feat: installer and uninstaller (#32)

Adds new package `Installer` which uses
[WixSharp](https://github.com/oleg-shilo/wixsharp) to build WixToolset
installers for WIndows.

We build two installers:
- `Coder Desktop (Core)`, which installs the app files, service files,
VPN files (`wintun.dll`), creates a system service and an app shortcut
in the start menu
- `Coder Desktop`, which will netinstall the .NET runtime if it's not
installed and then chain install `Coder Desktop (Core)

We will only be shipping the `Coder Desktop` installer, which contains
the Core installer. The chained Core installation doesn't show up in
Settings > Apps.


![image](https://github.com/user-attachments/assets/0dbcc2fb-8618-4f7e-8973-8a8226c1f3e0)

![image](https://github.com/user-attachments/assets/8a33ac0d-f2aa-4dfe-a0df-efd7da3d1d22)

![image](https://github.com/user-attachments/assets/cc5bfc38-2587-4f83-9586-c21e3d663dda)

![image](https://github.com/user-attachments/assets/6e15ed0e-273c-4dfc-99ce-22b35ef5668f)

Follow-up PR will integrate to CI and add authenticode signing to the
installer binaries.

Closes #11
Closes #30

Author: deansheather

.github/workflows/release.yaml

@@ -4,12 +4,18 @@ on:
   push:
     tags:
       - '*'
+  workflow_dispatch:
+    inputs:
+      version:
+        description: 'Version number (e.g. v1.2.3)'
+        required: true
+        default: 'v1.2.3'
 
 permissions:
   contents: write
 
 jobs:
-  build:
+  release:
     runs-on: windows-latest
 
     steps:
@@ -20,42 +26,83 @@ jobs:
       with:
         dotnet-version: '8.0.x'
 
+    # Necessary for signing Windows binaries.
+    - name: Setup Java
+      uses: actions/setup-java@3a4f6e1af504cf6a31855fa899c6aa5355ba6c12 # v4.7.0
+      with:
+        distribution: "zulu"
+        java-version: "11.0"
+
     - name: Get version from tag
       id: version
       shell: pwsh
       run: |
-        $tag = $env:GITHUB_REF -replace 'refs/tags/',''
+        $ErrorActionPreference = "Stop"
+        if ($env:INPUT_VERSION) {
+          $tag = $env:INPUT_VERSION
+        } else {
+          $tag = $env:GITHUB_REF -replace 'refs/tags/',''
+        }
         if ($tag -notmatch '^v\d+\.\d+\.\d+$') {
-            throw "Tag must be in format v1.2.3"
+          throw "Version must be in format v1.2.3, got $tag"
         }
         $version = $tag -replace '^v',''
-        $assemblyVersion = "$version.0"
-        echo "VERSION=$version" >> $env:GITHUB_OUTPUT
-        echo "ASSEMBLY_VERSION=$assemblyVersion" >> $env:GITHUB_OUTPUT
+        $assemblyVersion = "$($version).0"
+        Add-Content -Path $env:GITHUB_OUTPUT -Value "VERSION=$version"
+        Add-Content -Path $env:GITHUB_OUTPUT -Value "ASSEMBLY_VERSION=$assemblyVersion"
+        Write-Host "Version: $version"
+        Write-Host "Assembly version: $assemblyVersion"
+      env:
+        INPUT_VERSION: ${{ inputs.version }}
 
-    - name: Build and publish x64
-      run: |
-        dotnet publish src/App/App.csproj -c Release -r win-x64 -p:Version=${{ steps.version.outputs.ASSEMBLY_VERSION }} -o publish/x64
-        dotnet publish src/Vpn.Service/Vpn.Service.csproj -c Release -r win-x64 -p:Version=${{ steps.version.outputs.ASSEMBLY_VERSION }} -o publish/x64
+    # Setup GCloud for signing Windows binaries.
+    - name: Authenticate to Google Cloud
+      id: gcloud_auth
+      uses: google-github-actions/auth@71f986410dfbc7added4569d411d040a91dc6935 # v2.1.8
+      with:
+        workload_identity_provider: ${{ secrets.GCP_CODE_SIGNING_WORKLOAD_ID_PROVIDER }}
+        service_account: ${{ secrets.GCP_CODE_SIGNING_SERVICE_ACCOUNT }}
+        token_format: "access_token"
 
-    - name: Build and publish arm64
-      run: |
-        dotnet publish src/App/App.csproj -c Release -r win-arm64 -p:Version=${{ steps.version.outputs.ASSEMBLY_VERSION }} -o publish/arm64
-        dotnet publish src/Vpn.Service/Vpn.Service.csproj -c Release -r win-arm64 -p:Version=${{ steps.version.outputs.ASSEMBLY_VERSION }} -o publish/arm64
+    - name: Setup GCloud SDK
+      uses: google-github-actions/setup-gcloud@77e7a554d41e2ee56fc945c52dfd3f33d12def9a # v2.1.4
 
-    - name: Create ZIP archives
+    - name: scripts/Release.ps1
+      id: release
       shell: pwsh
       run: |
-        Compress-Archive -Path "publish/x64/*" -DestinationPath "./publish/CoderDesktop-${{ steps.version.outputs.VERSION }}-x64.zip"
-        Compress-Archive -Path "publish/arm64/*" -DestinationPath "./publish/CoderDesktop-${{ steps.version.outputs.VERSION }}-arm64.zip"
+        $ErrorActionPreference = "Stop"
 
-    - name: Create Release
-      uses: softprops/action-gh-release@v1
+        $env:EV_CERTIFICATE_PATH = Join-Path $env:TEMP "ev_cert.pem"
+        $env:JSIGN_PATH = Join-Path $env:TEMP "jsign-6.0.jar"
+        Invoke-WebRequest -Uri "https://github.com/ebourg/jsign/releases/download/6.0/jsign-6.0.jar" -OutFile $env:JSIGN_PATH
+
+        & ./scripts/Release.ps1 `
+          -version ${{ steps.version.outputs.VERSION }} `
+          -assemblyVersion ${{ steps.version.outputs.ASSEMBLY_VERSION }}
+        if ($LASTEXITCODE -ne 0) { throw "Failed to publish" }
+      env:
+        EV_SIGNING_CERT: ${{ secrets.EV_SIGNING_CERT }}
+        EV_KEYSTORE: ${{ secrets.EV_KEYSTORE }}
+        EV_KEY: ${{ secrets.EV_KEY }}
+        EV_TSA_URL: ${{ secrets.EV_TSA_URL }}
+        GCLOUD_ACCESS_TOKEN: ${{ steps.gcloud_auth.outputs.access_token }}
+
+    - name: Upload artifact
+      uses: actions/upload-artifact@v4
+      with:
+        name: publish
+        path: .\publish\
+
+    - name: Create release
+      uses: softprops/action-gh-release@v2
+      if: startsWith(github.ref, 'refs/tags/')
       with:
-        files: |
-          ./publish/CoderDesktop-${{ steps.version.outputs.VERSION }}-x64.zip
-          ./publish/CoderDesktop-${{ steps.version.outputs.VERSION }}-arm64.zip
         name: Release ${{ steps.version.outputs.VERSION }}
         generate_release_notes: true
+        # We currently only release the bootstrappers, not the MSIs.
+        files: |
+          ${{ steps.release.outputs.X64_OUTPUT_PATH }}
+          ${{ steps.release.outputs.ARM64_OUTPUT_PATH }}
       env:
         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

App/App.csproj

@@ -17,15 +17,22 @@
         <LangVersion>preview</LangVersion>
         <!-- We have our own implementation of main with exception handling -->
         <DefineConstants>DISABLE_XAML_GENERATED_MAIN</DefineConstants>
+
+        <AssemblyName>Coder Desktop</AssemblyName>
+        <ApplicationIcon>coder.ico</ApplicationIcon>
     </PropertyGroup>
 
     <PropertyGroup Condition="$(Configuration) == 'Release'">
-        <PublishTrimmed>true</PublishTrimmed>
-        <TrimMode>CopyUsed</TrimMode>
+        <PublishTrimmed>false</PublishTrimmed>
+        <!-- <TrimMode>CopyUsed</TrimMode> -->
         <PublishReadyToRun>true</PublishReadyToRun>
-        <SelfContained>true</SelfContained>
+        <SelfContained>false</SelfContained>
     </PropertyGroup>
 
+    <ItemGroup>
+      <Content Include="coder.ico" />
+    </ItemGroup>
+
     <ItemGroup>
         <Manifest Include="$(ApplicationManifest)" />
     </ItemGroup>

App/Services/CredentialManager.cs

@@ -239,11 +239,9 @@ private struct CREDENTIAL
             public int Flags;
             public int Type;
 
-            [MarshalAs(UnmanagedType.LPWStr)]
-            public string TargetName;
+            [MarshalAs(UnmanagedType.LPWStr)] public string TargetName;
 
-            [MarshalAs(UnmanagedType.LPWStr)]
-            public string Comment;
+            [MarshalAs(UnmanagedType.LPWStr)] public string Comment;
 
             public long LastWritten;
             public int CredentialBlobSize;
@@ -252,11 +250,9 @@ private struct CREDENTIAL
             public int AttributeCount;
             public IntPtr Attributes;
 
-            [MarshalAs(UnmanagedType.LPWStr)]
-            public string TargetAlias;
+            [MarshalAs(UnmanagedType.LPWStr)] public string TargetAlias;
 
-            [MarshalAs(UnmanagedType.LPWStr)]
-            public string UserName;
+            [MarshalAs(UnmanagedType.LPWStr)] public string UserName;
         }
     }
 }

App/ViewModels/SignInViewModel.cs

@@ -33,11 +33,9 @@ public partial class SignInViewModel : ObservableObject
     [NotifyPropertyChangedFor(nameof(ApiTokenError))]
     public partial bool ApiTokenTouched { get; set; } = false;
 
-    [ObservableProperty]
-    public partial string? SignInError { get; set; } = null;
+    [ObservableProperty] public partial string? SignInError { get; set; } = null;
 
-    [ObservableProperty]
-    public partial bool SignInLoading { get; set; } = false;
+    [ObservableProperty] public partial bool SignInLoading { get; set; } = false;
 
     public string? CoderUrlError => CoderUrlTouched ? _coderUrlError : null;
 

App/ViewModels/TrayWindowDisconnectedViewModel.cs

@@ -10,8 +10,7 @@ public partial class TrayWindowDisconnectedViewModel : ObservableObject
 {
     private readonly IRpcController _rpcController;
 
-    [ObservableProperty]
-    public partial bool ReconnectButtonEnabled { get; set; } = true;
+    [ObservableProperty] public partial bool ReconnectButtonEnabled { get; set; } = true;
 
     public TrayWindowDisconnectedViewModel(IRpcController rpcController)
     {

App/ViewModels/TrayWindowViewModel.cs

@@ -23,15 +23,12 @@ public partial class TrayWindowViewModel : ObservableObject
 
     private DispatcherQueue? _dispatcherQueue;
 
-    [ObservableProperty]
-    public partial VpnLifecycle VpnLifecycle { get; set; } = VpnLifecycle.Unknown;
+    [ObservableProperty] public partial VpnLifecycle VpnLifecycle { get; set; } = VpnLifecycle.Unknown;
 
     // This is a separate property because we need the switch to be 2-way.
-    [ObservableProperty]
-    public partial bool VpnSwitchActive { get; set; } = false;
+    [ObservableProperty] public partial bool VpnSwitchActive { get; set; } = false;
 
-    [ObservableProperty]
-    public partial string? VpnFailedMessage { get; set; } = null;
+    [ObservableProperty] public partial string? VpnFailedMessage { get; set; } = null;
 
     [ObservableProperty]
     [NotifyPropertyChangedFor(nameof(NoAgents))]
@@ -49,8 +46,7 @@ public partial class TrayWindowViewModel : ObservableObject
 
     public IEnumerable<AgentViewModel> VisibleAgents => ShowAllAgents ? Agents : Agents.Take(MaxAgents);
 
-    [ObservableProperty]
-    public partial string DashboardUrl { get; set; } = "https://coder.com";
+    [ObservableProperty] public partial string DashboardUrl { get; set; } = "https://coder.com";
 
     public TrayWindowViewModel(IRpcController rpcController, ICredentialManager credentialManager)
     {

App/coder.ico

@@ -112,17 +112,17 @@
           "System.Collections.Immutable": "9.0.0"
         }
       },
-      "codersdk": {
+      "Coder.Desktop.CoderSdk": {
         "type": "Project"
       },
-      "vpn": {
+      "Coder.Desktop.Vpn": {
         "type": "Project",
         "dependencies": {
-          "System.IO.Pipelines": "[9.0.1, )",
-          "Vpn.Proto": "[1.0.0, )"
+          "Coder.Desktop.Vpn.Proto": "[1.0.0, )",
+          "System.IO.Pipelines": "[9.0.1, )"
         }
       },
-      "vpn.proto": {
+      "Coder.Desktop.Vpn.Proto": {
         "type": "Project",
         "dependencies": {
           "Google.Protobuf": "[3.29.3, )"

App/packages.lock.json

@@ -21,6 +21,8 @@ Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "App", "App\App.csproj", "{8
 EndProject
 Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Vpn.DebugClient", "Vpn.DebugClient\Vpn.DebugClient.csproj", "{1BBFDF88-B25F-4C07-99C2-30DA384DB730}"
 EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Installer", "Installer\Installer.csproj", "{39F5B55A-09D8-477D-A3FA-ADAC29C52605}"
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU
@@ -185,6 +187,22 @@ Global
 		{1BBFDF88-B25F-4C07-99C2-30DA384DB730}.Release|x64.Build.0 = Release|Any CPU
 		{1BBFDF88-B25F-4C07-99C2-30DA384DB730}.Release|x86.ActiveCfg = Release|Any CPU
 		{1BBFDF88-B25F-4C07-99C2-30DA384DB730}.Release|x86.Build.0 = Release|Any CPU
+		{39F5B55A-09D8-477D-A3FA-ADAC29C52605}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{39F5B55A-09D8-477D-A3FA-ADAC29C52605}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{39F5B55A-09D8-477D-A3FA-ADAC29C52605}.Debug|ARM64.ActiveCfg = Debug|Any CPU
+		{39F5B55A-09D8-477D-A3FA-ADAC29C52605}.Debug|ARM64.Build.0 = Debug|Any CPU
+		{39F5B55A-09D8-477D-A3FA-ADAC29C52605}.Debug|x64.ActiveCfg = Debug|Any CPU
+		{39F5B55A-09D8-477D-A3FA-ADAC29C52605}.Debug|x64.Build.0 = Debug|Any CPU
+		{39F5B55A-09D8-477D-A3FA-ADAC29C52605}.Debug|x86.ActiveCfg = Debug|Any CPU
+		{39F5B55A-09D8-477D-A3FA-ADAC29C52605}.Debug|x86.Build.0 = Debug|Any CPU
+		{39F5B55A-09D8-477D-A3FA-ADAC29C52605}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{39F5B55A-09D8-477D-A3FA-ADAC29C52605}.Release|Any CPU.Build.0 = Release|Any CPU
+		{39F5B55A-09D8-477D-A3FA-ADAC29C52605}.Release|ARM64.ActiveCfg = Release|Any CPU
+		{39F5B55A-09D8-477D-A3FA-ADAC29C52605}.Release|ARM64.Build.0 = Release|Any CPU
+		{39F5B55A-09D8-477D-A3FA-ADAC29C52605}.Release|x64.ActiveCfg = Release|Any CPU
+		{39F5B55A-09D8-477D-A3FA-ADAC29C52605}.Release|x64.Build.0 = Release|Any CPU
+		{39F5B55A-09D8-477D-A3FA-ADAC29C52605}.Release|x86.ActiveCfg = Release|Any CPU
+		{39F5B55A-09D8-477D-A3FA-ADAC29C52605}.Release|x86.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE

Coder.Desktop.sln

@@ -1,5 +1,6 @@
 <Project Sdk="Microsoft.NET.Sdk">
     <PropertyGroup>
+        <AssemblyName>Coder.Desktop.CoderSdk</AssemblyName>
         <RootNamespace>Coder.Desktop.CoderSdk</RootNamespace>
         <TargetFramework>net8.0</TargetFramework>
         <ImplicitUsings>enable</ImplicitUsings>