feat(ci/cd): Adding signature to msi

paologallinaharbur · Oct 2, 2020 · d8762d5 · d8762d5
1 parent 65cc754
commit d8762d5
Show file tree

Hide file tree

Showing 7 changed files with 19 additions and 14 deletions.
diff --git a/.github/workflows/create_release.yml b/.github/workflows/create_release.yml
@@ -27,6 +27,10 @@ on:
     branches:
       - master
 
+env:
+  PFX_CERTIFICATE_BASE64: ${{ secrets.PFX_CERTIFICATE_BASE64 }} # base64 encoded
+  PFX_PASSPHRASE:  ${{ secrets.PFX_PASSPHRASE }}
+
 ###
 ###   RELEASE CREATION # Creates a release if needed and loads variables for next jobs
 ###
@@ -160,9 +164,9 @@ jobs:
       - uses: actions/setup-go@v2
         with:
           go-version: '^1.13.1'
-      #- name: Get PFX certificate from GH secrets
-      #  shell: bash
-      #  run: printf "%s" "$PFX_CERTIFICATE_BASE64" | base64 -d - > mycert.pfx
+      - name: Get PFX certificate from GH secrets
+        shell: bash
+        run: printf "%s" "$PFX_CERTIFICATE_BASE64" | base64 -d - > mycert.pfx
       - name: Load Variables
         id: load_variables
         shell: bash
@@ -175,7 +179,7 @@ jobs:
       - name : CreateMSI
         shell: pwsh
         run: |
-          .\exporters\${{ steps.load_variables.outputs.NAME }}\win_build.ps1 -arch ${{ matrix.goarch }} -exporterHead ${{ steps.load_variables.outputs.EXPORTER_HEAD }} -exporterName ${{ steps.load_variables.outputs.NAME }} -exporterURL ${{ steps.load_variables.outputs.EXPORTER_REPO_URL }} -version ${{ steps.load_variables.outputs.VERSION }} -exporterGUID ${{ steps.load_variables.outputs.EXPORTER_GUID }} -licenseGUID ${{ steps.load_variables.outputs.LICENSE_GUID }} 
+          .\exporters\${{ steps.load_variables.outputs.NAME }}\win_build.ps1 -arch ${{ matrix.goarch }} -exporterHead ${{ steps.load_variables.outputs.EXPORTER_HEAD }} -exporterName ${{ steps.load_variables.outputs.NAME }} -exporterURL ${{ steps.load_variables.outputs.EXPORTER_REPO_URL }} -version ${{ steps.load_variables.outputs.VERSION }} -exporterGUID ${{ steps.load_variables.outputs.EXPORTER_GUID }} -licenseGUID ${{ steps.load_variables.outputs.LICENSE_GUID }}  -pfx_passphrase "$env:PFX_PASSPHRASE" 
         # -pfx_certificate_base64 "$env:PFX_CERTIFICATE_BASE64" -pfx_passphrase "$env:PFX_PASSPHRASE"
       - name: Upload Release Asset MSI
         uses: actions/upload-release-asset@v1

diff --git a/exporters/githubactions/win_build.ps1 b/exporters/githubactions/win_build.ps1
@@ -6,6 +6,7 @@ param (
     # Target architecture: amd64 (default) or 386
     [ValidateSet("amd64", "386")]
     [string]$arch="amd64",
+    [string]$pfx_passphrase="none",
     [string]$exporterName="",
     [string]$exporterURL="",
     [string]$exporterHead="",
@@ -67,4 +68,4 @@ Copy-Item "$env:GOPATH\src\$exporterRepo\LICENSE" -Destination ".\exporters\$exp
 }
 
 $win_msi_build = Join-Path -Path $projectRootPath -ChildPath "\scripts\win_msi_build.ps1"
-& $win_msi_build -arch $arch -exporterName $exporterName -version $version -exporterGUID $exporterGUID -licenseGUID $licenseGUID
+& $win_msi_build -arch $arch -exporterName $exporterName -version $version -exporterGUID $exporterGUID -licenseGUID $licenseGUID -pfx_passphrase $pfx_passphrase 
diff --git a/exporters/ravendb/exporter.yml b/exporters/ravendb/exporter.yml
@@ -1,5 +1,5 @@
 name: ravendb
-version: 0.3.0
+version: 0.3.1
 exporter_repo_url: https://github.com/marcinbudny/ravendb_exporter
 exporter_tag: 0.3.0
 exporter_commit: 

diff --git a/exporters/ravendb/win_build.ps1 b/exporters/ravendb/win_build.ps1
@@ -6,6 +6,7 @@ param (
     # Target architecture: amd64 (default) or 386
     [ValidateSet("amd64", "386")]
     [string]$arch="amd64",
+    [string]$pfx_passphrase="none",
     [string]$exporterName="",
     [string]$exporterURL="",
     [string]$exporterHead="",
@@ -67,4 +68,4 @@ Copy-Item "$env:GOPATH\src\$exporterRepo\LICENSE" -Destination ".\exporters\$exp
 }
 
 $win_msi_build = Join-Path -Path $projectRootPath -ChildPath "\scripts\win_msi_build.ps1"
-& $win_msi_build -arch $arch -exporterName $exporterName -version $version -exporterGUID $exporterGUID -licenseGUID $licenseGUID
+& $win_msi_build -arch $arch -exporterName $exporterName -version $version -exporterGUID $exporterGUID -licenseGUID $licenseGUID -pfx_passphrase $pfx_passphrase 
diff --git a/scripts/pkg/windows/nri-386-installer/nri-installer.wixproj b/scripts/pkg/windows/nri-386-installer/nri-installer.wixproj
@@ -33,7 +33,7 @@
     </ItemGroup>
     <Import Project="$(WixTargetsPath)"/>
     <Target Name="SignInstaller">
-        <!-- <Exec Command="&quot;$(SignToolPath)signtool.exe&quot; sign /d &quot;New Relic Infrastructure Agent, $(exporterName)&quot; /a &quot;$(OutputPath)$(OutputName).msi&quot;"/> -->
+        <Exec Command="&quot;$(SignToolPath)signtool.exe&quot; sign /d &quot;New Relic Infrastructure Agent, $(exporterName)&quot; /a &quot;$(OutputPath)$(OutputName).msi&quot;"/>
         <Copy SourceFiles="$(OutputPath)$(OutputName).msi" DestinationFiles="$(OutputPath)$(OutputName).x.y.z.msi"/>
         <!-- <Delete Files="$(OutputPath)$(OutputName).msi" /> -->
     </Target>

diff --git a/scripts/pkg/windows/nri-amd64-installer/nri-installer.wixproj b/scripts/pkg/windows/nri-amd64-installer/nri-installer.wixproj
@@ -33,7 +33,7 @@
     </ItemGroup>
     <Import Project="$(WixTargetsPath)"/>
     <Target Name="SignInstaller">
-        <!-- <Exec Command="&quot;$(SignToolPath)signtool.exe&quot; sign /d &quot;New Relic Infrastructure Agent, $(exporterName)&quot; /a &quot;$(OutputPath)$(OutputName).msi&quot;"/> -->
+        <Exec Command="&quot;$(SignToolPath)signtool.exe&quot; sign /d &quot;New Relic Infrastructure Agent, $(exporterName)&quot; /a &quot;$(OutputPath)$(OutputName).msi&quot;"/>
         <Copy SourceFiles="$(OutputPath)$(OutputName).msi" DestinationFiles="$(OutputPath)$(OutputName).x.y.z.msi"/>
         <!-- <Delete Files="$(OutputPath)$(OutputName).msi" /> -->
     </Target>

diff --git a/scripts/win_msi_build.ps1 b/scripts/win_msi_build.ps1
@@ -6,7 +6,6 @@ param (
     # Target architecture: amd64 (default) or 386
     [ValidateSet("amd64", "386")]
     [string]$arch="amd64",
-    [string]$pfx_certificate_base64="none",
     [string]$pfx_passphrase="none",
     [string]$exporterName="",
     [string]$exporterGUID="",
@@ -30,11 +29,11 @@ if ($wrong.Length  -ne 0) {
     exit -1
 }
 
-#echo "===> Import .pfx certificate from GH Secrets"
-#Import-PfxCertificate -FilePath mycert.pfx -Password (ConvertTo-SecureString -String $pfx_passphrase -AsPlainText -Force) -CertStoreLocation Cert:\CurrentUser\My
+echo "===> Import .pfx certificate from GH Secrets"
+Import-PfxCertificate -FilePath mycert.pfx -Password (ConvertTo-SecureString -String $pfx_passphrase -AsPlainText -Force) -CertStoreLocation Cert:\CurrentUser\My
 
-#echo "===> Show certificate installed"
-#Get-ChildItem -Path cert:\CurrentUser\My\
+echo "===> Show certificate installed"
+Get-ChildItem -Path cert:\CurrentUser\My\
 
 echo "===> Configuring version $version for artifacts in $exporterName"