Have with_fido_session macro call get_info() and pass result to body #1612
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Windows | |
| on: [push, pull_request] | |
| permissions: read-all | |
| jobs: | |
| build: | |
| runs-on: ${{ matrix.os }} | |
| name: Build - ${{ matrix.os }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - os: windows-latest | |
| artifact: ykman-builds-windows-x64 | |
| - os: windows-11-arm | |
| artifact: ykman-builds-windows-arm64 | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Install Rust toolchain | |
| uses: dtolnay/rust-toolchain@stable | |
| - name: Build Rust CLI | |
| shell: bash | |
| run: | | |
| cargo build --release -p ykman-cli | |
| mkdir -p dist/ykman | |
| cp target/release/ykman.exe dist/ykman/ | |
| dist/ykman/ykman.exe --version | |
| - name: Copy scripts | |
| shell: bash | |
| run: cp -r resources/win dist/scripts | |
| - name: Build installer | |
| if: matrix.os == 'windows-latest' | |
| working-directory: ./dist | |
| run: .\scripts\make_msi.ps1 | |
| - name: Upload build | |
| uses: actions/upload-artifact@v6 | |
| with: | |
| name: ${{ matrix.artifact }} | |
| path: dist | |
| sign-exe: | |
| if: startsWith(github.ref, 'refs/tags/') | |
| needs: [build] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check tag format | |
| run: | | |
| if [[ "${GITHUB_REF}" =~ ^refs/tags/[0-9]+\.[0-9]+\.[0-9]+-rc\.[0-9]+$ ]]; then | |
| echo "Tag matches format" | |
| else | |
| echo "Invalid tag format" | |
| exit 1 | |
| fi | |
| - uses: actions/checkout@v6 | |
| - name: download artifacts | |
| uses: actions/download-artifact@v5 | |
| with: | |
| name: ykman-builds-windows-x64 | |
| path: ykman-builds-windows | |
| - name: docker login | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ci@yubico.com | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: write service account credentials | |
| env: | |
| GAC: ${{ secrets.SCRIBE_SA }} | |
| run: | | |
| echo "${GAC}" > scribe_sa.json | |
| echo "GOOGLE_APPLICATION_CREDENTIALS=/scribe/scribe_sa.json" >> $GITHUB_ENV | |
| - name: run scribe sign exe | |
| run: > | |
| docker run | |
| --user $(id -u):$(id -g) | |
| --volume $(pwd):/scribe | |
| --env-file <(env) | |
| ghcr.io/yubico/scribe-ci:v1 | |
| --project-id scribe-prod-987134 | |
| --bucket scribe-u-pub-ykman-fqj0hy | |
| --config /scribe/.github/scribe-sign-exe-dll.yml | |
| submit . | |
| --synchronous | |
| --download-artifacts | |
| - name: unpack signed exe | |
| run: | | |
| mkdir -p signed | |
| mv scribe-download/*/sign-source/1.zip signed/ | |
| rm -rf scribe-download | |
| cd signed | |
| unzip -j 1.zip || true | |
| rm 1.zip | |
| cd .. | |
| cp signed/ykman.exe ykman-builds-windows/ykman/ykman.exe | |
| - name: upload signed artifacts | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: signed-files | |
| path: ykman-builds-windows | |
| build-msi: | |
| needs: [sign-exe] | |
| runs-on: windows-latest | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: download artifacts | |
| uses: actions/download-artifact@v5 | |
| with: | |
| name: signed-files | |
| path: ykman-builds-windows | |
| - name: Build installer | |
| working-directory: .\ykman-builds-windows | |
| run: .\scripts\make_msi.ps1 | |
| - name: Upload installer | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: ykman-installer-windows | |
| path: .\ykman-builds-windows | |
| sign-msi: | |
| needs: [build-msi] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: checkout repo | |
| uses: actions/checkout@v6 | |
| - name: download artifacts | |
| uses: actions/download-artifact@v5 | |
| with: | |
| name: ykman-installer-windows | |
| path: ykman-builds-windows | |
| - name: docker login | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ci@yubico.com | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: write service account credentials | |
| env: | |
| GAC: ${{ secrets.SCRIBE_SA }} | |
| run: | | |
| echo "${GAC}" > scribe_sa.json | |
| echo "GOOGLE_APPLICATION_CREDENTIALS=/scribe/scribe_sa.json" >> $GITHUB_ENV | |
| - name: run scribe sign msi | |
| run: > | |
| docker run | |
| --user $(id -u):$(id -g) | |
| --volume $(pwd):/scribe | |
| --env-file <(env) | |
| ghcr.io/yubico/scribe-ci:v1 | |
| --project-id scribe-prod-987134 | |
| --bucket scribe-u-pub-ykman-fqj0hy | |
| --config /scribe/.github/scribe-sign-msi.yml | |
| submit . | |
| --synchronous | |
| --download-artifacts | |
| - name: unpack signed msi | |
| run: | | |
| mkdir -p signed | |
| mv scribe-download/*/sign-source/1.zip signed/ | |
| rm -rf scribe-download | |
| cd signed | |
| unzip -j 1.zip || true | |
| rm 1.zip | |
| cd .. | |
| cp signed/ykman.msi ykman-builds-windows/ykman.msi | |
| - name: upload signed artifacts | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: signed-files-and-msi | |
| path: ykman-builds-windows |