-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathaction.yaml
More file actions
135 lines (120 loc) · 3.57 KB
/
action.yaml
File metadata and controls
135 lines (120 loc) · 3.57 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
name: "Sign file"
description: "Sign a file using a remote signing server."
branding:
icon: lock
color: green
inputs:
uri:
description: "The URI of the signing server."
required: true
password:
description: "The password to the server."
required: true
path:
description: "The path to files or folders to sign. One on each line."
required: true
runs:
using: "composite"
steps:
- name: Inputs
shell: bash
run: |
echo "uri: ${{ inputs.uri }}"
echo "password: ${{ inputs.password }}"
echo "path: ${{ inputs.path }}"
- name: Check that all required inputs are given
shell: bash
run: |
set -e
if [[ -z "${{ inputs.uri }}" ]]; then
echo "Input uri is missing."
exit 1
fi
if [[ -z "${{ inputs.password }}" ]]; then
echo "Input password is missing."
exit 1
fi
if [[ -z "${{ inputs.path }}" ]]; then
echo "Input path is missing."
exit 1
fi
- name: Install Toit
uses: toitlang/action-setup@v1
with:
toit-version: 'v2.0.0-alpha.174'
- name: Install Toit packages
shell: bash
working-directory: ${{ github.action_path }}
run: |
toit pkg install
- name: Sign (Posix)
if: runner.os == 'Linux' || runner.os == 'macOS'
env:
INPUT_PATH: ${{ inputs.path }}
shell: bash
run: |
IFS=$'\n' read -r -a paths <<< "$INPUT_PATH"
function sign_file() {
local path="$1"
if [ -n "$path" ]; then # Check if path is not empty.
local output=$(mktemp)
toit run -- ${{ github.action_path }}/client/main.toit \
--uri="${{ inputs.uri }}" \
--password="${{ inputs.password }}" \
--output="$output" \
"$path"
mv "$output" "$path"
fi
}
for p in "${paths[@]}"; do
echo "Processing: $p"
if [ -d "$p" ]; then
find "$p" -name "*.exe" -print0 | while IFS= read -r -d $'\0' exe_path; do
sign_file "$exe_path"
done
else
sign_file "$p"
fi
done
- name: Sign (Windows)
if: runner.os == 'Windows'
env:
INPUT_PATH: ${{ inputs.path }}
shell: powershell
run: |
# Make the script fail on any error.
$ErrorActionPreference = "Stop"
$paths = $env:INPUT_PATH -split "`n"
function Sign-Command {
param(
[string]$Path
)
if (-not [string]::IsNullOrEmpty($Path)) {
$outputFile = New-TemporaryFile
$toitCommand = "toit"
$toitArgs = @(
"run", "--",
"${{ github.action_path }}/client/main.toit",
"--uri", "${{ inputs.uri }}",
"--password", "${{ inputs.password }}",
"--output", "$outputFile.FullName",
"$Path"
)
& $toitCommand @toitArgs
Move-Item -Path "$outputFile.FullName" -Destination "$Path" -Force
}
}
foreach ($p in $paths) {
# Skip if path is empty.
if ([string]::IsNullOrEmpty($p)) {
continue
}
Write-Host "Processing: $p"
if (Test-Path -PathType Container -Path $p) {
Get-ChildItem -Path $p -Filter "*.exe" -Recurse | ForEach-Object {
Sign-Command -Path $_.FullName
}
} else {
Sign-Command -Path $p
}
}