mirror of
https://github.com/gwdevhub/gMod.git
synced 2026-07-15 15:09:30 +00:00
66663fa9f9
* Sign release binaries with Certum and bump to v2.0.0.0 Add Certum SimplySign cloud code signing to the CD pipeline so gMod.dll and TpfConvert.exe are signed before being published as release assets. The signing scripts are ported from gwlauncher (commit 5ae825a). Signing is gated on the CERTUM_OTP_URI secret, so forks/unconfigured repos still build, just unsigned. Requires repo secrets CERTUM_OTP_URI, CERTUM_USERID and CERTUM_CERT_SHA1. Bump the major version to 2.0.0.0. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> * 1.10 --------- Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
102 lines
2.9 KiB
YAML
102 lines
2.9 KiB
YAML
name: gMod CD Pipeline
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- master
|
|
workflow_dispatch:
|
|
|
|
jobs:
|
|
|
|
build:
|
|
|
|
strategy:
|
|
matrix:
|
|
targetplatform: [x86]
|
|
|
|
runs-on: windows-2025-vs2026
|
|
|
|
permissions:
|
|
contents: write
|
|
|
|
env:
|
|
Configuration: Release
|
|
Actions_Allow_Unsecure_Commands: true
|
|
CERTUM_OTP_URI: ${{ secrets.CERTUM_OTP_URI }}
|
|
CERTUM_USERID: ${{ secrets.CERTUM_USERID }}
|
|
CERTUM_CERT_SHA1: ${{ secrets.CERTUM_CERT_SHA1 }}
|
|
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v4
|
|
with:
|
|
fetch-depth: 0
|
|
|
|
- name: Setup MSBuild.exe
|
|
uses: microsoft/setup-msbuild@v1.3.1
|
|
|
|
- name: Install vcpkg
|
|
run: |
|
|
git clone https://github.com/microsoft/vcpkg.git
|
|
.\vcpkg\bootstrap-vcpkg.bat
|
|
|
|
- name: Set VCPKG_ROOT
|
|
run: |
|
|
echo "VCPKG_ROOT=$(Get-Location)\vcpkg" >> $env:GITHUB_ENV
|
|
shell: powershell
|
|
|
|
- name: Build CMake Files with vcpkg toolchain
|
|
run: cmake --preset=vcpkg
|
|
env:
|
|
VCPKG_ROOT: ${{ env.VCPKG_ROOT }}
|
|
|
|
- name: Build binaries
|
|
run: cmake --build build --config Release
|
|
|
|
# Signing only runs when the Certum secrets are present (i.e. on the real
|
|
# repo, not forks); without them the build still produces unsigned binaries.
|
|
- name: Set up Certum SimplySign
|
|
if: env.CERTUM_OTP_URI != ''
|
|
shell: bash
|
|
run: |
|
|
chmod +x ./.github/scripts/install-simplysign.sh
|
|
./.github/scripts/install-simplysign.sh
|
|
powershell -ExecutionPolicy Bypass -File "./.github/scripts/configure-simplysign.ps1"
|
|
|
|
- name: Authenticate Certum SimplySign
|
|
if: env.CERTUM_OTP_URI != ''
|
|
shell: bash
|
|
run: powershell -ExecutionPolicy Bypass -File "./.github/scripts/connect-simplysign.ps1"
|
|
|
|
- name: Sign release binaries
|
|
if: env.CERTUM_OTP_URI != ''
|
|
shell: pwsh
|
|
run: |
|
|
./.github/scripts/sign-certum.ps1 -Files @(".\bin\Release\gMod.dll", ".\bin\Release\TpfConvert.exe")
|
|
|
|
- name: Retrieve version
|
|
id: set_version
|
|
run: |
|
|
$fileVersionInfo = (Get-Item -Path .\bin\Release\gMod.dll).VersionInfo.FileVersion
|
|
if ([string]::IsNullOrEmpty($fileVersionInfo)) {
|
|
Write-Host "The DLL file version information could not be retrieved."
|
|
exit 1
|
|
} else {
|
|
Write-Host "FileVersionInfo: $fileVersionInfo"
|
|
echo "::set-output name=version::$fileVersionInfo"
|
|
}
|
|
shell: pwsh
|
|
|
|
- name: Publish release
|
|
uses: Xotl/cool-github-releases@v1.1.8
|
|
with:
|
|
mode: update
|
|
tag_name: v${{ steps.set_version.outputs.version }}
|
|
release_name: gMod v${{ steps.set_version.outputs.version }}
|
|
assets: .\bin\Release\gMod.dll;.\bin\Release\TpfConvert.exe;.\bin\Release\d3dx9_43.dll
|
|
github_token: ${{ env.GITHUB_TOKEN }}
|
|
replace_assets: true
|
|
body_mrkdwn: ${{ env.Changelog }}
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|