diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index d1491852a..503b4604a 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -75,16 +75,16 @@ env: artifacts: - path: '*Windows_64bit.exe' name: Windows_X86-64_interactive_installer - - path: '*Windows_64bit_signed.exe' - name: Windows_X86-64_interactive_installer_signed + - path: '*Windows_64bit_unsigned.exe' + name: Windows_X86-64_interactive_installer_unsigned - path: '*Windows_64bit.msi' name: Windows_X86-64_MSI - - path: '*Windows_64bit_signed.msi' - name: Windows_X86-64_MSI_signed + - path: '*Windows_64bit_unsigned.msi' + name: Windows_X86-64_MSI_unsigned - path: '*Windows_64bit.zip' name: Windows_X86-64_zip - - path: '*Windows_64bit_signed.zip' - name: Windows_X86-64_zip_signed + - path: '*Windows_64bit_unsigned.zip' + name: Windows_X86-64_zip_unsigned - config: name: Linux runs-on: ubuntu-latest @@ -446,22 +446,24 @@ jobs: FILENAME=$(basename "$ARTIFACT") BASE_NAME="${FILENAME%.*}" EXTENSION="${FILENAME##*.}" + # Remove '_unsigned' from the base name if it exists + SIGNED_BASE_NAME="${BASE_NAME/_unsigned/}" # Sign and rename EXE and MSI files if [[ "$EXTENSION" == "exe" || "$EXTENSION" == "msi" ]]; then echo "Signing $ARTIFACT" "${{ env.SIGNTOOL_PATH }}" sign -d "Arduino IDE" -f ${{ env.INSTALLER_CERT_WINDOWS_CER }} -csp "eToken Base Cryptographic Provider" -k "[{{${{ env.CERT_PASSWORD }}}}]=${{ env.CONTAINER_NAME }}" -fd sha256 -tr http://timestamp.digicert.com -td SHA256 -v "$ARTIFACT" - SIGNED_ARTIFACT_PATH="${{ env.BUILD_ARTIFACTS_PATH }}/${BASE_NAME}_signed.${EXTENSION}" + SIGNED_ARTIFACT_PATH="${{ env.BUILD_ARTIFACTS_PATH }}/${SIGNED_BASE_NAME}.${EXTENSION}" mv "$ARTIFACT" "$SIGNED_ARTIFACT_PATH" echo "Renamed $ARTIFACT to $SIGNED_ARTIFACT_PATH" fi - # Unzip, Sign, and Rezip ZIP file with new name + # Unzip, Sign, and Rezip ZIP file without '_unsigned' in the name if [[ "$EXTENSION" == "zip" ]]; then TEMP_DIR=$(mktemp -d) unzip "$ARTIFACT" -d "$TEMP_DIR" find "$TEMP_DIR" -type f -name '*.exe' -exec "${{ env.SIGNTOOL_PATH }}" sign -d "Arduino IDE" -f ${{ env.INSTALLER_CERT_WINDOWS_CER }} -csp "eToken Base Cryptographic Provider" -k "[{{${{ env.CERT_PASSWORD }}}}]=${{ env.CONTAINER_NAME }}" -fd sha256 -tr http://timestamp.digicert.com -td SHA256 -v {} \; - SIGNED_ARTIFACT_PATH="${{ env.BUILD_ARTIFACTS_PATH }}/${BASE_NAME}_signed.zip" + SIGNED_ARTIFACT_PATH="${{ env.BUILD_ARTIFACTS_PATH }}/${SIGNED_BASE_NAME}.${EXTENSION}" pushd "$TEMP_DIR" zip -r "$SIGNED_ARTIFACT_PATH" . popd @@ -473,21 +475,21 @@ jobs: - name: Upload signed EXE uses: actions/upload-artifact@v3 with: - name: Windows_X86-64_interactive_installer_signed - path: ${{ env.BUILD_ARTIFACTS_PATH }}/*_signed.exe + name: Windows_X86-64_interactive_installer + path: ${{ env.BUILD_ARTIFACTS_PATH }}/*Windows_64bit.exe - name: Upload signed MSI uses: actions/upload-artifact@v3 with: - name: Windows_X86-64_MSI_signed - path: ${{ env.BUILD_ARTIFACTS_PATH }}/*_signed.msi + name: Windows_X86-64_MSI + path: ${{ env.BUILD_ARTIFACTS_PATH }}/*Windows_64bit.msi - name: Upload signed ZIP uses: actions/upload-artifact@v3 with: - name: Windows_X86-64_interactive_installer_signed - path: ${{ env.BUILD_ARTIFACTS_PATH }}/*_signed.zip + name: Windows_X86-64_zip + path: ${{ env.BUILD_ARTIFACTS_PATH }}/*Windows_64bit.zip # This step is needed because the self hosted runner does not delete files automatically - name: Clean up artifacts diff --git a/electron-app/scripts/package.js b/electron-app/scripts/package.js index 87a597094..83fb0b4d1 100644 --- a/electron-app/scripts/package.js +++ b/electron-app/scripts/package.js @@ -100,7 +100,7 @@ async function getArtifactName(version) { switch (platform) { case 'win32': { if (arch === 'x64') { - return `${name}_${version}_Windows_64bit.\$\{ext}`; + return `${name}_${version}_Windows_64bit_unsigned.\$\{ext}`; } throw new Error(`Unsupported platform, arch: ${platform}, ${arch}`); }