrets.KOLIBRI_WINDOWS_INSTALLER_CERTIFICATE_PASSWORD }}' /debug exe\kolibri-${{ steps.get-kolibri-version.outputs.kolibri-version }}-windows-setup-unsigned.exe
mv exe\kolibri-${{ steps.get-kolibri-version.outputs.kolibri-version }}-windows-setup-unsigned.exe exe\kolibri-${{ steps.get-kolibri-version.outputs.kolibri-version }}-windows-setup.exe
- uses: actions/upload-artifact@v4
with:
name: ${{ steps.get-exe-filename.outputs.exe-file-name }}
path: exe