Code-sign ark binaries on Windows #985
Conversation
DavisVaughan
left a comment
DavisVaughan
left a comment
There was a problem hiding this comment.
Great! Thanks for putting it in posit-gh-actions, that's so much complexity hidden away! Especially being able to use the org level env vars too!
|
|
||
| sign_windows: | ||
| name: "Sign Windows Binaries" | ||
| uses: posit-dev/posit-gh-actions/.github/workflows/sign-windows.yml@main |
There was a problem hiding this comment.
Is [windows-latest-8x] a custom machine of ours?
https://github.com/posit-dev/posit-gh-actions/blob/1a1aba8696f8a20b4061d4e4ca7614fcb93b368b/.github/workflows/sign-windows.yml#L19
There was a problem hiding this comment.
Kind of! It's one of our "Posit Larger Runners". IIRC it is not hosted by Posit but we do pay for it via Github Enterprise.
| secrets: inherit | ||
| strategy: | ||
| matrix: | ||
| arch: [x64, arm64] |
There was a problem hiding this comment.
I assume that whatever arch [windows-latest-8x] is can codesign both x64 and arm64 with no issues?
There was a problem hiding this comment.
Good question; yes, it can. It's been code signing the arm64 version of Positron for a few months now.
| cargo build ${{ matrix.flavor == 'release' && '--release' || '' }} --target ${{ matrix.rust_target_prefix }}-pc-windows-msvc | ||
| - name: Create archive | ||
| - name: Upload unsigned executable for signing |
There was a problem hiding this comment.
I think you can remove DEBUG_FLAG from build_windows:?
Signs
ark.exeon Windows.Part of posit-dev/positron#9962.