mirror of
https://github.com/zen-browser/desktop.git
synced 2025-07-07 17:15:30 +02:00
226 lines
8.4 KiB
PowerShell
226 lines
8.4 KiB
PowerShell
param(
|
|
[string][Parameter(Mandatory=$true)]$SignIdentity,
|
|
[string][Parameter(Mandatory=$true)]$GithubRunId
|
|
)
|
|
|
|
$ErrorActionPreference = "Stop"
|
|
|
|
echo "Preparing environment"
|
|
git pull --recurse
|
|
mkdir windsign-temp -ErrorAction SilentlyContinue
|
|
|
|
# Download in parallel
|
|
|
|
#show output too
|
|
#Start-Job -Name "DownloadGitObjectsRepo" -ScriptBlock {
|
|
# param($PWD)
|
|
# echo "Downloading git objects repo to $PWD\windsign-temp\windows-binaries"
|
|
# git clone https://github.com/zen-browser/windows-binaries.git $PWD\windsign-temp\windows-binaries
|
|
# echo "Downloaded git objects repo to"
|
|
#} -Verbose -ArgumentList $PWD -Debug
|
|
|
|
Start-Job -Name "DownloadGitl10n" -ScriptBlock {
|
|
param($PWD)
|
|
cd $PWD
|
|
$env:ZEN_L10N_CURR_DIR=[regex]::replace($PWD, "^([A-Z]):", { "/" + $args.value.Substring(0, 1).toLower() }) -replace "\\", "/"
|
|
C:\mozilla-build\start-shell.bat $PWD\scripts\download-language-packs.sh
|
|
echo "Fetched l10n and Firefox's one"
|
|
} -Verbose -ArgumentList $PWD -Debug
|
|
|
|
Start-Job -Name "SurferInit" -ScriptBlock {
|
|
param($PWD)
|
|
cd $PWD
|
|
npm run import -- --verbose
|
|
npm run surfer -- ci --brand release
|
|
} -Verbose -ArgumentList $PWD -Debug
|
|
|
|
echo "Downloading artifacts info"
|
|
$artifactsInfo=gh api repos/zen-browser/desktop/actions/runs/$GithubRunId/artifacts
|
|
$token = gh auth token
|
|
|
|
function New-TemporaryDirectory {
|
|
$tmp = [System.IO.Path]::GetTempPath() # Not $env:TEMP, see https://stackoverflow.com/a/946017
|
|
$name = (New-Guid).ToString("N")
|
|
New-Item -ItemType Directory -Path (Join-Path $tmp $name)
|
|
}
|
|
|
|
function DownloadFile($url, $targetFile) {
|
|
$uri = New-Object "System.Uri" "$url"
|
|
$request = [System.Net.HttpWebRequest]::Create($uri)
|
|
$request.UserAgent = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3"
|
|
$request.Headers.Add("Authorization", "Bearer $token")
|
|
$response = $request.GetResponse()
|
|
$totalLength = [System.Math]::Floor($response.get_ContentLength()/1024)
|
|
$responseStream = $response.GetResponseStream()
|
|
$targetStream = New-Object -TypeName System.IO.FileStream -ArgumentList $targetFile, Create
|
|
$buffer = new-object byte[] 10KB
|
|
$count = $responseStream.Read($buffer,0,$buffer.length)
|
|
$downloadedBytes = $count
|
|
|
|
while ($count -gt 0) {
|
|
$targetStream.Write($buffer, 0, $count)
|
|
$count = $responseStream.Read($buffer,0,$buffer.length)
|
|
$downloadedBytes = $downloadedBytes + $count
|
|
Write-Progress -activity "Downloading file '$($url.split('/') | Select -Last 1)'" -status "Downloaded ($([System.Math]::Floor($downloadedBytes/1024))K of $($totalLength)K): " -PercentComplete ((([System.Math]::Floor($downloadedBytes/1024)) / $totalLength) * 100)
|
|
}
|
|
|
|
Write-Progress -activity "Finished downloading file '$($url.split('/') | Select -Last 1)'"
|
|
|
|
$targetStream.Flush()
|
|
$targetStream.Close()
|
|
$targetStream.Dispose()
|
|
$responseStream.Dispose()
|
|
}
|
|
|
|
function DownloadArtifacts($name) {
|
|
echo "Downloading artifacts for $name"
|
|
$artifactUrl=$($artifactsInfo | jq -r --arg NAME "windows-x64-obj-$name" '.artifacts[] | select(.name == $NAME) | .archive_download_url')
|
|
echo "Artifact URL: $artifactUrl"
|
|
|
|
# download the artifact
|
|
$outputPath="$PWD\windsign-temp\windows-x64-obj-$name"
|
|
$tempDir = New-TemporaryDirectory
|
|
$tempFile = Join-Path $tempDir "artifact-$($name).zip"
|
|
|
|
echo "Downloading artifact to $tempFile"
|
|
DownloadFile $artifactUrl $tempFile
|
|
|
|
Start-Job -Name "UnzipArtifact$name" -ScriptBlock {
|
|
param($tempFile, $outputPath)
|
|
echo "Unzipping artifact to $outputPath"
|
|
Expand-Archive -Path $tempFile -DestinationPath $outputPath -Force
|
|
echo "Unzipped artifact to $outputPath"
|
|
} -ArgumentList $tempFile, $outputPath -Verbose -Debug
|
|
}
|
|
|
|
DownloadArtifacts arm64
|
|
DownloadArtifacts x86_64
|
|
|
|
# Wait for the jobs to finish
|
|
Wait-Job -Name "UnzipArtifactarm64"
|
|
Wait-Job -Name "UnzipArtifactx86_64"
|
|
|
|
mkdir engine\obj-x86_64-pc-windows-msvc\ -ErrorAction SilentlyContinue
|
|
|
|
# Collect all .exe and .dll files into a list
|
|
$files = Get-ChildItem windsign-temp\windows-x64-obj-x86_64\ -Recurse -Include *.exe
|
|
$files += Get-ChildItem windsign-temp\windows-x64-obj-x86_64\ -Recurse -Include *.dll
|
|
|
|
$files += Get-ChildItem windsign-temp\windows-x64-obj-arm64\ -Recurse -Include *.exe
|
|
$files += Get-ChildItem windsign-temp\windows-x64-obj-arm64\ -Recurse -Include *.dll
|
|
|
|
signtool.exe sign /n "$SignIdentity" /t http://time.certum.pl/ /fd sha256 /v $files
|
|
|
|
$env:ZEN_RELEASE="true"
|
|
$env:SURFER_SIGNING_MODE="true"
|
|
Wait-Job -Name "SurferInit"
|
|
Wait-Job -Name "DownloadGitl10n"
|
|
|
|
function SignAndPackage($name) {
|
|
echo "Executing on $name"
|
|
rmdir .\dist -Recurse -ErrorAction SilentlyContinue
|
|
rmdir engine\obj-$name-pc-windows-msvc\ -Recurse -ErrorAction SilentlyContinue
|
|
$objName=$name
|
|
# instead of arm, use aarch64
|
|
if ($name -eq "arm64") {
|
|
$objName="aarch64"
|
|
}
|
|
|
|
echo "Removing old obj dir"
|
|
rmdir engine\obj-$objName-pc-windows-msvc\ -Recurse -ErrorAction SilentlyContinue
|
|
|
|
echo "Creating new obj dir"
|
|
cp windsign-temp\windows-x64-obj-$name engine\obj-$objName-pc-windows-msvc\ -Recurse
|
|
|
|
echo "Copying setup.exe into obj dir"
|
|
$env:ZEN_SETUP_EXE_PATH="$PWD\windsign-temp\windows-x64-obj-$name\browser\installer\windows\instgen\setup.exe"
|
|
|
|
if ($name -eq "arm64") {
|
|
$env:WIN32_REDIST_DIR="$PWD\win-cross\vs2022\VC\Redist\MSVC\14.38.33135\arm64\Microsoft.VC143.CRT"
|
|
} else {
|
|
$env:WIN32_REDIST_DIR="$PWD\win-cross\vs2022\VC\Redist\MSVC\14.38.33135\x64\Microsoft.VC143.CRT"
|
|
}
|
|
|
|
$env:MAR="..\\build\\winsign\\mar.exe"
|
|
if ($name -eq "arm64") {
|
|
$env:SURFER_COMPAT="aarch64"
|
|
} else {
|
|
$env:SURFER_COMPAT="x86_64"
|
|
}
|
|
echo "Compat Mode? $env:SURFER_COMPAT"
|
|
|
|
# Configure each time since we are cloning from a linux environment into
|
|
# a windows environment, and the build system is not smart enough to detect that
|
|
# we are on a different platform.
|
|
cd .\engine
|
|
echo "Configuring for $name"
|
|
.\mach configure
|
|
cd ..
|
|
|
|
echo "Packaging $name"
|
|
npm run package -- --verbose
|
|
|
|
# In the release script, we do the following:
|
|
# tar -xvf .github/workflows/object/windows-x64-signed-x86_64.tar.gz -C windows-x64-signed-x86_64
|
|
# We need to create a tar with the same structure and no top-level directory
|
|
# Inside, we need:
|
|
# - update_manifest/*
|
|
# - windows.mar
|
|
# - zen.installer.exe
|
|
echo "Creating tar for $name"
|
|
rm .\windsign-temp\windows-x64-signed-$name -Recurse -ErrorAction SilentlyContinue
|
|
mkdir windsign-temp\windows-x64-signed-$name
|
|
|
|
# Move the MAR, add the `-arm64` suffix if needed
|
|
echo "Moving MAR for $name"
|
|
if ($name -eq "arm64") {
|
|
mv .\dist\output.mar windsign-temp\windows-x64-signed-$name\windows-$name.mar
|
|
} else {
|
|
mv .\dist\output.mar windsign-temp\windows-x64-signed-$name\windows.mar
|
|
}
|
|
|
|
# Move the installer
|
|
echo "Moving installer for $name"
|
|
if ($name -eq "arm64") {
|
|
mv .\dist\zen.installer.exe windsign-temp\windows-x64-signed-$name\zen.installer-$name.exe
|
|
} else {
|
|
mv .\dist\zen.installer.exe windsign-temp\windows-x64-signed-$name\zen.installer.exe
|
|
}
|
|
|
|
# Move the manifest
|
|
mv .\dist\update\. windsign-temp\windows-x64-signed-$name\update_manifest
|
|
|
|
# note: We need to sign it into a parent folder, called windows-x64-signed-$name
|
|
rmdir .\windsign-temp\windows-binaries\windows-x64-signed-$name -Recurse -ErrorAction SilentlyContinue
|
|
mv windsign-temp\windows-x64-signed-$name .\windsign-temp\windows-binaries -Force
|
|
rmdir engine\obj-$objName-pc-windows-msvc\ -Recurse -ErrorAction SilentlyContinue
|
|
|
|
echo "Finished $name"
|
|
}
|
|
|
|
SignAndPackage arm64
|
|
SignAndPackage x86_64
|
|
|
|
$files = Get-ChildItem .\windsign-temp\windows-binaries -Recurse -Include *.exe
|
|
signtool.exe sign /n "$SignIdentity" /t http://time.certum.pl/ /fd sha256 /v $files
|
|
|
|
echo "All artifacts signed and packaged, ready for release!"
|
|
echo "Commiting the changes to the repository"
|
|
cd windsign-temp\windows-binaries
|
|
git add .
|
|
git commit -m "Sign and package windows artifacts"
|
|
git push
|
|
cd ..\..
|
|
|
|
# Cleaning up
|
|
|
|
echo "All done!"
|
|
echo "All the artifacts (x86_64 and arm46) are signed and packaged, get a rest now!"
|
|
Read-Host "Press Enter to continue"
|
|
|
|
echo "Cleaning up"
|
|
rmdir windsign-temp\windows-x64-obj-x86_64 -Recurse -ErrorAction SilentlyContinue
|
|
rmdir windsign-temp\windows-x64-obj-arm64 -Recurse -ErrorAction SilentlyContinue
|
|
|
|
echo "Opening visual studio code"
|
|
code .
|