X Tutup
Skip to content

Commit f30b7db

Browse files
author
nate smith
committed
Work around parallel race condition problems
1 parent 45adc4a commit f30b7db

File tree

3 files changed

+23
-16
lines changed

3 files changed

+23
-16
lines changed

.goreleaser.yml

Lines changed: 2 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -9,6 +9,7 @@ before:
99
hooks:
1010
- go mod tidy
1111
- make manpages GH_VERSION={{.Version}}
12+
- ./script/prepare-windows-cert.sh "{{.Env.GITHUB_CERT_PASSWORD}}" "{{.Env.DESKTOP_CERT_TOKEN}}"
1213

1314
builds:
1415
- <<: &build_defaults
@@ -34,10 +35,7 @@ builds:
3435
goarch: [386, amd64]
3536
hooks:
3637
post:
37-
- cmd: ./script/sign-windows-executable.sh {{ .Path }}
38-
env:
39-
- GITHUB_CERT_PASSWORD={{ .Env.GITHUB_CERT_PASSWORD }}
40-
- DESKTOP_CERT_TOKEN={{ .Env.DESKTOP_CERT_TOKEN }}
38+
- ./script/sign-windows-executable.sh {{ .Path }}
4139

4240
archives:
4341
- id: nix

script/prepare-windows-cert.sh

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,13 @@
1+
#!/bin/bash
2+
3+
GITHUB_CERT_PASSWORD=$1
4+
DESKTOP_CERT_TOKEN=$2
5+
6+
curl \
7+
-H "Authorization: token $DESKTOP_CERT_TOKEN" \
8+
-H "Accept: application/vnd.github.v3.raw" \
9+
--output windows-certificate.pfx \
10+
https://api.github.com/repos/desktop/desktop-secrets/contents/windows-certificate.pfx
11+
12+
openssl pkcs12 -in windows-certificate.pfx -nocerts -nodes -out private-key.pem -passin pass:${GITHUB_CERT_PASSWORD} || echo "no bueno 1"
13+
openssl pkcs12 -in windows-certificate.pfx -nokeys -nodes -out certificate.pem -passin pass:${GITHUB_CERT_PASSWORD} || echo "no bueno 2"

script/sign-windows-executable.sh

Lines changed: 8 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -3,24 +3,20 @@ set -e
33

44
EXECUTABLE_PATH=$1
55

6-
curl \
7-
-H "Authorization: token $DESKTOP_CERT_TOKEN" \
8-
-H "Accept: application/vnd.github.v3.raw" \
9-
--output windows-certificate.pfx \
10-
https://api.github.com/repos/desktop/desktop-secrets/contents/windows-certificate.pfx
6+
ARCH="386"
117

12-
openssl pkcs12 -in windows-certificate.pfx -nocerts -nodes -out private-key.pem -passin pass:${GITHUB_CERT_PASSWORD}
13-
openssl pkcs12 -in windows-certificate.pfx -nokeys -nodes -out certificate.pem -passin pass:${GITHUB_CERT_PASSWORD}
8+
if [[ $EXECUTABLE_PATH =~ "amd64" ]]; then
9+
ARCH="amd64"
10+
fi
11+
12+
OUT_PATH=gh_signed-${ARCH}.exe
1413

1514
osslsigncode sign \
1615
-certs certificate.pem \
1716
-key private-key.pem \
1817
-n "GitHub CLI" \
1918
-t http://timestamp.digicert.com \
2019
-in $EXECUTABLE_PATH \
21-
-out gh_signed.exe
22-
23-
# Oddly, there can be a delay before the file is *actually* available - wait for it
24-
while [ ! -f gh_signed.exe ]; do sleep 1; done;
20+
-out $OUT_PATH
2521

26-
mv gh_signed.exe $EXECUTABLE_PATH
22+
mv $OUT_PATH $EXECUTABLE_PATH

0 commit comments

Comments
 (0)
X Tutup