Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adds code signing to packaging step for Windows. #87

Merged
merged 3 commits into from
Oct 15, 2023
Merged

Adds code signing to packaging step for Windows. #87

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
f7703bf
Adds code signing to packaging step for Windows.
FiniteSingularity Oct 15, 2023
8120dc3
Unsigned for PRs, signed for merge into main
FiniteSingularity Oct 15, 2023
ffaef77
Update version to 1.0.6
FiniteSingularity Oct 15, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .github/CODEOWNERS
View file
Open in desktop
Validating CODEOWNERS rules …
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
/.github/ @FiniteSingularity
91 changes: 76 additions & 15 deletions .github/workflows/build.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -271,8 +271,9 @@ jobs:
with:
name: "installer-files"
path: installer/*
windows-package:
name: "Windows Package"
windows-package-unsigned:
name: "Windows Package Unsigned"
if: github.event_name == 'pull_request'
runs-on: [windows-latest]
needs: [windows-build]
steps:
Expand All @@ -287,6 +288,10 @@ jobs:
echo "FILE_NAME_X86=${env:FILE_NAME_X86}" >> ${env:GITHUB_ENV}
$env:FILE_NAME_X64="${{ env.PLUGIN_NAME }}-${{ github.sha }}-windows-x64"
echo "FILE_NAME_X64=${env:FILE_NAME_X64}" >> ${env:GITHUB_ENV}
- name: Setup Secrets
run: |
Write-Output "Setting up signing pin- ::add-mask::${{ secrets.SIGNING_KEY_PIN }}"
Write-Output "Setting up signing org- ${{ secrets.SIGNING_ORG }}"
- name: Retrieve x86 build
uses: actions/[email protected]
with:
Expand All @@ -302,20 +307,74 @@ jobs:
with:
name: "installer-files"
path: .
- name: Create Code Signing Certificate
if: false && github.event_name != 'pull_request'
- name: Publish zip
if: success()
uses: actions/[email protected]
with:
name: "${{ env.FILE_NAME }}"
path: package/*
- name: "Package Installer (Compile)"
run: |
New-Item -ItemType directory -Path certificate
Set-Content -Path certificate\certificate.txt -Value '${{ secrets.CERTIFICATE }}'
certutil -decode certificate\certificate.txt certificate\certificate.pfx
& 'C:\Program Files (x86)\Inno Setup 6\ISCC.exe' /Qp ".\installer.iss"
- name: Publish installer
if: success()
uses: actions/[email protected]
with:
name: "${{ env.FILE_NAME }}-installer"
path: package/*.exe
- name: Remove temp artifacts
uses: geekyeggo/[email protected]
with:
name: "${{ env.FILE_NAME_X86 }}\n${{ env.FILE_NAME_X64 }}\ninstaller-files"

windows-package-signed:
name: "Windows Package Signed"
if: github.event_name == 'push'
runs-on: [self-hosted]
needs: [windows-build]
steps:
- name: Init
if: success()
run: |
mkdir ./package
$env:FILE_DATE=(Get-Date -UFormat "%F")
$env:FILE_NAME="${{ env.PLUGIN_NAME }}-${env:FILE_DATE}-${{ github.sha }}-windows"
echo "FILE_NAME=${env:FILE_NAME}" >> ${env:GITHUB_ENV}
$env:FILE_NAME_X86="${{ env.PLUGIN_NAME }}-${{ github.sha }}-windows-x86"
echo "FILE_NAME_X86=${env:FILE_NAME_X86}" >> ${env:GITHUB_ENV}
$env:FILE_NAME_X64="${{ env.PLUGIN_NAME }}-${{ github.sha }}-windows-x64"
echo "FILE_NAME_X64=${env:FILE_NAME_X64}" >> ${env:GITHUB_ENV}
- name: Setup Secrets
run: |
Write-Output "Setting up signing pin- ::add-mask::${{ secrets.SIGNING_KEY_PIN }}"
Write-Output "Setting up signing org- ${{ secrets.SIGNING_ORG }}"
- name: Retrieve x86 build
uses: actions/[email protected]
with:
name: "${{ env.FILE_NAME_X86 }}"
path: ./package
- name: Retrieve x64 build
uses: actions/[email protected]
with:
name: "${{ env.FILE_NAME_X64 }}"
path: ./package
- name: Get ScSignTool
run: |
curl "-kL" "https://www.mgtek.com/files/smartcardtools.zip" "-f" "--retry" "5" "-o" "smartcardtools.zip"
7z x smartcardtools.zip -o"./smartcardtools"
- name: Retrieve installer files
uses: actions/[email protected]
with:
name: "installer-files"
path: .
- name: Code Sign 32
if: false && github.event_name != 'pull_request'
if: success()
run: |
& 'C:/Program Files (x86)/Windows Kits/10/bin/10.0.20348.0/x86/signtool.exe' sign /f certificate\certificate.pfx /p '${{ secrets.CERTIFICATE_PASS }}' /t http://timestamp.comodoca.com/authenticode .\package\obs-plugins\32bit\${{ env.PLUGIN_NAME }}.dll
& '.\smartcardtools\x86\ScSignTool.exe' -pin ${{ secrets.SIGNING_KEY_PIN }} sign /fd sha256 /tr http://ts.ssl.com /td sha256 /n '${{ secrets.SIGNING_ORG }}' .\package\obs-plugins\32bit\${{ env.PLUGIN_NAME }}.dll
- name: Code Sign 64
if: false && github.event_name != 'pull_request'
if: success()
run: |
& 'C:/Program Files (x86)/Windows Kits/10/bin/10.0.20348.0/x64/signtool.exe' sign /f certificate\certificate.pfx /p '${{ secrets.CERTIFICATE_PASS }}' /t http://timestamp.comodoca.com/authenticode .\package\obs-plugins\64bit\${{ env.PLUGIN_NAME }}.dll
& '.\smartcardtools\x86\ScSignTool.exe' -pin ${{ secrets.SIGNING_KEY_PIN }} sign /fd sha256 /tr http://ts.ssl.com /td sha256 /n '${{ secrets.SIGNING_ORG }}' .\package\obs-plugins\64bit\${{ env.PLUGIN_NAME }}.dll
- name: Publish zip
if: success()
uses: actions/[email protected]
Expand All @@ -324,15 +383,14 @@ jobs:
path: package/*
- name: "Package Installer (Prereqs)"
run: |
curl "-kL" "https://files.jrsoftware.org/is/6/innosetup-6.0.3.exe" "-f" "--retry" "5" "-o" "inno.exe"
.\inno.exe /VERYSILENT /SP- /SUPPRESSMSGBOXES /NORESTART
curl "-kL" "https://github.com/Xaymar/msvc-redist-helper/releases/download/0.1/msvc-redist-helper-64.exe" "-f" "--retry" "5" "-o" "msvc-redist-helper.exe"
- name: "Package Installer (Compile)"
run: |
& 'C:\Program Files (x86)\Inno Setup 6\ISCC.exe' /Qp ".\installer.iss"
- name: Code Sign Installer
if: false && github.event_name != 'pull_request'
if: success()
run: |
& 'C:/Program Files (x86)/Windows Kits/10/bin/10.0.20348.0/x64/signtool.exe' sign /f certificate\certificate.pfx /p '${{ secrets.CERTIFICATE_PASS }}' /t http://timestamp.comodoca.com/authenticode .\package\${{ env.PLUGIN_NAME }}-installer.exe
& '.\smartcardtools\x86\ScSignTool.exe' -pin ${{ secrets.SIGNING_KEY_PIN }} sign /fd sha256 /tr http://ts.ssl.com /td sha256 /n '${{ secrets.SIGNING_ORG }}' .\package\${{ env.PLUGIN_NAME }}-installer.exe
- name: Publish installer
if: success()
uses: actions/[email protected]
Expand All @@ -343,3 +401,6 @@ jobs:
uses: geekyeggo/[email protected]
with:
name: "${{ env.FILE_NAME_X86 }}\n${{ env.FILE_NAME_X64 }}\ninstaller-files"
- name: Cleanup
if: ${{ always() }}
run: rm -Recurse -Force ./*
2 changes: 1 addition & 1 deletion CMakeLists.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ else()
cmake_minimum_required(VERSION 3.18)
endif()

project(obs-composite-blur VERSION 1.0.5)
project(obs-composite-blur VERSION 1.0.6)
set(PROJECT_FULL_NAME "Composite Blur")

# Set new UUIDs when you start to create a new plugin.
Expand Down
2 changes: 1 addition & 1 deletion buildspec.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -79,5 +79,5 @@
}
},
"name": "obs-composite-blur",
"version": "1.0.5"
"version": "1.0.6"
}
4 changes: 2 additions & 2 deletions src/version.h
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
#pragma once

#define PROJECT_VERSION "1.0.5"
#define PROJECT_VERSION "1.0.6"
#define PROJECT_VERSION_MAJOR 1
#define PROJECT_VERSION_MINOR 0
#define PROJECT_VERSION_PATCH 5
#define PROJECT_VERSION_PATCH 6