-
Notifications
You must be signed in to change notification settings - Fork 0
294 lines (240 loc) · 10.8 KB
/
create-release.yml
File metadata and controls
294 lines (240 loc) · 10.8 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
name: Create Release
on:
push:
tags:
- 'v*' # 触发以 v 开头的标签
permissions:
contents: write # 需要写入权限来创建 releases
jobs:
build:
runs-on: windows-latest
steps:
- uses: actions/checkout@v6.0.2
- name: Get tag name
id: tag
run: |
$tagName = $env:GITHUB_REF.Substring($env:GITHUB_REF.LastIndexOf('/') + 1)
echo "TAG_NAME=$tagName" >> $env:GITHUB_OUTPUT
# Extract version number from tag (remove 'v' prefix)
$version = $tagName.Substring(1) # Remove 'v' prefix
echo "VERSION=$version" >> $env:GITHUB_OUTPUT
shell: pwsh
- name: Display version info
run: |
echo "Tag: ${{ steps.tag.outputs.TAG_NAME }}"
echo "Version: ${{ steps.tag.outputs.VERSION }}"
- name: Update version in ExplorerEnhancement.rc
shell: pwsh
run: |
# Parse version from tag (e.g., v1.0 -> 1,0,0,0 or v1.0.1 -> 1,0,1,0)
$versionStr = "${{ steps.tag.outputs.VERSION }}"
$versionParts = $versionStr.Split('.')
# Pad version to 4 parts if needed (e.g., 1.0 becomes 1.0.0.0)
while ($versionParts.Count -lt 4) {
$versionParts += "0"
}
# Create version numbers for FILEVERSION and PRODUCTVERSION
$fileVersion = $versionParts -join ","
$productVersion = $versionParts -join ","
# Also update the string values
$stringVersion = $versionParts -join "."
Write-Host "Updating version to: $stringVersion"
# Read the RC file
$rcFile = "src\ExplorerEnhancement\ExplorerEnhancement.rc"
$content = Get-Content $rcFile -Raw
# Replace version info
$content = $content -replace '(FILEVERSION\s+)\d+,\d+,\d+,\d+', "`${1}$fileVersion"
$content = $content -replace '(PRODUCTVERSION\s+)\d+,\d+,\d+,\d+', "`${1}$productVersion"
$content = $content -replace '(VALUE "FileVersion",\s+")\d+\.\d+\.\d+\.\d+(")', "`${1}$stringVersion`${2}"
$content = $content -replace '(VALUE "ProductVersion",\s+")\d+\.\d+\.\d+\.\d+(")', "`${1}$stringVersion`${2}"
# Write back the updated content
Set-Content $rcFile $content -Encoding UTF8
Write-Host "Updated version in ExplorerEnhancement.rc"
- name: Add MSBuild to PATH
uses: microsoft/setup-msbuild@v2
- name: Restore NuGet packages
working-directory: ${{ github.workspace }}
run: nuget restore ./src
- name: Build x86
working-directory: ${{ github.workspace }}
run: msbuild /m /p:Configuration=Release /p:Platform=x86 ./src
- name: Build x64
working-directory: ${{ github.workspace }}
run: msbuild /m /p:Configuration=Release /p:Platform=x64 ./src
- name: sign
shell: pwsh
run: |
# 改进的 signtool 查找逻辑
$signtool = Get-ChildItem "C:\Program Files (x86)\Windows Kits\10\bin\" -Recurse -Filter signtool.exe -File -ErrorAction SilentlyContinue |
Where-Object { $_.DirectoryName -match "\\x64\\" } |
Sort-Object FullName -Descending |
Select-Object -First 1
# 检查是否找到了 signtool
if ($signtool -eq $null) {
Write-Host "Attempting alternative search methods..."
# 备选方案:搜索所有版本的 Windows SDK
$signtool = Get-ChildItem "C:\Program Files (x86)\Windows Kits\10\bin\*\x64\signtool.exe" -File -ErrorAction SilentlyContinue |
Sort-Object FullName -Descending |
Select-Object -First 1
}
# 如果仍然没有找到,则从环境变量或默认路径查找
if ($signtool -eq $null) {
Write-Host "Attempting to find signtool in common locations..."
$possiblePaths = @(
"${env:ProgramFiles(x86)}\Windows Kits\10\bin\10.0.*\x64\signtool.exe",
"${env:ProgramFiles(x86)}\Windows Kits\10\bin\x64\signtool.exe",
"${env:ProgramFiles}\Microsoft SDKs\Windows\v*\Bin\Signtool.exe"
)
foreach ($path in $possiblePaths) {
$found = Get-Item $path -ErrorAction SilentlyContinue | Select-Object -First 1
if ($found) {
$signtool = $found
break
}
}
}
# 验证是否找到了 signtool
if ($signtool -eq $null) {
throw "Could not find signtool.exe in any known location."
} else {
$signtoolPath = $signtool.FullName
Write-Host "Found signtool at: $signtoolPath"
}
$pfxBytes = [Convert]::FromBase64String("${{ secrets.PFX_CERTIFICATE }}")
$pfxPath = "$env:RUNNER_TEMP/MyCodeSignCert.pfx"
[IO.File]::WriteAllBytes($pfxPath, $pfxBytes)
Write-Host "PFX certificate restored to: $pfxPath"
# 确保证书文件已创建且可访问
if (-not (Test-Path $pfxPath)) {
throw "Certificate file was not created at: $pfxPath"
}
Write-Host "Certificate file exists and is accessible."
$pfxPassword = "${{ secrets.PFX_PASSWORD }}"
$timestampServer = "http://timestamp.digicert.com"
# 查找并签名所有构建输出文件
$filesToSign = @()
# 添加x86构建输出
$x86Dll = "./src/build/ExplorerEnhancement_x86.dll"
if (Test-Path $x86Dll) {
$filesToSign += $x86Dll
}
$x86Exe = "./src/build/ExplorerEnhancementManager_x86.exe"
if (Test-Path $x86Exe) {
$filesToSign += $x86Exe
}
# 添加x64构建输出
$x64Dll = "./src/build/ExplorerEnhancement_x64.dll"
if (Test-Path $x64Dll) {
$filesToSign += $x64Dll
}
$x64Exe = "./src/build/ExplorerEnhancementManager_x64.exe"
if (Test-Path $x64Exe) {
$filesToSign += $x64Exe
}
# 签名文件
foreach ($file in $filesToSign) {
if (Test-Path $file) {
Write-Host "Signing file: $file"
& $signtoolPath sign /f "$pfxPath" /p "$pfxPassword" /fd SHA256 /t "$timestampServer" /v "$file"
if ($LASTEXITCODE -ne 0) {
Write-Warning "Failed to sign file: $file (Exit code: $LASTEXITCODE)"
} else {
Write-Host "Successfully signed: $file"
}
} else {
Write-Warning "File not found: $file"
}
}
- name: Install NSIS
uses: negrutiu/nsis-install@v2
- name: Build Installer
working-directory: ${{github.workspace}}
run: makensis Installer.nsi
- name: Sign Installer
shell: pwsh
run: |
# 对安装程序进行签名
$signtool = Get-ChildItem "C:\Program Files (x86)\Windows Kits\10\bin\" -Recurse -Filter signtool.exe -File -ErrorAction SilentlyContinue |
Where-Object { $_.DirectoryName -match "\\x64\\" } |
Sort-Object FullName -Descending |
Select-Object -First 1
if ($signtool -eq $null) {
$possiblePaths = @(
"${env:ProgramFiles(x86)}\Windows Kits\10\bin\10.0.*\x64\signtool.exe",
"${env:ProgramFiles(x86)}\Windows Kits\10\bin\x64\signtool.exe"
)
foreach ($path in $possiblePaths) {
$found = Get-Item $path -ErrorAction SilentlyContinue | Select-Object -First 1
if ($found) {
$signtool = $found
break
}
}
}
if ($signtool -eq $null) {
throw "Could not find signtool.exe in any known location."
} else {
$signtoolPath = $signtool.FullName
Write-Host "Found signtool at: $signtoolPath"
}
$installerPath = "./ExplorerExtensionSetup.exe"
$pfxPath = "$env:RUNNER_TEMP/MyCodeSignCert.pfx" # 使用与前面相同的路径
$pfxPassword = "${{ secrets.PFX_PASSWORD }}"
if (Test-Path $installerPath) {
Write-Host "Signing installer: $installerPath"
& $signtoolPath sign /f "$pfxPath" /p "$pfxPassword" /fd SHA256 /t "http://timestamp.digicert.com" /v "$installerPath"
if ($LASTEXITCODE -ne 0) {
Write-Warning "Failed to sign installer: $installerPath (Exit code: $LASTEXITCODE)"
} else {
Write-Host "Successfully signed installer: $installerPath"
}
} else {
Write-Warning "Installer not found: $installerPath"
}
- name: Create x86 zip archive
shell: pwsh
run: |
$version = "${{ steps.tag.outputs.VERSION }}"
$x86Dir = "./src/build/"
$x86Zip = "Extensions-x86-$version.zip"
if (Test-Path $x86Dir) {
# Create a temporary directory with the files
$tempDir = "temp_x86"
New-Item -ItemType Directory -Path $tempDir -Force
# Copy x86 build files
Copy-Item "$x86Dir/ExplorerEnhancement_x86.dll" $tempDir
Copy-Item "$x86Dir/ExplorerEnhancementManager_x86.exe" $tempDir
# Create the zip file
Compress-Archive -Path "$tempDir\*" -DestinationPath $x86Zip -Force
# Clean up
Remove-Item $tempDir -Recurse -Force
Write-Host "Created x86 archive: $x86Zip"
} else {
Write-Warning "x86 build directory not found: $x86Dir"
}
- name: Create x64 zip archive
shell: pwsh
run: |
$version = "${{ steps.tag.outputs.VERSION }}"
$x64Dir = "src/build"
$x64Zip = "Extensions-x64-$version.zip"
if (Test-Path $x64Dir) {
# Create a temporary directory with the files
$tempDir = "temp_x64"
New-Item -ItemType Directory -Path $tempDir -Force
# Copy x64 build files
Copy-Item "$x64Dir\ExplorerEnhancement_x64.dll" $tempDir
Copy-Item "$x64Dir\ExplorerEnhancementManager_x64.exe" $tempDir
# Create the zip file
Compress-Archive -Path "$tempDir\*" -DestinationPath $x64Zip -Force
# Clean up
Remove-Item $tempDir -Recurse -Force
Write-Host "Created x64 archive: $x64Zip"
} else {
Write-Warning "x64 build directory not found: $x64Dir"
}
- name: Draft Release
uses: ncipollo/release-action@v1
with:
artifacts: "Extensions-*.zip,ExplorerExtensionSetup.exe"
bodyFile: "doc/release_body.md"