From 00bba6a05f99edca8935d34f01e1b35badd4807e Mon Sep 17 00:00:00 2001
From: Jason Naylor <jason_naylor@sil.org>
Date: Thu, 6 Jun 2024 20:35:32 -0700
Subject: [PATCH] Sign engines, reattach engines, upload and sign bundles

---
 .github/workflows/ci-cd.yml | 110 ++++++++++++++++++++++++++++++++++--
 1 file changed, 104 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml
index c8795e06..cbdf8226 100644
--- a/.github/workflows/ci-cd.yml
+++ b/.github/workflows/ci-cd.yml
@@ -127,7 +127,7 @@ jobs:
     uses: sillsdev/codesign/.github/workflows/sign.yml@feature/enableDispatchCalls
     with:
       artifact: FlexBridge.msi
-      description: 'FLex Bridge Installer'
+      description: 'FLEx Bridge Installer'
     secrets:
       certificate: ${{ secrets.CODESIGN_LSDEVSECTIGOEV }}
 
@@ -189,10 +189,10 @@ jobs:
         if: github.event_name != 'pull_request'   
         
       - name: Upload Offline Bundle(detatched)
-        id: upload-offline-detached
+        id: upload-offline-bundle
         uses: actions/upload-artifact@v4
         with:
-          name: offline-detached
+          name: offline-bundle
           path: BuildDir/FlexBridge_Offline.exe
           if-no-files-found: error
           overwrite: true
@@ -209,11 +209,109 @@ jobs:
         if: github.event_name != 'pull_request'   
         
       - name: Upload Online Bundle(detached)
-        id: upload-online-detached
+        id: upload-online-bundle
         uses: actions/upload-artifact@v4
         with:
-          name: online-detached
+          name: online-bundle
           path: BuildDir/FlexBridge_Online.exe
           if-no-files-found: error
           overwrite: true
-        if: github.event_name != 'pull_request'
\ No newline at end of file
+        if: github.event_name != 'pull_request'
+        
+  sign-offline-engine:
+    name: Sign Offline Engine
+    needs: build-offline-bundle
+    if: github.event_name != 'pull_request'
+    uses: sillsdev/codesign/.github/workflows/sign.yml@feature/enableDispatchCalls
+    with:
+      artifact: offline-engine
+      description: 'FLEx Bridge Installer'
+    secrets:
+      certificate: ${{ secrets.CODESIGN_LSDEVSECTIGOEV }}
+
+  sign-online-engine:
+    name: Sign Online Engine
+    needs: build-offline-bundle
+    if: github.event_name != 'pull_request'
+    uses: sillsdev/codesign/.github/workflows/sign.yml@feature/enableDispatchCalls
+    with:
+      artifact: online-engine
+      description: 'FLEx Bridge Installer'
+    secrets:
+      certificate: ${{ secrets.CODESIGN_LSDEVSECTIGOEV }}
+
+  reattach-engines:
+    runs-on: windows-latest
+    needs: [sign-offline-engine, sign-online-engine]
+    steps:      
+      - name: Downgrade Wix Toolset - remove when runner has 3.14.2
+        run: |
+          choco uninstall wixtoolset
+          choco install wixtoolset --version 3.11.2 --allow-downgrade --force
+          echo "C:\Program Files (x86)\WiX Toolset v3.11\bin" | Out-File -FilePath $env:GITHUB_PATH -Encoding utf8 -Append
+          
+      - name: Download signed online engine
+        uses: actions/download-artifact@v4
+        with:
+          name: online-engine
+      - name: Download signed offline engine
+        uses: actions/download-artifact@v4
+        with:
+          name: offline-engine
+      - name: Download Online Bundle
+        uses: actions/download-artifact@v4
+        with:
+          name: online-bundle
+      - name: Download Offline Bundle
+        uses: actions/download-artifact@v4
+        with:
+          name: offline-bundle
+          
+      - name: Reattach Engines
+        shell: cmd
+        run: |
+          insignia -ab engine.exe FlexBridge_Online.exe -o online-engine.exe
+          insignia -ab engine.exe FlexBridge_Offline.exe -o offline-engine.exe
+
+      - name: Upload Online Bundle(attached)
+        id: upload-online-bundle
+        uses: actions/upload-artifact@v4
+        with:
+          name: online-bundle
+          path: FlexBridge_Online.exe
+          if-no-files-found: error
+          overwrite: true
+        if: github.event_name != 'pull_request'
+
+      - name: Upload Offline Bundle(attached)
+        id: upload-offline-bundle
+        uses: actions/upload-artifact@v4
+        with:
+          name: offline-bundle
+          path: FlexBridge_Offline.exe
+          if-no-files-found: error
+          overwrite: true
+        if: github.event_name != 'pull_request'
+        
+  sign-offline-bundle:
+    name: Sign Offline Bundle
+    needs: reattach-engines
+    if: github.event_name != 'pull_request'
+    uses: sillsdev/codesign/.github/workflows/sign.yml@feature/enableDispatchCalls
+    with:
+      artifact: offline-bundle
+      description: 'FLEx Bridge Installer'
+    secrets:
+      certificate: ${{ secrets.CODESIGN_LSDEVSECTIGOEV }}
+
+  sign-online-bundle:
+    name: Sign Online Bundle
+    needs: reattach-engines
+    if: github.event_name != 'pull_request'
+    uses: sillsdev/codesign/.github/workflows/sign.yml@feature/enableDispatchCalls
+    with:
+      artifact: online-bundle
+      description: 'FLEx Bridge Installer'
+    secrets:
+      certificate: ${{ secrets.CODESIGN_LSDEVSECTIGOEV }}
+