From 137236dc2a3f4909d1c93b17280f331afb39d65f Mon Sep 17 00:00:00 2001 From: Josh Matthews Date: Mon, 7 Jun 2021 08:53:16 -0400 Subject: [PATCH 1/2] Load codesigning secret without JSON. --- python/servo/package_commands.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/python/servo/package_commands.py b/python/servo/package_commands.py index 886b52b20f6..9564e793b8c 100644 --- a/python/servo/package_commands.py +++ b/python/servo/package_commands.py @@ -794,12 +794,12 @@ def setup_uwp_signing(ms_app_store, publisher): pfx = None if is_tc: print("Packaging on TC. Using secret certificate") - pfx = get_taskcluster_secret("windows-codesign-cert/latest")["pfx"] + pfx = get_taskcluster_secret("windows-codesign-cert/latest")["pfx"]["base64"] elif 'CODESIGN_CERT' in os.environ: pfx = os.environ['CODESIGN_CERT'] if pfx: - open("servo.pfx", "wb").write(base64.b64decode(pfx["base64"])) + open("servo.pfx", "wb").write(base64.b64decode(pfx)) run_powershell_cmd('Import-PfxCertificate -FilePath .\\servo.pfx -CertStoreLocation Cert:\\CurrentUser\\My') os.remove("servo.pfx") From 57bc79b0d54b84e8cd8aa6740eacacb958fe0515 Mon Sep 17 00:00:00 2001 From: Josh Matthews Date: Mon, 7 Jun 2021 09:02:04 -0400 Subject: [PATCH 2/2] Use codesigning in UWP builds. --- .github/workflows/main.yml | 14 +++++++------- etc/ci/workflow.mako | 14 +++++++------- 2 files changed, 14 insertions(+), 14 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 142374ecac5..ee3c3299bda 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -57,8 +57,8 @@ jobs: - name: Package working-directory: "C:\\a\\${{ github.event.repository.name }}\\${{ github.event.repository.name }}" run: python mach package --release --target=x86_64-uwp-windows-msvc --uwp=x64 - #env: - # CODESIGN_CERT: {'${{ secrets.WINDOWS_CODESIGN_CERT }}'} + env: + CODESIGN_CERT: ${{ secrets.WINDOWS_CODESIGN_CERT }} - name: Tidy run: python mach test-tidy --force-cpp --no-wpt @@ -72,18 +72,18 @@ jobs: - name: Copy to C drive run: cp D:\a C:\ -Recurse - name: Bootstrap - working-directory: "C:\\a\\servo\\servo" + working-directory: "C:\\a\\${{ github.event.repository.name }}\\${{ github.event.repository.name }}" run: | python -m pip install --upgrade pip virtualenv python mach fetch - name: Release build - working-directory: "C:\\a\\servo\\servo" + working-directory: "C:\\a\\${{ github.event.repository.name }}\\${{ github.event.repository.name }}" run: python mach build --release --target=aarch64-uwp-windows-msvc - name: Package - working-directory: "C:\\a\\servo\\servo" + working-directory: "C:\\a\\${{ github.event.repository.name }}\\${{ github.event.repository.name }}" run: python mach package --release --target=aarch64-uwp-windows-msvc --uwp=arm64 - #env: - # CODESIGN_CERT: {'${{ secrets.WINDOWS_CODESIGN_CERT }}'} + env: + CODESIGN_CERT: ${{ secrets.WINDOWS_CODESIGN_CERT }} build-mac: name: Build (macOS) diff --git a/etc/ci/workflow.mako b/etc/ci/workflow.mako index b0eda06be82..3800767de4f 100644 --- a/etc/ci/workflow.mako +++ b/etc/ci/workflow.mako @@ -57,8 +57,8 @@ jobs: - name: Package working-directory: "C:\\a\\${ REPOSITORY_NAME }\\${ REPOSITORY_NAME }" run: python mach package --release --target=x86_64-uwp-windows-msvc --uwp=x64 - #env: - # CODESIGN_CERT: ${{ CODESIGN_CERT }} + env: + CODESIGN_CERT: ${ CODESIGN_CERT } - name: Tidy run: python mach test-tidy --force-cpp --no-wpt @@ -72,18 +72,18 @@ jobs: - name: Copy to C drive run: cp D:\a C:\ -Recurse - name: Bootstrap - working-directory: "C:\\a\\servo\\servo" + working-directory: "C:\\a\\${ REPOSITORY_NAME }\\${ REPOSITORY_NAME }" run: | python -m pip install --upgrade pip virtualenv python mach fetch - name: Release build - working-directory: "C:\\a\\servo\\servo" + working-directory: "C:\\a\\${ REPOSITORY_NAME }\\${ REPOSITORY_NAME }" run: python mach build --release --target=aarch64-uwp-windows-msvc - name: Package - working-directory: "C:\\a\\servo\\servo" + working-directory: "C:\\a\\${ REPOSITORY_NAME }\\${ REPOSITORY_NAME }" run: python mach package --release --target=aarch64-uwp-windows-msvc --uwp=arm64 - #env: - # CODESIGN_CERT: ${{ CODESIGN_CERT }} + env: + CODESIGN_CERT: ${ CODESIGN_CERT } build-mac: name: Build (macOS)