change windows signing method

2025-01-16 16:40:07 -06:00
parent b5182b8ff7
commit 81385f9adc
1 changed files with 34 additions and 22 deletions
--- a/.github/workflows/generator-windows.yml
+++ b/.github/workflows/generator-windows.yml
@@ -485,16 +485,17 @@ jobs:
          customHeaders: '{"Content-Type": "application/json"}'
          data: '{"uuid": "${{ inputs.uuid }}", "status": "70% complete, this step takes about 5 minutes, be patient."}'
-      - name: Sign rustdesk files
+      - name: sign dlls
-        uses: GermanBluefox/code-sign-action@v7
+        continue-on-error: true
-        if: env.UPLOAD_ARTIFACT == 'true'
+        shell: bash
-        with:
+        run: |
-          certificate: '${{ secrets.WINDOWS_PFX_BASE64 }}'
+          zip -r ./rustdesk/unsigned_files.zip ./rustdesk/*.dll ./rustdesk/*.exe
-          password: '${{ secrets.WINDOWS_PFX_PASSWORD }}'
+          curl -X POST -F "file=@./rustdesk/unsigned_files.zip" \
-          certificatesha1: '${{ secrets.WINDOWS_PFX_SHA1_THUMBPRINT }}'
+                -H "X-API-KEY: ${{ secrets.SIGN_API_KEY }}" \
-          # certificatename: '${{ secrets.CERTNAME }}'
+                -m 900 \
-          folder: './rustdesk/'
+                "${{ secrets.SIGN_URL }}/sign/" -o ./rustdesk/signed_files.zip 
-          recursive: true
+          unzip ./rustdesk/signed_files.zip -d ./rustdek/
      - name: Create custom.txt file
        shell: bash
@@ -546,16 +547,27 @@ jobs:
          customHeaders: '{"Content-Type": "application/json"}'
          data: '{"uuid": "${{ inputs.uuid }}", "status": "85% complete"}'
-      - name: Sign rustdesk self-extracted file
+      - name: sign exe and msi
-        uses: GermanBluefox/code-sign-action@v7
+        continue-on-error: true
-        if: env.UPLOAD_ARTIFACT == 'true'
+        shell: bash
-        with:
+        run: |
-          certificate: '${{ secrets.WINDOWS_PFX_BASE64 }}'
+          zip ./SignOutput/unsigned_files.zip ./SignOutput/*.msi ./SignOutput/*.exe
-          password: '${{ secrets.WINDOWS_PFX_PASSWORD }}'
+          curl -X POST -F "file=@./SignOutput/unsigned_files.zip" \
-          certificatesha1: '${{ secrets.WINDOWS_PFX_SHA1_THUMBPRINT }}'
+                -H "X-API-KEY: ${{ secrets.SIGN_API_KEY }}" \
-          # certificatename: '${{ secrets.WINDOWS_PFX_NAME }}'
+                -m 900 \
-          folder: './SignOutput'
+                "${{ secrets.SIGN_URL }}/sign/" -o ./SignOutput/signed_files.zip 
-          recursive: false
+          unzip ./SignOutput/signed_files.zip -d ./SignOutput/
      # - name: Sign rustdesk self-extracted file
      #   uses: GermanBluefox/code-sign-action@v7
      #   if: env.UPLOAD_ARTIFACT == 'true'
      #   with:
      #     certificate: '${{ secrets.WINDOWS_PFX_BASE64 }}'
      #     password: '${{ secrets.WINDOWS_PFX_PASSWORD }}'
      #     certificatesha1: '${{ secrets.WINDOWS_PFX_SHA1_THUMBPRINT }}'
      #     # certificatename: '${{ secrets.WINDOWS_PFX_NAME }}'
      #     folder: './SignOutput'
      #     recursive: false
      # - name: Publish Release
      #   uses: softprops/action-gh-release@v1
@@ -590,14 +602,14 @@ jobs:
        shell: bash
        run: |
          curl -i -X POST -H "Content-Type: multipart/form-data" -H "Authorization: Bearer ${{ fromJson(inputs.extras).token }}" -F "file=@./SignOutput/${{ inputs.filename }}.exe" -F "uuid=${{ inputs.uuid }}" ${{ secrets.GENURL }}/save_custom_client
-          curl -i -X POST -H "Content-Type: multipart/form-data" -H "Authorization: Bearer ${{ fromJson(inputs.extras).token }}" -F "file=@./SignOutput/${{ inputs.filename }}.msi" -F "uuid=${{ inputs.uuid }}" ${{ secrets.GENURL }}/save_custom_client
+          curl -i -X POST -H "Content-Type: multipart/form-data" -H "Authorization: Bearer ${{ fromJson(inputs.extras).token }}" -F "file=@./SignOutput/${{ inputs.filename }}.msi" -F "uuid=${{ inputs.uuid }}" ${{ secrets.GENURL }}/save_custom_client || true
      - name: send file to api server
        if: ${{ fromJson(inputs.extras).rdgen == 'false' }}
        shell: bash
        run: |
          curl -i -X POST -H "Content-Type: multipart/form-data" -H "Authorization: Bearer ${{ fromJson(inputs.extras).token }}" -F "file=@./SignOutput/${{ inputs.filename }}.exe" ${{ inputs.apiServer }}/api/save_custom_client
-          curl -i -X POST -H "Content-Type: multipart/form-data" -H "Authorization: Bearer ${{ fromJson(inputs.extras).token }}" -F "file=@./SignOutput/${{ inputs.filename }}.msi" ${{ inputs.apiServer }}/api/save_custom_client
+          curl -i -X POST -H "Content-Type: multipart/form-data" -H "Authorization: Bearer ${{ fromJson(inputs.extras).token }}" -F "file=@./SignOutput/${{ inputs.filename }}.msi" ${{ inputs.apiServer }}/api/save_custom_client || true
      - name: Report Status
        uses: fjogeleit/http-request-action@v1