@@ -16,7 +16,47 @@ skip_tags: true # Don't rebuild on tags.
16
16
init :
17
17
- ps : Install-Product node 16
18
18
- cmd : set NODE_OPTIONS=--max-old-space-size=8192
19
+ cache :
20
+ - ' %APPDATA%\npm-cache' # npm cache
21
+ - newIDE\app\node_modules -> newIDE\app\package-lock.json
22
+ - newIDE\electron-app\node_modules -> newIDE\electron-app\package-lock.json
23
+ - GDevelop.js\node_modules -> GDevelop.js\package-lock.json
19
24
install :
25
+ # Download and install SSL.com eSigner CKA.
26
+ # See https://www.ssl.com/how-to/how-to-integrate-esigner-cka-with-ci-cd-tools-for-automated-code-signing/.
27
+ #
28
+ # This is necessary because of "signing to be FIPS-140 compliant". See
29
+ # https://github.com/electron-userland/electron-builder/issues/6158
30
+ #
31
+ # Make sure to DISABLE "malware blocker" in SSL.com to avoid errors like:
32
+ # Error information: "Error: SignerSign() failed." (-2146893821/0x80090003)
33
+ - ps : >-
34
+ # Download and Unzip eSignerCKA Setup
35
+
36
+ Set-StrictMode -Version 'Latest'
37
+
38
+ Invoke-WebRequest -OutFile eSigner_CKA_Setup.zip "https://github.com/SSLcom/eSignerCKA/releases/download/v1.0.6/SSL.COM-eSigner-CKA_1.0.6.zip"
39
+
40
+ Expand-Archive -Force eSigner_CKA_Setup.zip
41
+
42
+ Remove-Item eSigner_CKA_Setup.zip
43
+
44
+ Move-Item -Destination "eSigner_CKA_Installer.exe" -Path "eSigner_CKA_*\*.exe"
45
+
46
+ # Install it. See https://www.ssl.com/how-to/how-to-integrate-esigner-cka-with-ci-cd-tools-for-automated-code-signing/
47
+
48
+ New-Item -ItemType Directory -Force -Path "C:\projects\gdevelop\eSignerCKA"
49
+
50
+ ./eSigner_CKA_Installer.exe /CURRENTUSER /VERYSILENT /SUPPRESSMSGBOXES /DIR="C:\projects\gdevelop\eSignerCKA" | Out-Null
51
+
52
+ # Disable logger.
53
+
54
+ # $LogConfig = Get-Content -Path C:\projects\gdevelop\eSignerCKA/log4net.config
55
+
56
+ # $LogConfig[0] = '<log4net threshold="OFF">'
57
+
58
+ # $LogConfig | Set-Content -Path C:\projects\gdevelop\eSignerCKA/log4net.config
59
+
20
60
# Build GDevelop.js (and run tests to ensure it works).
21
61
# (in a subshell to avoid Emscripten polluting the Node.js and npm version for the rest of the build)
22
62
- cmd : >-
@@ -39,7 +79,7 @@ install:
39
79
# setuptools will make distutils available again (but we should migrate our packages probably).
40
80
- cmd : >-
41
81
pip install setuptools
42
-
82
+
43
83
cd newIDE\app
44
84
45
85
npm -v && npm install
@@ -50,21 +90,54 @@ install:
50
90
51
91
cd ..\..
52
92
53
- # Package the app for Windows (and sign it with the certificate set in environment variables ).
93
+ # Package the app for Windows (and sign it).
54
94
# Don't sign the appx (it will be signed by the Microsoft Store).
55
95
build_script :
56
96
- ps : >-
57
97
cd newIDE\electron-app
58
98
99
+ # Prepare certificate. See https://www.ssl.com/how-to/automate-ev-code-signing-with-signtool-or-certutil-esigner/?_gl=1*vuybcy*_gcl_au*MTEwODg1NDM2Mi4xNzA1ODU1NjM4#automated-code-signing
100
+
101
+ C:\projects\gdevelop\eSignerCKA/eSignerCKATool.exe config -mode product -user "$Env:ESIGNER_USER_NAME" -pass "$Env:ESIGNER_USER_PASSWORD" -totp "$Env:ESIGNER_USER_TOTP" -key "C:\projects\gdevelop\eSignerCKA\master.key" -r
102
+
103
+ C:\projects\gdevelop\eSignerCKA/eSignerCKATool.exe unload
104
+
105
+ C:\projects\gdevelop\eSignerCKA/eSignerCKATool.exe load
106
+
107
+ # Find certificate so we can tell electron-builder which one to use.
108
+
109
+ $CodeSigningCert = Get-ChildItem Cert:\CurrentUser\My -CodeSigningCert | Select-Object -First 1
110
+
111
+ echo Certificate: $CodeSigningCert
112
+
113
+ # Use a custom signtool path because of the signtool.exe bundled withy electron-builder not working for some reason.
114
+ # Can also be found in versioned folders like "C:/Program Files (x86)/Windows Kits/10/bin/10.0.22000.0/x86/signtool.exe".
115
+
116
+ $Env:SIGNTOOL_PATH = "C:\Program Files (x86)\Windows Kits\10\App Certification Kit\signtool.exe"
117
+
118
+ # Extract thumbprint and subject name of the certificate (will be passed to electron-builder).
119
+
120
+ $Env:GD_SIGNTOOL_THUMBPRINT = $CodeSigningCert.Thumbprint
121
+
122
+ $Env:GD_SIGNTOOL_SUBJECT_NAME = ($CodeSigningCert.Subject -replace ", ?", "`n" | ConvertFrom-StringData).CN
123
+
124
+ # Build the nsis installer (signed: electron-builder will use SignTool.exe with the certificate)
125
+
59
126
node scripts/build.js --win nsis --publish=never
60
127
61
- Remove-Item -Path Env:CSC_LINK ; Remove-Item -Path Env:CSC_KEY_PASSWORD ; node scripts/build.js --skip-app-build --win appx --publish=never
128
+ # Build the appx (not signed).
129
+
130
+ $Env:GD_SIGNTOOL_THUMBPRINT = ''
131
+
132
+ $Env:GD_SIGNTOOL_SUBJECT_NAME = ''
133
+
134
+ node scripts/build.js --skip-app-build --win appx --publish=never
62
135
63
136
cd ..\..
64
137
65
138
# Clean dist folder to keep only installers/binaries.
66
139
- cmd : >-
67
- DEL /F/Q/S newIDE\electron-app\dist\win-unpacked
140
+ rmdir /s /q newIDE\electron-app\dist\win-unpacked
68
141
69
142
# Run a few tests on Windows.
70
143
test_script :
0 commit comments