1
name: Upload Windows Installer
7
description: 'Release version to build and upload (e.g. "v9.8.7")'
10
description: 'Perform all the steps except uploading to the release page'
12
default: "true" # 'choice' type requires string value
15
- "true" # Must be quoted string, boolean value not supported.
23
runs-on: windows-latest
25
FETCH_BASE_URL: ${{ github.server_url }}/${{ github.repository }}27
- name: Consolidate dryrun setting to always be true or false
30
# The 'release' trigger will not have a 'dryrun' input set. Handle
31
# this case in a readable/maintainable way.
32
$inputs_dryrun = "${{ inputs.dryrun }}"33
if ($inputs_dryrun.Length -lt 1) {34
Write-Output "dryrun=false" | Out-File -FilePath $env:GITHUB_OUTPUT -Append
36
Write-Output "dryrun=${{ inputs.dryrun }}" | Out-File -FilePath $env:GITHUB_OUTPUT -Append38
- name: Dry Run Status
40
Write-Output "::notice::This workflow execution will be a dry-run: ${{ steps.actual_dryrun.outputs.dryrun }}"41
- name: Determine version
44
$version = "${{ inputs.version }}"45
if ($version.Length -lt 1) {46
$version = "${{ github.event.release.tag_name }}"47
if ($version.Length -lt 1) {48
Write-Host "::error::Could not determine version!"
52
Write-Output "version=$version" | Out-File -FilePath $env:GITHUB_OUTPUT -Append
53
# Note this purposefully checks out the same branch the action runs in, as the
54
# installer build script is designed to support older releases (uses the archives
55
# on the release tag).
56
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
57
# This step is super-duper critical for the built/signed windows installer .exe file.
58
# It ensures the referenced $version github release page does NOT already contain
59
# this file. Windows assigns a UUID to the installer at build time, it's assumed
60
# by windows that one release version == one UUID (always). Breaking this assumption
61
# has some rather nasty side-effects in windows, such as possibly breaking 'uninstall'
62
# functionality. For dry-runs, the .exe is saved in the workflow artifacts for a human
63
# to judge w/n (i.e. in some extreme case) it should be uploaded to the release page.
67
Push-Location contrib\win-installer
68
.\check.ps1 ${{steps.getversion.outputs.version}}71
Write-Output "already-exists=true" | Out-File -FilePath $env:GITHUB_OUTPUT -Append
75
Write-Output "upload_asset_name=$env:UPLOAD_ASSET_NAME" | Out-File -FilePath $env:GITHUB_OUTPUT -Append
78
# The podman release process requires a cross-compile of the windows binaries be uploaded to
79
# the release page as a hard-coded filename. If non-existent, this workflow will fail in
80
# non-obvious ways with a non-obvious error message. Address that here.
81
- name: Confirm upload_asset_name is non-empty
82
if: ${{ steps.check.outputs.upload_asset_name == '' }}84
Write-Output "::error::check.ps1 script failed to find manually uploaded podman-remote-release-windows_amd64.zip github release asset for version ${{steps.getversion.outputs.version}}."87
uses: actions/setup-go@v5
88
# N/B: already-exists may be an empty-string or "false", handle both cases.
89
if: steps.check.outputs.already-exists != 'true' || steps.actual_dryrun.outputs.dryrun == 'true'
92
- name: Setup Signature Tooling
93
if: steps.Check.outputs.already-exists != 'true' || steps.actual_dryrun.outputs.dryrun == 'true'
95
dotnet tool install --global AzureSignTool --version 3.0.0
96
echo "CERT_NAME=${{secrets.AZ_CERT_NAME}}" | Out-File -FilePath $env:GITHUB_ENV -Append97
echo "VAULT_ID=${{secrets.AZ_VAULT_ID}}" | Out-File -FilePath $env:GITHUB_ENV -Append98
echo "APP_ID=${{secrets.AZ_APP_ID}}" | Out-File -FilePath $env:GITHUB_ENV -Append99
echo "TENANT_ID=${{secrets.AZ_TENANT_ID}}" | Out-File -FilePath $env:GITHUB_ENV -Append100
echo "CLIENT_SECRET=${{secrets.AZ_CLIENT_SECRET}}" | Out-File -FilePath $env:GITHUB_ENV -Append103
if: steps.check.outputs.already-exists != 'true' || steps.actual_dryrun.outputs.dryrun == 'true'
105
Push-Location contrib\win-installer
106
.\build.ps1 ${{steps.getversion.outputs.version}} prod107
$code = $LASTEXITCODE
109
Write-Output "artifact-missing=true" | Out-File -FilePath $env:GITHUB_OUTPUT -Append
116
if: steps.check.outputs.already-exists != 'true' || steps.actual_dryrun.outputs.dryrun == 'true'
117
uses: actions/upload-artifact@v4
121
${{ steps.check.outputs.upload_asset_name }}122
.\contrib\win-installer\shasums
125
steps.actual_dryrun.outputs.dryrun == 'false' &&
126
steps.check.outputs.already-exists != 'true' &&
127
steps.build.outputs.artifact-missing != 'true'
129
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}131
Push-Location contrib\win-installer
132
$version = "${{ steps.getversion.outputs.version }}"133
if ($version[0] -ne "v") {134
$version = "v$version"
136
gh release upload $version ${{ steps.check.outputs.upload_asset_name }}137
if ($LASTEXITCODE -ne 0) {139
if ($LASTEXITCODE -eq 2) {140
Write-Host "Another job uploaded before us, skipping"
147
if (Test-Path -Path shasums) {148
gh release upload --clobber $version shasums