mirror/obs-studio
1
0
Fork 0
mirror of https://github.com/obsproject/obs-studio.git synced 2026-02-18 15:04:53 -05:00
Code Issues Packages Projects Releases Wiki Activity

CI: Switch to production codesigning cert

Browse Source
This commit is contained in:
derrod
2024-01-29 01:24:17 +01:00
committed by Ryan Foster
parent 20d8779d30
commit ae5000dd1a
4 changed files with 35 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
.github/actions/bouf/action.yaml vendored
View File

@@ -30,9 +30,9 @@ runs:
- name: Setup bouf
shell: pwsh
env:
BOUF_TAG: 'v0.6.1'
BOUF_HASH: '7292e43186ecc6210079fa5702254455797c7652dc6b08b5b61ac2d721766d86'
BOUF_NSIS_HASH: '2f5ecff05a002913c10aafa838febc1b0ae6e779f5ca67efa545ed787ae485a0'
BOUF_TAG: 'v0.6.2'
BOUF_HASH: '40ca34457a8ac60b9710a41b4cde2a0fc36d8740ab21b01d702069be2e1c5fb9'
BOUF_NSIS_HASH: '88958a9e4e0f3cb6f78e8359fdfa3343d050d5c2158e3ee77cb2cc4a8785ac61'
GH_TOKEN: ${{ github.token }}
run: |
# Download bouf release
@@ -76,8 +76,8 @@ runs:
- name: Install pandoc and rclone
shell: pwsh
run: |
choco install rclone --version 1.64.2 -y --no-progress
choco install pandoc --version 3.1.9 -y --no-progress
choco install rclone --version=1.64.2 -y --no-progress
choco install pandoc --version=3.1.9 -y --no-progress
- name: Prepare Release Notes
shell: pwsh

6
.github/actions/bouf/config.toml vendored
View File

@@ -19,9 +19,9 @@ never_copy = [
]
[prepare.codesign]
sign_cert_file = "repo/.github/actions/bouf/test.crt"
sign_kms_key_id = "projects/ci-signing/locations/global/keyRings/testing/cryptoKeys/signing-hsm/cryptoKeyVersions/1"
sign_digest = "sha256"
sign_cert_file = "repo/.github/actions/bouf/prod.crt"
sign_kms_key_id = "projects/ci-signing/locations/global/keyRings/production/cryptoKeys/release-sign-hsm/cryptoKeyVersions/1"
sign_digest = "sha384"
sign_ts_serv = "http://timestamp.digicert.com"
sign_exts = ['exe', 'dll', 'pyd']

26
.github/actions/bouf/prod.crt vendored Normal file
View File

@@ -0,0 +1,26 @@
-----BEGIN CERTIFICATE-----
MIIEYzCCA+mgAwIBAgIQDUFqBoO4wZHe6N7uxU2rNzAKBggqhkjOPQQDAzBkMQsw
CQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xPDA6BgNVBAMTM0Rp
Z2lDZXJ0IEdsb2JhbCBHMyBDb2RlIFNpZ25pbmcgRUNDIFNIQTM4NCAyMDIxIENB
MTAeFw0yNDAxMjgwMDAwMDBaFw0yNzAxMjcyMzU5NTlaMIHPMRMwEQYLKwYBBAGC
NzwCAQMTAlVTMRgwFgYLKwYBBAGCNzwCAQITB1d5b21pbmcxHTAbBgNVBA8MFFBy
aXZhdGUgT3JnYW5pemF0aW9uMRcwFQYDVQQFEw4yMDIzLTAwMTI3MjI1MjELMAkG
A1UEBhMCVVMxEDAOBgNVBAgTB1d5b21pbmcxETAPBgNVBAcTCFNoZXJpZGFuMRkw
FwYDVQQKExBPQlMgUHJvamVjdCwgTExDMRkwFwYDVQQDExBPQlMgUHJvamVjdCwg
TExDMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEqTLCTWIc06ek5TtAQC3l910Ifnuk
cd3EnGuBuPTpQ41oscNjcBGCOphtUEdgivn2Vbn2XReD+u5bNpf5gdaEmvOuJoIj
/NN/yVqZsEQMkF8iQwNAPyQkPF/NrgO6VTR5o4IB8jCCAe4wHwYDVR0jBBgwFoAU
m1+wNrqdBq4ZJ73AoCLAi4s4d+0wHQYDVR0OBBYEFPPrwCDxNi6AiZftFVF3ep6b
W1jbMD0GA1UdIAQ2MDQwMgYFZ4EMAQMwKTAnBggrBgEFBQcCARYbaHR0cDovL3d3
dy5kaWdpY2VydC5jb20vQ1BTMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggr
BgEFBQcDAzCBqwYDVR0fBIGjMIGgME6gTKBKhkhodHRwOi8vY3JsMy5kaWdpY2Vy
dC5jb20vRGlnaUNlcnRHbG9iYWxHM0NvZGVTaWduaW5nRUNDU0hBMzg0MjAyMUNB
MS5jcmwwTqBMoEqGSGh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEds
b2JhbEczQ29kZVNpZ25pbmdFQ0NTSEEzODQyMDIxQ0ExLmNybDCBjgYIKwYBBQUH
AQEEgYEwfzAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMFcG
CCsGAQUFBzAChktodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRH
bG9iYWxHM0NvZGVTaWduaW5nRUNDU0hBMzg0MjAyMUNBMS5jcnQwCQYDVR0TBAIw
ADAKBggqhkjOPQQDAwNoADBlAjEAwcabTk6TwhmuhWtqdmx5UZvO4RdU/IBxcQ1i
ZSA9NfQqK4fs48refxEB/rz7bR+2AjBhgW5WdpPv8xv2gqO2D1XVSynuMVQi62Ii
O/MY6qCzjzXtCKUoufNIezML/5OX1so=
-----END CERTIFICATE-----

2
.github/workflows/push.yaml vendored
View File

@@ -217,7 +217,7 @@ jobs:
- name: Set Up Environment 🔧
id: setup
env:
BOUF_ACTION_HASH: '4b421d1fa51cbf35f9c68f80795be3468dc480d47989c0bf713c39a7d62dec9e'
BOUF_ACTION_HASH: 'e91375eb41c3c9d97df14dc3c2775ce254e50f92dad782341e8cd2a1f9faf7de'
run: |
$channel = if ($env:GITHUB_REF_NAME -match "(beta|rc)") { "beta" } else { "stable" }
$shortHash = $env:GITHUB_SHA.Substring(0,9)