debugging

BrightSpots · Feb 23, 2024 · ea39b8b · ea39b8b
1 parent 24313bd
commit ea39b8b
Show file tree

Hide file tree

Showing 4 changed files with 7 additions and 91 deletions.
diff --git a/.gitattributes b/.gitattributes
@@ -0,0 +1 @@
+* text eol=lf
diff --git a/.github/actions/Sha-Of-Directory.ps1 b/.github/actions/Sha-Of-Directory.ps1
@@ -17,7 +17,6 @@ $CryptoStream = [System.Security.Cryptography.CryptoStream]::new(
 )
 
 # Retrieve each file and copy the data into the cryptographic stream.
-echo $Directory
 foreach ($File in Get-ChildItem -Recurse -Path $Directory -File) {
     # Write-Host $File
     $FileStream = [io.file]::OpenRead($File.FullName)

diff --git a/.github/actions/sha-of-zip.bat b/.github/actions/sha-of-zip.bat
@@ -31,15 +31,6 @@ if exist %MODULESDIR% (
 
 powershell -command Expand-Archive -Path %ZIP_FILEPATH% -Destination %EXTRACTIONDIR%
 
-:: Extract modules, get the SHA-512 of it, and add it to the top of the hashfile
-jimage extract --dir %MODULESDIR% %MODULESFILE%
-
-powershell .github\actions\Sha-Of-Directory.ps1 %MODULESDIR% 512 > %HASHFILE_UNSORTED%
-
-:: Delete both modules and the extracted dir
-del %MODULESFILE%
-rmdir /s /q %MODULESDIR%
-
 :: Calculate the hash for every file here and in all subdirectories, appending to the file (format "(filename) = (hash)")
 (
   for /r %EXTRACTIONDIR% %%f in (*) do (
@@ -59,6 +50,10 @@ for /f "delims=" %%A in ('type "%HASHFILE_UNSORTED%"') do (
 
 sort "%HASHFILE_PATH_STRIPPED%" > "%HASHFILE_SORTED%"
 
+:: dos2unix on the file to ensure consistent SHAs
+powershell -Command "& {[IO.File]::WriteAllText(\"%HASHFILE_SORTED%\", $([IO.File]::ReadAllText(\"%HASHFILE_SORTED%\") -replace \"`r`n", "`n\"))}"
+
+
 C:\Windows\System32\certutil.exe -hashfile %HASHFILE_SORTED% SHA%SHA_A% | findstr /v ":"
 
 :: For debugging, enable printing the file-by-file hash

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -14,7 +14,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     strategy:
       matrix:
-        os: [ ubuntu-latest, windows-latest, macos-latest ] # add macos-latest-xlarge for silicon (a paid feature)
+        os: [ windows-latest ] # add macos-latest-xlarge for silicon (a paid feature)
     steps:
       - name: "Create base filename for all artifacts"
         id: basefn
@@ -90,96 +90,17 @@ jobs:
         run: |
           echo "FILEPATH=cache/checksums.csv" >> $GITHUB_OUTPUT
 
-      - name: "Generate SHA1 and SHA256 for each maven dependency"
-        shell: bash
-        run: ./.github/workflows/generate-dependency-hashes.sh ${{ runner.os }} >> ${{steps.checksumsfn.outputs.FILEPATH}}
-
-      - name: "Create dependency zip"
-        uses: ./.github/actions/zip
-        with:
-          # Build, then remove all non-essential files
-          command: ./gradlew assemble && ./gradlew --stop
-          input: "~/.gradle/caches"
-          zipFilename: ${{steps.cachefn.outputs.FILEPATH}}
-
-      - name: "Generate SHA512 for plugins cache"
-        shell: bash
-        run: |
-          ./.github/workflows/sha.sh ${{steps.cachefn.outputs.FILEPATH}} ${{ runner.os }} 512 > ${{steps.cachefn.outputs.FILEPATH}}.sha512
-
-      - name: "Generate SHA512 for plugins' checksums"
-        shell: bash
-        run: |
-          ./.github/workflows/sha.sh ${{steps.checksumsfn.outputs.FILEPATH}} ${{ runner.os }} 512 > ${{steps.checksumsfn.outputs.FILEPATH}}.sha512
-
       - name: "Generate Golden SHA512 for jlinkZip"
         uses: ./.github/actions/sha-of-zip
         with:
           zipFilename: ${{ steps.zipfn.outputs.FILEPATH }}
           shaA: 512
-
-      - name: "Prepare keychain"
-        if: matrix.os == 'macOS-latest'
-        env:
-          MACOS_CERTIFICATE: ${{ secrets.MACOS_CERTIFICATE }}
-          MACOS_CERTIFICATE_PWD: ${{ secrets.MACOS_CERTIFICATE_PWD }}
-        run: |
-          export TEMP_PWD=temporary-password-to-avoid-GUI-prompt
-          echo "Decode Base64 certificates"
-          echo $MACOS_CERTIFICATE | base64 --decode > certificate.p12
-          echo "Create and unlock keychain"
-          security create-keychain -p $TEMP_PWD build.keychain
-          security unlock-keychain -p $TEMP_PWD build.keychain
-          echo "Import certificates into keychain"
-          # Note: in the next command, the -A should not be used outside of github actions.
-          # It allows any application to read the keychain, which is fine in an ephemeral environment,
-          # but not fine if you run this on your own machine.
-          security import certificate.p12 -k build.keychain -P $MACOS_CERTIFICATE_PWD -A -T /usr/bin/codesign -T /usr/bin/productbuild -T /usr/bin/security
-          security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $TEMP_PWD build.keychain
-
-      - name: "Create executable with jpackage (and sign, on MacOS)"
-        uses: ./.github/actions/gradle-and-sha
-        with:
-          gradle-command: jpackage
-          intermediate-filepath: ${{ steps.jpackagefn.outputs.FILEPATH }}
-          final-filepath: ${{ steps.exefn.outputs.FILEPATH }}
-
-      - name: "Notarize app bundle"
-        if: matrix.os == 'macOS-latest'
-        env:
-          MACOS_NOTARIZATION_APPLE_ID: ${{ secrets.MACOS_NOTARIZATION_APPLE_ID }}
-          MACOS_NOTARIZATION_TEAM_ID: ${{ secrets.MACOS_NOTARIZATION_TEAM_ID }}
-          MACOS_NOTARIZATION_PWD: ${{ secrets.MACOS_NOTARIZATION_PWD }}
-          IDENTITY_PUBLIC_KEY: A257HB4NS4
-        run: |
-          echo "Unlock keychain"
-          security unlock-keychain -p temporary-password-to-avoid-GUI-prompt build.keychain
-          security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k temporary-password-to-avoid-GUI-prompt build.keychain
-          echo "Create keychain profile"
-          xcrun notarytool store-credentials "notarytool-profile" --apple-id "$MACOS_NOTARIZATION_APPLE_ID" --team-id "$MACOS_NOTARIZATION_TEAM_ID" --password "$MACOS_NOTARIZATION_PWD"
-          echo "Creating temp notarization archive"
-          ditto -c -k --sequesterRsrc --keepParent ${{ steps.exefn.outputs.FILEPATH }} "notarization.zip"
-          echo "Notarize app -- this may take a few minutes"
-          xcrun notarytool submit "notarization.zip" --keychain-profile "notarytool-profile" --wait
-          echo "Attach staple"
-          xcrun stapler staple ${{ steps.exefn.outputs.FILEPATH }}
-
       - uses: actions/upload-artifact@v3
         with:
           name: Package
           if-no-files-found: error
           path: |
-            ${{ github.workspace }}/all_hashes_sorted.txt
-            ${{ github.workspace }}/${{    steps.zipfn.outputs.FILEPATH    }}
-            ${{ github.workspace }}/${{    steps.zipfn.outputs.FILEPATH    }}.sha512
-            ${{ github.workspace }}/${{    steps.zipfn.outputs.FILEPATH    }}.golden.sha512
-            ${{ github.workspace }}/${{    steps.exefn.outputs.FILEPATH    }}
-            ${{ github.workspace }}/${{    steps.exefn.outputs.FILEPATH    }}.sha512
-            ${{ github.workspace }}/${{   steps.cachefn.outputs.FILEPATH   }}
-            ${{ github.workspace }}/${{   steps.cachefn.outputs.FILEPATH   }}.sha512
-            ${{ github.workspace }}/${{   steps.cachefn.outputs.FILEPATH   }}.golden.sha512
-            ${{ github.workspace }}/${{ steps.checksumsfn.outputs.FILEPATH }}
-            ${{ github.workspace }}/${{ steps.checksumsfn.outputs.FILEPATH }}.sha512
+            ${{ github.workspace }}/${{   steps.zipfn.outputs.FILEPATH   }}.golden.sha512
           retention-days: 1
 
       - name: "Upload binaries to release"