diff --git a/.editorconfig b/.editorconfig index 2ec3ed9fa0..c0aba9b74d 100644 --- a/.editorconfig +++ b/.editorconfig @@ -15,3 +15,9 @@ indent_size = 2 indent_style = space insert_final_newline = true trim_trailing_whitespace = true + +[*.yml] +indent_size = 2 +indent_style = space +insert_final_newline = true +trim_trailing_whitespace = true \ No newline at end of file diff --git a/.github/actions/build-electron/action.yml b/.github/actions/build-electron/action.yml new file mode 100644 index 0000000000..cd533d83ce --- /dev/null +++ b/.github/actions/build-electron/action.yml @@ -0,0 +1,34 @@ +inputs: + os: + description: "One of the supported platforms: macos, linux, windows" + required: true + arch: + description: "The architecture to build for: x64, arm64" + required: true + extension: + description: "Platform specific extension to build: dmg, deb, exe" + required: true +runs: + using: composite + steps: + - name: Set up Python for appdmg to be installed + if: ${{ inputs.os == 'macos' }} + shell: bash + run: brew install python-setuptools + - name: Install dependencies + shell: cmd + run: npm ci + - name: Update build info + shell: cmd + if: false + run: npm run update-build-info + - name: Run electron-forge + shell: cmd + run: npm run make-electron -- --arch=${{ inputs.arch }} + env: + WINDOWS_SIGNTOOL_PATH: "C:\\ev_signer_trilium\\ev_signer_trilium.exe" + WINDOWS_SIGN_WITH_PARAMS: --executable + - uses: actions/upload-artifact@v4 + with: + name: Artifacts + path: out/make diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 0b20762dea..2aad22d6e2 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -4,10 +4,11 @@ on: branches: - "feature/update**" - "feature/server_esm**" + - "feature/windows_signing" paths-ignore: - "docs/**" - ".github/workflows/main-docker.yml" - workflow_dispatch: + workflow_dispatch: concurrency: group: ${{ github.workflow }}-${{ github.ref }} @@ -19,16 +20,10 @@ jobs: strategy: fail-fast: false matrix: - arch: [x64, arm64] + arch: [x64] os: - - name: macos - image: macos-latest - extension: dmg - - name: linux - image: ubuntu-latest - extension: deb - name: windows - image: windows-latest + image: win-signing extension: exe runs-on: ${{ matrix.os.image }} steps: @@ -37,31 +32,15 @@ jobs: uses: actions/setup-node@v4 with: node-version: 20 - - name: Set up Python for appdmg to be installed - if: ${{ matrix.os.name == 'macos' }} - run: brew install python-setuptools - - name: Install dependencies - run: npm ci - - name: Update build info - run: npm run update-build-info - - name: Run electron-forge - run: npm run make-electron -- --arch=${{ matrix.arch }} - - name: Prepare artifacts (Unix) - if: runner.os != 'windows' - run: | - mkdir -p upload - file=$(find out/make -name '*.zip' -print -quit) - cp "$file" "upload/TriliumNextNotes-${{ matrix.os.name }}-${{ matrix.arch }}-${{ github.ref_name }}.zip" - file=$(find out/make -name '*.${{ matrix.os.extension }}' -print -quit) - cp "$file" "upload/TriliumNextNotes-${{ matrix.os.name }}-${{ matrix.arch }}-${{ github.ref_name }}.${{ matrix.os.extension }}" - - name: Prepare artifacts (Windows) - if: runner.os == 'windows' - run: | - mkdir upload - $file = Get-ChildItem -Path out/make -Filter '*.zip' -Recurse | Select-Object -First 1 - Copy-Item -Path $file.FullName -Destination "upload/TriliumNextNotes-${{ matrix.os.name }}-${{ matrix.arch }}-${{ github.ref_name }}.zip" - $file = Get-ChildItem -Path out/make -Filter '*.${{ matrix.os.extension }}' -Recurse | Select-Object -First 1 - Copy-Item -Path $file.FullName -Destination "upload/TriliumNextNotes-${{ matrix.os.name }}-${{ matrix.arch }}-${{ github.ref_name }}.${{ matrix.os.extension }}" + - name: Run the build + uses: ./.github/actions/build-electron + with: + os: ${{ matrix.os.name }} + arch: ${{ matrix.arch }} + extension: ${{ matrix.os.extension }} + env: + WINDOWS_SIGNTOOL_PATH: "C:\\ev_signer_trilium\\ev_signer_trilium.exe" + WINDOWS_SIGN_WITH_PARAMS: --executable - name: Publish artifacts uses: actions/upload-artifact@v4 with: @@ -72,39 +51,3 @@ jobs: with: name: TriliumNextNotes ${{ matrix.os.name }} ${{ matrix.arch }}.${{matrix.os.extension}} path: upload/*.${{ matrix.os.extension }} - build_linux_server: - name: Build Linux Server - strategy: - fail-fast: false - matrix: - arch: [x64, arm64] - include: - - arch: x64 - runs-on: ubuntu-latest - - arch: arm64 - runs-on: ubuntu-24.04-arm - runs-on: ${{ matrix.runs-on }} - steps: - - uses: actions/checkout@v4 - - name: Set up node & dependencies - uses: actions/setup-node@v4 - with: - node-version: 20 - cache: "npm" - - name: Install dependencies - run: npm ci - - name: Run Linux server build - env: - MATRIX_ARCH: ${{ matrix.arch }} - run: | - npm run update-build-info - ./bin/build-server.sh - - name: Prepare artifacts - run: | - mkdir -p upload - file=$(find dist -name '*.tar.xz' -print -quit) - cp "$file" "upload/TriliumNextNotes-linux-${{ matrix.arch }}-${{ github.ref_name }}.tar.xz" - - uses: actions/upload-artifact@v4 - with: - name: TriliumNextNotes linux server ${{ matrix.arch }} - path: upload/TriliumNextNotes-linux-${{ matrix.arch }}-${{ github.ref_name }}.tar.xz diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml index f040eeecb6..4de586be7e 100644 --- a/.github/workflows/nightly.yml +++ b/.github/workflows/nightly.yml @@ -34,33 +34,14 @@ jobs: uses: actions/setup-node@v4 with: node-version: 20 - - name: Set up Python for appdmg to be installed - if: ${{ matrix.os.name == 'macos' }} - run: brew install python-setuptools - - name: Install dependencies - run: npm ci - - name: Update build info - run: npm run update-build-info - name: Update nightly version run: npm run ci-update-nightly-version - - name: Run electron-forge - run: npm run make-electron -- --arch=${{ matrix.arch }} - - name: Prepare artifacts (Unix) - if: runner.os != 'windows' - run: | - mkdir -p upload - file=$(find out/make -name '*.zip' -print -quit) - cp "$file" "upload/TriliumNextNotes-${{ matrix.os.name }}-${{ matrix.arch }}.zip" - file=$(find out/make -name '*.${{ matrix.os.extension }}' -print -quit) - cp "$file" "upload/TriliumNextNotes-${{ matrix.os.name }}-${{ matrix.arch }}.${{ matrix.os.extension }}" - - name: Prepare artifacts (Windows) - if: runner.os == 'windows' - run: | - mkdir upload - $file = Get-ChildItem -Path out/make -Filter '*.zip' -Recurse | Select-Object -First 1 - Copy-Item -Path $file.FullName -Destination "upload/TriliumNextNotes-${{ matrix.os.name }}-${{ matrix.arch }}.zip" - $file = Get-ChildItem -Path out/make -Filter '*.${{ matrix.os.extension }}' -Recurse | Select-Object -First 1 - Copy-Item -Path $file.FullName -Destination "upload/TriliumNextNotes-${{ matrix.os.name }}-${{ matrix.arch }}.${{ matrix.os.extension }}" + - name: Run the build + uses: ./.github/actions/build-electron + with: + os: ${{ matrix.os.name }} + arch: ${{ matrix.arch }} + extension: ${{ matrix.os.extension }} - name: Publish artifacts uses: actions/upload-artifact@v4 with: diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 0e12396251..fb62c3a6b6 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -34,31 +34,12 @@ jobs: uses: actions/setup-node@v4 with: node-version: 20 - - name: Set up Python for appdmg to be installed - if: ${{ matrix.os.name == 'macos' }} - run: brew install python-setuptools - - name: Install dependencies - run: npm ci - - name: Update build info - run: npm run update-build-info - - name: Run electron-forge - run: npm run make-electron -- --arch=${{ matrix.arch }} - - name: Prepare artifacts (Unix) - if: runner.os != 'windows' - run: | - mkdir -p upload - file=$(find out/make -name '*.zip' -print -quit) - cp "$file" "upload/TriliumNextNotes-${{ github.ref_name }}-${{ matrix.os.name }}-${{ matrix.arch }}.zip" - file=$(find out/make -name '*.${{ matrix.os.extension }}' -print -quit) - cp "$file" "upload/TriliumNextNotes-${{ github.ref_name }}-${{ matrix.os.name }}-${{ matrix.arch }}.${{ matrix.os.extension }}" - - name: Prepare artifacts (Windows) - if: runner.os == 'windows' - run: | - mkdir upload - $file = Get-ChildItem -Path out/make -Filter '*.zip' -Recurse | Select-Object -First 1 - Copy-Item -Path $file.FullName -Destination "upload/TriliumNextNotes-${{ github.ref_name }}-${{ matrix.os.name }}-${{ matrix.arch }}.zip" - $file = Get-ChildItem -Path out/make -Filter '*.${{ matrix.os.extension }}' -Recurse | Select-Object -First 1 - Copy-Item -Path $file.FullName -Destination "upload/TriliumNextNotes-${{ github.ref_name }}-${{ matrix.os.name }}-${{ matrix.arch }}.${{ matrix.os.extension }}" + - name: Run the build + uses: ./.github/actions/build-electron + with: + os: ${{ matrix.os.name }} + arch: ${{ matrix.arch }} + extension: ${{ matrix.os.extension }} - name: Publish release uses: softprops/action-gh-release@v2 with: diff --git a/bin/sign-windows.cjs b/bin/sign-windows.cjs new file mode 100644 index 0000000000..146ee9b443 --- /dev/null +++ b/bin/sign-windows.cjs @@ -0,0 +1,8 @@ +const child_process = require("child_process"); +const SIGN_EXECUTABLE = "C:\\ev_signer_trilium\\ev_signer_trilium.exe"; + +module.exports = function (filePath) { + const command = `${SIGN_EXECUTABLE} --executable "${filePath}"`; + console.log(`> ${command}`); + child_process.execSync(command); +} diff --git a/forge.config.cjs b/forge.config.cjs index 64ef74b165..04406cbb25 100644 --- a/forge.config.cjs +++ b/forge.config.cjs @@ -1,6 +1,5 @@ const path = require("path"); const fs = require("fs-extra"); - const APP_NAME = "TriliumNext Notes"; module.exports = { @@ -10,6 +9,9 @@ module.exports = { overwrite: true, asar: true, icon: "./images/app-icons/icon", + windowsSign: { + hookModulePath: "bin\\sign-windows.cjs" + }, extraResource: [ // Moved to root ...getExtraResourcesForPlatform(), @@ -63,7 +65,7 @@ module.exports = { config: { iconUrl: "https://raw.githubusercontent.com/TriliumNext/Notes/develop/images/app-icons/icon.ico", setupIcon: "./images/app-icons/icon.ico", - loadingGif: "./images/app-icons/win/setup-banner.gif" + loadingGif: "./images/app-icons/win/setup-banner.gif", } }, { diff --git a/package-lock.json b/package-lock.json index f441eb0d3d..6d0ea4ebbd 100644 --- a/package-lock.json +++ b/package-lock.json @@ -111,6 +111,7 @@ "@electron-forge/maker-zip": "7.6.0", "@electron-forge/plugin-auto-unpack-natives": "7.6.0", "@electron/rebuild": "3.7.1", + "@electron/windows-sign": "1.2.0", "@playwright/test": "1.49.1", "@types/archiver": "6.0.3", "@types/better-sqlite3": "7.6.12", diff --git a/package.json b/package.json index 0443438790..ad07510ccf 100644 --- a/package.json +++ b/package.json @@ -153,6 +153,7 @@ "@electron-forge/maker-zip": "7.6.0", "@electron-forge/plugin-auto-unpack-natives": "7.6.0", "@electron/rebuild": "3.7.1", + "@electron/windows-sign": "1.2.0", "@playwright/test": "1.49.1", "@types/archiver": "6.0.3", "@types/better-sqlite3": "7.6.12",