Auto merge of #28473 - jdm:codesign-build, r=jdm

Enable codesigning for non-nightly UWP builds
This commit is contained in:
bors-servo 2021-07-02 18:23:22 -04:00 committed by GitHub
commit 42d7892d88
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 16 additions and 16 deletions

View file

@ -57,8 +57,8 @@ jobs:
- name: Package
working-directory: "C:\\a\\${{ github.event.repository.name }}\\${{ github.event.repository.name }}"
run: python mach package --release --target=x86_64-uwp-windows-msvc --uwp=x64
#env:
# CODESIGN_CERT: {'${{ secrets.WINDOWS_CODESIGN_CERT }}'}
env:
CODESIGN_CERT: ${{ secrets.WINDOWS_CODESIGN_CERT }}
- name: Tidy
run: python mach test-tidy --force-cpp --no-wpt
@ -72,18 +72,18 @@ jobs:
- name: Copy to C drive
run: cp D:\a C:\ -Recurse
- name: Bootstrap
working-directory: "C:\\a\\servo\\servo"
working-directory: "C:\\a\\${{ github.event.repository.name }}\\${{ github.event.repository.name }}"
run: |
python -m pip install --upgrade pip virtualenv
python mach fetch
- name: Release build
working-directory: "C:\\a\\servo\\servo"
working-directory: "C:\\a\\${{ github.event.repository.name }}\\${{ github.event.repository.name }}"
run: python mach build --release --target=aarch64-uwp-windows-msvc
- name: Package
working-directory: "C:\\a\\servo\\servo"
working-directory: "C:\\a\\${{ github.event.repository.name }}\\${{ github.event.repository.name }}"
run: python mach package --release --target=aarch64-uwp-windows-msvc --uwp=arm64
#env:
# CODESIGN_CERT: {'${{ secrets.WINDOWS_CODESIGN_CERT }}'}
env:
CODESIGN_CERT: ${{ secrets.WINDOWS_CODESIGN_CERT }}
build-mac:
name: Build (macOS)

View file

@ -57,8 +57,8 @@ jobs:
- name: Package
working-directory: "C:\\a\\${ REPOSITORY_NAME }\\${ REPOSITORY_NAME }"
run: python mach package --release --target=x86_64-uwp-windows-msvc --uwp=x64
#env:
# CODESIGN_CERT: ${{ CODESIGN_CERT }}
env:
CODESIGN_CERT: ${ CODESIGN_CERT }
- name: Tidy
run: python mach test-tidy --force-cpp --no-wpt
@ -72,18 +72,18 @@ jobs:
- name: Copy to C drive
run: cp D:\a C:\ -Recurse
- name: Bootstrap
working-directory: "C:\\a\\servo\\servo"
working-directory: "C:\\a\\${ REPOSITORY_NAME }\\${ REPOSITORY_NAME }"
run: |
python -m pip install --upgrade pip virtualenv
python mach fetch
- name: Release build
working-directory: "C:\\a\\servo\\servo"
working-directory: "C:\\a\\${ REPOSITORY_NAME }\\${ REPOSITORY_NAME }"
run: python mach build --release --target=aarch64-uwp-windows-msvc
- name: Package
working-directory: "C:\\a\\servo\\servo"
working-directory: "C:\\a\\${ REPOSITORY_NAME }\\${ REPOSITORY_NAME }"
run: python mach package --release --target=aarch64-uwp-windows-msvc --uwp=arm64
#env:
# CODESIGN_CERT: ${{ CODESIGN_CERT }}
env:
CODESIGN_CERT: ${ CODESIGN_CERT }
build-mac:
name: Build (macOS)

View file

@ -794,12 +794,12 @@ def setup_uwp_signing(ms_app_store, publisher):
pfx = None
if is_tc:
print("Packaging on TC. Using secret certificate")
pfx = get_taskcluster_secret("windows-codesign-cert/latest")["pfx"]
pfx = get_taskcluster_secret("windows-codesign-cert/latest")["pfx"]["base64"]
elif 'CODESIGN_CERT' in os.environ:
pfx = os.environ['CODESIGN_CERT']
if pfx:
open("servo.pfx", "wb").write(base64.b64decode(pfx["base64"]))
open("servo.pfx", "wb").write(base64.b64decode(pfx))
run_powershell_cmd('Import-PfxCertificate -FilePath .\\servo.pfx -CertStoreLocation Cert:\\CurrentUser\\My')
os.remove("servo.pfx")