|
| 1 | +name: Build and Release .NET Desktop App |
| 2 | + |
| 3 | +on: |
| 4 | + push: |
| 5 | + branches: [ "ProyekTil" ] |
| 6 | + workflow_dispatch: |
| 7 | + |
| 8 | +jobs: |
| 9 | + build-and-release: |
| 10 | + runs-on: windows-latest |
| 11 | + |
| 12 | + env: |
| 13 | + DOTNET_VERSION: '9.0.x' |
| 14 | + PROJECT_PATH: 'ZeroMix.csproj' |
| 15 | + # The output path for the dotnet publish command |
| 16 | + PUBLISH_DIR: './publish' |
| 17 | + # The path to the Inno Setup script |
| 18 | + INNO_SETUP_SCRIPT: 'Exe/Setup.iss' |
| 19 | + # The path where the unsigned installer will be created by Inno Setup |
| 20 | + INSTALLER_OUTPUT_DIR: 'Exe' |
| 21 | + # The base name of the installer file |
| 22 | + INSTALLER_NAME: 'ZeroMix-Setup' |
| 23 | + |
| 24 | + |
| 25 | + steps: |
| 26 | + - name: 1. Checkout repository |
| 27 | + uses: actions/checkout@v4 |
| 28 | + |
| 29 | + - name: 2. Setup .NET SDK |
| 30 | + uses: actions/setup-dotnet@v4 |
| 31 | + with: |
| 32 | + dotnet-version: ${{ env.DOTNET_VERSION }} |
| 33 | + |
| 34 | + - name: 3. Restore, Build, and Publish |
| 35 | + run: | |
| 36 | + dotnet restore "${{ env.PROJECT_PATH }}" |
| 37 | + dotnet build "${{ env.PROJECT_PATH }}" -c Release --no-restore |
| 38 | + dotnet publish "${{ env.PROJECT_PATH }}" -c Release -r win-x64 --self-contained true -o "${{ env.PUBLISH_DIR }}" |
| 39 | + shell: pwsh |
| 40 | + |
| 41 | + - name: 4. Install Inno Setup |
| 42 | + uses: Minionguy/setup-inno-setup-action@v1.0.1 |
| 43 | + |
| 44 | + - name: 5. Compile the installer |
| 45 | + run: iscc "${{ env.INNO_SETUP_SCRIPT }}" |
| 46 | + shell: cmd |
| 47 | + |
| 48 | + - name: 6. Decode and install signing certificate |
| 49 | + run: | |
| 50 | + $pfx_cert_byte = [System.Convert]::FromBase64String("${{ secrets.SIGNING_CERTIFICATE_BASE64 }}") |
| 51 | + $pfx_path = Join-Path -Path "${{ env.INSTALLER_OUTPUT_DIR }}" -ChildPath "ZeroMixCert.pfx" |
| 52 | + [System.IO.File]::WriteAllBytes($pfx_path, $pfx_cert_byte) |
| 53 | + shell: pwsh |
| 54 | + # This step runs only if the secret is set |
| 55 | + if: ${{ secrets.SIGNING_CERTIFICATE_BASE64 != '' }} |
| 56 | + |
| 57 | + - name: 7. Install and run code signing tool |
| 58 | + run: | |
| 59 | + choco install osslsigncode -y |
| 60 | + $InstallerFile = "${{ env.INSTALLER_OUTPUT_DIR }}\${{ env.INSTALLER_NAME }}.exe" |
| 61 | + $CertFile = "${{ env.INSTALLER_OUTPUT_DIR }}\ZeroMixCert.pfx" |
| 62 | + osslsigncode sign -pkcs12 "$CertFile" -pass "${{ secrets.SIGNING_CERTIFICATE_PASSWORD }}" -n "ZeroMix" -i "https://zeromix.vercel.app" -in "$InstallerFile" -out "$InstallerFile-signed.exe" -t http://timestamp.digicert.com |
| 63 | + Move-Item -Path "$InstallerFile-signed.exe" -Destination "$InstallerFile" -Force |
| 64 | + shell: pwsh |
| 65 | + # This step runs only if both secrets are set |
| 66 | + if: ${{ secrets.SIGNING_CERTIFICATE_BASE64 != '' && secrets.SIGNING_CERTIFICATE_PASSWORD != '' }} |
| 67 | + |
| 68 | + - name: 8. Create or Update Release |
| 69 | + uses: ncipollo/release-action@v1 |
| 70 | + with: |
| 71 | + allowUpdates: true |
| 72 | + name: ProyekTil |
| 73 | + tag: latest |
| 74 | + body: | |
| 75 | + Installer automatically updated by GitHub Actions. |
| 76 | + This release always contains the latest build from the '${{ github.ref_name }}' branch. |
| 77 | + artifacts: '${{ env.INSTALLER_OUTPUT_DIR }}/${{ env.INSTALLER_NAME }}.exe' |
| 78 | + token: ${{ secrets.GITHUB_TOKEN }} |
0 commit comments