diff --git a/.github/workflows/release_win.yml b/.github/workflows/release_win.yml index fe0f747ff..1c3f83cf6 100644 --- a/.github/workflows/release_win.yml +++ b/.github/workflows/release_win.yml @@ -94,6 +94,35 @@ jobs: run: yarn install:frontend + - name: Setup Certificate + run: | + echo "${{secrets.SM_CLIENT_CERT_FILE_B64 }}" | base64 --decode > /d/Certificate_pkcs12.p12 + shell: bash + + - name: Set variables + id: variables + run: | + echo "::set-output name=version::${GITHUB_REF#refs/tags/v}" + echo "SM_HOST=${{ secrets.SM_HOST }}" >> "$GITHUB_ENV" + echo "SM_API_KEY=${{ secrets.SM_API_KEY }}" >> "$GITHUB_ENV" + echo "SM_KEY_PAIR_ALIAS=${{ secrets.SM_KEY_PAIR_ALIAS }}" >> "$GITHUB_ENV" + echo "SM_CLIENT_CERT_FILE=D:\\Certificate_pkcs12.p12" >> "$GITHUB_ENV" + echo "SM_CLIENT_CERT_PASSWORD=${{ secrets.SM_CLIENT_CERT_PASSWORD }}" >> "$GITHUB_ENV" + echo "C:\Program Files (x86)\Windows Kits\10\App Certification Kit" >> $GITHUB_PATH + echo "C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools" >> $GITHUB_PATH + echo "C:\Program Files\DigiCert\DigiCert One Signing Manager Tools" >> $GITHUB_PATH + shell: bash + + - name: Setup SSM KSP on windows latest + run: | + curl -X GET https://one.digicert.com/signingmanager/api-ui/v1/releases/smtools-windows-x64.msi/download -H "x-api-key:%SM_API_KEY%" -o smtools-windows-x64.msi + msiexec /i smtools-windows-x64.msi /quiet /qn + smksp_registrar.exe list + smctl.exe keypair ls + C:\Windows\System32\certutil.exe -csp "DigiCert Signing Manager KSP" -key -user + smksp_cert_sync.exe + + shell: cmd - name: set env vars to prod.env env: NODE_ENV: ${{ matrix.env }} diff --git a/build-win.js b/build-win.js index b6f3321a4..7e9ba22eb 100644 --- a/build-win.js +++ b/build-win.js @@ -33,6 +33,7 @@ const main = async () => { win: { publish: publishOptions, icon: 'electron/assets/icons/splash-robot-head-dock.png', + signtoolOptions: { sign: "./customSign.js", }, }, extraResources: [ { diff --git a/customSign.js b/customSign.js new file mode 100644 index 000000000..008ca7900 --- /dev/null +++ b/customSign.js @@ -0,0 +1,13 @@ +exports.default = async function (configuration) { + const SM_KEY_PAIR_ALIAS = process.env.SM_KEY_PAIR_ALIAS; + if (configuration.path) { + if (SM_KEY_PAIR_ALIAS) { + console.log(`Sign ${configuration.path}`); + require("child_process").execSync( + `"C:\\Program Files\\DigiCert\\DigiCert One Signing Manager Tools\\smctl.exe" sign --keypair-alias=${SM_KEY_PAIR_ALIAS} --input "${String(configuration.path)}"` + ); + } else { + console.log(`SKIP SIGN ${configuration.path}. no env var SM_KEY_PAIR_ALIAS specified`); + } + } +}; \ No newline at end of file diff --git a/package.json b/package.json index ad9208f81..054dd9826 100644 --- a/package.json +++ b/package.json @@ -63,5 +63,5 @@ "download-binaries": "sh download_binaries.sh", "build:pearl": "sh build_pearl.sh" }, - "version": "0.1.0-rc205" + "version": "0.1.0-rc213" } \ No newline at end of file diff --git a/pyproject.toml b/pyproject.toml index a4da8a7f4..0f3e2e3fe 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -1,6 +1,6 @@ [tool.poetry] name = "olas-operate-middleware" -version = "0.1.0-rc205" +version = "0.1.0-rc213" description = "" authors = ["David Vilela ", "Viraj Patel "] readme = "README.md"