1. Fix Issues #103
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build FlyEnv Windows Packages | |
| on: | |
| push: | |
| paths: | |
| - 'build/windows.build.yml' | |
| jobs: | |
| build-windows: | |
| name: Build Windows Packages (x64) | |
| runs-on: windows-2022 | |
| timeout-minutes: 60 | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Install build dependencies | |
| run: | | |
| # 安装必要的构建工具 | |
| choco install -y make | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: '24' | |
| - name: Setup Go | |
| uses: actions/setup-go@v6 | |
| with: | |
| go-version-file: 'src/helper-go/go.mod' | |
| cache-dependency-path: 'src/helper-go/go.sum' | |
| - name: Cache node_modules and node-gyp | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| node_modules | |
| **/node_modules | |
| .yarn/cache | |
| ~/.cache/node-gyp | |
| ~\AppData\Local\node-gyp | |
| key: ${{ runner.os }}-x64-node-${{ hashFiles('**/package.json') }} | |
| - name: Install Yarn and build tools | |
| run: | | |
| npm install -g yarn node-gyp | |
| python -m pip install --upgrade pip | |
| - name: Install dependencies with Yarn | |
| run: | | |
| # Force link against WinRT runtime objects | |
| $env:LINK = "runtimeobject.lib" | |
| yarn install | |
| - name: Build Go helper with build-win.ps1 | |
| run: | | |
| go install github.com/tc-hib/go-winres@latest | |
| $GOBIN = $(go env GOPATH) + "\bin" | |
| $env:PATH = "$GOBIN;$env:PATH" | |
| cd "$env:GITHUB_WORKSPACE/src/helper-go" | |
| go mod download | |
| go-winres make | |
| # 使用 PowerShell 脚本构建 | |
| .\build-win.ps1 | |
| # 安装 SignPath PowerShell 模块,供 electron-builder 的 afterPack 钩子调用 | |
| - name: Install SignPath PowerShell module | |
| run: | | |
| Install-Module -Name SignPath -Force -Scope CurrentUser -AllowClobber | |
| Import-Module SignPath | |
| # 打包:afterPack 钩子会把 win-unpacked 内所有 PE(FlyEnv.exe / dll / .node / helper) | |
| # 收集成 zip,一次性提交 SignPath 用 windows-app 配置签名,再覆盖回原位。 | |
| - name: Build Electron packages with electron-builder | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| SIGNPATH_API_TOKEN: ${{ secrets.SIGNPATH_API_TOKEN }} | |
| SIGNPATH_ORGANIZATION_ID: '4db4007d-ac9e-4889-a8d5-52d4a421d989' | |
| SIGNPATH_PROJECT_SLUG: 'FlyEnv' | |
| SIGNPATH_POLICY_SLUG: 'test-signing' | |
| SIGNPATH_APP_ARTIFACT_CONFIG_SLUG: 'windows-app' | |
| run: | | |
| cd "$env:GITHUB_WORKSPACE" | |
| yarn build | |
| # ---- 第 2 段签名:打包后签外层安装包/便携版 ---- | |
| # 1) 先把待签名的 exe 作为一个独立 artifact 上传;upload-artifact 会自动打成 zip, | |
| # SignPath 的 installer.artifact-configuration.xml 以 <zip-file> 为根来匹配里面的 exe。 | |
| - name: Upload unsigned artifacts (for signing) | |
| id: upload-unsigned | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: FlyEnv-Windows-x64-unsigned | |
| path: | | |
| release/FlyEnv-Setup-*.exe | |
| release/FlyEnv-Portable-*.exe | |
| # 2) 提交给 SignPath 签名,并把签名后的文件下载回 release/signed/ | |
| - name: Submit signing request to SignPath | |
| uses: signpath/github-action-submit-signing-request@v1 | |
| with: | |
| api-token: ${{ secrets.SIGNPATH_API_TOKEN }} | |
| organization-id: '4db4007d-ac9e-4889-a8d5-52d4a421d989' | |
| project-slug: 'FlyEnv' | |
| signing-policy-slug: 'test-signing' | |
| artifact-configuration-slug: 'windows-installer' | |
| github-artifact-id: ${{ steps.upload-unsigned.outputs.artifact-id }} | |
| wait-for-completion: true | |
| output-artifact-directory: 'release/signed' | |
| # 3) 上传签名后的产物 + 其余文件(installer/portable 用已签名版本) | |
| - name: Upload signed artifacts | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: FlyEnv-Windows-x64 | |
| path: | | |
| release/signed/*.exe | |
| release/*.msi | |
| release/*.yml | |
| release/*.blockmap |