@interopio/iocd-cli 0.0.31 → 0.0.32

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/dist/templates/ioconnect-desktop/.github/actions/setup-smctl/action.yml +122 -0
  2. package/dist/templates/ioconnect-desktop/.github/workflows/build.yml +87 -19
  3. package/package.json +1 -1
package/dist/templates/ioconnect-desktop/.github/actions/setup-smctl/action.yml ADDED
@@ -0,0 +1,122 @@
1
+ name: 'Setup DigiCert SMCTL'
2
+ description: 'Install and configure DigiCert SMCTL for code signing'
3
+
4
+ inputs:
5
+ api-key:
6
+ description: 'DigiCert API Key'
7
+ required: true
8
+ client-cert-b64:
9
+ description: 'Base64 encoded client certificate'
10
+ required: true
11
+ client-cert-password:
12
+ description: 'Client certificate password'
13
+ required: true
14
+ keypair-name:
15
+ description: 'Keypair alias name'
16
+ required: true
17
+ host:
18
+ description: 'DigiCert host URL'
19
+ required: false
20
+ default: 'https://clientauth.one.digicert.com'
21
+
22
+ outputs:
23
+ cert-file-path:
24
+ description: 'Path to the client certificate file'
25
+ value: ${{ steps.write-file.outputs.filePath }}
26
+
27
+ runs:
28
+ using: "composite"
29
+ steps:
30
+ - name: Save p12 for authentication
31
+ id: write-file
32
+ uses: timheuer/base64-to-file@v1
33
+ with:
34
+ fileName: Certificate_pkcs12.p12
35
+ encodedString: ${{ inputs.client-cert-b64 }}
36
+
37
+ - name: Export certificate path as environment variable
38
+ shell: cmd
39
+ run: echo SM_CLIENT_CERT_FILE=${{ steps.write-file.outputs.filePath }} >> $GITHUB_ENV
40
+
41
+ - name: Install SMCTL
42
+ shell: cmd
43
+ run: |
44
+ echo Installing SMCTL...
45
+ curl -X GET https://one.digicert.com/signingmanager/api-ui/v1/releases/Keylockertools-windows-x64.msi/download -H "x-api-key:${{ inputs.api-key }}" -o Keylockertools-windows-x64.msi
46
+ msiexec /i Keylockertools-windows-x64.msi /quiet /qn /norestart
47
+ if %errorlevel% neq 0 (
48
+ echo ERROR: MSI installation failed with exit code %errorlevel%
49
+ exit /b %errorlevel%
50
+ )
51
+ echo MSI installed successfully.
52
+ echo.
53
+ echo Checking installation directory...
54
+ dir "C:\Program Files\DigiCert\" /b 2>nul || echo DigiCert directory not found in Program Files
55
+
56
+ - name: Update environment variables and configure SMCTL
57
+ shell: cmd
58
+ env:
59
+ SM_API_KEY: ${{ inputs.api-key }}
60
+ SM_CLIENT_CERT_PASSWORD: ${{ inputs.client-cert-password }}
61
+ SM_CLIENT_CERT_FILE: ${{ steps.write-file.outputs.filePath }}
62
+ SM_CODE_SIGNING_CERT_SHA1_HASH: ${{ inputs.cert-sha1-hash }}
63
+ SM_HOST: ${{ inputs.host }}
64
+ SMCTL_PATH: C:\Program Files\DigiCert\DigiCert Keylocker Tools
65
+ run: |
66
+ echo Checking SMCTL installation...
67
+ dir "C:\Program Files\DigiCert\" /s /b | findstr /i "smctl"
68
+
69
+ echo.
70
+ echo Adding SMCTL to PATH for this session...
71
+ set "PATH=%SMCTL_PATH%;%PATH%"
72
+
73
+ echo Current PATH: %PATH%
74
+ echo.
75
+
76
+ echo Testing smctl availability...
77
+ where smctl
78
+
79
+ echo.
80
+ echo Saving SMCTL path to GITHUB_PATH for future steps...
81
+ echo C:\Program Files\DigiCert\DigiCert Keylocker Tools>> %GITHUB_PATH%
82
+ echo C:\Program Files (x86)\Windows Kits\10\bin\10.0.22621.0\x86>> %GITHUB_PATH%
83
+
84
+ echo.
85
+ echo Healthcheck
86
+ smctl healthcheck
87
+
88
+ echo.
89
+ echo Saving credentials...
90
+ smctl credentials save %SM_API_KEY% %SM_CLIENT_CERT_PASSWORD%
91
+
92
+ echo Synchronizing certificate for keypair: ${{ inputs.keypair-name }}
93
+ smctl windows certsync --keypair-alias=${{ inputs.keypair-name }}
94
+
95
+ - name: Verify SMCTL setup
96
+ shell: cmd
97
+ env:
98
+ SMCTL_PATH: C:\Program Files\DigiCert\DigiCert Keylocker Tools
99
+ run: |
100
+ set PATH=%SMCTL_PATH%;%PATH%
101
+
102
+ if defined RUNNER_DEBUG (
103
+ echo ::group:: List DigiCert KSP libraries
104
+ smctl windows ksp list
105
+ echo ::endgroup::
106
+
107
+ echo ::group::List KSP registered
108
+ smksp_registrar list
109
+ echo ::endgroup::
110
+
111
+ echo ::group::List keypairs in account
112
+ smctl keypair ls
113
+ echo ::endgroup::
114
+
115
+ echo ::group::List keys stored under user profile
116
+ certutil -csp "DigiCert Signing Manager KSP" -key -user
117
+ echo ::endgroup::
118
+
119
+ echo ::group::SMCTL Healthcheck
120
+ smctl healthcheck
121
+ echo ::endgroup::
122
+ )
package/dist/templates/ioconnect-desktop/.github/workflows/build.yml CHANGED
@@ -14,6 +14,14 @@ on:
14
14
  required: true
15
15
  type: boolean
16
16
  default: true
17
+ windows_sign:
18
+ description: 'Windows Code Signing Method'
19
+ required: true
20
+ type: choice
21
+ default: 'off'
22
+ options:
23
+ - 'off'
24
+ - 'signtool'
17
25
  release_notes:
18
26
  description: 'Release Notes'
19
27
  required: true
@@ -51,7 +59,12 @@ jobs:
51
59
  needs: get-version
52
60
  env:
53
61
  IOCD_LICENSE_KEY: ${{ secrets.IOCD_LICENSE_KEY }}
54
-
62
+ WIN_CODE_SIGN_TYPE: ${{ inputs.windows_sign }}
63
+ WIN_PFX_PATH: ${{ secrets.WIN_PFX_PATH }}
64
+ WIN_PFX_PASS: ${{ secrets.WIN_PFX_PASS }}
65
+ SM_API_KEY: ${{ secrets.SM_API_KEY }}
66
+ SM_CLIENT_CERT_PASSWORD: ${{ secrets.SM_CLIENT_CERT_PASSWORD }}
67
+ SM_HOST: ${{ secrets.SM_HOST }}
55
68
  steps:
56
69
  - name: Checkout code
57
70
  uses: actions/checkout@v4
@@ -59,25 +72,67 @@ jobs:
59
72
  - name: Setup Node.js
60
73
  uses: actions/setup-node@v4
61
74
  with:
62
- node-version: ${{ env.NODE_VERSION }}
63
- cache: 'npm'
75
+ node-version: ${{ env.NODE_VERSION }}
76
+ cache: 'npm'
64
77
 
65
78
  - name: Install dependencies
66
79
  run: npm install
67
80
 
68
81
  - name: Install latest @interopio/iocd-cli
69
- run: npm install @interopio/iocd-cli@latest
82
+ run: npm install @interopio/iocd-cli@latest
70
83
 
71
84
  - name: Setup project
72
85
  env:
73
- GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
86
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
74
87
  run: npm run setup
75
-
88
+
89
+ # This step setup digicert
90
+ - name: Setup SMCTL Code Signing
91
+ if: ${{ env.SM_API_KEY != '' }}
92
+ id: setup-smctl
93
+ uses: ./.github/actions/setup-smctl
94
+ with:
95
+ api-key: ${{ secrets.SM_API_KEY }}
96
+ client-cert-b64: ${{ secrets.SM_CLIENT_CERT_FILE }}
97
+ client-cert-password: ${{ secrets.SM_CLIENT_CERT_PASSWORD }}
98
+ keypair-name: ${{ secrets.SM_KEYPAIR_NAME }}
99
+ host: ${{ secrets.SM_HOST }}
100
+
101
+ - name: Set certificate file path
102
+ if: ${{ env.SM_API_KEY != '' }}
103
+ shell: cmd
104
+ run: echo SM_CLIENT_CERT_FILE=${{ steps.setup-smctl.outputs.cert-file-path }} >> %GITHUB_ENV%
105
+
106
+ - name: SMCTL Health Check
107
+ if: ${{ env.SM_API_KEY != '' }}
108
+ shell: cmd
109
+ run: smctl healthcheck
110
+
76
111
  - name: Build application
77
112
  env:
78
113
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
79
- run: npm run build-skip-install
80
-
114
+ WIN_CERT_SHA1: ${{ secrets.SM_CODE_SIGNING_CERT_SHA1_HASH }}
115
+ shell: pwsh
116
+ run: |
117
+ # Add SMCTL to PATH
118
+ $env:PATH = "C:\Program Files\DigiCert\DigiCert Keylocker Tools;$env:PATH"
119
+
120
+ # Find and add signtool to PATH dynamically
121
+ $sdkPath = "C:\Program Files (x86)\Windows Kits\10\bin"
122
+ if (Test-Path $sdkPath) {
123
+ $signtoolPath = Get-ChildItem -Path $sdkPath -Filter "signtool.exe" -Recurse -ErrorAction SilentlyContinue |
124
+ Where-Object { $_.FullName -match "\\x64\\signtool.exe$" } |
125
+ Select-Object -First 1 -ExpandProperty Directory
126
+ if ($signtoolPath) {
127
+ Write-Host "Found signtool at: $signtoolPath"
128
+ $env:PATH = "$signtoolPath;$env:PATH"
129
+ } else {
130
+ Write-Host "Warning: signtool.exe not found in Windows SDK"
131
+ }
132
+ }
133
+
134
+ npm run build-skip-install
135
+
81
136
  - name: Upload Windows artifacts
82
137
  uses: actions/upload-artifact@v4
83
138
  with:
@@ -85,7 +140,7 @@ jobs:
85
140
  path: dist/make/**/*
86
141
  if-no-files-found: error
87
142
 
88
- - name: Collect and upload Windows build logs
143
+ - name: Gather logs
89
144
  if: always()
90
145
  shell: bash
91
146
  run: |
@@ -161,13 +216,9 @@ jobs:
161
216
  - name: Build application
162
217
  env:
163
218
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
164
- # code-signing environment variables
165
- MAC_CODE_SIGN_TYPE: keychain # keychain will use the certificate installed by apple-actions/import-codesign-certs
166
- # notarization environment variables
167
- MAC_NOTARIZATION_TYPE: notarytool
168
- MAC_NOTARIZATION_APPLE_ID: ${{ secrets.APPLE_ID }}
169
- MAC_NOTARIZATION_APPLE_ID_PASSWORD: ${{ secrets.APPLE_PASSWORD }}
170
- MAC_NOTARIZATION_APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
219
+ APPLE_ID: ${{ secrets.APPLE_ID }}
220
+ APPLE_PASSWORD: ${{ secrets.APPLE_PASSWORD }}
221
+ APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
171
222
  run: npm run build-skip-install
172
223
 
173
224
  - name: Upload macOS artifacts
@@ -248,9 +299,25 @@ jobs:
248
299
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
249
300
  run: |
250
301
  VERSION="${{ needs.get-version.outputs.version }}"
251
- # Try to delete existing release and tag
252
- gh release delete "v$VERSION" --yes || echo "Release v$VERSION does not exist"
253
- git push --delete origin "v$VERSION" || echo "Tag v$VERSION does not exist"
302
+ echo "Checking for existing release v$VERSION..."
303
+
304
+ # Try to delete existing release first
305
+ if gh release view "v$VERSION" >/dev/null 2>&1; then
306
+ echo "Found existing release v$VERSION, deleting..."
307
+ gh release delete "v$VERSION" --yes
308
+ echo "Release v$VERSION deleted"
309
+ else
310
+ echo "No existing release v$VERSION found"
311
+ fi
312
+
313
+ # Try to delete existing tag
314
+ if git ls-remote --tags origin | grep -q "refs/tags/v$VERSION$"; then
315
+ echo "Found existing tag v$VERSION, deleting..."
316
+ git push --delete origin "v$VERSION"
317
+ echo "Tag v$VERSION deleted"
318
+ else
319
+ echo "No existing tag v$VERSION found"
320
+ fi
254
321
  continue-on-error: true
255
322
 
256
323
  - name: Create Release
@@ -280,6 +347,7 @@ jobs:
280
347
  echo "" >> $GITHUB_STEP_SUMMARY
281
348
  echo "## Build Results" >> $GITHUB_STEP_SUMMARY
282
349
  echo "- **Version**: v${{ needs.get-version.outputs.version }}" >> $GITHUB_STEP_SUMMARY
350
+ echo "- **Windows Signing**: ${{ inputs.windows_sign }}" >> $GITHUB_STEP_SUMMARY
283
351
 
284
352
  # Windows Build Status
285
353
  if [[ "${{ inputs.build_windows }}" == "true" ]]; then
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@interopio/iocd-cli",
3
- "version": "0.0.31",
3
+ "version": "0.0.32",
4
4
  "description": "CLI tool for setting up, building and packaging io.Connect Desktop platforms",
5
5
  "engines": {
6
6
  "node": ">=18.0.0",